DOJ's Colonial Pipeline presser appears ready to start.
Lisa Monaco: "The Department of Justice is announcing a significant development in the ransomware attack on the Colonial Pipeline."
Monaco: "The sophisticated use of technology to hold businesses, and even whole cities hostage for profit is decidedly a 21st century, challenge, but the old adage, follow the money still applies. And that's exactly what we do."
I had a thread yesterday about why banning payment of ransomware is not an easy solution to the problem
Just to go through some of the other policy options that are worth considering or combining into a comprehensive package:
One idea is to impose know-your-customer laws and mandatory intervention with warrants on cryptocurrencies sold on legitimate exchanges.
It would help recover funds and impose an extreme cost on criminals trying to stay anonymous.
Speculators would super hate it.
There are international diplomacy angles - increasing cooperation between the United States and traditional havens for ransomware gangs. Obviously, this would be incomplete without Russia and could escalate to sanctions.
With respect to Chris Vickery and other people who've made this suggestion, it's not that easy.
Illegalizing ransoms is actually something with historic precedent. It's shown success against kidnappings in the past
But here's the thing...
In either case, countries find it extreme to penalize victims being coerced. Many will still pay - just illegally - which means they won't disclose to law enforcement, regulators or customers. And there are situations, like hospitals, where you may actually want people to pay.
CISA leadership will be testifying before the House Appropriations Committee's Homeland Subcommittee in about an hour about "Modernizing the Federal Civilian Approach to Cybersecurity."
I'll be live-tweeting it. 🧵
Interesting notes to consider in advance.
- Brandon Wales will testify as Acting Director.
While the Biden administration has discussed a task force in the wake of Hafnium, there's no confirmed CISA director, someone you'd expect on the task force.
Eagle-eyed readers will notice I've deleted and reposted that tweet twice after misspelling "Interesting" in two different ways.
The interesting thing about gaffs is not that they happen.
They happen to everyone. Today, I forgot the word acronym. What's interesting is how the ones that stick are ones that confirm what people already suspect about the person who said them.
That's not to say legitimately not knowing something important isn't a problem. But if you give 4 hours of speeches a day, you're going to trip over words.
Yet no one honestly thought Obama didn't know how many states there were when he said he visited 53 of them.
Trump was unique in that regard: To the best of my knowledge, he is the only president to claim the facts change to justify a gaffe. Saying "covfefe" was intentional, altering weather maps to show Alabama would be hit by Hurricane Dorian, claiming he said "Tim from Apple".
By the end of the first season, over the course of several investigations, the FBI had hacked into Boston's transportation system, an online casino that was cooperating with the investigation and the camera on a teenage girl's home computer.
Where will they CSI:CYBER next?
Interesting notes from the intro to episode 1:
-Peter McNichol (Ghostbusters 2) has been replaced by Ted Danson.
-They've taken out the part where someone whispers "It can happen to you."
Here's the relevant passage:
To me, unless I'm missing an important word somewhere, it says they were reviewing to see if they were impacted, and Microsoft said their inexistent Office 365 email was attacked by *someone.* But not APT 29, per say.
Important note one: Campaigns aren't election infrastructure. So, when DHS said they weren't seeing attacks against election infrastructure (i.e. voting machines, poll books, etc) this doesn't contradict that.
Important note two: We don't know what the intent was behind attempted hacking. So, while the obvious thoughts will turn to hack and leak sabotage, like in 2016...
Most of the time, these groups are just trying to get boring intelligence from people in the know.
I've got two questions about the Woodward book that may not seem serious, but actually kind of are:
Why are books?
What if this thing that everyone says was a secret was actually not a secret?
By the first question I mean two things: Why would it ever be good to print a new idea later as a book rather than print immediately in a newspaper? Also, why does the incentive structure favor waiting for books?
By the second one I mean this: Trump actually said the thing we're angry about Woodward saving for his book at a press conference in April. But even without it - it wasn't a secret the advice Trump was extending was not based in science. And it was impossible he didn't know that.
Donald Trump joins Hitler, Stalin, Oprah and Castro as Nobel Peace Prize Nominees. It's an award where it isn't an honor to be nominated.
Any national government official and professors in law, polisci, history and theology can nominate. In 2005, 199 people were nominated.
318 Nominees in 2020.
None of this, as I said in the comments, reflects badly on his accomplishments - obviously, some really great people get nominated for the Nobel Peace Prize too. But being nominated for the Nobel Peace Prize isn't an exclusive group. It's not like being nominated for an Oscar.