How Insulin Became Unaffordable | Harvard Political Review

Organizations like the Type 1 Diabetes Defense Foundation and the Juvenile Diabetes Research Foundation are fighting to share rebates directly with patients, cutting out a cash cow for the industry. If the rebates are eliminated, US insulin prices begin to look more like those in Canada. But until something changes, Americans like Alec Raeshawn Smith will lose their lives because they can’t afford a 100-year-old drug.

Source: How Insulin Became Unaffordable | Harvard Political Review

Trump’s attack on the FBI is an attack on the US constitution itself | Jill Abramson

Jill-Abramson,-L.png?w=300&q=55&auto=for

Republicans are mere enablers. They and their president would do well to remember who the Watergate source worked for

Since his election, revelations of Donald Trump’s contempt for the legal process have been dizzying. The rule of law is what protects democracy in the United States. The president has done everything possible to subvert it.

Related: The right’s not-so-secret effort to discredit Trump-Russia inquiry

Continue reading…

The Last Jew of Vinnitsa, 1942

Never forget genocides that the world has tolerated. In the first two massacres, Bingel calculated first twenty-four thousand and then twenty-eight thousand Jews were killed. In the third, Ukrainian militia killings, six thousand were murdered.

Lieutenant Bingel recalled:
“In the morning at 10.15, wild shooting and terrible human cries reached our ears. At first I failed to grasp what was taking place, but when I approached the window from which I had a broad view over the whole of the town park, the following spectacle unfolded before my eyes and those of my men, who, alerted by the tumult, had meanwhile gathered in my room.
Ukrainian militia on horseback, armed with pistols, rifles and long straight cavalry swords, were riding wildly inside and around the town park. As far as we could make out, they were driving people along before their horses- men, women and children.
A shower of bullets was then fired at this human mass. Those not hit outright were struck down with the swords.

“The Last Jew of Vinnitsa” is an iconic photograph picturing the imminent execution of a Jewish man in the vicinity of the Ukrainian town of Vinnytsia during a massacre perpetrated by Nazi SS and Ukrainian militia. The photograph was found from the personal album of an Einsatzgruppen soldier (from Nazi death squad). It is named after the handwritten inscription located at its back.

the-last-jew-of-vinnitsa.jpg
Photograph of the imminent execution of a Jewish man kneeling before a filled mass grave in Vinnytsia, Ukraine, during a massacre perpetrated by Einsatzgruppe D and Ukrainian militia in 1942.

The executioner is a member of Einsatzgruppe D, a paramilitary death squad of the Nazi SS. The picture was taken at the third and final massacre at Vinnytsia in 1942, in which Ukrainian militia participated to a greater extent. It is often wrongly dated at 1941, the year in which the two previous massacres took place, which had far higher casualties according to Wehrmacht Lieutenant Erwin Bingel. Unlike what is suggested by the inscription, not all of the Jews of Vinnytsia died in the massacres: a few survived by joining the partisans or by going into hiding. The photograph was found in a photo album belonging to a German soldier.

The three SS-led massacres at Vinnitsa took place on the 16 and 22 September 1941 and in 1942, and resulted in the virtual extinction of the town’s large Jewish population. There was one eye-witness to the procedure involved. Lieutenant Erwin Bingel, a Wehrmacht officer was ordered to report to the Town Commandant of Uman, in the Ukraine, and instructed to set up guards on all railways in the area, and around the airport.

Vinnitsa%2Bduring%2Bthe%2Btime%2BBingel%
Vinnitsa during the time Bingel was there.

On the 22 September 1941 Lieutenant Bingel and his men witnessed a second massacre in Vinnitsa. This was followed by a third, also in Vinnitsa, carried out by Ukrainian militia who had been trained by the SS, and were commanded by a small group of SS officers and NCO’s.

In the first two massacres, Bingel calculated first twenty-four thousand and then twenty-eight thousand Jews were killed. In the third, Ukrainian militia killings, six thousand were murdered.

Lieutenant Bingel recalled:

“In the morning at 10.15, wild shooting and terrible human cries reached our ears. At first I failed to grasp what was taking place, but when I approached the window from which I had a broad view over the whole of the town park, the following spectacle unfolded before my eyes and those of my men, who, alerted by the tumult, had meanwhile gathered in my room. 

Ukrainian militia on horseback, armed with pistols, rifles and long straight cavalry swords, were riding wildly inside and around the town park. As far as we could make out, they were driving people along before their horses- men, women and children. 

A shower of bullets was then fired at this human mass. Those not hit outright were struck down with the swords. Like some ghostly apparition, this horde of Ukrainians, let loose and commanded by SS officers, trampled savagely over human bodies, ruthlessly killing innocent children, mothers and old people whose only crime was that they had escaped the great mass murder, so as eventually to be shot or beaten to death like wild animals.”

Twitter Says Russian Bots Retweeted Trump 470,000 Times

By
Gerrit De Vynck

and

Selina Wang

January 26, 2018, 6:41 PM EST

Updated on
January 26, 2018, 7:13 PM EST

Russian-linked Twitter bots shared Donald Trump’s tweets almost half a million times during the final months of the 2016 election, Twitter Inc. said in a submission to Congress.

The automated accounts retweeted the Republican candidate’s @realDonaldTrump posts almost 470,000 times, accounting for just more than 4 percent of the re-tweets he received from Sept. 1 to Nov. 15, 2016. Hillary Clinton’s account got less than 50,000 retweets by the Russian-linked automated accounts during the same period of time, the company said in documents posted Friday by the Senate Judiciary Committee.

The information further underscores how Russian-linked accounts sought to stir up discord during the 2016 U.S. presidential election. Congress has been investigating exactly how social-media platforms like Twitter, Facebook Inc. and Alphabet Inc.’s YouTube were manipulated during the election. The documents are Twitter’s response to follow-up questions from the Senate committee following an Oct. 31 hearing on the issue of Russian infiltration of the media platforms.

Twitter also found that Russian-linked accounts were responsible for 48 percent to 73 percent of the retweets of WikiLeaks’ Twitter accounts during the same time period. During the campaign WikiLeaks published emails from hacked Democratic party servers.

In this further assessment, Twitter said it identified about 2.12 million automated, election-related tweets from Russian-linked accounts that collectively received about 455 million impressions within the first seven days of posting. This is significantly higher than the number of impressions Twitter had previously reported.

Twitter also said accounts linked to the Russian government-backed Internet Research Agency exhibited non-automated patterns of activity, such as trying to reach out to journalists and “prominent individuals” through mentions. Some of those accounts represented themselves as news outlets, members of activist organizations, or politically engaged Americans, the company said. Bloomberg News has previously reported that the IRA operated dozens of Twitter accounts masquerading as local American news sources that collectively garnered more than half-a-million followers. More than 100 news outlets also published stories containing those handles in the run-up to the election, and some of them were even tweeted by a top presidential aide.

“Some of the accounts appear to have attempted to organize rallies and demonstrations, and several engaged in abusive behavior and harassment,” Twitter said.

The new disclosures from Twitter demonstrate how Russian meddlers are complementing their networks of bots with human activity, which the company said makes it harder for Twitter’s algorithms to detect the difference. Twitter previously said it had suspended 3,814 IRA-linked accounts.

The company has made several changes to address the manipulation in the past several months. It has banned Russian state media accounts from buying ads and is creating a “transparency center” to show how much political campaigns spend on advertising, the identity of the organization funding the campaign, and what demographics the ads targeted.

Facebook told a Senate panel in a written response to questions released earlier this week that it has detected “only what appears to be insignificant overlap” between targeting of ads and content promoted by a pro-Kremlin Russia group and by Trump’s presidential campaign. The company said it “does not believe it is in a position to substantiate or disprove allegations of possible collusion” between Russia and the campaign.

Tech firms let Russia probe software widely used by U.S. government

via aleksey godin

WASHINGTON/MOSCOW (Reuters) – Major global technology providers SAP (SAPG.DE), Symantec (SYMC.O) and McAfee have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government, a Reuters investigation has found.

The practice potentially jeopardizes the security of computer networks in at least a dozen federal agencies, U.S. lawmakers and security experts said. It involves more companies and a broader swath of the government than previously reported.

In order to sell in the Russian market, the tech companies let a Russian defense agency scour the inner workings, or source code, of some of their products. Russian authorities say the reviews are necessary to detect flaws that could be exploited by hackers.

(Graphic: tmsnrt.rs/2sZudWT)

But those same products protect some of the most sensitive areas of the U.S government, including the Pentagon, NASA, the State Department, the FBI and the intelligence community, against hacking by sophisticated cyber adversaries like Russia.

Reuters revealed in October that Hewlett Packard Enterprise (HPE.N) software known as ArcSight, used to help secure the Pentagon’s computers, had been reviewed by a Russian military contractor with close ties to Russia’s security services.

Now, a Reuters review of hundreds of U.S. federal procurement documents and Russian regulatory records shows that the potential risks to the U.S. government from Russian source code reviews are more widespread.

Beyond the Pentagon, ArcSight is used in at least seven other agencies, including the Office of the Director of National Intelligence and the State Department’s intelligence unit, the review showed. Additionally, products made by SAP, Symantec and McAfee and reviewed by Russian authorities are used in at least eight agencies. Some agencies use more than one of the four products. (Graphic: tmsnrt.rs/2C30rp8)

McAfee, SAP, Symantec and Micro Focus (MCRO.L), the British firm that now owns ArcSight, all said that any source code reviews were conducted under the software maker’s supervision in secure facilities where the code could not be removed or altered. The process does not compromise product security, they said. Amid growing concerns over the process, Symantec and McAfee no longer allow such reviews and Micro Focus moved to sharply restrict them late last year.

The Pentagon said in a previously unreported letter (tmsnrt.rs/2C6o2p2) to Democratic Senator Jeanne Shaheen that source code reviews by Russia and China “may aid such countries in discovering vulnerabilities in those products.”

Reuters has not found any instances where a source code review played a role in a cyberattack, and some security experts say hackers are more likely to find other ways to infiltrate network systems.

But the Pentagon is not alone in expressing concern. Private sector cyber experts, former U.S. security officials and some U.S. tech companies told Reuters that allowing Russia to review the source code may expose unknown vulnerabilities that could be used to undermine U.S. network defenses.

“Even letting people look at source code for a minute is incredibly dangerous,” said Steve Quane, executive vice president for network defense at Trend Micro, which sells TippingPoint security software to the U.S. military.

Worried about those risks to the U.S. government, Trend Micro has refused to allow the Russians to conduct a source code review of TippingPoint, Quane said.

Quane said top security researchers can quickly spot exploitable vulnerabilities just by examining source code.

“We know there are people who can do that, because we have people like that who work for us,” he said.

In contrast to Russia, the U.S. government seldom requests source code reviews when buying commercially available software products, U.S. trade attorneys and security experts say.

OPENING THE DOOR

Many of the Russian reviews have occurred since 2014, when U.S.-Russia relations plunged to new lows following Moscow’s annexation of Crimea. Western nations have accused Russia of sharply escalating its use of cyber attacks during that time, an allegation Moscow denies.

Some U.S. lawmakers worry source code reviews could be yet another entry point for Moscow to wage cyberattacks.

“I fear that access to our security infrastructure – whether it be overt or covert – by adversaries may have already opened the door to harmful security vulnerabilities,” Shaheen told Reuters.

In its Dec. 7 letter to Shaheen, the Pentagon said it was “exploring the feasibility” of requiring vendors to disclose when they have allowed foreign governments to access source code. Shaheen had questioned the Pentagon about the practice following the Reuters report on ArcSight, which also prompted Micro Focus to say it would restrict government source code reviews in the future. HPE said none of its current products have undergone Russian source code review.

Lamar Smith, the Republican chairman of the House Science, Space and Technology Committee, said legislation to better secure the federal cybersecurity supply chain was clearly needed.

Responding to the Reuters report on Thursday, Democratic Congressman Jim Langevin, a senior member of the House Armed Services Committee, said the Pentagon must consider “any access adversaries may have to source code when it is making purchasing decisions.”

Slideshow (8 Images)

Most U.S. government agencies declined to comment when asked whether they were aware technology installed within their networks had been inspected by Russian military contractors. Others said security was of paramount concern but that they could not comment on the use of specific software.

A Pentagon spokeswoman said it continually monitors the commercial technology it uses for security weaknesses.

NO PENCILS ALLOWED

Tech companies wanting to access Russia’s large market are often required to seek certification for their products from Russian agencies, including the FSB security service and Russia’s Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage.

FSTEC declined to comment and the FSB did not respond to requests for comment. The Kremlin referred all questions to the FSB and FSTEC.

FSTEC often requires companies to permit a Russian government contractor to test the software’s source code.

SAP HANA, a database system, underwent a source code review in order to obtain certification in 2016, according to Russian regulatory records. The software stores and analyzes information for the State Department, Internal Revenue Service, NASA and the Army.

An SAP spokeswoman said any source code reviews were conducted in a secure, company-supervised facility where recording devices or even pencils are “are strictly forbidden.”

“All governments and governmental organizations are treated the same with no exceptions,” the spokeswoman said.

While some companies have since stopped allowing Russia to review source code in their products, the same products often remain embedded in the U.S. government, which can take decades to upgrade technology.

Security concerns caused Symantec to halt all government source code reviews in 2016, the company’s chief executive told Reuters in October. But Symantec Endpoint Protection antivirus software, which was reviewed by Russia in 2012, remains in use by the Pentagon, the FBI, and the Social Security Administration, among other agencies, according to federal contracting records reviewed by Reuters.

In a statement, a Symantec spokeswoman said the newest version of Endpoint Protection, released in late 2016, never underwent a source code review and that the earlier version has received numerous updates since being tested by Russia. The California-based company said it had no reason to believe earlier reviews had compromised product security. Symantec continued to sell the older version through 2017 and will provide updates through 2019.

McAfee also announced last year that it would no longer allow government-mandated source code reviews.

The cyber firm’s Security Information and Event Management (SIEM) software was reviewed in 2015 by a Moscow-based government contractor, Echelon, on behalf of FSTEC, according to Russian regulatory documents. McAfee confirmed this.

The Treasury Department and Defense Security Service, a Pentagon agency tasked with guarding the military’s classified information, continue to rely on the product to protect their networks, contracting records show.

McAfee declined to comment, citing customer confidentiality agreements, but it has previously said the Russian reviews are conducted at company-owned premises in the United States.

‘YOU CAN‘T TRUST ANYONE’

On its website, Echelon describes itself as an official laboratory of the FSB, FSTEC, and Russia’s defense ministry.

Alexey Markov, the president of Echelon, which also inspected the source code for ArcSight, said U.S. companies often initially expressed concerns about the certification process.

“Did they have any? Absolutely!!” Markov wrote in an email.

“The less the person making the decision understands about programming, the more paranoia they have. However, in the process of clarifying the details of performing the certification procedure, the dangers and risks are smoothed out.”

Markov said his team always informs tech companies before handing over any discovered vulnerabilities to Russian authorities, allowing the firms to fix the detected flaw. The source code reviews of products “significantly improves their safety,” he said.

Chris Inglis, the former deputy director of the National Security Agency, the United States’ premier electronic spy agency, disagrees.

“When you’re sitting at the table with card sharks, you can’t trust anyone,” he said. “I wouldn’t show anybody the code.”

(Graphic on U.S. government cybersecurity tools scrutinized by Russians – http://tmsnrt.rs/2C30rp8)

Reporting by Dustin Volz and Joel Schectman in Washington and Jack Stubbs in Moscow.; Editing by Jonathan Weber and Ross Colvin