Advertisements

Cyber-Defense For Democrats! Security Measures For Midterms.

#CyberDefenseForDemocrats

Hello, world!

We have received numerous requests for a focus piece regarding cyber-defense for Democrats, especially right now as we are going into the midterms. In it is an introduction to a number of the techniques we can use to defend ourselves going forward. Knowledge is power. Pass it on.

Regular readers of Millennial Democrats will not require a lot of explanation as to how and why the threat of Russian hacking is real. We have been up against it for years. The time has come to soberly and objectively assess Russia’s cyberwarfare capabilities, and examine how we plan to fight back.

In 2016, America was caught off guard and we got a bloody nose. Guys like Roger Stone’s buddy Guccifer 2.0, or the guys in Fancy Bear pulled a fast one, to be sure.

But it’s important not to overstate the case. It is not accurate to attribute cybernetic omniscience to the Russians and their zany bots and fake news.

They had the element of surprise back then. Most people had no idea what they were doing(and rolled their eyes at those who were trying to warn them, but that’s another subject). These days things are very different.

Regardless of the lies of the great orange malignance, America knows the Russians are out to get us. Trump is sticking his head in the sand on this and will do nothing to help us, so we’re going to have to learn to help ourselves, and each other.

It’s too bad we’ve got no national leadership on this, but it is what it is. We’ll get by on our own.

In starting out, the most important thing to keep in mind is this: Hackers rely on our mistakes, and mistakes are most often made when we don’t know we are making them. They need to catch us off guard, and their job is to find creative ways to use their tools to get us to slip up.

The first place a smart hacker will look is outside the box, so to speak. They’re always looking for ways to burrow in that you wouldn’t think to look for.

Employing a given system, be it a human being or a PC, for a purpose it wasn’t designed for is what hacking means. However, if you’re careful, neither you nor your computer will end up thus employed. It’s all about being careful.

Hackers are clever, be they Russian or from elsewhere, but they are far from invincible. We’ve already stopped a number of Russian cyber-assaults directed at Democrats this year, such as the ones aimed at our Claire McCaskill.

Without the element of surprise, hackers have many limitations. It’s not that easy to brute-force open a website. Just ask these guys:

This is the IP address of a hacker, purportedly from Beijing, who is always doing his best to get in here. Have at it, pal.
This is the IP address of a hacker, purportedly from Beijing, who is always doing his best to get in here. Have at it, pal.

Basic cyber-hygiene techniques would cut down on more than 80 percent of cyber attacks and cyber thefts, according to Herbert Lin, senior research scholar for cyber policy and security at Stanford University’s Hoover Institution. It will benefit us to learn a few.

There is a great deal of white-hat(ethical hacking) work that can be done to defend America in this realm, and most of it has to do with how careful we are.

We repeat- It’s all about being careful. This cannot be repeated too often.

Every technique that hackers use, be they DNS attacks against home routers, phishing emails, malware, botnets, or what have you, is ultimately something we can avoid.

In this piece, we’re going to talk about a few common mistakes made by end-users(that means us, the consumer) and how they are exploited by criminals. We’re also going to talk about some of these cyber-hygiene measures and assign them three rules of thumb.

  1. Don’t open strange emails.
  2. Don’t click on strange links.
  3. Don’t accept chat messages from people you don’t know, particularly on Facebook.

Before we get started, think for a second about all your other social media accounts. Are they just as secure as your Facebook or Twitter? Make sure they are! That’s the first place a hacker will go to collect more data about you. You’re particularly vulnerable to having your account on the ones you don’t often use pried open.

As an aside, this is also why you don’t want to use the same passwords for everything. Passwords are obviously critical, as somebody who’s got them has got all your information at his fingertips. Be careful!!

A great deal of a hacker’s job revolves around getting the passwords of their victims. Their most popular tools are all various ways to apply “spear-phishing” hacks, designed to steal passwords and personal data. The unlucky “phish” who opens one has become a victim and is now open to all kinds of trouble.

There are all kinds of ways to go spear-phishing. A brand new one showed up not long ago when U.S. government agencies recently received letters via snail mail.

They came with CDs inside, and they contained malware, according to cybersecurity researcher Krebs on Security. The infected discs were accompanied by a Chinese-postmarked envelope and a “confusingly-worded” letter.

That is just like what they do on Facebook. Hackers make links that look like YouTube videos and various other innocuous things, and they write you some goofy little messages. They look like some cute little harmless thing. Actually, they’re viruses. And you’re hit.

One example that all readers of this blog will vividly recall took place on March 10, 2016, when the first volley of malicious e-mail messages hit the inboxes of thirty people who were closely associated with the Hillary Clinton campaign. Inside them were links that were actually viruses, like worms on a hook.

Nearly all of them were failures. All but one, actually. But one was enough.

Within nine days, a horrendous amount of critical data had been stolen and passed along to Wikileaks, to be strategically released in a way they figured would hurt us. It did.

Those leaked e-mails, in which Debbie Wasserman-Schultz was seen to be fussing over Bernie’s lack of ability to fill out campaign finance forms correctly, were spun up into a narrative that Bernie(who lost by four million popular votes) had been cheated.

Bernie or Bust bought it, there were riots in the streets of Philadelphia, and a rift was torn in the Democratic Party that still has yet to heal.

All of that was made possible, with just a few phished passwords.

To combat phishing is to make sure everyone knows how common and damaging these attacks can be. Everyone should keep their guard up when checking emails, and they should report any email they find suspicious.

It’s necessary to point out here that Facebook phishing in particular is horrendously easy. They can hack you right through your chat box. We recommend in the strongest possible terms that you put as little of your personal information as possible on Facebook.

They save everything. They’re like a gigantic data collection firm, and they’ll sell your personal information to companies like Cambridge Analytica who will use it to hurt us all.

Why risk it?

Facebook presents about a million added vulnerabilities to all of us that use it. When Edward Snowden was asked what to do to keep your data safe on that platform, his response was, “Delete your account.”

We can’t recommend that, as Facebook gives us access to 2 billion people, but we can recommend this much. If people you don’t know send you strange messages on Facebook, don’t accept them.

Facebook was made to brief congressional aides just last week Tuesday about the newest outbreak of anti-Democratic disinformation, which is already said to be evolving into something more sophisticated. Excerpts from that briefing are shown below.

“We are looking at just some of the malicious material that already may be circulating or will be released before the midterms. It also bears repeating that we know the campaign of Sen. Claire McCaskill (D-Mo.) was targeted.”

Cyber-intelligence experts see this as being major, and with clear reason.

Moving on, it isn’t only Facebook and social media you’ve got to be careful with. Websites too are vulnerable.

Anecdotally, the webmaster of this site has seen hackers from all over the world try to take us down, from Beijing, China to Lviv, Ukraine, from Adelaide, Australia to Beauharnois, Quebec. They use all kinds of tricks, but they’ve never gotten in and they never will.

This is not because I’m a cyber-genius who speaks binary code, but because WordPress is awesome. Sucuri, the plugin that keeps safe all of us Millennial Democrats, is likewise excellent. They care about their clients and they hold the same liberal values sacred that we do.

WordPress users should strongly consider using Sucuri, not least for the reverse IP trace it automatically performs. This has the benefit of letting you know a lot more about who’s trying to hack you. Sometimes it will tell you everything.

Once a flower store owner from Adelaide, Australia tried to hack us. By using a reverse IP trace, Sucuri let us know who she was as soon as she had done so. Then we went to a site called WhatismyIPaddress.com, put it in, and voila.

We were able to get the name of her business by looking at the name of her domain. We then used that to look her up, and jackpot. We found the store’s address, website, and owner. We also found far-right garbage smeared all over her life.

I could put her on blast right here with a screenshot like this one:

My (possibly) Chinese friend, saying hello to me again. Hi, buddy. Change your ways!
My (possibly) Chinese friend, saying hello to me again. Hi, buddy. Change your ways!

Then the hunter would rapidly become the hunted.

Luckily for her, I’m not that mean. But the next guy might be. It’s a dangerous game for newbies (noobs- learn your hacker-ese) to play. It’s easy to run into trouble.

Change your life, would-be hacker flower store owner! Mend your wicked ways, before it’s too late.

Speaking of WordPress, using the two-factor authentication feature they offer as part of their platform is another good idea. This is a highly effective security measure and is available for Facebook, Gmail, WordPress, and many other major platforms.

Using this feature means a second device’s input will be required to access email accounts or websites on new computers, usually by prompting you and sending an SMS code to your phone or whatever. This can prevent scammers from accessing compromised accounts.

In addition to good cyber-hygiene, which amounts to common sense, caution, and our three rules of thumb, there are some tools we can use to make our online experience safer still. You may find this necessary, from time to time.

A VPN, or virtual proxy network service, will allow you to register as being somewhere that you’re nowhere physically near. It allows you to safeguard your IP address. You do not want hackers to have your IP address, as it can be used to hurt you in a bewildering multitude of ways. This is probably the biggest reason to use a VPN.

Guccifer 2.0 recently made a mistake and forgot to turn his VPN on, and we connected him to an IP address connected to Russian intelligence. Now his whole identity is blown because he didn’t use his VPN.

We strongly recommend getting one of these, specifically IVPN. They take protecting their customers super seriously and they are located on the Rock of Gibraltar. That fortress strikes me as a good place to keep anything valuable.

HotspotShield is another good one, and also NordVPN. There’s a lot of them; shop around and find one that’s right for you. We feel it’s worth repeating that they are a very good investment.

Additional tools include TOR(The Onion Router), which offers a former naval encryption system that we can now all use. Tor takes all your internet traffic and routes it through its own network, providing total anonymity.

The DuckDuckGo browser, which Tor employs, is good to know about also. It has a number of different features that keep you safe, including a “Flame” feature that burns up all your cookies in a second. Pretty cool.

We suggest you learn Linux, because it is more secure, and 99% of viruses are designed to attack Microsoft products. 

Russian hackers have been targeting home routers of individual people en masse, using what is called a DNS attack. We suggest you check your home router often, using the website Secure Router.

Secure Router is a great free feature that allows you to check if your router has been compromised with the click of a button. Doing this regularly cannot hurt and takes less than a second.

In closing, it’s important to emphasize that this is an introductory piece, and not meant to be totally comprehensive. These techniques will do a lot to keep you safe, but nothing is a substitute for doing your own research.

So far, this has not been the kind of cyber war imagined in the past, with nations taking out each other’s power grids before a mass invasion, although Russian malware continues to turn up in our power stations.

It’s more like a new type of proxy war. Like it or not, against our will, we have begun a new phase of the Cold War, on digital battlefields where you meet the enemy directly, but behind a screen.

Now, just as then, there is a need for deterrence, to defend the nation and hopefully prevent a further escalation of tensions. There is more at stake than we can even put into words. We need to be ready.

There are bigger dangers here than the usual America vs. Russia, liberal world order vs the new world order that the extremist crazies keep screaming that they want kind of thing. This is different completely.

One superpower actively destroying the democratic process of another is new and very dangerous, especially since Russian destability tactics rely heavily on disinformation and a systematic devaluing of the truth.

If nothing is true, everything is permissible. And then our entire species starts down the road to guns and roving mobs.

Disinformation and a post-truth reality are unacceptable, and so is Russian interference into our election, regardless of how many Fox News devotees will slobberingly say otherwise.

We have only got one party ready to defend our democracy from the foreign agitators’ who are trying to destroy it, and that is the Democratic Party. Accept no substitutes.

Due diligence is the key. Hackers will look for things you might be neglecting. Get in some good habits and keep yourself alert, because it all comes down to one thing.

If you are politically active as a Democrat, you are not paranoid. You are a target. Defend yourself.

Advertisements

FCC Democrats Call For Help- Making a Stand for Net Neutrality.

Focus On Internet Freedom

A Democratic member of the Federal Communications Commission (FCC) has called on us for help. We will answer the call. Now is the time for the millennial generation to rise.

Democrat Jessica Rosenworcel wrote in the Los Angeles Times on Wednesday that Americans must resist the agency’s plans to end net neutrality rules adopted under the Obama administration, calling the FCC’s plan “lousy”.

She urged Americans to make their voices heard before a Dec. 14 vote. Here is a link providing the information you need to contact your local reps to make your voices heard. It’s called BattleForTheNet.com. 5Calls.org is another good place you can go to help coordinate your voice with ours. That’s how we come together and make a big noise; which is to say, that is how we caucus.

“They have proposed to end net neutrality , and they are trying to force a vote on their plan on Dec. 14,” Rosenworcel writes. “It’s a lousy idea. And it deserves a heated response from the millions of Americans who work and create online every day.”

It’s been getting a heated response from Russian citizens, anyway.

Hundreds of thousands of comments in favour of this policy have come from Russian trolls. The FCC stymied the investigation into them. 

The Federal Communications Commission order will throw out almost all of the regulations set in place by the Obama administration.

FCC chair Ajit Pai said in a statement Tuesday that “the FCC would simply require internet service providers to be transparent about their practices so that consumers can buy the service plan that’s best for them and entrepreneurs and other small businesses can have the technical information they need to innovate.”

What all that slick talk means, is that they want the legal right to squeeze your ISP for information about you and about what you are doing.

The FCC’s two Democratic members blasted the proposal as being a greedy and invasive policy, but the GOP has a majority on the commission. Barring a last-minute change of heart by one of the three Republican commissioners, the order will likely be approved during the agency’s next open meeting on December 14.

Internet freedoms have been at risk since the day of the Internet’s creation. And authoritarian practices have slowly crept into American cyberspace from authoritarian states.

In opposition to our dearly-held liberal beliefs about Internet freedom and independence, Chinese President Xi Jinping has stressed the importance of what he calls “Internet Sovereignty”.

Vladimir Putin has taken this idea one step further by calling the Internet a “CIA project.

The free world once thought it would use economic and social ties to gradually liberalize authoritarian states. But the authoritarian states have abused this access and designed a web of economic interdependency through which to spread their corruption and repression at home and abroad. Instead of accepting our proffered hand up, they have used it to pull us down into the muck with them.

Even now, Russian hackers are trying to influence the fight over net neutrality, and according to New York Attorney General Eric Schneiderman, the federal government is not cooperating with investigations into the fraud. While Trump is in office, the apparatus of law will not be on our side.

Things have reached a point where our intelligence services are telling Israel and other trusted allies not to share information with Trump’s White House. It is safe to assume that applies to us as well.

It is, therefore, the recommendation of Millennial Democrats that we should all be ready to protect ourselves. We can’t risk losing our networks and our teammates every time Facebook or Twitter deletes one of our accounts. We cannot let them have all the power.

If things take much more of a turn for the worse, history indicates those of us who are stalwart members of the resistance are in for a very bad time.

For anyone who might be thinking that sounds drastic, keep in mind that public and private libraries around the United States have pledged to destroy user data on their computers, as well as backing up system data abroad.

The American Library Association has realized the danger. It made a statement on November 18 of last year that it would “work with President-elect Trump” and his transition team. Now the association has apologized, saying, “We understand that content from these press releases, including the 11/18/16 release that was posted in error, was interpreted as capitulating to and normalizing the incoming administration.” They realize now that is impossible.

At the Graduate Center at the City University of New York, librarians have begun purging interlibrary loan records. Guilt by association with controversial books has a very dark history. The McCarthy years are back. But this time they’re claiming that Russia is a buddy.

This is going to cost a tremendous amount of time and money for them. It’s the most serious decision they could make.

Clearly, they are taking this threat very seriously. There is every reason for us to take heed of their example.

The bottom line is this- If you’re against Trump, and you don’t intend to shut up about it, then it’s best to do everything in your power to keep them from knocking you offline and silencing you.

That is their goal, and they will cheat all they can to achieve it. Hundreds of unjust Facebook sentences suffered by loyal Democratic activists testify to that as this is written. Anonymity is your friend.

There are a number of important ways how we can keep ourselves safe and independent, and we’re going to make some specific recommendations.

First and foremost, we will be developing a cursory familiarity with the two most basic ways to stay anonymous online. These are known as the virtual private network, or VPN, and the Onion(Tor) Browser.

A Virtual Private Network, or VPN for short, is a secure network connection through which you can safely connect your device to public networks, or create a secure channel for remote access control between computers.

TorProject.org gives the definition of the Tor Browser project as being “free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.”

The best solution is to use VPN and Tor in conjunction.

Just log on through your VPN, and then do your stuff through Tor. It isn’t perfect, but it’s a whole lot better than nothing. As for chat, we have a first class(and free) encrypted chat program available to us in the app known as  Telegram.

We also recommend that you gain at least a cursory familiarity with open-source Linux distributions such as Ubuntu. It’s free, its programs are free, and 99% of malware programs are written to target Microsoft system files.

For protection against malware we recommend(other than switching to Linux altogether) Bitdefender Antivirus Plus 2017, which has consistently outperformed its competitors year after year.

Remember NOT to use Kaspersky’s antivirus, or anything Russian, under any circumstances.

The New York Times reported that Israel hacked Kaspersky and caught Russia using it to search for NSA exploits and other U.S. government classified programs. That’s how they got a copy of the Stuxnet virus.

The FBI has been warning us that we’re in huge danger of having our next elections hacked again, but too many Americans are still far from focused. We have our work cut out for us raising awareness.

Any dirt the Russians get their hands on will be accessible to Trump, which is bad news for his adversaries. The 200 protestors arrested on Trump’s Inauguration Day this year are facing sixty years in prison apiece for minor acts of vandalism last year. The message sent by that reads loud and clear. Things have busted loose all over God’s creation. You don’t want them poring over your records.

The cause of freedom and the threat of tyranny are locked in an ongoing, existential struggle. To the ones who would set up shop as tyrants, the Internet and the free flow of information it engenders is viewed as both a threat and an opportunity. There will always be many internal and external forces, seeking to challenge our security in the information realm.

Going forward, the goal is no less lofty than ensuring we will not be silenced.

The German poet Heinrich Heine, a man deeply reviled by the Nazis, warned us shortly before the Holocaust, “Where books are burned, in the end people are also burned.” We should keep in mind going forward, that if they wanted to do a book burning these days, they wouldn’t even need fire. They could just delete them.

To delete our work is to delete our thoughts and our voices as well.

We will not sit by and be quietly deleted.

%d bloggers like this:
Skip to toolbar