Posted on

Biden-Harris team finally get their transition .gov domain

Finally. It only took almost three weeks, but the Biden-Harris transition has officially begun.

On Monday, the General Services Administration gave the green light for the Biden-Harris team to transition from political campaign to government administration, allowing the team to receive government resources like office space, but also classified briefings and secure computers. And, with it, comes a shiny new .gov domain.

Transitioning is an obscure part of the law that’s rarely discussed, in large part because outgoing governments and incoming administrations largely get on and try to maintain continuity of government through a peaceful transition of power. The process is formally triggered by the General Services Administration, the lesser-known federal agency tasked with the basic functioning of government, and allows the incoming administration to receive funds, tools, and resources to prepare for entering government.

But this time around, the agency’s head Emily Murphy had been reluctant to trigger the formal transition period after the Trump campaign filed a number of lawsuits challenging the election.

Murphy finally approved the transition on Monday after Michigan certified its election results.

Up until now, the Biden-Harris team buildbackbetter.com to host its transition website. Now it’s hosted at buildbackbetter.gov, a departure from the ptt.gov domain used by the incoming Obama-Biden administration in 2008.

The Wall Street Journal reported last week that until now the Biden-Harris team was using a Google Workspace for email and collaboration, secured with hardware security keys that staff need to log into their accounts. That setup might suffice for an enterprise, but had security experts worried that the lack of government cybersecurity support could make the camp more vulnerable to attacks.

As for the domain, which you might not think much about, the shift to a .gov domain marks a significant step forwards in the camp’s cybersecurity efforts. Government domains, hosted on the .gov domain, are toughened to prevent against domain hijacking or spoofing. In simple terms, they’re far more resilient than your regular web hosting services.

Biden tweeted out the domain marking the change.

Read More

Posted on

Trump fires top US cybersecurity official Chris Krebs for debunking false election claims

Chris Krebs, one of the most senior cybersecurity officials in the U.S. government, has been fired.

Krebs served as the director of the Cybersecurity and Infrastructure Security Agency (CISA) since its founding in November 2018 until he was removed from his position on Tuesday. It’s not immediately clear who is currently heading the agency. A spokesperson for CISA did not immediately comment.

President Trump fired Krebs in a tweet late on Tuesday, citing a statement published by CISA last week, which found there was “no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Trump, who has repeatedly made claims of voter fraud without providing evidence, alleged that CISA’s statement was “highly inaccurate.”

Shortly after, Twitter labeled Trump’s tweet for making a “disputed” claim about election fraud.

Reuters first reported the news of Krebs’ potential firing last week.

Krebs was appointed by President Trump to head the newly created cybersecurity agency in November 2018, just days after the conclusion of the midterm elections. He previously served as an undersecretary for CISA’s predecessor, the National Protection and Programs Directorate, and also held cybersecurity policy roles at Microsoft.

During his time in government, Krebs became one of the most vocal voices in election security, taking the lead during 2018 and in 2020, which largely escaped from disruptive cyberattacks, thanks to efforts to prepare for cyberattacks and misinformation that plagued the 2016 presidential election.

He was “one of the few people in this administration respected by everyone on both sides of the aisle,” said Sen. Mark Warner, a member of the Senate Intelligence Committee, in a tweet.

Krebs is the latest official to leave CISA in the past year. Brian Harrell, who oversaw infrastructure protection at the agency, resigned in August after less than a year on the job, and Jeanette Manfra left for a role at Google at the end of last year. Cyberscoop reported Thursday that Bryan Ware, CISA’s assistant director for cybersecurity, resigned for a position in the private sector.

Read More

Posted on

Twitter labeled 300,000 US election tweets — around 0.2%

Just over a week after the U.S. elections, Twitter has offered a breakdown of some of its efforts to label misleading tweets. The site says that from October 27 to November 11, it labeled some 300,000 tweets as part of its Civic Integrity Policy. That amounts to around 0.2% of the total number of election-related tweets sent during that two-week period.

Of course, not all Twitter warnings are created equal. Only 456 of those included a warning that covered the text and limited user engagement, disabling retweets, replies and likes. That specific warning did go a ways toward limited engagement, with around three-fourths of those who encountered the tweets seeing the obscured texts (by clicking through the warning). Quote tweets for those so labeled decreased by around 29%, according to Twitter’s figures.

The president of the United States received a disproportionate number of those labels, as The New York Times notes that just over a third of Trump’s tweets between November 3 and 6 were hit with such a warning. The end of the election (insofar as the election has actually ended, I suppose) appears to have slowed the site’s response time somewhat, though Trump continues to get flagged, as he continues to devote a majority of his feed to disputing the election results confirmed by nearly every major news outlet.

His latest tweet as of this writing has been labeled disputed, but not hidden, as Trump repeats claims against voting machine maker, Dominion. “We also want to be very clear that we do not see our job as done,” Legal, Policy and Trust & Safety Lead Vijaya Gadde and Product Lead Kayvon Beykpour wrote. “Our work here continues and our teams are learning and improving how we address these challenges.”

Twitter and other social media sites were subject to intense scrutiny following the 2016 election for the roles the platforms played in the spread of misinformation. Twitter sought to address the issue by tweaking recommendations and retweets, as well as individually labeling tweets that violate its policies.

Earlier today, YouTube defended its decision to keep controversial election-related videos, noting, “Like other companies, we’re allowing these videos because discussion of election results & the process of counting votes is allowed on YT. These videos are not being surfaced or recommended in any prominent way.”

Read More

Posted on

Dear Sophie: How will this election nail-biter affect immigration?

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one or two-year subscription for 50% off.


Dear Sophie:

The last 24 hours have been a nail-biter; I feel powerless and I’m angry that we’ve come to this. I’m worried things won’t improve and I’m confused about where we even stand.

Sometimes I just feel so very, very tired of the struggle. I am just so ready to let go. I want to live in a world where we can create harmony, peace and opportunity for all. Can I still find that in the United States?

— Wanting in Walnut Creek

Dear Wanting,

I hear you.

The good news is that there is great potential, even as the world watches the U.S. presidential election results. If anything, what the last four years have taught me is that two clichés are really true: necessity is the mother of invention, and, where there is a will, there is a way. I can relate to many folks around the world because I know what it’s like to have the world of Silicon Valley feel so close, yet so far away, at a time when I felt powerless to make a difference.

Looking back over the past four years, amazing things have been possible for our clients and my team at Alcorn Immigration Law. I founded the firm out of my kitchen just years ago when my kids were toddlers. I would look out my kitchen window hand-washing tiny baby dishes. I can still remember the feeling of the suds on my fingers as I gazed longingly at the tall building on Castro Street in downtown Mountain View where 500 Startups used to sit on the top floor. YC was just down the street.

I felt so powerless. I desperately wanted to make the world a better place, and reaching the world of Silicon Valley, even though it was just past my backyard, seemed like getting to Mars.

[embedded content]

From those humble beginnings to now, as I founded and bootstrapped Alcorn Immigration Law on my own journey of becoming a single mom, I know what’s possible, even during the last four years of the Trump administration. We’ve had amazing success — claiming thousands of victories in supporting companies, people and families to live and work legally in the United States. If I was able to grow my firm during the last four years, I know that it’s possible for anybody to follow their heart and succeed. It’s our human essence to long to be a creator in this world, and anybody can and deserves to make a difference.

And here is what else I know: immigration law is created by acts of Congress and signed into law by the president. Mere tweets may be intended to try to bend the rules, but they cannot break them. That is what democracy is about.

In democracy, we have agreed to abide by basic laws, such as the inviolable dignity of the human being and that we want to agree on procedures for how we make decisions, like the process of passing a law about immigration. Democracy is not about majority tyranny. Democracy is about the fact that we uphold a few principles and we agreed on a decision-making process. When Trump ignores our basic laws and he ignores our legal processes, democracy is in peril.

But democracy does not need to be disrupted, it only requires small adjustments to thrive. In any group it is possible to make jointly supported decisions, taking the needs and resources of all into consideration. “Although the world is complex and decision making is complex, the components of decision making are simple,” according to Richard Graf, founder of K-i-E. Simple tools like the DecisionMaker can allow a miracle to happen — in an environment of openness and anonymity, we can all safely share our needs and concerns so that proposals can be formed based on collective best practices, knowledge, experience, intelligence and intuition. Even if it’s a complex situation, the way forward can immediately become clear.

And in our democracy, the paths to live and work in the U.S. will always remain viable, even if we need to remove a branch or navigate around a new boulder. Here at Alcorn, despite the furor and fear-mongering present in the world surrounding immigration, we are continually securing real victories for our clients. Not a client yet? Global founders can still create a startup, pitch it to investors and secure pathways to live and work legally in the United States with visas, green cards and citizenship.

So I know this and will repeat: Whatever the election results, there will still be many ways for people to legally navigate the U.S. immigration process and access the opportunity and security of life here. For more insight on these ways, please join my Election Results Webinar next week.

In the meantime, here are my thoughts on how the election results will affect the future of U.S. immigration:

Looking ahead, if Biden takes the victory, he has pledged to undo all Trump-era immigration regulations in the first 100 days and support comprehensive immigration reform. He promised to promote immigrant entrepreneurship, which could finally mean a startup visa! He also wants to speed up naturalization, rescind the Muslim travel bans, pass legislation to expand the number of H-1Bs, increase the amount of employment-based green cards, exempt international STEM PhD graduates from needing to await a priority date, create a new type of green card to promote regional economic development and support immigrant entrepreneur incubators.

Alternatively, we can expect that a Trump administration would continue restricting immigration, leading to litigation and judges deciding the fate of many recent policies. We can foresee a continued COVID freeze on green card interviews at consulates.

Also, DHS recently announced its intent to remove the randomness from the H-1B lottery and prioritize the annual H-1B selection process from highest to lowest wage starting in spring 2021. I’m sure there will be litigation about this; in the meantime, Alcorn Immigration Law continues to recommend that all employers proceed with registering employees and candidates in the lottery as usual. These details will take time to shake out and we don’t want anybody to lose a chance at being selected.

In other updates, immigration is just continuing along and there is actually some great news for folks: The State Department recently released the November Visa Bulletin and it stayed the same from October. (If you think your priority date is current or may be current soon, please contact your attorney as soon as possible to discuss filing your I-485 this month to avoid the possibility of retrogression in December!)

And if you need the freedom to build your startup, but were told that you don’t yet qualify for an O-1A visa, EB-1A or EB-2 NIW green card, you can join me in Extraordinary Ability Bootcamp with promo code DEARSOPHIE to receive 20% off.

We’re optimistic about the future. Life always offers us opportunities to grow through contrast and uncertainty, and we remain passionate about our mission to create greater freedom, empowerment, knowledge and love in the world.

Sophie


Have a question? Ask it here. We reserve the right to edit your submission for clarity and/or space. The information provided in “Dear Sophie” is general information and not legal advice. For more information on the limitations of “Dear Sophie,” please view our full disclaimer here. You can contact Sophie directly at Alcorn Immigration Law.

Sophie’s podcast, Immigration Law for Tech Startups, is available on all major podcast platforms. If you’d like to be a guest, she’s accepting applications!

Read More

Posted on

Trump’s campaign website hacked by cryptocurrency scammers

President Trump’s campaign website was briefly and partially hacked Tuesday afternoon as unknown adversaries took over parts of the page, replacing them with what appeared to be a scam to collect cryptocurrency. There is no indication, despite the hackers’ claims, that “full access to trump and relatives” was achieved or “most internal and secret conversations strictly classified information” were exposed.

The hack, first noted by Gabriel Lorenzo Greschler on Twitter, seemingly took place shortly before 4 PM Pacific time. The culprits likely gained access to the donaldjtrump.com web server backend and inserted a long stretch of obfuscated JavaScript producing a parody of the FBI “this site has been seized” message, which appeared over the normal content.

“the world has had enough of the fake-news spreaded daily by president donald j trump,” the new site read. “it is time to allow the world to know truth.”

Claiming to have inside information on the “origin of the corona virus” and other information discrediting Trump, the hackers provided two Monero addresses. Monero is a cryptocurrency that’s easy to send but quite difficult to track. For this reason it has become associated with unsavory operations such as this hack.

One address was for people who wanted the “strictly classified information” released, the other for those who would prefer to keep it secret. After an unspecified deadline the totals of cryptocurrency would be compared and the higher total would determine what was done with the data.

The page was signed with a PGP public key corresponding to an email address at a non-existent domain (planet.gov).

The website was reverted to its original content within a few minutes of the hack taking place. There is no evidence to suggest that anything other than the one page was accessed, such as donor data; campaign communications director Tim Murtaugh confirmed the hack shortly afterwards, saying there was no exposure of sensitive data and that they are working with law enforcement.

Getting people to irreversibly send cryptocurrency to a mysterious address is a common form of scam online, usually relying on brief appearances on high visibility platforms like celebrity Twitter accounts and the like. This one is no different, and was taken down within minutes.

There is no indication that this attack was in any way state-sponsored, and while it strikes a partisan tone, one can hardly say that this is a very coherent attack against the Trump platform. Campaign and other elections-related websites are high-value targets for hackers because they are associated with entities like Trump but are not as secure as official sites like whitehouse.gov. Though the diction seems not to be that of a native English speaker, there is no other positive evidence that the hack is of foreign origin.

This is not the first time Trump has been hacked recently. His Twitter account was briefly taken over by someone who guessed his password (“maga2020!”) but was, luckily for the president, not of a mind to collect DMs or otherwise rock the boat. And of course, Trump’s hotels were hacked before as well.

Trump recently stated, mistakenly it seems, that “Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15% of your password.”

Read More

Posted on

Trump says ‘nobody gets hacked’ but forgot his hotel chain was hacked — twice

According to President Trump speaking at a campaign event in Tucson, Arizona, on Monday, “nobody gets hacked.” You don’t need someone who covers security day in and day out to call bullshit on this one.

“Nobody gets hacked. To get hacked you need somebody with 197 IQ and he needs about 15 percent of your password,” Trump said, referencing the recent suspension of C-SPAN political editor Steve Scully, who admitted falsely claiming his Twitter account was hacked this week after sending a tweet to former White House communications director Anthony Scaramucci.

There’s a lot to unpack in those two-dozen words. But aside from the fact that not all hackers are male (and it’s sexist to assume that), and glossing over the two entirely contrasting sentences, Trump also neglected to mention that his hotel chain was hacked twice — once over a year-long period between 2014 and 2015 and again between 2016 and 2017.

We know this because the Trump business was legally required to file notice with state regulators after each breach, which they did.

In both incidents, customers of Trump’s hotels had their credit card data stolen. The second breach was blamed on a third-party booking system, called Sabre, which also exposed guest names, emails, phone numbers and more.

The disclosures didn’t say how many people were affected. Suffice it to say, it wasn’t “nobody.”

A spokesperson for the Trump campaign did not return a request for comment.

It’s easy to ignore what could be considered a throwaway line: To say that “nobody gets hacked” might seem harmless on the face of it, but to claim so is dangerous. It’s as bad as saying something is “unhackable” or “hack-proof.” Ask anyone who works in cybersecurity and they’ll tell you that no person or company can ever make such assurances.

Absolute security doesn’t exist. But for those who don’t know any different, it’s an excuse not to think about their own security. Yes, you should use a password manager. Absolutely turn on two-factor authentication whenever you can. Do the basics, because hackers don’t need an IQ score of 197 to break into your accounts. All they need is for you to lower your guard.

If “nobody gets hacked” as Trump claims, it makes you wonder whatever happened to the 400-pound hacker the president mentioned during his first White House run.

Read More