Accountant for the US, UN and giant Corporations, Deloitt seriously hacked

Yet another hacking story. It’s pretty clear that the bad guys are winning and the “good guys” are clueless and busy covering their asses.

The hack into the accountancy giant Deloitte compromised a server that contained the emails of an estimated 350 clients, including four US government departments, the United Nations and some of the world’s biggest multinationals, the Guardian has been told.

Sources with knowledge of the hack say the incident was potentially more widespread than Deloitte has been prepared to acknowledge and that the company cannot be 100% sure what was taken.

Deloitte said it believed the hack had only “impacted” six clients, and that it was confident it knew where the hackers had been. It said it believed the attack on its systems, which began a year ago, was now over.

However, sources who have spoken to the Guardian, on condition of anonymity, said the company red-flagged, and has been reviewing, a cache of emails and attachments that may have been compromised from a host of other entities.

The Guardian has established that a host of clients had material that was made vulnerable by the hack, including:

  • The US departments of state, energy, homeland security, and defense.
  • The US Postal Service.
  • The National Institutes of Health.
  • “Fannie Mae” and “Freddie Mac”, the housing giants that fund and guarantee mortgages in the US.

Football’s world governing body, Fifa, had emails in the server that was breached, along with four global banks, three airlines, two multinational car manufacturers, energy giants and big pharmaceutical companies.

The Guardian has been given the names of more than 30 blue-chip businesses whose data was vulnerable to attack, with sources saying the list “is far from exhaustive”.

Deloitte did not deny any of these clients had information in the system that was the target of the hack, but it said none of the companies or government departments had been “impacted”. It said, “the number of email messages targeted by the attacker was a small fraction of those stored on the platform”.

This assurance has been contested by sources that spoke to the Guardian. They said Deloitte’s public position belied concern within the company about exactly what had happened and why.

The Guardian first revealed the existence of the hack on 25 September.

Since then, the Guardian has been provided with further details of the attack, which seems to have started in autumn last year at a time Deloitte was migrating and updating its email from an in-house system to Microsoft’s cloud-based Office 365 service.

The work was being undertaken at Deloitte’s Hermitage office in Nashville, Tennessee.

The hackers got into the system using an administrator’s account that, theoretically, gave them access to the entire email database, which included Deloitte’s US staff and their correspondence with clients.

Deloitte realized it had a substantial problem in spring this year, when it retained the Washington-based law firm, Hogan Lovells, on “special assignment” to review and advise about what it called “a possible cybersecurity incident”.

In addition to emails, the Guardian understands the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information.

It is also thought that some emails had attachments with sensitive security and design details.

Deloitte has insisted its internal inquiry, codenamed Windham, found that only six clients had information that had been compromised. The review had also been able to establish “precisely what information was at risk”, the company said.

However, that analysis has been contested by informed sources that have spoken to the Guardian. They say the investigation has not been able to establish definitively when the hackers got in and where they went; nor can they be completely sure that the electronic trail they left is complete.

“The hackers had free rein in the network for a long time and nobody knows the amount of the data taken,” said one source.

“A large amount of data was extracted, not the small amount reported. The hacker accessed the entire email database.”

Another source added: “There is an ongoing effort to determine the damage. There is a team looking at records that have been tagged for further analysis. It is all deeply embarrassing.”

The Guardian has been told Deloitte did not at the time have multi-factor authentication as standard on the server that was breached. A cybersecurity specialist told the Guardian this was “astonishing”.

The expert said the migration to the new email system would have “utterly complicated the kind of forensic investigation required to see what had happened”.

“A hacker has got into Deloitte’s email system and been undetected for months, and only six clients have been compromised? That does not sound right. If the hackers had been in there that long, they would have covered their tracks.”

When the Guardian put all these points to Deloitte, it declined to answer specific questions, but a spokesman said: “We dispute in the strongest terms that Deloitte is ‘downplaying’ the breach. We take any attack on our systems very seriously.

“We are confident that we know what information was targeted and what the hacker actually did. Very few clients were impacted, although we want to stress that even when one client is impacted, that is one client too many.

“We have concluded that the attacker is no longer in Deloitte’s systems and haven’t seen any signs of any subsequent activities.

“Our review determined what the hacker actually did. The attacker accessed data from an email platform. The review of that platform is complete.”

In recent months, Deloitte has introduced multi-factor authentication and encryption software to try to stop further hacks.

Dmitri Sirota, co-founder and CEO of the cybersecurity firm BigID, warned that many companies had failed to use such methods because they were inconvenient and complex.

“Privileged accounts are like keys that unlock everything, from the castle to the treasury. They provide unfettered access to all systems, which is why they are so valuable.

“Organizations are monitoring databases, not the data in it. It’s hard to detect changes, prevent incidents or compare your data to notice breached information unless you have an inventory of what you have.”

Advertisements

Stonewalling and Follow the money $$$

Follow the money $$$

A month before Donald Trump clinched the Republican nomination, one of his closest allies in Congress — House Majority Leader Kevin McCarthy — made a politically explosive assertion in a private conversation on Capitol Hill with his fellow GOP leaders: that Trump could be the beneficiary of payments from Russian President Vladimir Putin.

“There’s two people I think Putin pays: Rohrabacher and Trump,” McCarthy (R-Calif.) said, according to a recording of the June 15, 2016, exchange, which was listened to and verified by The Washington Post. Rep. Dana Rohrabacher is a Californian Republican known in Congress as a fervent defender of Putin and Russia.

House Speaker Paul D. Ryan (R-Wis.) immediately interjected, stopping the conversation from further exploring McCarthy’s assertion, and swore the Republicans present to secrecy.

House Majority Leader Kevin McCarthy has a history of accidental truth telling, like when he revealed the Benghazi hearings were designed to take down Hillary Clinton  

https://www.washingtonpost.com/opinions/kevin-mccarthys-truthful-gaffe/2015/09/30/f12a9fac-67a8-11e5-8325-a42b5a459b1e_story.html?utm_term=.a6a68a940692

The Washington Post has a great interactive chart on Trump & Russian connections, see it here:

https://www.washingtonpost.com/graphics/national/trump-russia/?utm_term=.55288fbf2ced

 

Stonewalling

Former national security advisor Michael Flynn is not cooperating with the Senate Intelligence Committee’s investigation into Russian election interference, Chairman Richard Burr (R-N.C.) said Thursday.

Burr initially said Flynn was not complying with a subpoena issued by the committee before quickly walking back his remarks to reporters.

While Flynn “is not cooperating” so far, Burr said, he hasn’t gotten a “definitive” answer from Flynn’s lawyers.

“I may have been premature,” Burr said. “There may be a day or two left.”

Flynn’s lawyer did not immediately respond to a request for comment or confirmation.

The demand is for documents related to the committee’s investigation into Russian interference in the presidential election.

Flynn — the former intelligence officer who was fired in February for misleading Vice President Pence and other White House officials about the contents of a December phone call with Russian ambassador Sergey Kislyak — has been under scrutiny for accepting payments from Russia and Turkey and allegedly misleading the government about them.

Flynn had previously offered to testify before the Senate and House intelligence committees — which are both investigating Russian interference in the election — in exchange for immunity, but it does not appear that either committee has accepted the offer.

In April, the committee sent a series of requests to several former Trump associates asking for records on any dealings with Russians — a request Flynn’s lawyers declined to cooperate with through counsel, sparking the subpoena.

Trump’s former foreign policy advisor Carter Page, informal adviser Roger Stone and former campaign chairman Paul Manafort were also asked to provide documents. As of last week, the committee had received two responses, according to Burr. One of these, Page, is publicly known. Burr declined to reveal the second.

The letters asked for the men to list any meetings they might have had with Russian officials between June 16, 2015 — the day Trump formally launched his campaign — and Trump’s inauguration on Jan. 20, as well as records of any communications during the period.

The senators also want details on any financial assets or real estate holding tied to Russia, and a broader list of meetings between any Trump campaign aides and Russians.

In December 2015, Flynn was paid $45,000 to speak at an event hosted in Moscow by the Kremlin-backed network RT, during which he was seated with Russian President Vladimir Putin. He also received payments for additional speeches to Russian firms Kaspersky and Volga Dnepr.

As a retired military officer, Flynn is prohibited under the emoluments clause of the Constitution from accepting payment from a foreign government without advance permission from both the secretary of State and the secretary of the Army.

According to documents released by House Oversight Committee ranking member Elijah Cummings (D-Md.), Flynn did not disclose the RT payment when he applied to renew his security clearance in January 2016, just a month after he traveled to Moscow.

Flynn’s lawyer has claimed that he briefed the Defense Intelligence Agency “extensively” both before and after the 2015 trip.

The supposedly “very religious” rightwing Vice-President Pence is a liar

“Hearing that story today was the first I’d heard of it,” Pence said on Fox News Thursday, adding that he “fully support[s] the decision that President Trump made to ask for General Flynn’s resignation.”

“Recent news reports have revealed that Lt. Gen. Flynn was receiving classified briefings during the presidential campaign while his consulting firm, Flynn Intel Group, Inc., was being paid to lobby the U.S. Government on behalf of a foreign government’s interests,” Rep. Elijah Cummings, D-Md., wrote.

“Lt. Gen. Flynn’s General Counsel and Principal, Robert Kelley, confirmed that they were hired by a foreign company to lobby for Turkish interests…….When asked whether the firm had been hired because of Lt. Gen. Flynn’s close ties to President-elect Trump, Mr. Kelley responded, “I hope so,'”

Flynn Intel Group, Inc., received $500,000 for four months of work from Turkish businessman Ekim Alptekin. Flynn was hired to lobby the U.S. to extradite Turkish cleric Fetullah Gulen, whose been accused of planning the attempted coup against Erdogan last year.

Rachel Maddow calls BS on Pence claim he never knew about Flynn’s Turkish contract

MSNBC host Rachel Maddow continued her investigations into President Donald Trump’s complicated ties to foreign governments. Tonight’s installment was about the tangled web of retired Gen. Michael Flynn’s connections to Russia and now Turkey.

In an interview with Bret Baier on Fox News, Vice President Mike Pence said that the story about Flynn and Turkey was “hearing that story today is the first [he’s] hearing of it.”

Maddow noted that Baier didn’t ask Pence when he heard about Flynn. Yet, twice when asked about the topic, Pence went out of his way to state that it was “the first time he’d heard about it”.

“That cannot be true,” Maddow said bluntly. “It is impossible this is the first Mike Pence has heard of it. Mike Pence was the head of the [Trump] transition, while all of those news stories of Mike Flynn being on the Turkish government’s payroll were breaking. He was the head of the transition when Mike Flynn was being vetted for the National Security Advisor job. He was the head of the transition when Congress formally notified the head of the transition that Mike Flynn appears to be on a foreign government’s payroll. He was the head of the transition when Mike Flynn’s personal lawyers came and told the transition that Mike Flynn maybe needed to register as a foreign agent.”

However, Pence now claims that he’s only now hearing about the information. Maddow called it absolute bunk.

“It’s something to pick someone manifestly unfit for the job of National Security Advisor to be National Security Advisor, that’s one thing,” she continued. “It is another thing when you bring somebody on board to a top national security position while they’re also on the payroll of a foreign government! And you either don’t notice or you don’t care.”

Maddow noted that Flynn sat in on the president’s daily intelligence briefings and that he had top national security clearance while getting paid by Turkey. She said that it was a “third level of scandal,” however, when someone like Pence begins to make utterly implausible denials that he knew anything about it.

Watch the commentary below:  https://youtu.be/4v4GjPPefAU

From Raw Story and Newsmax

Why the hell are the Clintons going and helping to legitimize this fraud

Tell Democrats in Congress: Skip the inauguration of hate.

trump-u

A racist, fascist bigot will take the oath of office as the 45th President of the United States on Jan. 20. Politicians who attend Donald Trump’s inauguration will be legitimizing and normalizing his platform of misogyny, racism and xenophobia.

Public resistance to Trump’s inauguration is growing. Many celebrity performers, the Rockettes, public high school marching bands and even the Mormon Tabernacle Choir have stood up to Trump’s hateful agenda by refusing to perform at the inauguration.

Trump is unfit to serve as our president and commander in chief: He’s a racist who has already installed a white supremacist in one of the top positions in his White House, a misogynist who has bragged about sexual assault, and a bigot who plans to deport, surveille and harass millions of people because of their religion and skin color. We cannot let Democrats and the elite political establishment in Washington pretend Trump’s inauguration is business as usual.

Democrats have a choice: They can either champion progressive values, join the public resistance against Trump’s hate and refuse to attend the inauguration, or they can attend the inauguration, normalize Trump’s bigotry and stand idly by while he sets his dangerous agenda in motion. This is not the time for compromise or decorum. Trump is appointing a leadership team whose values align with his dangerous promises. His pick for attorney general was deemed too racist for a federal judgeship by members of his own party. His future national security adviser traffics in anti-Muslim bigotry. His nominee for treasury secretary is a Goldman Sachs executive, and his transition team is loaded with corporate lobbyists. At least three of his cabinet picks have been accused of domestic violence.1

Members of his crony cabinet are already making plans to destroy Medicare and attack Social Security. And in the first 100 days of his administration, Trump plans to deport millions of immigrants, roll back environmental protections, empower states to escalate attacks on reproductive healthcare and more.2 A true progressive response to the Trump administration will unconditionally resist his bigoted and racist policies without compromise.

Sign the petition here:   https://act.credoaction.com/sign/dems_inauguration?t=1&akid=21141.5506193.ishG1W

So far, Democrats Rep. Luis Gutierrez, Rep. Katherine Clark and Rep. Jared Huffman, have courageously stepped forward and pledged not to legitimize Trump’s bigotry and hate by attending the inauguration.3 We believe other progressive champions in Congress should follow their lead.

Huffman on Trump:

‘I will not sit passively and politely applaud’

By U.S. Rep. Jared Huffman

I have struggled with the issue of whether to attend the Presidential Inauguration on January 20th and here is my decision.

Ordinarily, on Inauguration Day I would take my place above the west steps of the Capitol and join colleagues and dignitaries in honoring a great and solemn American tradition: the peaceful transfer of power which must always transcend partisan differences.

Ordinarily, I would do that without hesitation for any President, regardless of their politics or personality, as a show of respect for the institution and the will of the voters — and as a gesture of goodwill to foster reconciliation and collaboration as we put the election behind us and prepare to work with the new administration.

However, there is nothing ordinary about this inauguration or the man that will be swornin as our next President. I do accept the election results and support the peaceful transfer of power, but it is abundantly clear to me that with Donald Trump as our President, the United States is entering a dark and very dangerous political chapter. I will do everything I can to limit the damage and the duration of this chapter, and I believe we can get through it. But I will not sit passively and politely applaud as it begins.

As much as we all hope for the best, we should be cleareyed about the warning signs of exactly who Donald Trump is and what he will attempt to do as our President. We know, or at least should know, what is coming. The question is, what to do about it?

I believe the antidote to Donald Trump is kindness, thoughtfulness, tolerance and inclusion — and the way to defeat his dark political agenda is not to sit around complaining and criticizing; it is through active citizenship, principled resistance and positive counteraction.

Toward that end, I’ll be spending Inauguration Day here in my district doing positive things. I invite you to join me. I will announce my specific plans and agenda in a few days, including some volunteer activities that you can participate in if you wish. Stay tuned for the details, and thanks for reading all the way to the end of this long Facebook post! Congressman Huffman’s offices can be contacted by phone at 202-225-5161 or 707407-3585.

https://www.facebook.com/search/top/?q=congressman%20jared%20huffman

trump-chron