“The actual and perceived control...could easily be used to undermine public and consumer trust in data, written communications and services. In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people.”
“According to SolarWinds SEC filings, the malware was on the software from March to June. The number of orgs. that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.”
Russia “will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets...gained what experts call ‘persistent access,’ meaning the ability to infiltrate and control networks...that is hard to detect or remove.”
• • •
Missing some Tweet in this thread? You can try to
force a refresh
But I disagree with some of his analysis, which conflates espionage with far more malicious cyber operations. Vital distinctions in thinking about reciprocity and deterrence in cyberspace.
a) It's wrong to suggest this hack is like an act of war.
b) It's wrong to suggest USG could lawfully use military force in response.
c) Public officials/commentators should react with awareness that USG hacks foreign govts' networks on a huge scale.
3. On reciprocity: Jack argues that USG's aggressive disruption of Russia’s Internet Research Agency (IRA) in 2018 opens door to other countries' engaging in similar disruptive actions against US for espionage.👇
But that erroneously conflates IRA’s actions with espionage.
2. News via @Militarydotcom: "At least eight former service members and Blackwater security guards convicted of war crimes have filed petitions seeking pardons...including a former Army staff sergeant [Robert Bales] who pleaded guilty to killing 16 Afghan men, women and children"
I'm thankful to work with professionals at @just_security who have such excellence in judgment, analysis, and intellect and who also happen to be wonderful people:
"The President-elect should submit...the names of candidates for high level national security positions...AS SOON AS POSSIBLE after the date of the general elections"
3. "On Friday, the State Bureau of Elections submitted its formal report recommending that the canvassing board affirm Mr. Biden’s win. Errors in some vote tabulations, which Mr. Trump has seized upon, ... 'did not affect the actual tabulation of votes.'” nytimes.com/2020/11/21/us/…