Now he's going to liberate 150.000 government workers of their jobs to bring down mass unemployment. Doesn't sound really logical if I put it down like that but that's what it comes down to. Reminds me of Macri in Argentina. Probably just as ineffective.
It's really not a one-dimensional line. Compare the Democrats to Germany's center-right CDU/CSU, for example. The Democrats are well to their left on most social issues, but mostly to the right on economics.
Macron is probably best defined as a neoliberal, a somewhat coarse-grained label which is nonetheless fairly well understood globally. Despite his previous party affiliation, he is not any flavor of socialist.
Globally, "left wing" and "right wing" would probably have little overlap: the left-wing Venezuelan leadership is authoritarian and pro-social services, the right-wing Le Pen is... authoritarian and pro-social services.
He is economically a bit more to the right. And socially a bit more to the left. He supports immigration. He is giving 18 years a culture pass and is spending more on education.
actually, Trump doesn't use email. He believes phone calls are more efficient if I remember correctly. A big part of his days were always spend on the phone.
Most 70 something people I know barely use emails if any, using interchangeably the terms email and website, and barely understand them. Highly educated people.
Given that the election is tomorrow., I don't believe this hack will impact the result (at least, certainly not as much a if it would have appeared 1 week ago).
Right before the election is far more dangerous. Fake or out-of-context portions will cause immediate outrage and take days/weeks to research and explain (and the French campaign blackout means the campaign can't explain until after the election).
You may be right, although there can be a "too close to the election" if it means there isn't enough time to go through the documents to find anything incriminating, and/or for the information to spread.
In this case, it's highly unlikely that it will change the election's outcome, given that Macron has a solid 20%+ advantage in all recent polls.
It also bears repeating that debate about the Comey letter is somewhat silly in that it usually treats "Comey swung the election" and "Hillary made mistakes" as mutually exclusive options. In reality, it's almost certainly true that they both, as well as other reasons, were necessary conditions for a Trip win.
Then, it could be that this leak is intended to destabilize the next president and that this time-window is the perfect time to release it without opposition. (If he win - most likely -, then he won't focus directly on this. Any bad informations will strengthen the opposition - he is challenged by both left and right.)
I wouldn't be so sure - the "Hillary email" announcement by Comey had an immediate impact on polling. If anything this might be more dangerous as there is little to no chance to rebut it.
And that's exactly how you end up with Nazis... "after Hitler, our turn". The time for voting further left was the previous round of the election, unfortunately.
That's not how democracy works comrade. Russians and right wing populist nut jobs are engaging in concerted effort to harm the free world and everyone in it for their own benefit. If you don't actively help to protect the principles of modern democracy you're effectively complicit in it's destruction.
You don't get to sit there crying like a child "wahhh but it's not exactly the way I like it!". The fact of the matter is if one option isn't great when the other is actually dangerous, you get off you butt and participate in the process. That's your duty as an adult that get's to live in a democratic society.
Considering the amount of money that large political parties pay for high-six-figure salary media consultants, stylists, image consultants and PR fluffers....
You would think they would want to hire a few professional, highly qualified NetSec sysadmins and give them authority to enforce network, server and endpoint security policies over an organization as a whole. But nope.
DNC is a fine example of failing to prioritize network security.
edit: I mean it's not exactly rocket science in terms of recruiting. Find a person who would be qualified by their years of experience and proven track record to be the chief security officer at an organization the size of cloudflare, limelight or netflix (or similar) and offer them a job at an equally high salary. Pay relocation and COLA expenses.
En Marche! was only founded within the last year. Although they attracted a considerable amount of donations, not sure we're talking about the same scale of money.
Also, accounting in French political campaigns are very restricted to ensure fairness between candidates (no more than EUR 4'600 per candidate per physical person, no business donations; the total expenses are capped to ~22m€).
Accounts are checked after each elections by the National Commission on Campaign Accounts and Political Financing; it is an active check, as some of the previous campaigns refunds were blocked because of some wrong doing.
Political campaigns, outside of the States, are very much bootstrapped. And IT folks very much not minded to volunteer their time.
Citation: I'm a member of a European Parliament on his third term in politics. Of my 200+ volunteers, not one is in infosec. Within my party, maybe 60 staff total are paid for a campaign.
> Political campaigns, outside of the States, are very much bootstrapped
Get real.
edit: Considering the response perhaps I should qualify. The major parties in most developed countries have permanent election teams with multi-million pound budgets. I cannot see why my response is in any way controversial.
The US is mostly unique in having 18-24 months to fundraise, A/B test, staff up, etc.
edit: Regarding this...
> The major parties in all developed countries have permanent election teams with many multi-million pound budgets.
That's very likely. However, the bursty nature of elections means they're probably also onboarding thousands of volunteers and temporary staff in a very short period of time.
a Canadian political campaign (Federal) lasts at most 45 days, with probably an estimated 45-60 days of additional lead up time to prepare for it when it's obvious a vote is going to be called... The parties still seem to find plenty of money to spend on 4/5-star hotels, chartered airplanes, staff, etc.
I am really skeptical that considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg there are no infosec/netsec professionals. If that's really true, then to put it crudely, you're utterly fucked. Because Russia certainly does have money for blackhat infosec/netsec types.
> considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg
You're conflating parliamentary budget and staff with a campaign budget and staff. These documents came from his campaign, not a parliamentary office (be it EU or French). For obvious reasons the two don't mix. Campaigns generally operate on extremely restricted budgets, and are naturally transient in nature.
okay, true, even so. In a nation the size of France I find it really doubtful that major political parties would go begging for the budget to hire infosec/netsec professionals, considering the amount of money spent on all the other expenses of a major campaign.
FN is financed by Russia, since other banks wouldn't give them a loan. And Le Pen is a contender in the second round so presumably it is exactly the case that major parties can have budget issues.
Note that En Marche is a party that was specifically set up for Macron's presidential campaign in April last year - it's not one of France's established parties.
I think OP works for a member of parliament, if I understand them correctly. Their offices are actually not that sensitive. All the secrets are held by the executive, and the EU doesn't even have the sort of military and intelligence institutions that are usually most secretive.
>EU doesn't even have the sort of military and intelligence institutions that are usually most secretive.
Might just be because the EU is a trade block, it doesn't have secretive military and intelligence institutions because it doesn't have any military and intelligence institutions at all.
Well shit, I better let the people in the DGSE and BND know that they shouldn't have access to their data sharing partnership with the NSA. Some guy on the Internet says that the EU doesn't have any IMINT, HUMINT or SIGINT, it must be true.
France or Germany having their own intelligence services is entirely compatible with what I said though. Their allegiance is to their own country first, and data sharing partnerships change little.
> I am really skeptical that considering the ongoing total operational budget on a yearly basis for all of the facilities and support structure in Strasbourg there are no infosec/netsec professionals.
I think you just confused "a European Parliament" (that is, a national parliament in Europe) with "the European Parliament", which is a different thing altogether.
And then also confused an MP (or, in your interpretation, MEP) not having any infosec staff with the whole government (or EU) not having infosec staff.
But then, even with all that, your conclusion isn't all that wrong for the topic at hand; if a major power like Russia targets a particular politician in the West (perhaps aside from the official, rather than campaign, personality of the sitting head of state), there is likely to be a substantial resource asymmetry that favors the attacker.
Then political parties need to get real or resign themselves to being hacked.
At the level of Hillary and Macron, the money is there. If infosec people don't volunteer, they will need to be paid for, even if it means running less television ads or what not. Even in Europe campaigns have paid staff. It might mean cuts to something else, but is it worth skimping on security?
As an aside, I'm from the US and have never heard of a campaign looking for infosec volunteers. Are we sure no one would volunteer?
I'll just add as a reference that for the french presidential election most campaigns are costing around 5 millions euros ( it's a side effect of a system which fixes this as a max limit for campaign costs refunds, but I guess they can't spend way more)
And in France (as in many other countries), most high ranking politicians do not have any kind of technical background. They typically studied political science or other soft disciplines. And are also often of a generation that barely uses computers but do not understand them.
In fact in France there is a general contempt from the political class and the medias for any candidate who is not a literary person.
> And IT folks very much not minded to volunteer their time.
This is an ignorant statement. The many millions of hours of work freely given to producing, maintaining and supporting users of software licensed under Free Software [1] licenses shows it's not true.
I suspect it's just that ‘IT folks’ tend to be cynical about most political parties. So they would want to be paid for any work done for such outfits rather than doing it pro bono.
I'd suggest that politicians who expect they can get such work done for free are the ones who need to “get real”.
Obama campaign had a contract firm that implemented and enforced infosec. They even tossed USB keys in the parking lot to catch campaign workers that we're dumb enough to try them.
The problem is beyond rote security at this point. We're in the realm of talented, well financed threat actors with databases of 0days.
I think that is likely the case, but I don't know if that is an exclusive thing anymore. A lot of what I read about reminds me of 1970s sponsorship of various terror entities and revolutionaries.
From a nation state actor standpoint it is probably a lot cheaper to pay gobs of money to a half-dozen antisocial young black hat types (that have been messing around with linux since age 12 in their bedroom in belarus), than to fund the PLO.
Um, yeah, they've thought of that (and have been told that 10,000 times) already.
Just that it turns out these organizations -- and the threat models they face -- are a bit more complicated than you would seem to think. And the task of finding qualified and, crucially, trustworthy people who can also interface with the sprawling, chaotic, and (inherently) politicized juggernauts that underlie these campaigns, even more so.
You can name-drop all you want. These people have heard it all. But the short answer is, if they can't interface with the rough-and-tumble reality (and day-to-day insanity) of a scrappy political campaign... then no, their technical chops (by themselves) just won't do all that much.
I don't think there is a great deal of venn diagram overlap between political apparatchik/ass-kisser and the sort of person who you want to hire as CSO of netflix or a similarly sized organization. Hiring a competent CSO who could deal with the politics and actually has the technical skills to deal with nationstate sponsored zero days... that's a hard problem.
I find the competence of government employees quite acceptable and even at times commendable given my quality of life. But then I also understand how the rest of the world has to get by which makes me appreciate what I'm fortunate enough to have.
The weird thing I've noticed is that some people in my country will express your sentiment, but then turn around and tell you they live in the best country in the world and would be offended were anyone to say otherwise.
I guess they don't see the connection between the government workers and that quality of life.
As someone who has worked in government I take offence to this. There are plenty of very qualified people in government who do want to help make the country a better place.
They are often just dealing with out of date processes that are mandated by law and which limit their ability to be innovative.
Both DNC and also the Clinton Campaign (Campaign Chairman Podesta). Podesta was hacked by pfishing which most users < 30 knows to avoid. Tells me Podesta had no geek friends.
"Seemingly skeptical (and rightfully so), Podesta forwarded the email to his chief of staff, who then passed along the email to the campaign’s IT team. This is where things go so painfully wrong: The campaign’s IT team incorrectly identified the email phishing for Podesta’s password as legitimate, instructing him to change his password."
Amazing; I hadn't seen that story. Vox doesn't prove that this particular phishing attack was the way the attackers got access to Podesta's email, but what an unbelievable failure by their IT team. Who would fall for this?
The phishing email claims to be from from Google support, and tells the user:
> Vox doesn't prove that this particular phishing attack was the way the attackers got access to Podesta's email
If you visit the stats page for that bitly link by adding a + to the end, you'll find that it was visited exactly twice, both visits at the right time for the hack, and you'll find that the Wikileaks data cuts off soon after the hack, probably when they set up 2FA as suggested. While that doesn't technically prove that they're related, it's better evidence than we have for any other theories.
Gonna need to science to show me that most users under 30 know how to avoid phishing (particularly spearphishing). This goes against all available evidence that I have seen in the industry.
In my experience a huge number of users under age 30 can't even distinguish the difference between a binary that is natively running on their windows10 or osx workstation OS, and something that is presented inside of a web browser window. Thus you get people paying for windows bluescreen ransom javascript webpages (or "FBI has locked your computer") that are presented with scary graphics as fullscreen inside chrome on OSX.
People basically treat their laptops as glorified thin clients nowadays.
I think the biggest issue is the short campaign time. You have to pay a pretty big premium to get someone to quit a job with good stock bonuses for 45 days of work. It’s also very challenging to implement a full security Implementation solo in one week (or whatever aggressive timeline is needed to prevent hacks from day one). Hiring a team is cost prohibitive in most countries.
That is absolutely true. Not going to recruit a person like that for just 45 days. Organizations like the DNC need to have such a person on staff full time, 365 days a year, whether an election campaign is active or not.
Not the only possibility, specially given the level of the attacks. But, would you be surprised if it was the Russians nonetheless? Geopolitically speaking, they are pretty high up in a short list of nations that benefit enormously if the EU breaks apart...
Yes, of course, it's all totally a coincidence that every time these conveniently-timed-for-election hacks and document dumps happen, it's always to the benefit of whatever candidate is running on a "let's be friends with Russia and ignore what they're doing in Ukraine and Syria" platform.
You mean all twice, both times leaks from or against politicians that are deeply unpopular?
Of the candidates running in the French first round, all of them were anti-EU except Macron. Given the "anything anti-EU == Russian" idiocy, perhaps you can explain why this is seen as some kind of rare thing that needs frantic dot-joining?
I expect Russians to interfere in our elections just like anyone else but that also doesn't mean I find it acceptable. I don't approve of US meddling in free and democratic elections either.
I'm not one of the folks who thinks we should go to war over something like this, but it leaves me with no illusions about Putin's aims nor should any limits be placed on punitive actions targeting Putin and his cadre.
The fact that Russia was, in fact, responsible is not disputed -- at least not according to every intelligence agency in the US. Also, Clinton lost the election. So what's your point?
Are people today so devoid of personal responsibility that they are unwilling to admit that their claims of "sophisticated hacking attempts" are nothing more than an excuse for one of their staffers clicking a phishing email?
I get that it is hard to admit responsibility, but this is ridiculous...
It's a perfect recent example of a high ranking staffer in a political party clicking through a phishing email. And the person who was supposed to advise him that it was a phish, actually telling him to enter his credentials. And even admitting to it afterwards in numerous interviews.
I have no idea as to what went on with the specifics of this recent french "hack".
Not quite. The IT aide did say that the email (which was an imitation of a real "You've already been hacked" email template) was legitimate, but did not directly recommend clicking on links in the email.
He recommended visiting a correct URL. He should have said "I'm not sure, but don't click; to be safe, go to this URL instead"
Amusingly, the IT guy uses bit.ly for his surveys, and the phishing link was also a bit.ly link.
Phishing isn't always a link to a bank website with poor formatting/grammar, and there's nothing inherently unsophisticated about it. Sure it doesn't involve number theory or anything like that, but researching the hundreds of associates someone like Macron knows and crafting convincing, personalized messages for each of them is a large undertaking and really hard to defend against.
Imagine you get an email that appears at first glance to be from your spouse, it mentions your kids by name, and it also mentions that the spouse ran the numbers on your upcoming refinance and can you check the math in the spreadsheet she just attached. Assuming the attacker did their homework (i.e., names were right, you actually are going through a refinance, etc) there's a good chance even savvy users will open that excel file.
Yeah, I'd open it on my chromebook. And if i see a login screen on the way to open said spreadsheet, i'd immediately start worrying and recheck things.
They don't need luck, you just downloaded the attacker's payload onto your machine! Phishing is more than the old "click my link, enter your password". Often they use malware so all you have to do is download the attachment or click the link.
parser is in javascript (google docs), in a sandboxed browser (chrome), in a system whose root partition is read-only, and hash-verified each boot and whose bootloader is in a physically-write-protected SPI chip.
Oh, you're right, no one's ever been able to exploit javascript in chrome ;)
And you don't need to persist anything to disk, just get a key logger going in memory. Or scrape the data from your other processes. Once you get arbitrary code execution on the machine it's game over.
Seriously, I deal with this kind of stuff for a living. No one is immune to these kinds of attacks; not you, not me, not anyone.
Never said browser exploits are easy to make. I just pointed out that many times phishing is about just clicking on the link, not getting people to actually type in their passwords.
Yes. Phishing is ineffective against most competent Internet users. I used to be against it, but more and more I favour the ideas of a basic internet license being a requirement to use the internet.
Even that was debunked, as a french journalist on Twitter spotted that the pdf leaked (earlier today) was poorly doctored with an vector-based image editor, and was able to move the actual text layer around.
Now, I have no idea which one is the original, but AFAIU once you take a jpg and scan it into pdf, it's easy to move the text around (?).
EDIT: I hope my implication is clear. I think that the jpg file is more likely to be the original photo. It was later scanned as a pdf. Then OCR'd version was edited a bit by merging parts of the text (or only parts of it were OCR'd). Then a journalist opened it up in an editor and saw those layers.
Going in the opposite direction would require someone to produce an authentic looking jpg from an obviously OCR'd pdf. That seems like less likely to me.
When software OCRs a PDF, it does it by adding an invisible text layer aligned with the original text, while leaving the original text visible. This makes the PDF searchable, without having to worry about changing the font, introducing OCR errors where people can see them, or disturbing the background. What we see here is very unambiguously the result of a PDF-editing program, not a scan+OCR.
I think it's funny the campaign can't decide whether to announce that the leaked materials are actually legitimate or not. From the Wall Street Journal:
The cache includes both authentic and falsified documents “with the goal of sowing doubt and disinformation,” the campaign said."
Well, that'd certainly be an effective technique. Dump a bunch of real emails, but slip in one or two horrible fake ones. With just a couple days to an election it could have an impact on a tighter race than the French one is currently.
It's funny that they are being honest about the likely contents of the cache?
"both authentic and falsified documents" was speculated in the DNC/Russia hacks, and also claimed to be the Russia Today strategy abotu news, and whether it was true or not then, it's clearly a clever idea for any future crackers.
> "both authentic and falsified documents" was speculated in the DNC/Russia hacks,
Yes, that claim was made many times, including by people directly implicated by the leaks, and yet and later it was found that they were all true, with not one source pointing out an actual fake email or document.
There was plenty of selected editing by Wikileaks - which is what most reports about that referred to.
The actual sources, no. But given the sources we're rarely presented as the first point of information by the main distributor... it's a fair criticism
I'm talking about their presentation an initial editing.
To their credit, they did make the original emails available - which mostly showed that what the claimed was in them was... well, mostly lies. At best half-truths.
Putin is not the only autocrat or autocrat-wannabe. Not even close.
There's shades of a tech anology: remember teh 1990s when Microsoft was the big bad monopoly, and it crushed competitors such as democratic Linux, and also... Apple, who would have been the same monopoly or worse, if only they hadn't lost to Microsoft
Well, Trump supporters believe it benefits the US, Le Pen supporters believe it benefits France, and Brexit supporters believe it benefits the UK. You and I and most of HN disagree with them, but it's not as objective as you make it sound.
Well, the reason for the success of Trump, BrExit, and perhaps Le Pen is that the standard political elites (Dems and Republican in US, Labor and Conservatives in Britain) and the media ignored the harms to the working class from globalization through global labor arbitrage (exporting labor through trade, importing labor through immigration of cheap labor).
The elites were ignoring their own voters and listened only to those with money (Wall Street, tech leadership) who wanted cheaper labor through global labor arbitrage (eg, through exporting work to lower wage countries, illegal alien reform making 11 million illegal low-wage residents legal, increasing the number of H1-B Visas).
Trump spent almost half the money as Clinton and he did not take money from tech elite (except Peter Thiel) or from Wall Street elite. The remaining Dems except Sanders and all other Republicans sold out which is exactly what Trump was claiming.
Instead of addressing the global arbitrage problems caused by global trade, the elites resort to ad hominem of Trump voters as Hilary Clinton said, "a basketful of deplorables."
In France, there are similar issues which is why Le Pen is doing so well. The French elites are ignoring the harms of global labor arbitrage from globalization to normal non-elite people.
United States, Britain, and France benefit most I'd think. Aren't each large and powerful enough to strong arm neighbors into favorable trade deals if the EU dies? Along with NATO renegotiation?
Trump campaigned on slogans like "We don't win anymore". I think he's trying to choose and court a winning team (Britain, China, etc.). Once the gang is together they'll go raid the world economically. So in my opinion not isolationist, but I could be all wrong.
edit: Since it'll probably come up...I don't support this plan.
The collapse of the EU will firstly send the world into a recession which given how perilous some countries economies are could take decades to get out of. And given that France IS Europe they would be affected the most. They depend on free trade within the EU and the Schengen has done wonders for their economy. Britain would be ruined given how important EU is to them. US would probably suffer the least but still they depend on NATO as a bulwark against Russian aggression.
Also not sure what on earth "winning team" means. There are no simplistic winners or losers. Some countries have advantages in some areas, disadvantages in others. But everyone depends on global stability, free trade and efficient movement of human capital.
Yes if the EU collapsed recession seems inevitable, but what if it slowly fades? New trade agreements will be made, benefiting some more than others, just like the EU did when it formed.
'Also not sure what on earth "winning team" means.'
Economic aggressor would be another way of putting it. For instance, threatening Canada & Mexico for concessions to NATO that benefit the US. Pulling out of the TPP in order to negotiate 1-1 deals.
'Some countries have advantages in some areas, disadvantages in others. But everyone depends on global stability, free trade and efficient movement of human capital.'
Do we really have those things now? I see a Europe dominated by German interests, treating Greece and others as vassal states. US/CA colonialism over an entire continent. Russia desperately trying rebuild their sphere, and every other regional power exploiting what they can.
Probably the EU countries will start to fight(war) each other if it's like you say.
So maybe will be a win for usa-china, not for france/uk (as history teaches, also the winner get BIG losses from wars)
Europe has always been a mess continent(and pretty much very poor) until after ww2, where we've started to create a european project(that benefits everyone).
A good follow up question would be "where's the proof?" Until that proof is provided, a conspiracy theory is no more useful than any other belief. It's good to be skeptical, but once it starts to mobilize into a force, it becomes a witch hunt. In the case of national security issues, that usually comes with the consequences of stripping away liberties, creating black lists of individuals/groups and hardening the surveillance state.
That gives foreign intelligence agencies license to interfere in your country and others, for they rarely leave proof, if they are any good, and much evidence is classified. Shall we just give them free reign? Is the Russian FSB innocent until proven guilty?
Give whom free reign? Your chosen bogeyman? If we're going to go down the conspiracy theory rabbit hole, who's to say that the conspiracy is not being committed by our own governments to instill fear of other governments and to strip away our rights? Just because you trust your government more or what? What ability do you have to ride on your claims if you can't back them up?
Sure but those benefits pale in comparison to all of the problems.
Weaker Europe means less money for business subsidies e.g. agriculture, less travel and tourism, less household income to spend on consumables, less trade.
And how exactly does a weaker Euro benefit those countries ?
Italy contributes more money to Europe's balance than it gets back. So a weaker, smaller Europe would mean that more money remains in Italy.
Also weaker EU does not mean collapse of EU, so tourism would be the same, as would be trade.
I am not necessarily an advocate of this solution, however, just pointing out that the current status of EU is not the best possible world for each one of its 27 members States.
Reduced trade and tourism would only deepen their inability to make payments on their Euro-denominated debts and receive additional financing. Keeping their sovereign currencies was probably wise for Czech Republic, Poland, Slovakia, etc., since they can devalue to match trade imbalances.
The US government bankrolls the self-described "National Endowment for Democracy", which openly boasts ( http://www.ned.org/region/central-and-eastern-europe/ ) of meddling in Russian and other elections. Macron and his supporters talk the same way.
If the US and France are going to meddle in Russia's elections and affairs, what is the big surprise if Russia does the same?
Insofar as who benefits from "isolationism" and breaking up western [military] alliances, the answer is me, an American worker and taxpayer. I gain nothing with my tax money going to kill or rape some Vietnamese farmer, or overthrow an elected government in Ukraine.
Trump has a lot of negatives, but that does not apply to whatever notions he has of not getting the US involved overseas militarily more than he already as.
These aren't the same things at all. The U.S. / NED did not hack Russian politician's computers and spread disinformation about them. However, it is standard Russian propaganda to make wild allegations of equivalencies every time they do something wrong. 'We invaded Ukraine? What about Serbia? Texas?'
Then why does Voice of America have a Russian language TV and radio broadcast? All it does is spread disinformation about Russia.
There's no proof Russia hacked into these computers. The US hacks into foreign computers all the time - the US created Stuxnet, perhaps with the Israelis. Thomas Reed from the NSC said the CIA got software into a Russian pipeline (in the 1980s!) that blew it up. Never mind spying, they bragged about explosions that disrupted oil pipelines in the 1980s and could have killed people.
I think most people on this board are under the age of 50, and an international audience, and the "wild allegations" are not what I said, but that this is all "standard Russian propaganda". The Democrats have more-or-less been saying that Trump and his cabinet are all Russian agents, and it's making the Democrats look a little loony. They'd be better off pointing out Trump's errors, which are often bad enough.
I wouldn't call hacking a political campaign to release (potentially incorrect?) documents and funding foreign organisations working within the limits of the law quite the same thing.
NED is maybe working in a gray zone, but using illegal means to influence an election is, if not an act of war pretty close to it.
Famed nonpartisan custodian of information Wikileaks' Twitter feed is trying to argue that timing it for the day before the election when the candidate is barred from properly addressing the rumours in the media proves that it isn't an attempt to influence the election (and it's totally unfair that it will be used to boost hostility to Russia)
I have read [1] that France has a 24-hour period before voting where political reporting and campaigning are forbidden.
Were these documents released during the blackout period? If so, that's kind of clever, since it will presumably be all over social media, but more respected information sources who could debunk wild claims may be forced to remain silent.
That might overstate the number of voters out there discussing this on social media. By it but being reported in mass media it might be that comparatively few people are ever aware of it.
But on the other side if any wrong doing is exposed (which is far from granted) the press won't be able to use it.
But the second round of the presidential election is too far in favour of Macron to be derailed anyway. Macron will get elected. What few non french nationals realise though is that the president in France has very little power unless he also controls the parliament. These leaks if they expose any wrong doing could affect the coming parliamentary elections for which getting an absolute majority is already a long shot to Macron.
It's kind of sad that we classify Politics so linearly. After all originally it was only based on where representatives were seated at the assembly. What characterizes Le Pen is the nationalist stand inherited from her father : basically the idea that most problems come from immigration so that we should close borders and kick foreigners away.
The schism between "socialism" and "liberalism" has imho, nothing to do with that. It's more an economical philosophy about the ownership of capital, as discussed by Marx.
In addition to that there are differences regarding some moral values, where "conservatives" are usually seen as people who stand their grounds on old principles (like heterosexual marriage, death penalty, gun ownership), though it seems to me that this is very much an American.
Anyhow, this makes it all very confusing, especially when translating, and I suppose that's why an article written in English did not say Macron is "socialist" but rather "liberal", even if in France "liberal" kind of means "right-wing".
Macron is NOT socialist (he told it himself) (Well, to be fair, he also told that he was (cf youtube link for both)). He's pure and simple right-wing. He believe that we should let the market treat workers as they please. That's what we call "Being liberal" in Europe. Its the opposite of being socialists: the government should protect the workers from the institutions who wants to exploit them.
I think this might be a confusion between American Liberalism and European Liberalism?
The main difference between American and European concepts of liberalism is in economic philosophy. While American liberals favour government regulation of business and social welfare programs, "economic liberalism" in Europe is about free markets and laissez-faire.[1]
Dont let the name "parti socialiste" fools you, it was once a socialist party, but in the early 80's, it became social liberal, and during the 00's, just liberal. And not the "nice boss liberal" one, no, the pretty dumb hard-core one. With proto-fascists shits in it.
Macron is in the right wing of the french PS, the party betrayed its own candidate (choosen by the electors by a primary) to back him up.
And Macron idea's are simple : whatever is good for the richs and the powerfull is good for the country.
So… Low salary, no labour law, no state services, more europe, less democracy, etc.
While I agree with the comments that political parties should hire infosec people to get their shit secured, you will be surprised how many fortune 500 companies actually do that and how many of them have more than 3 infosec specialist on staff.
Same reason Kevin Mitnick used them - they work, incredibly well. Dress up like a Best Buy employee and you can probably hand-cart a dozen big-screen TVs out the door without anyone asking a question (and maybe even helping you).
Humans are almost always the weakest link in the chain.
Nobody's going to even bother examining the theory that Kim Dotcom's crew was behind it, never mind him publicly predicting it years ahead of time on Twitter as revenge for signing off on his extradition.
That article, and its cited sources, say that Trend Micro came to that conclusion, but does not even attempt to present any facts from the report, only the bare conclusions.
The 'Fancy Bear' report was also called into question by people looking over the details. They somehow missed that one of the tools used was an outdated copy of P.A.S., for example. More details can be found in past HN coverage.
There aren't a lot of facts to go on here, just a forest of articles citing the same conclusions without bothering to cover any of the details about the underlying technical facts they're supposed to be based on.
This is incredibly superficial reporting, anyone who bothers to look for details will be continually disappointed.
In fact there is a long history of evidence. The Russia defenders love to try to create uncertainty, using these same talking points every time, regardless of the evidence.
No, there are a lot of articles. There are hardly any facts in any of them, I keep checking for that and getting disappointed. If you can find something with more facts, distill them and point me at them please.
The best we ever got on a technical level was that original report from the DNC consultants where most of the IP addresses in the "signature" were Tor exit nodes and they didn't recognize an old, freeware copy of P.A.S. despite it being publicly available.
We've had a lot of utterly laughable things, like the one where someone was intercepting the DNS traffic for a 3rd party marketing site weakly linked to Trump that was making queries to a Russian bank... because of some Russian spam. I can't help but note that the same people keep falling for nonsense of this level.
However, feel free to link to the actual technicals of the reports if you have any. Despite the prior reports being stuff and nonsense (but mostly the latter), I remain open to changing my mind should anyone offer actual proof of some sort. Please note that I'm looking for logs, IP addresses, code and other things that could qualify as actual evidence, not so-and-so's say-so.
The closest this article got to facts were various bits of speculation about people's motives, claiming that Trend Micro thinks it matches this APT (for reasons they didn't bother to cover) and links to past coverage... that also fails to answer any of the obvious questions about what we know and how we know it, for which the usual answer in the past has been variations on interviews with unnamed people, appeals to classified data not in evidence, or random "experts" giving an opinion without disclosing any of the facts used to form that opinion.
In short, it's a lot of hearsay. I follow more or less this process:
Most news currently fails this test. I completely ignore all articles that fail the test as unreliable, even when I happen to agree with the conclusions. This applies to other articles as well, not just controversial things.
Just as a follow-up, I eventually found the Trend Micro report linked from an Ars Technica article. It's justification for labeling this as Fancy Bear was that they saw an email address from a free provider that they believe is linked and some cyrillic text. That's not really very much, given that the original label for this APT is already quite tenuous, given how the 'signature' from the original report consists of things like using Tor exit nodes that are quite common.
Maybe there's more to it, but if so they should really put it in their reports.
Everything about this is related to the immigration problem in Europe. I'll try to formulate this as neutral as possible.
The immigration problem is seen as huge in Europe, and also in the US. Therefore people choose candidates that are against more immigrations, or at least recognize this as a problem.
People are worried for economic reasons, integration-problems, violence, attack on women, terrorists. There are many reports, and people do not know who to trust, especially with the terrorists.
What would any of you think when 500 people from a far away country were placed near your house? You would experience it as a some kind of problem.
If we look back in history, we can see that a part of these (mostly male) immigrants are coming from Syria (some say only 25%). Syria is currently in a war with ISIS and Al Qaida. And at the same time Syria is under attack from "moderate rebels" that are supported by the US (continuing a policy against Syria). Also Kurds are fighting, and Turkey, sometimes against each other. And many more states.
It is a big mess. Most people do not see US meddling as a solution. Peace is usually achieved by NOT attacking people living in another country.
Tried to make it so simple that politicians can understand it ;-)
>What would any of you think when 500 people from a far away country were placed near your house? You would experience it as a some kind of problem.
What a pathetic attempt at a dog-whistle. If you want to start writing anti-immigrant comments just do it, don't doll it up in this bullshit pseudo pragmatism. Not like other people are letting it stop them.
I'm not sure how you can count them and say 'most'. Certainly a lot of racism is involved. I've rarely heard many economic analyses or real evidence that provide pragmatic reasons, but that doesn't rule them out.
I don't care what race you are (I'm about 3, near as I can tell), but if you think you can control what the women in your life dress like, whether they drive, or if they can live with a man before having some religious ceremony, I'm going to have a cultural problem with inculcation.
Then perhaps you should welcome the immigrants so that the women will be free. Do you object to immigration by white-skinned males who abuse and/or control women? What about those from cultures where there is widespread racism? What about from countries where tax evasion or heavy drinking is widespread, or where the crime rate is high? Should National Front supporters from France be banned from other countries? Many cultures and people have histories that I disagree with, including my own. There are lots of behaviors I disagree with, including yours.
But many of our beliefs about them are stereotypes, and one of our values is that individuals should be judged by their actions, not their skin color or nationality.
Also, my preferences are not a basis for law, unless they do significant harm, and not for excluding immigrants. I am not the judge of others; freedom means freedom for others to do things that you don't like - otherwise it's meaningless.
Why do you think you have the right to decide immigration policy for other people? It doesn't just affect you - it effects everyone. People have the right to let in whoever they want into their own countries. They can turn people away for a good reason, a bad reason, or no reason at all.
Also if you think the west is one of the more racist or sexist place in the world you are naive in the extreme. The immigration policies of "far right" European parties are completely mainstream in East Asia. If a party advocated for a similar immigration policy to say, Chinas, they'd be labelled as Nazis and lynched by a diversity mob.
It didn't read as a dog-whistle to me. It's a scenario that's happening across Europe.
The mass import of different cultures is a real problem because it erodes trust and cohesion within communities affected.
To put it bluntly, multiculturalism isn't all its cracked up to be. A trickle of immigrants from, for example, east Asia is clearly enriching. The same cannot be said for a mass influx from a culture that holds opposing values. Continuing to deny this will only result in more Brexit-like events.
Do you have any basis for these otherwise baseless allegations? Major cities are filled with immigrants and cultures from all over the world, and are the engines of advanced economies. New York is one very successful example; London is another.
In my experience, it's the people with the least experience with immigrants who have the most objection to immigration.
> A trickle of immigrants from, for example, east Asia is clearly enriching
I don't know what country you are in, but if you are in the West than East Asian nations certainly do not share your 'values'. Visit one of those countries some time.
But this comment is outright hateful ethnic stereotyping. One essential Western value is to judge people by their actions individuals, not by the color of their skin, their nationality, their sexual preference, etc. Another is liberty, which doesn't mean liberty to do what someone else happens to like.
Every generation of immigrants has the same things said about them: They don't integrate, they speak their own language, they don't share our values, etc. etc. But their kids grow up natives. How sad that you have so little confidence in those values that you don't think they will win over these immigrants just like they've won over every generation of immigrants before them.
> In my experience, it's the people with the least experience with immigrants who have the most objection to immigration.
Same in Germany. The most persistent protests against immigration are in Saxony, where only 3.0% of the population are foreigners (compared to 9.4% national average).
Source: https://www.destatis.de/DE/ZahlenFakten/GesellschaftStaat/Be... (I'm looking at the columns specifically titled "Foreigner". "German with migration background" includes additional immigrants that gained German citizenship, but also a whole slew of people who were displaced after WW2 when the German borders were redrawn.)
It's necessary to generalize somewhat for the sake of conversation. It should be obvious my comments don't apply to every individual, but to macro-level effects on culture. Any individual who embraces western liberal values should be welcome, regardless of where they're from.
There is significant compatibility between Eastern and Western cultures, and each has a lot to offer the other. Not really the case with Islamic culture - but perhaps one thing it can unwittingly provide is help us to rediscover the values that made the West great.
It's also unfair to compare the current situation with previous cultures that have immigrated. There are no Irish enclaves or no-go zones that I'm aware of. There is plenty of interaction between Chinese and "white" communities.
But in the UK and France, the children of Muslim immigrants are MORE radicalized than their parents. Their majority views on abortion, domestic violence, LGBT rights and democracy are abhorent. There's no ignoring this - multiculturalism in this instance is failing.
You're kind of right in that, although I do believe in Western liberals values, I currently have little confidence in our collective desire to promote them. In our current confusion about what our values are, we are ripe for exploitation by other inferior cultures.
And yes, I said inferior because I'm not a postmodernist or cultural relativist. I may not have all the data, but I'm not afraid to make the value judgement that so many others are.
These are baseless allegations, impossible generalizations, and repetition of lies. There's a reason the parent contains no factual basis - not one citation - for what it says.
> inferior cultures
This is just ignorant, and against the values you claim to promote. Who are you to say what is ignorant? The ignorance is in the parent comment, which contains knowledge only of vicious stereotypes repeated by others.
> Any individual who embraces western liberal values should be welcome, regardless of where they're from.
A test of "values", however that word is defined (vaguely enough to support whatever the parent wants) and however those particular ones are defined (ditto), has never been a condition. Who are you to outlaw other people's "values"? Must we all share yours, or whichever you approve? I think the parent comment is dangerously anti-Western; should the author be allowed to live in Western countries? (Yes.)
Of course my points are based on generalizations and my value judgement is subjective. We are all ignorant regarding the vast majority of things - the best we can do is draw observations based on the information we have.
I am a member of a culture making a value judgement about aspects of another culture that are antithetical to my own. If enough people within my culture agree those aspects are a great danger then collectively we can outlaw them or otherwise oppose them.
My main point is that not all values are equally valid. Different values have different results when played out. They affect things like individual freedom, happiness and innovation. If Islam were to become the major culture in the West, how do you think that would affect our lives? Is that something you'd be ok with? If not, then you're making a similar value judgement.
> Of course my points are based on generalizations and my value judgement is subjective. We are all ignorant regarding the vast majority of things - the best we can do is draw observations based on the information we have.
That reasoning is just a lazy excuse for oppressing people with viscous, ignorant stereotypes. The generalizations are not only unnecessary, they are wrong and the foundation of much of the evil humanity does. People are individuals, with their own behaviors, beliefs, actions, etc. and that is what they are responsible for; there are good and bad in every house, on every block, in every town in the world. To imagine that you have any knowledge about people spread across continents is absurd, and to even claim it demonstrates an embrace of ignorance. Again, it is the parent comment's behavior that is the problem.
> If enough people within my culture agree those aspects are a great danger then collectively we can outlaw them or otherwise oppose them.
No, if you are in a Western country you cannot outlaw humans based on their supposed "culture". It's illegal in most countries, it is antithetical to freedom and other Western values, and we've been there before. Shall we round up the Jews next? Black-skinned people?
> I am a member of a culture making a value judgement about aspects of another culture
You're not a member of my culture, based on what you say, and the evidence I have is far stronger than the color of your skin or the country where you were born. Can I make value judgements about and ban you? (No.)
IMHO, it is the good and peaceful against the hateful, no matter where they are born.
> If Islam were to become the major culture in the West ... Is that something you'd be ok with?
Absolutely. I want people to follow the religion of their choosing (or none at all, if they prefer); I'm happy for them if they can do that; I will defend their right to do so. That is a fundamental value of Western culture; the freedom of religion is one of the fundamental freedoms in all Western nations.
I wish my country would open its door and encourage Muslims to come and live in freedom here, where they will be loved as neighbors, respected as full citizens, and can worship as they wish without fear.
It's far from absurd to claim I have knowledge about a group of people that adhere to a doctrine when most of their fundamental beliefs and much of their behaviors are prescribed by that doctrine.
Even despite such doctrine, people are individuals and we should treat them as such as much as is practically possible. But it can't be denied that individuals tend to mirror those around them.
It is not ignorant to point out trends regarding one particular culture of immigrants and it is not ignorant to note that, in aggregate, the effects of that immigration is negative.
Islam is not like other religions in that it isn't just a personal matter. It is a total solution for how to live and how to organize society in a way that opposes Western secular society. Insofar as Muslims ignore these aspects of their own relgion then we can live peacefully together. Thankfully, very many do.
You seem to be naively optimistic about two things:
- That Middle Eastern Muslims and North Africans in particular will share enough common ground with you that they will necessarily extend your own tolerance back to you rather than seeing you as weak and exploiting you.
- That enough people in your own society will put in the significant effort required to welcome lots of immigrants from these areas and integrate them in a way that overcomes their antithetical values and so avoids the kinds of problems we're now seeing.
Open the doors to mass immigration from these areas and see what happens to your optimism.
If you're unwilling to reduce or stop immigration rates from certain areas on principle, then at least consider that the rate needs to be reduced so that people can be assessed as individuals. That means economic migrants and refugees from the Middle East stay where they are or move to neighboring countries.
> The mass import of different cultures is a real problem because it erodes trust and cohesion within communities affected
This is not a new idea: the US said this about the Irish in the early 20th century, but now everyone is proud of their Irish heritage and loves St. Patrick's day - Irish culture has been fully embraced.
The same thing happened a little while later for the Italians, and then for the Asians (which you've called 'enriching', a contemporary attitude if I've ever heard one). Pizza, Asian food, St. Paddy's and Tacos are quintessentially American: American culture is multiculturalism.
When the story is about the non far-right candidate being hacked and somebody decides to use that as a pretext for a rant about the ills of mass migration, it's not even as subtle as a dog whistle...
What a pathetic attempt at a dog-whistle. If you want to start calling people racist because you don't like what they wrote just do it, don't doll it up in this bullshit pseudo indignation. Not like other people are letting it stop them.
> The immigration problem is seen as huge ... in the US. Therefore people choose candidates that are against more immigrations
That's not true. The candidate that supported immigrants and immigration received more votes in the U.S.; an entire major party is supportive of immigration, as are some members of the other party.
> What would any of you think when 500 people from a far away country were placed near your house? You would experience it as a some kind of problem.
I would not; I would be thrilled for them, proud of our country and community, and I would find out how I could help them. Many others have the same reactions. The U.S., for example, has been welcoming immigrants for its entire history - almost every American is one or is descended from them. Canada was very welcoming of them - look at their pointed response to Trump's immigration policies.
> If we look back in history, we can see that a part of these (mostly male) immigrants are coming from Syria
I don't see how this is related to acceptance of immigrants.
What is the point of having political circle-jerk material like this on hacker news?
Everyone just congratulates each other on how pro-globalisation/immigration they are. Dissidents are shouted down and name called. No one changes their mind. No one is really interested in discussing. Their minds are made up.
This is a topic I am very very worried about. Especially in Europe.
Myself and some friends where thinking about writing a basic guide for small, democratic (in the global meaning of the term) parties, without big infrastructure resources, to be able to use if they want to have basic information security. I'm kind of swamped with my human rights work but if there is any one on here interested in contributing, shoot me a mail (you can find me in the profile) and we can see what we can do.
257 comments
[ 3.4 ms ] story [ 281 ms ] threadMacron is probably best defined as a neoliberal, a somewhat coarse-grained label which is nonetheless fairly well understood globally. Despite his previous party affiliation, he is not any flavor of socialist.
Globally, "left wing" and "right wing" would probably have little overlap: the left-wing Venezuelan leadership is authoritarian and pro-social services, the right-wing Le Pen is... authoritarian and pro-social services.
He is economically a bit more to the right. And socially a bit more to the left. He supports immigration. He is giving 18 years a culture pass and is spending more on education.
This does not match my experience at all. Most people I know of his generation use email heavily.
As an example, 538 makes a compelling argument that the Comey letter - later found to be essentially a false alarm, but after the damage was done - influenced the US election. https://fivethirtyeight.com/features/the-comey-letter-probab...
In this case, it's highly unlikely that it will change the election's outcome, given that Macron has a solid 20%+ advantage in all recent polls.
It also bears repeating that debate about the Comey letter is somewhat silly in that it usually treats "Comey swung the election" and "Hillary made mistakes" as mutually exclusive options. In reality, it's almost certainly true that they both, as well as other reasons, were necessary conditions for a Trip win.
You don't get to sit there crying like a child "wahhh but it's not exactly the way I like it!". The fact of the matter is if one option isn't great when the other is actually dangerous, you get off you butt and participate in the process. That's your duty as an adult that get's to live in a democratic society.
You would think they would want to hire a few professional, highly qualified NetSec sysadmins and give them authority to enforce network, server and endpoint security policies over an organization as a whole. But nope.
DNC is a fine example of failing to prioritize network security.
edit: I mean it's not exactly rocket science in terms of recruiting. Find a person who would be qualified by their years of experience and proven track record to be the chief security officer at an organization the size of cloudflare, limelight or netflix (or similar) and offer them a job at an equally high salary. Pay relocation and COLA expenses.
Accounts are checked after each elections by the National Commission on Campaign Accounts and Political Financing; it is an active check, as some of the previous campaigns refunds were blocked because of some wrong doing.
More details available on Wikipedia (translated from FR): https://translate.google.fr/translate?sl=fr&tl=en&js=y&prev=...
Source (in French): http://www.zdnet.fr/actualites/lection-presidentielle-l-anss...
Political campaigns, outside of the States, are very much bootstrapped. And IT folks very much not minded to volunteer their time.
Citation: I'm a member of a European Parliament on his third term in politics. Of my 200+ volunteers, not one is in infosec. Within my party, maybe 60 staff total are paid for a campaign.
Get real.
edit: Considering the response perhaps I should qualify. The major parties in most developed countries have permanent election teams with multi-million pound budgets. I cannot see why my response is in any way controversial.
edit: Regarding this...
> The major parties in all developed countries have permanent election teams with many multi-million pound budgets.
That's very likely. However, the bursty nature of elections means they're probably also onboarding thousands of volunteers and temporary staff in a very short period of time.
You're conflating parliamentary budget and staff with a campaign budget and staff. These documents came from his campaign, not a parliamentary office (be it EU or French). For obvious reasons the two don't mix. Campaigns generally operate on extremely restricted budgets, and are naturally transient in nature.
No, he is saying that he is a member of a parliament. The lower house of the Irish parliament to be exact [0].
[0] https://en.wikipedia.org/wiki/Noel_Rock
Might just be because the EU is a trade block, it doesn't have secretive military and intelligence institutions because it doesn't have any military and intelligence institutions at all.
Better let INTCEN, SIAC, SitCen, EUFOR and EUNAVFOR know that.
The EU is absolutely far, far more than a trade block.
I think you just confused "a European Parliament" (that is, a national parliament in Europe) with "the European Parliament", which is a different thing altogether.
And then also confused an MP (or, in your interpretation, MEP) not having any infosec staff with the whole government (or EU) not having infosec staff.
But then, even with all that, your conclusion isn't all that wrong for the topic at hand; if a major power like Russia targets a particular politician in the West (perhaps aside from the official, rather than campaign, personality of the sitting head of state), there is likely to be a substantial resource asymmetry that favors the attacker.
At the level of Hillary and Macron, the money is there. If infosec people don't volunteer, they will need to be paid for, even if it means running less television ads or what not. Even in Europe campaigns have paid staff. It might mean cuts to something else, but is it worth skimping on security?
As an aside, I'm from the US and have never heard of a campaign looking for infosec volunteers. Are we sure no one would volunteer?
In fact in France there is a general contempt from the political class and the medias for any candidate who is not a literary person.
This is an ignorant statement. The many millions of hours of work freely given to producing, maintaining and supporting users of software licensed under Free Software [1] licenses shows it's not true.
I suspect it's just that ‘IT folks’ tend to be cynical about most political parties. So they would want to be paid for any work done for such outfits rather than doing it pro bono.
I'd suggest that politicians who expect they can get such work done for free are the ones who need to “get real”.
[1] https://en.wikipedia.org/wiki/Free_software
Wonders never cease.
Obama campaign had a contract firm that implemented and enforced infosec. They even tossed USB keys in the parking lot to catch campaign workers that we're dumb enough to try them.
The problem is beyond rote security at this point. We're in the realm of talented, well financed threat actors with databases of 0days.
State actors
Um, yeah, they've thought of that (and have been told that 10,000 times) already.
Just that it turns out these organizations -- and the threat models they face -- are a bit more complicated than you would seem to think. And the task of finding qualified and, crucially, trustworthy people who can also interface with the sprawling, chaotic, and (inherently) politicized juggernauts that underlie these campaigns, even more so.
won't be able to do anything
That's some pretty crude hyperbole (as I'm sure you're already aware).
The weird thing I've noticed is that some people in my country will express your sentiment, but then turn around and tell you they live in the best country in the world and would be offended were anyone to say otherwise.
I guess they don't see the connection between the government workers and that quality of life.
They are often just dealing with out of date processes that are mandated by law and which limit their ability to be innovative.
https://www.vox.com/policy-and-politics/2016/10/28/13456368/...
"Seemingly skeptical (and rightfully so), Podesta forwarded the email to his chief of staff, who then passed along the email to the campaign’s IT team. This is where things go so painfully wrong: The campaign’s IT team incorrectly identified the email phishing for Podesta’s password as legitimate, instructing him to change his password."
The phishing email claims to be from from Google support, and tells the user:
> CHANGE PASSWORD: <https://bit.ly/[deleted]>
That should be enough red flags. Also, the bitly address expands to one in the domain, myaccount.google.com-securitysettingpage.tk
If you visit the stats page for that bitly link by adding a + to the end, you'll find that it was visited exactly twice, both visits at the right time for the hack, and you'll find that the Wikileaks data cuts off soon after the hack, probably when they set up 2FA as suggested. While that doesn't technically prove that they're related, it's better evidence than we have for any other theories.
Sources:
Bitly stats page: https://bitly.com/1PibSU0+
Phishing email: https://wikileaks.org/podesta-emails/emailid/34899
This is my source: https://motherboard.vice.com/en_us/article/how-hackers-broke...
Also, I learned recently that Clinton didn't know how to use a personal computer. Nobody on her staff could take the time to teach her the basics.
People basically treat their laptops as glorified thin clients nowadays.
But looking good on camera, oh yeah.
Of the candidates running in the French first round, all of them were anti-EU except Macron. Given the "anything anti-EU == Russian" idiocy, perhaps you can explain why this is seen as some kind of rare thing that needs frantic dot-joining?
I'm not one of the folks who thinks we should go to war over something like this, but it leaves me with no illusions about Putin's aims nor should any limits be placed on punitive actions targeting Putin and his cadre.
I get that it is hard to admit responsibility, but this is ridiculous...
and you know that how?
I have no idea as to what went on with the specifics of this recent french "hack".
Not quite. The IT aide did say that the email (which was an imitation of a real "You've already been hacked" email template) was legitimate, but did not directly recommend clicking on links in the email.
He recommended visiting a correct URL. He should have said "I'm not sure, but don't click; to be safe, go to this URL instead"
Amusingly, the IT guy uses bit.ly for his surveys, and the phishing link was also a bit.ly link.
Imagine you get an email that appears at first glance to be from your spouse, it mentions your kids by name, and it also mentions that the spouse ran the numbers on your upcoming refinance and can you check the math in the spreadsheet she just attached. Assuming the attacker did their homework (i.e., names were right, you actually are going through a refinance, etc) there's a good chance even savvy users will open that excel file.
Good luck.
no default downloading, cannot execute anything downloaded
2. What if you just click on a link? Browser exploits are a thing too
good luck :)
And you don't need to persist anything to disk, just get a key logger going in memory. Or scrape the data from your other processes. Once you get arbitrary code execution on the machine it's game over.
Seriously, I deal with this kind of stuff for a living. No one is immune to these kinds of attacks; not you, not me, not anyone.
Feel free to submit your function exploits that you say are so easy to make
These phishing attempts are definitely very sophisticated. Have you read the Trend Micro report? https://documents.trendmicro.com/assets/wp/wp-two-years-of-p...
Ummm, why is that surprising for a former investment banker?
This just seems like a desperate attempt to help Le Pen.
This is different, email archives from a handful of staffers + accounting spreadsheets.
Probably a few juicy things but nothing groundbreaking so far
Source (in French but pictures are enough): http://www.numerama.com/politique/254983-compte-offshore-dem...
Now, I have no idea which one is the original, but AFAIU once you take a jpg and scan it into pdf, it's easy to move the text around (?).
EDIT: I hope my implication is clear. I think that the jpg file is more likely to be the original photo. It was later scanned as a pdf. Then OCR'd version was edited a bit by merging parts of the text (or only parts of it were OCR'd). Then a journalist opened it up in an editor and saw those layers.
Going in the opposite direction would require someone to produce an authentic looking jpg from an obviously OCR'd pdf. That seems like less likely to me.
The cache includes both authentic and falsified documents “with the goal of sowing doubt and disinformation,” the campaign said."
Basically, "If there's anything bad, it's fake news"
"both authentic and falsified documents" was speculated in the DNC/Russia hacks, and also claimed to be the Russia Today strategy abotu news, and whether it was true or not then, it's clearly a clever idea for any future crackers.
From WSJ: "The cache includes both authentic and falsified documents “with the goal of sowing doubt and disinformation,” the campaign said."
Yes, that claim was made many times, including by people directly implicated by the leaks, and yet and later it was found that they were all true, with not one source pointing out an actual fake email or document.
The actual sources, no. But given the sources we're rarely presented as the first point of information by the main distributor... it's a fair criticism
The original emails are all there, including verified DKIM signatures for many of them.
Are you suggesting they only included the bad ones, selectively leaving out any good ones?
To their credit, they did make the original emails available - which mostly showed that what the claimed was in them was... well, mostly lies. At best half-truths.
That's what I mean by selective.
http://www.numerama.com/politique/254983-compte-offshore-dem...
trump: isolation + lessen ties with europe.
le pen: isolation + lessen ties with europe.
brexit: isolation + lessen ties with europe.
now, who benefits?
who benefits from a weakened europe.
I don't support Europe's socialist ideals.
Edit: awww, downvote. One less fake internet point :(
There's shades of a tech anology: remember teh 1990s when Microsoft was the big bad monopoly, and it crushed competitors such as democratic Linux, and also... Apple, who would have been the same monopoly or worse, if only they hadn't lost to Microsoft
mid-July 2016, post BrExit: https://www.theguardian.com/commentisfree/2016/jul/19/reveng...
The elites were ignoring their own voters and listened only to those with money (Wall Street, tech leadership) who wanted cheaper labor through global labor arbitrage (eg, through exporting work to lower wage countries, illegal alien reform making 11 million illegal low-wage residents legal, increasing the number of H1-B Visas).
Trump spent almost half the money as Clinton and he did not take money from tech elite (except Peter Thiel) or from Wall Street elite. The remaining Dems except Sanders and all other Republicans sold out which is exactly what Trump was claiming.
Instead of addressing the global arbitrage problems caused by global trade, the elites resort to ad hominem of Trump voters as Hilary Clinton said, "a basketful of deplorables."
In France, there are similar issues which is why Le Pen is doing so well. The French elites are ignoring the harms of global labor arbitrage from globalization to normal non-elite people.
Trump campaigned on slogans like "We don't win anymore". I think he's trying to choose and court a winning team (Britain, China, etc.). Once the gang is together they'll go raid the world economically. So in my opinion not isolationist, but I could be all wrong.
edit: Since it'll probably come up...I don't support this plan.
That's a BIG if. It's also not likely, and without it the answer is a resounding "no".
The collapse of the EU will firstly send the world into a recession which given how perilous some countries economies are could take decades to get out of. And given that France IS Europe they would be affected the most. They depend on free trade within the EU and the Schengen has done wonders for their economy. Britain would be ruined given how important EU is to them. US would probably suffer the least but still they depend on NATO as a bulwark against Russian aggression.
Also not sure what on earth "winning team" means. There are no simplistic winners or losers. Some countries have advantages in some areas, disadvantages in others. But everyone depends on global stability, free trade and efficient movement of human capital.
'Also not sure what on earth "winning team" means.'
Economic aggressor would be another way of putting it. For instance, threatening Canada & Mexico for concessions to NATO that benefit the US. Pulling out of the TPP in order to negotiate 1-1 deals.
'Some countries have advantages in some areas, disadvantages in others. But everyone depends on global stability, free trade and efficient movement of human capital.'
Do we really have those things now? I see a Europe dominated by German interests, treating Greece and others as vassal states. US/CA colonialism over an entire continent. Russia desperately trying rebuild their sphere, and every other regional power exploiting what they can.
Perhaps I just have a grim view of the world.
So maybe will be a win for usa-china, not for france/uk (as history teaches, also the winner get BIG losses from wars)
Europe has always been a mess continent(and pretty much very poor) until after ww2, where we've started to create a european project(that benefits everyone).
The 18th, 19th and early 20th century might want to have a word with you.
That gives foreign intelligence agencies license to interfere in your country and others, for they rarely leave proof, if they are any good, and much evidence is classified. Shall we just give them free reign? Is the Russian FSB innocent until proven guilty?
Oh really. Feel free to substantiate your claims.
Weaker Europe means less money for business subsidies e.g. agriculture, less travel and tourism, less household income to spend on consumables, less trade.
And how exactly does a weaker Euro benefit those countries ?
Also weaker EU does not mean collapse of EU, so tourism would be the same, as would be trade.
I am not necessarily an advocate of this solution, however, just pointing out that the current status of EU is not the best possible world for each one of its 27 members States.
Other say that that in the end it's always a zero sum game, as you do.
However, in the latter case, given that participation to the EU is on a voluntary basis, more and more countries may decide to exit.
If the US and France are going to meddle in Russia's elections and affairs, what is the big surprise if Russia does the same?
Insofar as who benefits from "isolationism" and breaking up western [military] alliances, the answer is me, an American worker and taxpayer. I gain nothing with my tax money going to kill or rape some Vietnamese farmer, or overthrow an elected government in Ukraine.
Trump has a lot of negatives, but that does not apply to whatever notions he has of not getting the US involved overseas militarily more than he already as.
Then why does Voice of America have a Russian language TV and radio broadcast? All it does is spread disinformation about Russia.
There's no proof Russia hacked into these computers. The US hacks into foreign computers all the time - the US created Stuxnet, perhaps with the Israelis. Thomas Reed from the NSC said the CIA got software into a Russian pipeline (in the 1980s!) that blew it up. Never mind spying, they bragged about explosions that disrupted oil pipelines in the 1980s and could have killed people.
I think most people on this board are under the age of 50, and an international audience, and the "wild allegations" are not what I said, but that this is all "standard Russian propaganda". The Democrats have more-or-less been saying that Trump and his cabinet are all Russian agents, and it's making the Democrats look a little loony. They'd be better off pointing out Trump's errors, which are often bad enough.
NED is maybe working in a gray zone, but using illegal means to influence an election is, if not an act of war pretty close to it.
- https://twitter.com/RachelDonadio/status/860624629899157506
Assange truly has no shame.
Were these documents released during the blackout period? If so, that's kind of clever, since it will presumably be all over social media, but more respected information sources who could debunk wild claims may be forced to remain silent.
[1] http://www.electoral-vote.com/evp2017/Pres/Maps/May05.html/#...
But the second round of the presidential election is too far in favour of Macron to be derailed anyway. Macron will get elected. What few non french nationals realise though is that the president in France has very little power unless he also controls the parliament. These leaks if they expose any wrong doing could affect the coming parliamentary elections for which getting an absolute majority is already a long shot to Macron.
How is he labelled as "liberal"? He's been a member of the French socialist party. He only left it last year for his campaign.
Pretty much. Including her estranged father: http://www.timesofisrael.com/le-pens-father-slams-her-perfor...
For the record, her own father, which she ejected from the party, was a well known antisemite and worshipper of Hitler himself...
The schism between "socialism" and "liberalism" has imho, nothing to do with that. It's more an economical philosophy about the ownership of capital, as discussed by Marx.
In addition to that there are differences regarding some moral values, where "conservatives" are usually seen as people who stand their grounds on old principles (like heterosexual marriage, death penalty, gun ownership), though it seems to me that this is very much an American.
Anyhow, this makes it all very confusing, especially when translating, and I suppose that's why an article written in English did not say Macron is "socialist" but rather "liberal", even if in France "liberal" kind of means "right-wing".
https://www.youtube.com/watch?v=8EBeAoFfXpg
The main difference between American and European concepts of liberalism is in economic philosophy. While American liberals favour government regulation of business and social welfare programs, "economic liberalism" in Europe is about free markets and laissez-faire.[1]
1. https://www.youtube.com/watch?v=3iJUywVdpe8
Macron is in the right wing of the french PS, the party betrayed its own candidate (choosen by the electors by a primary) to back him up.
And Macron idea's are simple : whatever is good for the richs and the powerfull is good for the country.
So… Low salary, no labour law, no state services, more europe, less democracy, etc.
He's like Margaret Thatchers with fewer hairs.
It's nice place to drop wild allegations.
Relevant: https://medium.com/@thegrugq/dont-info-op-until-you-see-the-...
http://www.zerohedge.com/news/2017-05-05/macron-says-he-vict...
Points to this:
http://archive.is/eQtrm
Which points to something saying "item not available".
But apparently 9 GB of data.
Seems like a nothingburger to me.
https://archive.org/download/Pierrpersongmail.com_drive.part...
https://archive.org/download/Pierrpersongmail.com_drive.part...
https://archive.org/download/xls_cedric/xls_cedric_archive.t...
https://archive.org/download/Macron_201705/Macron_201705_arc...
But seriously, using archive.org as a dump? Get your shit together, Ruskies, and use IPFS next time.
EDIT: Here are the magnet links in case the archive.org links go down.
If Russia is so capable in this area then why is every published attack simple low-tech hacks like guessing a password or sending a spoof link?
Humans are almost always the weakest link in the chain.
https://www.nytimes.com/2017/05/05/world/europe/france-macro...
The 'Fancy Bear' report was also called into question by people looking over the details. They somehow missed that one of the tools used was an outdated copy of P.A.S., for example. More details can be found in past HN coverage.
There aren't a lot of facts to go on here, just a forest of articles citing the same conclusions without bothering to cover any of the details about the underlying technical facts they're supposed to be based on.
This is incredibly superficial reporting, anyone who bothers to look for details will be continually disappointed.
In fact there is a long history of evidence. The Russia defenders love to try to create uncertainty, using these same talking points every time, regardless of the evidence.
The best we ever got on a technical level was that original report from the DNC consultants where most of the IP addresses in the "signature" were Tor exit nodes and they didn't recognize an old, freeware copy of P.A.S. despite it being publicly available.
We've had a lot of utterly laughable things, like the one where someone was intercepting the DNS traffic for a 3rd party marketing site weakly linked to Trump that was making queries to a Russian bank... because of some Russian spam. I can't help but note that the same people keep falling for nonsense of this level.
However, feel free to link to the actual technicals of the reports if you have any. Despite the prior reports being stuff and nonsense (but mostly the latter), I remain open to changing my mind should anyone offer actual proof of some sort. Please note that I'm looking for logs, IP addresses, code and other things that could qualify as actual evidence, not so-and-so's say-so.
The closest this article got to facts were various bits of speculation about people's motives, claiming that Trend Micro thinks it matches this APT (for reasons they didn't bother to cover) and links to past coverage... that also fails to answer any of the obvious questions about what we know and how we know it, for which the usual answer in the past has been variations on interviews with unnamed people, appeals to classified data not in evidence, or random "experts" giving an opinion without disclosing any of the facts used to form that opinion.
In short, it's a lot of hearsay. I follow more or less this process:
https://www.popehat.com/2017/01/19/how-to-read-news-like-a-s...
Most news currently fails this test. I completely ignore all articles that fail the test as unreliable, even when I happen to agree with the conclusions. This applies to other articles as well, not just controversial things.
Maybe there's more to it, but if so they should really put it in their reports.
Torrent Files
-https://archive.org/download/Pierrpersongmail.com.7z/Pierrpe...
hash: 1af11335087077230749394a17d5d54992c2bb30
-https://archive.org/download/langannerch/langannerch_archive...hash: 06724742e86176c0ec82e294d299fba4aa28901a
-https://archive.org/download/quentin.lafay/quentin.lafay_arc...hash: 32a006669f165981cb86ffecaf60a73ea5cc40bd
-https://archive.org/download/Cedric.oen-marche.fr/Cedric.oen...hash: 144428cf1b2feea3e873a23721b7ca684ad692c5
-https://archive.org/download/Alaintourretgmail.com/Alaintour...hash: 2f7efcc63dc9274183b2fd67828ccdffb4267c9d
-https://archive.org/download/Box_pierrpersongmail.com/Box_pi...hash: 036cdeb09b91e4465af1a99f237493ae39db9257
-The immigration problem is seen as huge in Europe, and also in the US. Therefore people choose candidates that are against more immigrations, or at least recognize this as a problem.
People are worried for economic reasons, integration-problems, violence, attack on women, terrorists. There are many reports, and people do not know who to trust, especially with the terrorists.
What would any of you think when 500 people from a far away country were placed near your house? You would experience it as a some kind of problem.
If we look back in history, we can see that a part of these (mostly male) immigrants are coming from Syria (some say only 25%). Syria is currently in a war with ISIS and Al Qaida. And at the same time Syria is under attack from "moderate rebels" that are supported by the US (continuing a policy against Syria). Also Kurds are fighting, and Turkey, sometimes against each other. And many more states.
It is a big mess. Most people do not see US meddling as a solution. Peace is usually achieved by NOT attacking people living in another country.
Tried to make it so simple that politicians can understand it ;-)
What a pathetic attempt at a dog-whistle. If you want to start writing anti-immigrant comments just do it, don't doll it up in this bullshit pseudo pragmatism. Not like other people are letting it stop them.
There are multiple reasons to be against miss-migration, most of them pragmatic.
I'm not sure how you can count them and say 'most'. Certainly a lot of racism is involved. I've rarely heard many economic analyses or real evidence that provide pragmatic reasons, but that doesn't rule them out.
But many of our beliefs about them are stereotypes, and one of our values is that individuals should be judged by their actions, not their skin color or nationality.
Also, my preferences are not a basis for law, unless they do significant harm, and not for excluding immigrants. I am not the judge of others; freedom means freedom for others to do things that you don't like - otherwise it's meaningless.
Also if you think the west is one of the more racist or sexist place in the world you are naive in the extreme. The immigration policies of "far right" European parties are completely mainstream in East Asia. If a party advocated for a similar immigration policy to say, Chinas, they'd be labelled as Nazis and lynched by a diversity mob.
The mass import of different cultures is a real problem because it erodes trust and cohesion within communities affected.
To put it bluntly, multiculturalism isn't all its cracked up to be. A trickle of immigrants from, for example, east Asia is clearly enriching. The same cannot be said for a mass influx from a culture that holds opposing values. Continuing to deny this will only result in more Brexit-like events.
In my experience, it's the people with the least experience with immigrants who have the most objection to immigration.
> A trickle of immigrants from, for example, east Asia is clearly enriching
I don't know what country you are in, but if you are in the West than East Asian nations certainly do not share your 'values'. Visit one of those countries some time.
But this comment is outright hateful ethnic stereotyping. One essential Western value is to judge people by their actions individuals, not by the color of their skin, their nationality, their sexual preference, etc. Another is liberty, which doesn't mean liberty to do what someone else happens to like.
Every generation of immigrants has the same things said about them: They don't integrate, they speak their own language, they don't share our values, etc. etc. But their kids grow up natives. How sad that you have so little confidence in those values that you don't think they will win over these immigrants just like they've won over every generation of immigrants before them.
Same in Germany. The most persistent protests against immigration are in Saxony, where only 3.0% of the population are foreigners (compared to 9.4% national average).
Source: https://www.destatis.de/DE/ZahlenFakten/GesellschaftStaat/Be... (I'm looking at the columns specifically titled "Foreigner". "German with migration background" includes additional immigrants that gained German citizenship, but also a whole slew of people who were displaced after WW2 when the German borders were redrawn.)
There is significant compatibility between Eastern and Western cultures, and each has a lot to offer the other. Not really the case with Islamic culture - but perhaps one thing it can unwittingly provide is help us to rediscover the values that made the West great.
It's also unfair to compare the current situation with previous cultures that have immigrated. There are no Irish enclaves or no-go zones that I'm aware of. There is plenty of interaction between Chinese and "white" communities.
But in the UK and France, the children of Muslim immigrants are MORE radicalized than their parents. Their majority views on abortion, domestic violence, LGBT rights and democracy are abhorent. There's no ignoring this - multiculturalism in this instance is failing.
You're kind of right in that, although I do believe in Western liberals values, I currently have little confidence in our collective desire to promote them. In our current confusion about what our values are, we are ripe for exploitation by other inferior cultures.
And yes, I said inferior because I'm not a postmodernist or cultural relativist. I may not have all the data, but I'm not afraid to make the value judgement that so many others are.
> inferior cultures
This is just ignorant, and against the values you claim to promote. Who are you to say what is ignorant? The ignorance is in the parent comment, which contains knowledge only of vicious stereotypes repeated by others.
> Any individual who embraces western liberal values should be welcome, regardless of where they're from.
A test of "values", however that word is defined (vaguely enough to support whatever the parent wants) and however those particular ones are defined (ditto), has never been a condition. Who are you to outlaw other people's "values"? Must we all share yours, or whichever you approve? I think the parent comment is dangerously anti-Western; should the author be allowed to live in Western countries? (Yes.)
I am a member of a culture making a value judgement about aspects of another culture that are antithetical to my own. If enough people within my culture agree those aspects are a great danger then collectively we can outlaw them or otherwise oppose them.
My main point is that not all values are equally valid. Different values have different results when played out. They affect things like individual freedom, happiness and innovation. If Islam were to become the major culture in the West, how do you think that would affect our lives? Is that something you'd be ok with? If not, then you're making a similar value judgement.
That reasoning is just a lazy excuse for oppressing people with viscous, ignorant stereotypes. The generalizations are not only unnecessary, they are wrong and the foundation of much of the evil humanity does. People are individuals, with their own behaviors, beliefs, actions, etc. and that is what they are responsible for; there are good and bad in every house, on every block, in every town in the world. To imagine that you have any knowledge about people spread across continents is absurd, and to even claim it demonstrates an embrace of ignorance. Again, it is the parent comment's behavior that is the problem.
> If enough people within my culture agree those aspects are a great danger then collectively we can outlaw them or otherwise oppose them.
No, if you are in a Western country you cannot outlaw humans based on their supposed "culture". It's illegal in most countries, it is antithetical to freedom and other Western values, and we've been there before. Shall we round up the Jews next? Black-skinned people?
> I am a member of a culture making a value judgement about aspects of another culture
You're not a member of my culture, based on what you say, and the evidence I have is far stronger than the color of your skin or the country where you were born. Can I make value judgements about and ban you? (No.)
IMHO, it is the good and peaceful against the hateful, no matter where they are born.
> If Islam were to become the major culture in the West ... Is that something you'd be ok with?
Absolutely. I want people to follow the religion of their choosing (or none at all, if they prefer); I'm happy for them if they can do that; I will defend their right to do so. That is a fundamental value of Western culture; the freedom of religion is one of the fundamental freedoms in all Western nations.
I wish my country would open its door and encourage Muslims to come and live in freedom here, where they will be loved as neighbors, respected as full citizens, and can worship as they wish without fear.
Even despite such doctrine, people are individuals and we should treat them as such as much as is practically possible. But it can't be denied that individuals tend to mirror those around them.
It is not ignorant to point out trends regarding one particular culture of immigrants and it is not ignorant to note that, in aggregate, the effects of that immigration is negative.
Islam is not like other religions in that it isn't just a personal matter. It is a total solution for how to live and how to organize society in a way that opposes Western secular society. Insofar as Muslims ignore these aspects of their own relgion then we can live peacefully together. Thankfully, very many do.
You seem to be naively optimistic about two things:
- That Middle Eastern Muslims and North Africans in particular will share enough common ground with you that they will necessarily extend your own tolerance back to you rather than seeing you as weak and exploiting you.
- That enough people in your own society will put in the significant effort required to welcome lots of immigrants from these areas and integrate them in a way that overcomes their antithetical values and so avoids the kinds of problems we're now seeing.
Open the doors to mass immigration from these areas and see what happens to your optimism.
If you're unwilling to reduce or stop immigration rates from certain areas on principle, then at least consider that the rate needs to be reduced so that people can be assessed as individuals. That means economic migrants and refugees from the Middle East stay where they are or move to neighboring countries.
This is not a new idea: the US said this about the Irish in the early 20th century, but now everyone is proud of their Irish heritage and loves St. Patrick's day - Irish culture has been fully embraced.
The same thing happened a little while later for the Italians, and then for the Asians (which you've called 'enriching', a contemporary attitude if I've ever heard one). Pizza, Asian food, St. Paddy's and Tacos are quintessentially American: American culture is multiculturalism.
Please consider my reply to another comment:
https://news.ycombinator.com/item?id=14283767
Lets be clear about what these candidates are. Macron is a neoliberal globalist elitist. Economically, he may be more right than Le Pen.
Le Pen is a populist authoritarian nationalist. Certainly not far-right.
You would experience it as a some kind of problem.
Everything else seems like a plausible characterization of facts.
That's not true. The candidate that supported immigrants and immigration received more votes in the U.S.; an entire major party is supportive of immigration, as are some members of the other party.
> What would any of you think when 500 people from a far away country were placed near your house? You would experience it as a some kind of problem.
I would not; I would be thrilled for them, proud of our country and community, and I would find out how I could help them. Many others have the same reactions. The U.S., for example, has been welcoming immigrants for its entire history - almost every American is one or is descended from them. Canada was very welcoming of them - look at their pointed response to Trump's immigration policies.
> If we look back in history, we can see that a part of these (mostly male) immigrants are coming from Syria
I don't see how this is related to acceptance of immigrants.
Everyone just congratulates each other on how pro-globalisation/immigration they are. Dissidents are shouted down and name called. No one changes their mind. No one is really interested in discussing. Their minds are made up.
Myself and some friends where thinking about writing a basic guide for small, democratic (in the global meaning of the term) parties, without big infrastructure resources, to be able to use if they want to have basic information security. I'm kind of swamped with my human rights work but if there is any one on here interested in contributing, shoot me a mail (you can find me in the profile) and we can see what we can do.