The administration disbanded an FBI task force investigating foreign influence campaigns, and cut several Cybersecurity and Infrastructure Agency staff.

NEW YORK (AP) — When a suspicious video of ballots being ripped up in Pennsylvania gained attention on social media last October, federal agencies responded quickly and called it out as Russian disinformation.

On Election Day in November, bomb threats to polling places in numerous states caused relatively few disruptions to voting. It’s one of the many scenarios covered by the nation’s cybersecurity agency in its outreach to state and local officials.

John Nichols at The Nation:

Donald Trump has made no secret of his determination to govern as a “dictator” if he regains the presidency, and that’s got his critics warning that his reelection would spell the end of democracy. But Trump and his allies are too smart to go full Kim Jong Un. Rather, the former president’s enthusiasm for the authoritarian regimes of Russia’s Vladimir Putin, Turkey’s Tayyip Erdoğan, and Hungary’s Viktor Orbán suggests the models he would build on: managing elections to benefit himself and his Republican allies; gutting public broadcasting and constraining press freedom; and undermining civil society. Trump, who famously demanded that the results of Georgia’s 2020 presidential voting be “recalculated” to give him a win, wants the trappings of democracy without the reality of electoral consequences. That’s what propaganda experts Edward Herman and Frank Brodhead once described as “demonstration elections,” in which, instead of actual contests, wins are assured for the authoritarians who control the machinery of democracy. The outline for such a scenario emerges from a thorough reading of Project 2025’s Mandate for Leadership, which specifically proposes a Trump-friendly recalculation of the systems that sustain American democracy. The strategy for establishing an American version of Orbán’s “illiberal democracy” is not spelled out in any particular chapter of Mandate. Rather, it is woven throughout the whole of the document, with key elements appearing in the chapters on reworking the Department of Homeland Security (DHS), the Federal Communications Commission (FCC), and the Federal Election Commission (FEC). In the section on the DHS, for instance, there’s a plan to eliminate the ability of the agency that monitors election security to prevent the spread of disinformation about voting and vote counting.

How serious a threat to democracy would that pose? Think back to November 2020, when Trump was developing his Big Lie about the election he’d just lost. Trump’s false assertion that the election had been characterized by “massive improprieties and fraud” was tripped up by Chris Krebs, who served as director of the Cybersecurity and Infrastructure Security Agency (CISA) in the DHS. The Republican appointee and his team had established a 24/7 “war room” to work with officials across the country to monitor threats to the security and integrity of the election. The operation was so meticulous that Krebs could boldly announce after the voting was finished: “America, we have confidence in the security of your vote, you should, too.” At the same time, his coordinating team declared, “The November 3rd election was the most secure in American history.” This infuriated Trump, who immediately fired the nation’s top election security official.

In Mandate’s chapter on the DHS, Ken Cuccinelli writes, “Of the utmost urgency is immediately ending CISA’s counter-mis/disinformation efforts. The federal government cannot be the arbiter of truth.” Cuccinelli previously complained that CISA “is a DHS component that the Left has weaponized to censor speech and affect elections.” As for the team that worked so successfully with Krebs to secure the 2020 election, the Project 2025 document declares that “the entirety of the CISA Cybersecurity Advisory Committee should be dismissed on Day One.” The potential impact? “It’s a way of emasculating the agency—that is, it prevents it from doing its job,” says Herb Lin, a cyber-policy and security scholar at Stanford’s Center for International Security and Cooperation.

This is just one way that Project 2025’s cabal of “experts” is scheming to thwart honest discourse about elections and democracy. A chapter on public broadcasting proposes to defund the Corporation for Public Broadcasting as part of a larger plan to upend NPR, PBS, and “other public broadcasters that benefit from CPB funding, including the even-further-to-the Left Pacifica Radio and American Public Media.” More destabilizing than the total funding cut that Project 2025 entertains is a parallel plan to end the status of NPR and Pacifica radio stations as “noncommercial education stations.” That could deny them their current channel numbers at the low end of the radio spectrum (88 to 92 FM)—a move that would open prime territory on the dial for the sort of religious programming that already claims roughly 42 percent of the airwaves that the FCC reserves for noncommercial broadcasting. And don’t imagine that the FCC would be in a position to write new rules that guard against the surrender of those airwaves to the Trump-aligned religious right.

[...]

While project 2025 seeks to rewire the FCC to favor Trump’s allies, it also wants to lock in dysfunction at the Federal Election Commission, the agency that is supposed to govern campaign spending and fundraising. Established 50 years ago, the FEC has six members—three Republicans and three Democrats—who are charged with overseeing the integrity of federal election campaigns. In recent years, however, this even partisan divide has robbed the FEC of its ability to act because, as a group of former FEC employees working with the Campaign Legal Center explained, “three Commissioners of the same party, acting in concert, can leave the agency in a state of deadlock.” As the spending by outside groups on elections “has exponentially increased, foreign nationals and governments have willfully manipulated our elections, and coordination between super PACs and candidates has become commonplace,” the former employees noted. Yet “the FEC [has] deadlocked on enforcement matters more often than not, frequently refusing to even investigate alleged violations despite overwhelming publicly available information supporting them.”

John Nichols wrote in The Nation about how Project 2025’s radical right-wing wishlist of items contains plans to wreck and subvert what is left of America’s democracy.

See Also:

The Nation: June 2024 Issue

Public Urged to Use Encryption for Mobile Phone Messaging and Calls

On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage…

DOGE software engineer’s computer infected by info-stealing malware

The presence of credentials in leaked “stealer logs” indicates his device was infected.

DOGE software engineer’s computer infected by info-stealing malware

Archive Links: ais ia

CISA seeks comment on secure by design principles to boost global software security

Dive Brief: The Cybersecurity and Infrastructure Security Agency is seeking comment on a global effort to improve software security through major changes in development practices. The request for information, released Wednesday, seeks input about how to best incorporate security into the software development life cycle. Specifically, CISA is asking for input on how to tackle recurring software…

View On WordPress

He should be arrested for violating our privacy. He was not vetted by congress and has no security clearance.

Contact your state’s attorney general and request help.

Can we ask the ACLU to file a class action suit? Who’s with me?

“Let’s get into the details. Musk’s staffers have been caught plugging external hard drives into federal agency systems and reportedly locking others out of private rooms to perform—who knows what actions. This behavior violates key cybersecurity laws under FISMA and NIST guidelines, which are designed to protect sensitive federal information. Here’s why this is a serious problem.

Federal systems are strictly regulated, allowing only approved devices to connect. Unauthorized external drives can introduce viruses, ransomware, or other harmful software that may compromise entire networks and disrupt essential operations. This puts system stability and continuity of services at risk, endangering critical infrastructure.

These devices could also be used to steal or damage critical information, including personal data for millions of Americans—such as Social Security recipients and taxpayers. Unauthorized access creates significant vulnerabilities, exposing sensitive data to the risk of cyberattacks. Such attacks could cripple vital services and compromise the privacy and safety of millions of people.

Additionally, federal agencies have strict access controls to prevent unauthorized data manipulation or theft. When unauthorized devices are connected, these protections are bypassed, allowing unauthorized users to potentially alter or extract sensitive data. This undermines system integrity and opens the door to both internal and external threats.

External drives also often lack essential security features, such as encryption and antivirus scanning, making them vulnerable to cybercriminal exploitation. These security gaps further increase the risk of data breaches and system compromise, which can have far-reaching consequences.

Federal systems handle trillions of dollars in payments and manage personal data for millions of U.S. citizens. By bypassing cybersecurity laws and protocols, Musk’s staffers are putting these systems—and the public—at serious risk. This activity is illegal, reckless, and unacceptable. Immediate oversight and intervention are necessary to stop these violations!” ~ A N P S

CISA’s "Secure by Demand" guidance is must-read - CyberTalk

New Post has been published on https://thedigitalinsider.com/cisas-secure-by-demand-guidance-is-must-read-cybertalk/

CISA’s "Secure by Demand" guidance is must-read - CyberTalk

EXECUTIVE SUMMARY:

Earlier today, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI), distributed a new “Secure by Demand” guide.

The intention is to assist organizations in driving a more secure technology ecosystem by ensuring that cyber security is embedded from the start.

“This guidance is a wake-up call for any company that missed out on the costs and outages caused by Solar Winds, Log4J, Snowflake and CrowdStrike,” says Check Point CISO Pete Nicoletti.

Why the guide

In cyber security, procurement teams tend to grasp the fundamentals of cyber security requirements in relation to tech acquisitions. However, teams often fail to identify whether or not vendors truly embed cyber security into development cycles from day one.

The guide is designed to help organizations discern this type of critical information when evaluating vendors. It provides readers with questions to ask when buying software, considerations to work through regarding product integration and security, along with assessment tools that allow for grading of a product’s maturity against “secure-by-design” principles.

More information

The Secure by Demand guide is a companion piece to the recently released Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle.

While the latter focuses on government enterprises, this guide broadens the scope to encompass a wider range of organizations across various sectors.

Key points to note

The two guides work in tandem to provide a comprehensive approach to secure software acquisition and supply chain risk management.

While the software acquisition guide targets government entities, the demand guide offers insights that are applicable to private sector organizations, non-profits and other institutions.

CISA strongly advises organizations to thoroughly review and implement the recommendations from both guides.

Each guide offers practical, actionable steps that can be integrated into existing procurement and risk management frameworks. Yet, that alone is not enough, according to Check Point Expert Pete Nicoletti…

“In addition to implementing this guidance, companies should add supply chain-related security events to their incident response planning and tabletop exercises to ensure they can recover quickly and with less impact. Further, review supplier contracts to ensure that expensive outages caused by them, offer up their cyber insurance, rather than just recovering the license cost,” he notes.

Get the Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem right here.

Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

But according to an official whistleblower disclosure shared with Congress and other federal overseers that was obtained by NPR, subsequent interviews with the whistleblower and records of internal communications, technical staff members were alarmed about what DOGE engineers did when they were granted access, particularly when those staffers noticed a spike in data leaving the agency. It's possible that the data included sensitive information on unions, ongoing legal cases and corporate secrets — data that four labor law experts tell NPR should almost never leave the NLRB and that has nothing to do with making the government more efficient or cutting spending. Meanwhile, according to the disclosure and records of internal communications, members of the DOGE team asked that their activities not be logged on the system and then appeared to try to cover their tracks behind them, turning off monitoring tools and manually deleting records of their access — evasive behavior that several cybersecurity experts interviewed by NPR compared to what criminal or state-sponsored hackers might do. The employees grew concerned that the NLRB's confidential data could be exposed, particularly after they started detecting suspicious log-in attempts from an IP address in Russia, according to the disclosure. Eventually, the disclosure continued, the IT department launched a formal review of what it deemed a serious, ongoing security breach or potentially illegal removal of personally identifiable information. The whistleblower believes that the suspicious activity warrants further investigation by agencies with more resources, like the Cybersecurity and Infrastructure Security Agency or the FBI.

Oh yeah at least one DOGE person we know was a straight-up cybercriminal.

By  CHRISTINA A. CASSIDYUpdated 6:28 PM MST, February 10, 2025Share

ATLANTA (AP) — Staffers at the nation’s cybersecurity agency whose job is to ensure the security of U.S. elections have been placed on administrative leave, jeopardizing critical support provided to state and local election offices across the country.

In recent days, 17 employees of the U.S. Cybersecurity and Infrastructure Security Agency who have worked with election officials to provide assessments and trainings dealing with a range of threats — from cyber and ransomware attacks to physical security of election workers — have been placed on leave pending a review, according to a person familiar with the situation who was not authorized to speak publicly.

Ten of those employees are regional election security specialists hired as part of an effort to expand field staff and election security expertise ahead of the 2024 election. The regional staffers were told the internal review would examine efforts to combat attempts by foreign governments to influence U.S. elections, duties that were assigned to other agency staff, according to the person.

Stephen Robinson at Public Notice:

Donald Trump’s recent interviews with Time and The Atlantic revealed a president who is completely unhinged and incoherent. Sadly, that’s not news. But what stood out is that Trump is consistently confused and disconnected from reality even on issues that are supposedly in his wheelhouse. Trump has always been an ignoramus who masks his intellectual shortcomings with bombast and declarations of his own brilliance, but his rambling nonsensical responses in these latest interviews should set off alarms — especially in light of all the media attention and scrutiny Joe Biden received after his disastrous debate performance or when Special Counsel Robert Hur described him as “a well-meaning elderly man with a poor memory.” Trump, who turns 79 in June, is the oldest person ever elected president. His repetitive speech patterns, frequent use of empty phrases, and overall rambling discourse are too often graded on a curve. White House officials and pandering Republicans might boast about Trump’s boundless energy in a manner that would shame North Korean state media, but the Time and Atlantic interviews tell a very different story.

Rancid word salad

Trump was especially all over the place during his Time interview. Conducted on April 22, he probably could’ve anticipated being asked about his April 9 executive order directing Attorney General Pam Bondi and the Department of Homeland Security to investigate Christopher Krebs, former head of the Cybersecurity and Infrastructure Security Agency. (Trump has never forgiven Krebs for correctly stating publicly that the 2020 election was secure and not in any way rigged.) Shockingly, however, Trump didn’t a prepare a defense for his abuse of power.

[...] As the transcript shows, Trump didn’t even attempt to answer the question posed to him. He often pretends to have never met someone he believes has spoken ill of him, but his situational amnesia is less effective as an explanation for why he’s weaponizing the government against Krebs. [...] This wasn’t just an off day, either. On April 24, Trump sat for an interview with The Atlantic. Staff writer Michael Scherer asked him bluntly, “Should people be concerned that the nature of the presidency is changing under you?” Trump was unable to leave the answer at “no” without going on a rant about James Comey, Robert Mueller, and the supposed Russia “hoax.” [...] Trump’s cognitive abilities and overall competence have always left a lot to be desired, but these interviews show a president who’s no longer capable of even the veneer of mental acuity. Meanwhile, his cabinet and even congressional Republicans behave like courtiers to a mad king.

The cognitive decline of Donald Trump should be a much bigger worry.

dave whammond

* * * *

Shocking disclosures regarding a data breach at the National Labor Relations Board suggest illegal conduct by DOGE members

Over the weekend, NPR published a lengthy story about a potential major data breach at the National Labor Relations Board. At first blush, the story sounds like it is in 45th place on the list of the most horrible things that Trump and DOGE have done in the first 86 days of his administration.

But you must pay attention to this story. It is a national scandal that suggests DOGE has intentionally exposed confidential US government information to foreign adversaries.

I will give a very brief summary, but urge you to read, listen to, or watch one of the sources I cite below.

In short, a whistleblower from the National Labor Relations Board (NLRB) claims the following:

DOGE gained access to the NLRB's most sensitive information, which included labor complaints, identity of whistleblowers, identity of private employees engaged in union organizing, and enforcement actions against private companies (like Tesla and SpaceX).

DOGE turned off log files that would record their actions.

DOGE set up a “black box” inside the NLRB network so that NLRB IT personnel could not monitor what was happening.

DOGE disabled security protections, thereby exposing the NLRB’s sensitive information to the internet.

Within 15 minutes of the firewall protections being disabled, someone using an IP address in Russia used a username and password for a DOGE team member to attempt to access the NLRB information.

NLRB IT members witnessed a massive spike in information being downloaded from the NLRB servers.

A DOGE team member set up a file that was briefly visible on a public forum; the filename suggested that it was a “backdoor” download program for an NLRB-specific database.

The NLRB IT staff asked the federal Cybersecurity and Infrastructure Security Agency (CISA) security team to help launch an investigation, but the CISA investigation was peremptorily shut down without explanation.

The employee who asked CISA to begin the investigation received a typed note on his residence door which warned the employee to drop the request for CISA assistance and included personal details about the employee known only from government files. The note also included a drone photo of the employee walking his dog on a public street.

A spokesperson for the NLRB issued a statement claiming that DOGE never visited the NLRB and did not gain access to NLRB data—a statement that seems to a blatant, easily disprovable lie.

I have not done justice to the details of the story. There are three ways you can educate yourself about this story.

First, the lengthy NPR article is here: NPR, Whistleblower details how DOGE may have taken sensitive NLRB data.

Second, the NPR report has a seven-minute audio summary embedded in the article. It is an accessible entry point into the article.

Finally, Rachel Maddow did an excellent job of explaining the whistleblower allegations on Tuesday evening. I have excerpted the 20-minute segment of her show that includes an interview with the whistleblower and his attorney. See The Rachel Maddow Show, Whistleblower Excerpt, April 15, 2025.

As a personal favor to me (and you), I urge you to watch the Rachel Maddow segment. It will bring you up to speed on this scandal, which will be around for a long time and may be the undoing of DOGE.

If you watch the Rachel Maddow show, you will meet the whistleblower--Daniel Berulis—who is a loyal employee of the federal government who says that he “hopes he is wrong” in believing that DOGE exposed sensitive information to someone in Russia who was using a DOGE username and password.

At this very moment, there are hundreds or thousands of Daniel Berulises in the federal government who have not come forward. Daniel Berulis’s example should encourage them to come forward to describe other instances of DOGE misconduct or carelessness that may have harmed America’s interests.

If Berulis’s allegations are true, it is difficult to see how the conduct by at least one DOGE member does not rise to the level of a felony. We need to know more and must be open to the facts, including denials of the allegations. But the allegations are truly shocking and suggest that DOGE may have inflicted grievous injury on the US by exposing confidential information.

CODA: As shocking as the above allegations are, we have reasonable grounds for believing misconduct by Trump administration officials in seeking to conceal their unlawful actions.

Remember Signalgate? You may recall that CIA Director John Ratcliffe participated in chats on an non-secure commercial application. Congress has asked that all such communications be turned over for review.

Well, it might not shock you to learn that the CIA’s information technology team has informed Congress that none of John Ratcliff’s communications on Signal are recoverable. See MSNBC, Missing Signal messages from CIA director’s phone raise cover-up concerns.

Remember after the January 6 insurrection when most of the Secret Service’s texts were mysteriously deleted and therefore unavailable for review by the January 6 Committee? See PBS News, Government watchdog says Secret Service agents deleted Jan. 6 text messages.

Once is a mistake. Twice is a suspicious coincidence. Three times is a damning pattern. Secret Service. Signalgate. DOGE. It appears that actors within the Trump administration believe that destroying communications is an acceptable way to avoid accountability. It is up to Congress and the courts to get to the bottom of the DOGE NLRB incident and Signalgate as quickly as possible—before more evidence goes missing.

[Robert B. Hubbell Newsletter]

The warning from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) highlighted vulnerabilities in text messaging systems that millions of Americans use every day.

Top US Election Security Watchdog Forced to Stop Election Security Work

The Cybersecurity and Infrastructure Security Agency has frozen all of its election security work and is reviewing everything it has done to help state and local officials secure their elections for the past eight years, WIRED has learned. The move represents the first major example of the country’s cyber defense agency accommodating President Donald Trump’s false claims of election fraud and online censorship. [...] The agency is also cutting off funding for activities at the Elections Infrastructure Information Sharing & Analysis Center, a group funded by the Department of Homeland Security that has served as a coordinating body for the elections community. [...] In justifying CISA’s internal review, which will conclude on March 6, [acting director] Bean pointed to Trump’s January 20 executive order on “ending federal censorship.” Conservatives have argued that CISA censored their speech by coordinating with tech companies to identify online misinformation in 2020, during the final year of Trump’s first term. CISA has denied conducting any censorship, and the US Supreme Court dismissed a lawsuit over the government’s work. But in the wake of the backlash, CISA halted most conversations with tech platforms about online mis- and disinformation. Since 2017, state and local election officials have relied on CISA’s expertise and resources—as well as its partnerships with other agencies—to improve their physical and digital security.

Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment | CISA

SUMMARY In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) at the request of a Healthcare and Public Health (HPH) sector organization to identify vulnerabilities and areas for improvement. An RVA is a two-week penetration test of an entire organization, with one week spent on external testing and one week spent…

View On WordPress