Europol on ransomware — Trump on legislated secrecy limits — MI5 Maxwell Knight Bio — Microsoft urges “Digital Geneva Convention”
Friday’s cyber-attack has affected more than 200,000 victims in 150 countries, Europol chief Rob Wainwright says.
Speaking to Britain’s ITV, he said the world faced an escalating threat, and there was concern about the level of potential attacks on Monday morning.
The virus took control of users’ files, demanding payments; Russia and the UK were among the worst-hit countries.
Security experts have warned that another attack is imminent and could be unstoppable.
“The latest count is over 200,000 victims in at least 150 countries. Many of those victims will be businesses, including large corporations. The global reach is unprecedented.”
Trump Objects to Legislated Limits on Secrecy — Secrecy News
In the new Consolidated Appropriations Act of 2017 (section 8009), Congress mandated that no new, highly classified special access programs may be created without 30 day advance notice to the congressional defense committees.
But in signing the bill into law last Friday, President Trump said he would not be bound by that restriction.
“Although I expect to be able to provide the advance notice contemplated by section 8009 in most situations as a matter of comity, situations may arise in which I must act promptly while protecting certain extraordinarily sensitive national security information. In these situations, I will treat these sections in a manner consistent with my constitutional authorities, including as Commander in Chief,” he wrote in a May 5 signing statement.
More generally, Trump suggested that his power to classify national security information is altogether independent of Congress. “The President’s authority to classify and control access to information bearing on the national security flows from the Constitution and does not depend upon a legislative grant of authority,” he wrote.
Perhaps it takes a special kind of insanity to be a successful secret agent. The need to keep track of assumed identities, of shifting loyalties and deceptions, makes the spymaster’s world a dizzying kaleidoscope of truth and deceit.
Certainly, in M – Henry Hemming’s compelling new biography of the MI5 maverick Maxwell Knight – there is an overwhelming sense of the man’s slippery personalities: from grim young fascist to jazz-loving defender of the realm; from high-spirited adventure novelist to avuncular, much-loved animal expert.
Indeed, the spy who partly inspired Ian Fleming’s “M” was many degrees more eccentric than 007 could have coped with.
In the febrile political atmosphere of the Twenties, Knight was recruited to a shady private intelligence outfit called the Makgill Organisation, founded by Sir George Makgill, a wealthy heir consumed with a hatred for Bolshevism and all things Left-leaning. Knight’s first assignment was to infiltrate the nascent British Fascisti – not to hinder it, but to find other promising recruits for Makgill.
He seemed to have had a horror of sex. His first marriage ended in silent separation (Gwladys later took her own life with an overdose of barbiturates); his second was simply annulled; his third lasted until death, but like the earlier two, remained unconsummated. He also hated the idea of any of his agents using sex as a strategy, or even simply being what he regarded as oversexed. (This cut little ice, however, with his openly and wildly gay agent Tom Driberg.)M: Maxwell Knight by Henry Hemming (344pp) is published by Cornerstone at £20 (ebook £9.99).
Lessons from last week’s cyberattack — Microsoft
(…) Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.
The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits. This is one reason we called in February for a new “Digital Geneva Convention” to govern these issues, including a new requirement for governments to report vulnerabilities to vendors, rather than stockpile, sell, or exploit them. And it’s why we’ve pledged our support for defending every customer everywhere in the face of cyberattacks, regardless of their nationality. This weekend, whether it’s in London, New York, Moscow, Delhi, Sao Paulo, or Beijing, we’re putting this principle into action and working with customers around the world.
We should take from this recent attack a renewed determination for more urgent collective action. We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now. In this sense, the WannaCrypt attack is a wake-up call for all of us. We recognize our responsibility to help answer this call, and Microsoft is committed to doing its part.
INTEL TODAY DIARY — MAY 15 2017