The US has suffered a massive cyberbreach. It’s hard to overstate how bad it is | Bruce Schneier/The Guardian

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but that’s wrong on two accounts. It wasn’t a cyber-attack in international relations terms, it was espionage. And the victim wasn’t just the US, it was the entire world. But it was massive, and it is dangerous.Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isn’t at all targeted, the entire world is at risk – and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack. Here’s what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR – previously known as the KGB – hacked into SolarWinds and slipped a backdoor into an Orion software update. (We don’t know how, but last year the company’s update server was protected by the password “solarwinds123” – something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks. This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself – and can affect all of a supplier’s customers. It’s an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone. SolarWinds has removed its customers list from its website, but the Internet Archive saved it: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges. In an SEC filing, SolarWinds said that it believes “fewer than 18,000” of those customers installed this malicious update, another way of saying that more than 17,000 did.

Full Articl: The US has suffered a massive cyberbreach. It’s hard to overstate how bad it is | Technology | The Guardian

National: Inside Trump’s pressure campaign to overturn the election | Anita Kumar and Gabby Orr/Politico

It started with a phone call. In mid-November, President Donald Trump rang Monica Palmer, the Republican chair of an obscure board in Michigan that had just declared Joe Biden winner of the state’s most populous county. Within 24 hours, Palmer announced she wanted to “rescind” her vote. Her reasoning mirrored Trump’s public and private rants: The Nov. 3 election may have been rife with fraud. “The Wayne County election had serious process flaws which deserve investigation,” she wrote in an affidavit. “I continue to ask for information to assure Wayne County voters that these elections were conducted fairly and accurately.” The reversal came too late — the results were already confirmed. But Trump was just getting started. Over the next month, the president would conduct a sweeping campaign to personally cajole Republican Party leaders across the country to reject the will of the voters and hand him the election. In his appeals, he used specious and false claims of widespread voter fraud, leaning on baseless allegations that corrupt Democrats had conspired at every level to steal a presidential election. In total, the president talked to at least 31 Republicans, encompassing mostly local and state officials from four critical battleground states he lost — Michigan, Arizona, Georgia and Pennsylvania. The contacts included at least 12 personal phone calls to 11 individuals, and at least four White House meetings with 20 Republican state lawmakers, party leaders and attorneys general, all people he hoped to win over to his side. Trump also spoke by phone about his efforts with numerous House Republicans and at least three current or incoming Senate Republicans.

Full Article: Inside Trump’s pressure campaign to overturn the election – POLITICO

National: Dominion Voting Systems Employee Sues Trump Campaign | Amanda Pampuro/Couthouse News

A man caught in the center of 2020 election fraud conspiracy theories — who says ongoing threats and harassment have driven him into hiding — accused the Trump campaign in a lawsuit filed in Denver on Tuesday of defamation and inflicting emotional distress. The 52-page lawsuit claims Trump’s campaign team and attorneys Rudy Giuliani and Sidney Powell grabbed onto an unsubstantiated narrative and led a social media army against Eric Coomer, an employee of Dominion Voting Systems. The lawsuit also names as defendants Trump supporter Joseph Oltmann, One America News Network correspondent Chanel Rion, Newsmax and other individuals and organizations. “The widespread dissemination of false conspiracy theories about the 2020 presidential election has had devastating consequences both for me personally and for many of the thousands of American election workers and officials, both Republican and Democratic, who put aside their political beliefs to run free, fair, and transparent elections,” Coomer said in a statement. “Elections are not about politics; they are about accurately tabulating legally cast votes,” Coomer said. Following his loss for reelection, President Donald Trump was quick to blame the election system as his campaign team scoured the country for examples of voter fraud. The Trump campaign has pursued and lost lawsuits in Pennsylvania, Wisconsin, and many others in efforts to overturn the results.

Full Article: Dominion Voting Systems Employee Sues Trump Campaign