Monthly Archives: July 2017

Encryption -Is it enough? – CIOReview

Posted on by

Jerry Irvine, EVP, CIO, Prescient Solutions

CIOs and their corporations are looking for the magic bullet to protect their intellectual property and the personally identifiable information of their clients, partners and employees. Legacy security measures such as firewalls and antivirus provide little protection from hackers and malicious users breaching the enterprise environment and the implementation of more strict access controls.Data loss prevention (DLP) solutions are cumbersome and limit the productivity of end users.

With these technical and business constraints in place, CIOs are turning to encryption of data across the entire data life cycle to mitigate the risks of lost or stolen information. But does todays encryption technology really provide the levels of confidentiality required in this totally Internet connected world?

There are three primary phases in which data can be encrypted: in transit, at rest, and in use. The highest level of data protection currently exists in the data transmission phase. In this phase, encryption occurs between specific communicating devices. Protection provided by encryption in transit includes confidentiality from eavesdropping and sniffing, or man-in-the-middle attacks. Applications such as VPN clients and browser based HTTPS provide strong encryption processes which protect the confidentiality of data making it very difficult for unauthorized users to intercept. It is common practice for organizations to encrypt of data transmitted from remote devices; however, data that is being transmitted on internal networks typically goes unencrypted. There is a perception that data transmitting the internal network, or even that being transmitted to remote facilities, is secure and therefore does not require encryption. Nevertheless, an organizations internal network can be easily breached making data vulnerable to the same risks of eavesdropping, sniffing and man-in-the-middle attacks. Consultants, vendors and individuals off the street not only have access to wireless networks but often have access to network jacks in conference rooms, cafeterias and other common areas. Also, devices that do not require direct authentication (i.e. printers, scanners, industrial controls, etc.) can be infected with malware that can eavesdrop, sniff, or capture traffic and send out information to the Internet. Past concerns of implementing encryption to internal data transit included increased overhead on servers, network devices and end user workstations. This overhead could cause systems delays, loss of connectivity and loss or corruption of data. Many of todays server and network technologies have data encryption capabilities built in to allow for easier configuration and implementation and minimize the impact on utilizations. Implementing encryption of data in transit from endpoint to endpoint, both remotely and internally is mandatory in todays cyber risk environment.

The highest level of data protection currently exists in the data transmission phase with the at rest and in use phases close behind

Another phase of data encryption is the encryption of data at rest. Implementing encryption of data at rest is the easiest of all phases and, in fact, is built in on many devices such as smartphones, tablets and PCs. There are really no reasons not to encrypt all data on smartphones, tablets, PCs; however, there are some major limitations of encrypting data at rest. Users and applications must be able read data in order to use it, consequently, when a user or application logs into the system the data must appear decrypted. This is both necessary and a major vulnerability because when a user or application logs in all data, even that data at rest that they have access to, becomes readable. So, if a users device or application is infected with a virus, malware, etc. and they log in all data on their system or systems they can access becomes available to the hacker.

The last phase of data encryption is encryption of data in use, this is the weakest link. As defined in the previous encryption of data at rest section, in order to make use of data, it must be readable or decrypted. Many applications, database companies and cloud service providers are claiming different levels and characteristics of encrypted data in use; but, current technology does not make this completely possible. Encryption of data in use relies heavily on encryption of data at rest and in combination with strong authorization and access controls. By allowing only authorized users, limiting their access to the principles of least privilege and performing on the fly decryption of data upon access, companies are providing a minimal level of encryption of data in use.

Based on the functionality of encryption within the different phases, it must be obvious that encryption is not a silver bullet for the protection of data.

Encrypting data in transit can be compromised even if it is being performed across both internal and remote networks via the placement of malware on authorized devices that can eavesdrop or sniff data as it traverses the enterprise. Encrypting data at rest can also be overcome via the placement of malware on an authenticated device and it can also be bypassed by un-authorized users who illegally obtain valid user ids and password which have rights to view the data. The encryption of data in use with existing technologies uses the same but stricter rules as defined within the encryption of data at rest phase and therefore can be compromised in the same ways.

Encryption is designed to provide an additional layer of data protection but complex authorization policies and strict access controls providing only the least amount of privileges necessary for a user to perform their functions are still required in the protection of data. If hackers get into a network but are unable to gain authorized access with valid credentials, encryption will protect data from being read, copied or manipulated. However, cyber incidents facilitated by gaining un-authorized access to systems using valid user credentials, such as phishing scams or social engineering, can allow hackers complete access to decrypted data.

Continued here:
Encryption -Is it enough? - CIOReview

Letters: nanny state, Perpetual and encryption – The Australian Financial Review

Posted on by

by Letters Leyonhjelm's superiority is illusionary

Did David Leyonhjelm not prove the "illusionary superiority" of his own intelligence in "The great nanny state delusion" (July 14).

His premise was that academics demonstrated "illusionary superiority" and so, those promoting nanny state policies who are also predominantly academics are wrong in their belief they have the right to dictate what is good for everyone. He endorses this by saying no trade organisation has ever told him what is good for him.

First, his study analysis is weak. If 55 per cent of Americans believed themselves to be above average intelligence, then only 5 per cent overestimated and 95 per cent were quite realistic. If 75 per cent of the people with qualifications thought themselves to be above average intelligence they could be absolutely correct, dependent on the percentage who have a qualification.

Secondly, how can Leyonhjelm ignore the blatant indoctrination of the CFMEU and the like into society?

To conclude that bans on smoking, drinking, cycle helmets and lock-outs are all illusionary dictates from such weak reasoning is the delusion. I share his belief in personal freedoms, but freedoms bounded strongly by societal laws with the consequential costs of such freedoms born by the individual, not the state. It should be an ideological argument, not one based on apparent flawed bias.

Jack Parr

Sandringham, Victoria

Senator Leyonhjelm is a champion for those who believe they should be able to profit from harming others and pass the costs on to others. He also puts his ideology before any objective assessment of the evidence.

In 2008 the NSW Government introduced a measure in which liquor outlets associated with more than 10 violent incidents in a year are publicly listed and subject to a range of restrictions, mainly around the service of alcohol, until such time as the annual number of violent incidents have been reduced. The violent incidents in listed venues had dropped by 84 per cent since the scheme began, when 48 venues were associated with 1270 violent incidents. In 2015 there were only 14 listed venues associated with 200 violent incidents. The vast majority of us would agree that pubs and clubs should be required by law to be responsible in the way they sell their products, to reduce harm to their patrons, their staff and the police and ambulance workers.

Similarly the way gambling products are allowed to be offered impacts on the levels of suicides, family violence, fraud and homelessness that can result from excessive gambling.

The community is right to restrict those who profit from others' suffering.

Mark Zirnsak

Uniting Church in Australia

Melbourne, Vic

Why is David Leyonhjelm surprised if a group of people who have been through a process of selection for intellectual ability are higher than the average in this characteristic? If they weren't smarter then there is something wrong with the process of obtaining high qualifications.

Senator Leyonhjelm thinks that he knows better than the experts who study climate change. But it is going to extremes to then seek to denigrate smart people by saying it is illusionary for them to think that they are smart.

Perhaps politicians should be encouraged to listen to smart people?

Reg Lawler

Dagun, Qld

Chanticleer columnist Tony Boyd has been writing strongly about the Perpetual versus Brickworks court case ("Brickworks case carries lessions for Perpetual and shareholder activists" July 12) but his conclusions about what it means for shareholder activism should not go unchallenged.

The judge's decision supports a grandfathered corporate structure from the 1960s that no modern ASX listed company would be allowed to create.

But a decision at law as to the role of directors is not the same as celebrating a 'win' for directors over minority shareholders. Perhaps the more relevant issue here is who should pay the multi-million dollar bill for the case Perpetual unitholders or shareholders and whether the ASX listing rules or the Corporations Act should be amended so that the undemocratic cross-shareholding arrangement has to be unscrambled.

One vote, one value is an important democratic principle at public companies and the Millner family, along with their independent directors, continue to disregard shareholders in order to entrench their control through structures that neuter traditional board accountability mechanisms.

The Australian Shareholders' Association congratulates Perpetual for trying to do the right thing.

And we would prefer commentary to be balanced and note that the other aspect of the case is that Brickworks and Soul Pattinson directors could show respect for their independent shareholders by voluntarily unwinding the gerrymander.

Judith Fox

Chief executive

Australian Shareholders'Association

The government's proposal to force "backdoors" into encryption creates massive systemic vulnerabilities that outweigh any marginal good. We rely on strong encryption to secure all commerce, privacy and freedom of speech. No entity can guarantee that backdoors can be secured; a fact repeatedly demonstrated by continuing government and private sector data breaches. Further, the "encryption technology genie" is in the public domain and cannot be put back in its bottle. Access to powerful encryption tools is trivially easy, irrespective of legislation. The government is proposing that global information platform companies "don't have to break encryption, they just have to give us the data". This semantic "spin" suggests you can preserve strong encryption and yet still access individual data at will. This is nonsense.

Yes, strong encryption could be preserved for data "in transit" but ultimately a backdoor is required to access the data "at rest" or as it is entered into, or displayed on, a device. This is functionally equivalent to creating encryption backdoors; any of which create global vulnerabilities with ultimately certain catastrophic consequences. And they do not actually guarantee a window into nefarious activity. Strongly encrypted backdoor-free platforms do make law enforcement work harder, but there are a range of approaches to penetrating the communications of specific criminals that do not create massive systemic vulnerabilities for our economies, our societies and for us as individuals. The government's "backdoor by any other name" proposals are folly and ultimately un-enforceable. They should be set aside.

Roderick Laird

Glen Iris,Vic

Vale Liu Xiaobo. An example of standing up for what is right even when being pushed down and locked away. The world needs more heroes that fight for a better and freer world.

Dennis Fitzgerald

Box Hill, Vic

View post:
Letters: nanny state, Perpetual and encryption - The Australian Financial Review

Windows, Linux distros, macOS pay for Kerberos 21-year-old – ZDNet – ZDNet

Posted on by

An attacker sitting between server and client can exploit the Orpheus Lyre bug to impersonate some services to the client.

A bypass bug present in the Kerberos cryptographic authentication protocol for 21 years has now been fixed in patches from Microsoft, Samba, Fedora, FreeBSD, and Debian.

The discoverers of the ancient Kerberos bypass bug have called it Orpheus Lyre after Orpheus, the musician from Greek legend who bypassed Cerberos, the three-headed hound guarding the gates of Hades. Orpheus pacified the dog with the music of his lyre.

Kerberos, which is named after Cerberos, is implemented as a cryptographic authentication protocol in products like Microsoft's Active Directory. Microsoft fixed the bug in this week's patch Tuesday update.

Samba, Debian, and FreeBSD are also affected through the open-source Heimdal implementation of Kerberos V5. Heimdal before version 7.4 is vulnerable. It appears Apple's Kerberos implementation in macOS is also vulnerable to Orpheus Lyre. However, the MIT implementation is not.

Orpheus Lyre was discovered by Jeffrey Altman, Viktor Duchovni and Nico Williams. They explain in a post that Orpheus Lyre can be used by a man-in-the-middle attacker to remotely steal credentials, and from there gain privilege escalation to defeat Kerberos encryption.

Instead of public-key cryptography's use of digital certificates from certificate authorities, the Kerberos protocol relies on a trusted third-party called the key distribution center (KDC).

These KDCs issue "short-lived tickets" that are used to authenticate a client to a specific service. An encrypted portion of the ticket contains the name of the intended user, metadata, and a session key. The KDC also provides the user with a session key that creates an Authenticator, which is used to prove they know the session key.

As they explain, Kerberos' "original cryptographic sin" was the abundance of unauthenticated plaintext in the protocol. While Kerberos can be secure, implementing it so as to authenticate plaintext is difficult.

"In this case, a two-line bug in several independently developed implementations of Kerberos, caused that metadata to be taken from the unauthenticated plaintext, the Ticket, rather than the authenticated and encrypted KDC response," they wrote.

The researchers haven't detailed every method of exploiting the Orpheus Lyre bug but note that an attacker sitting between a client and server can impersonate some services to the client. The bug also can only be closed by patching end-user systems rather than servers.

"If the client presents a Ticket and Authenticator, and the service can decrypt the Ticket, extract the session key, and decrypt the Authenticator with the session key, then the client is whoever the Ticket says they are, for they possessed the cryptographic key with which to make that Authenticator," they explain.

Read this article:
Windows, Linux distros, macOS pay for Kerberos 21-year-old - ZDNet - ZDNet

Julian Assange says he tried to publish Trump Jr. emails – NY …

Posted on by

Julian Assange says he tried to publish Trump Jr. emails

NEW YORK DAILY NEWS

Tuesday, July 11, 2017, 4:37 PM

Julian Assange says he tried to get Donald Trump Jr. to let him publish his bombshell emails before they were shared for the world to see.

Contacted Trump Jr this morning on why he should publish his emails (i.e. with us). Two hours later, does it himself, the WikiLeaks founder said on Twitter Tuesday.

Assange, who has stayed at the Ecuadorian Embassy in London for years to avoid extradition, published documents hacked from the Democratic National Committee and Hillary Clinton campaign chairman John Podesta on his site last year.

The Russian government, looking to benefit President Trump, was behind the hacks, according to the U.S. intelligence community.

Timeline: How the Trump-Russia meeting happened and how it leaked

Assange has repeatedly denied that his source was the Kremlin or any other state actor.

54 photos view gallery

It was not immediately clear why the website founder, a native Australian, would contact Trump Jr. about the emails, which show a publicist saying that a Moscow real estate developer had received damaging information about Clinton from the Russian government.

The messages were first reported by The New York Times, which published them on their own site shortly after the Presidents son sent them out.

Would have been safer for us to publish it anonymously sourced, Assange said on Twitter, after saying it was better to be transparent.

All the times Trump and associates denied collusion with Russia

I argued that his enemies have it--so why not the public? he recounted of his conversation with Trump Jr.

The release of the emails, which contradicted numerous denials by the Trump campaign that there had been any contact with those working for the Russian government, prompted condemnation from across the political spectrum.

Many lawmakers also called for Trump Jr. to testify before investigations into the alleged Russian meddling, currently taking place in the House, Senate, FBI and special prosecutor Robert Muellers office.

My son is a high quality person and I applaud his transparency, Trump himself said in a statement.

See the rest here:
Julian Assange says he tried to publish Trump Jr. emails - NY ...

Top 4 Altcoins Supported by Cryptocurrency ATMs – The Merkle

Posted on by

Bitcoin ATMs have been a valuable addition to the whole ecosystem. Even though they are still only found in specific locations, their presence is growing every single month. It also appears these ATMs are no longer being used to just buy and sell Bitcoin these days. Below are four altcoins which are supported by some Bitcoin ATMs around the world.

Although Dogecoin is often considered to be the meme of cryptocurrency, demand for this particular coin is a lot stronger than most people give it credit for. In fact, Dogecoin has seen its spurts of popularity over the past few years, which is now translating into some minor success in the cryptocurrency ATM market.

Even though there were far more Bitcoin ATMs installed by the end of June compared to the beginning of the month, additional machines provide Dogecoin support. Only five ATM support Dogecoin currently. But it is one of the only four altcoin found oncryptocurrency ATMs. This makes Dogecoin part of an elite club, in a way.

One would not expect Dash to be supported by so few cryptocurrency ATMs, but that is the case. Thereare now seven different ATMs around the world supporting DASH. That is still a relatively small number, but it is a 40% increase compared to June 1st. It is good to see altcoins gain some support from ATM manufacturers and operators.

Despite its popularity among traders, Ethereum is not thatpopular incryptocurrency ATMs. Even though there are now 13 machines supporting ETH -up from 9- there is still a very long way to go. It remains unclear how popular ETH is when it comes to cryptocurrency ATMs in general. With the number of cryptocurrency ATMs supporting Ether going up, interesting things are bound to happen.

Litecoin is the most commonly supported altcoin across cryptocurrency ATMs. Litecoin has always complemented Bitcoin, thus it makes sense it gets more support than all of the other currencies combined. With the number of LTC-capable ATMs going from 36 to 91 in June, good things are on the horizon.

It is possible this sudden spike in support has something to do with Litecoins price increase. Even though that rise is far less spectacular compared to Ethereum, it also seems to hold its own quite well. More attention for Litecoin is never a bad thing in anyones book andit is a very popular cryptocurrency these days. It will be interesting to see how these rankings look in a few months from now.

Read more:
Top 4 Altcoins Supported by Cryptocurrency ATMs - The Merkle

Vault 7: new WikiLeaks dump details Android SMS snooping malware – Naked Security

Posted on by

Since launching its Vault 7 project in March, WikiLeaks has dumped documents outlining the CIAs efforts to exploit Microsoft and Apple technology. In this weeks latest release, it focuses on malware called HighRise, which the agency used to target Android devices.

WikiLeaks describes HighRise this way on its website:

HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field (targets) and the listening post (LP) by proxying incoming and outgoing SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.

HighRise has to be installed manually on a targets phone, and it has to be set up manually, according to the 12-page HighRise user guide dated December 16 2013. Once the apk is installed on the targeted device,an application named TideCheck appears in the list of apps on the device.

TideCheck houses HighRise, and the agent must open the app to start the process. It then runs a special code once the word inshallah (God willing in Arabic) is entered into a text box disguised to look like its asking for an activation code for the app. Once the code is entered, the agent taps into the apps settings.

After initial installation, HighRise runs in the background and automatically activates whenever the phone is turned on. The app continuously intercepts texts.

Its a powerful spying tool but it has limits. For one thing, it must be installed onto a device manually and not remotely. The agent must have physical contact with the victims device to infect it.

Its unclear if the CIA still uses HighRise.

This latest leak comes nearly a month after WikiLeaks last dump,from a project dubbed Cherry Blossom (WikiLeaks variously writes both Cherry Blossom and CherryBlossom, but the leaked documents routinely refer to Cherry Blossom, or CB for short, if youre a stickler for precision).

In the words of its own Quick Start Guide, the CB project focused on internet surveillance:

The Cherry Blossom (CB) system provides a means of monitoring the internet activity of and performing software exploits on targets of interest. In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points (APs), to achieve these goals.

Such leaks raise concerns that other attackers will use the tools for their own campaigns. Weve already seen that happen with the recent WannaCry and Petya outbreaks, which made use of NSA tools dumped by the Shadow Brokers hacking group. When the Vault 7 dumps began, we asked security experts if there were any silver linings for the good guys.

Eric Cowperthwaite, former VP of strategy for Core Security and now director of managed risk services for Edgile, said at the time that he was conflicted on that question.

He brought up the case ofChelsea Manning,a United States Army soldier convicted by court-martial in 2013 for violating the Espionage Act and other offenses, after givingWikiLeaks thousands of classified and/or sensitive military and diplomatic documents:

There is good and bad in this. We know that some of the Manning leaks had impacts on military operations. That was part of Mannings trial. I also found it interesting that Wikileaks alleges that the US intelligence community has a problem keeping its cyberwar tools off the black market. And if the CIA, NSA, etc. cant keep these things under control, that is something that citizens should know.

Its worth noting that this is an exploit for older, outdated versions of Android, and theres no way of knowing if theres a more current version that works with updated iterations of the mobile operating system. At Naked Security, well be keeping our ear to the ground.

Read this article:
Vault 7: new WikiLeaks dump details Android SMS snooping malware - Naked Security

Wikileaks publishes Vault 7: Highrise tool for Android devices – SC Magazine

Posted on by

Wikileaks: Highrise aka TideCheck manual published.

WikiLeaks Thursday published the manual of another CIA hacking tool Highrise, aka TideCheck, which is used to intercept and redirect text messages to a remote web server.

The manual, dated Dec. 16, 2013, was part of the Vault 7 leak series and the tool was designed to work on mobile devices running Android 4.0 to 4.3 though it has likely been updated to work on more recent versions.

Features at a glance include proxy incoming SMS messages received by HighRise host to an internet LP, send outgoing SMS messages via the HighRise host, provide a communications channel between the HighRise field operator & the LP, and TLS/SSL secured internet communications.

The last two features suggest Highrise isn't a tool for installing on a targets phone but an app that can be installed on the phones of CIA field operatives and provide a secondary, encrypted communications channel between operatives and supervisors, Bleeping Computer researchers said.

When starting the tool for the first time, CIA operatives must enter the special code "inshallah," which is the Arabic word for "God willing" in order to access its settings. Agents are then given the options to Initialize, Show Configuration, or Send Messages.

Continued here:
Wikileaks publishes Vault 7: Highrise tool for Android devices - SC Magazine

WikiLeaks Reveals CIA Tool Acting as SMS Proxy on Android – Infosecurity Magazine

Posted on by

WikiLeaks has revealed details about HighRise, a tool allegedly developed by the US Central Intelligence Agency (CIA), which intercepts and redirects SMS messages to a remote web server through an Android application.

In other words, the malware can enable a CIA agent to access the message before it reaches its intended recipient.

The leaked manual comes from Vault 7, the codename given by WikiLeaks to documents it claims reveala repertoire of hacking tools and capabilities that the CIA has used in the recent past.

According to WikiLeaks, HighRise acts as a proxy server for text messages. However, it is limited to devices which have the malware installed on it manually meaning that the CIA would need physical access to the Android device to infect the handset.

The manual suggested that it only works on Android versions from 4.0 (Ice Cream Sandwich) to 4.3 (JellyBean) although it could have been updated to work on more recent versions of the Android OS.

The HighRise tool is packaged inside an app called TideCheck. Once the CIA installs the app on the targets device, they have to run it at least once, in order for it to work at all times including when the phone is rebooted. The app starts when the phone is powered on, meaning that it can continue to run in the background and intercept text messages for longer than most other CIA malware, which disappeared after a restart.

According to the manual, CIA operatives have to enter the special code inshallah which is the Arabic word for God willing to access the apps settings.

Once activated, the app gives the user three choices they can return directly to the configuration to make changes, they can start the tool or they can send an SMS from the phone to a remote CIA server.

This is the first Vault 7 data dump to involve the Android OS; most of the other tools have been focused on Windows or Linux. This included Grasshopper, a builder for Windows malware, and Scribble, a beaconing system for Office documents. There has also been a tool geared to hack Samsung smart TVs, and a tool for hacking iPhones and Macs.

WikiLeaks claim that the CIA are, or have been using many of these tools- but critics suggest that the documents are several years out-of-date and have suggested that WikiLeaks has overhyped their importance.

Excerpt from:
WikiLeaks Reveals CIA Tool Acting as SMS Proxy on Android - Infosecurity Magazine

How Did Donald Trump Win? WikiLeaks, Twitter Helped President Beat Hillary Clinton, Study Shows – Newsweek

Posted on by

A signature catchphrase, a heavy push forjobs, his son-in-laws digital operation and a blowhard, braggadociosstyle of speech ultimately handed President Donald Trump the White House on Election Day last year, a newly released study suggests.

He also benefited tremendously thanks to WikiLeaks email dumping and the social media site Twitter, which was used to heavily criticize Trump opponent and Democrat Hillary Clinton over the final two months of the campaign,according to Science Magazine.

The study, conducted by researchers at the University of Edinburgh in tandem with the Qatar Computing Research Institute, examined the 50 most retweeted Twitter posts between September 1 and November 8 and discovered posts that slammed or ridiculed Clinton were three-times more prevalent than positive ones.

Daily Emails and Alerts - Get the best of Newsweek delivered to your inbox

And WikiLeaks, the government transparency site, was employed by Clinton defamers the most. Founded by Julian Assange, the site was responsible for leaking hacked emails from the Democratic National Committee, which only fueled flames of the private email server scandal that plagued Clinton throughout her campaign.

In contrast, Trump experienced an even number of positive and unfavorable posts on social media, according to the study.

"Our findings reveal a wide disparity between traditional media, which was very critical of Donald Trump, and social media, where Hillary Clinton was much worse off," the studys leader and University of Edinburgh School of Informatics Dr. Walid Magdy said.

The content of all of the tweets with nearly 3,500 total posts examined - perhaps reflected the national tone of the campaign, one that saw Clinton supporters lash out more at Trump than tweet praise ofthe Democrat and former secretary of state and first lady. All told, those posts were retweeted more than 25 million times.

Trumps social media campaign, unlike many of his speeches and personal tweets from his official Twitter account, proved to be more positive than Clintons as it pushed the signature slogan of Make America Great Again and many of the new president's pledges involved concrete actionslike the Mexican border wall and boosting the economy through developing U.S-basedindustries.

Fake news, a term the president has used to bashmainstream outlets like The New York Times and The Washington Post, played a significant role among Trump supporters. The study showed that the presidents supporters were more likely to spread reports from less credible sources.

The U.S. intelligence community established that many of those fake news articles were part of a massive cyber attack perpetrated by Russia.Allegations of collusion with Moscowhavedogged the Trumpadministration ever since.

Following Trump and Russian President Vladimir Putins first face-to-face meeting Friday during the G20 summit in Hamburg, Germany, the Russian leader stated Trump accepted his denials over hacking, according to The Times, though the White House pushed back on Putins comments by stating they were inaccurate.

Read the original here:
How Did Donald Trump Win? WikiLeaks, Twitter Helped President Beat Hillary Clinton, Study Shows - Newsweek

Sandy Hook Mom Stands Up To Roger Stone Over WikiLeaks Conspiracy Theory – A Plus

Posted on by

Mrquez-Greene pointed out that while we still have a ways to go in understanding grief and loss, it's unreasonable to expect survivors of high-profile tragedies to withstand public attacks from conspiracies. She even concedes that healthy questioning of government and people is important, though she makes it clear that is not how she sees Stone and his ilk.

"You intentionally use your platform to espouse theories debunked by law enforcement and that a bereaved family has expressly asked you to stop promoting," she wrote. "Your actions have real consequences for those of us grieving."

Mrquez-Greene also noted another simple fact: bereaved parents and family members from high-profile tragedies are no longer remaining quiet in the face of these conspiracies. Like Mrquez-Greene, others have begun speaking out about the real-life consequences of online conspiracies. Even the owner of Comet Ping Pong, the pizza shop in Washington D.C. caught up in a conspiracy that led to an armed gunman firing a round inside the restaurant, has been outspoken about the damage the conspiracy has done.

More here:
Sandy Hook Mom Stands Up To Roger Stone Over WikiLeaks Conspiracy Theory - A Plus