Archive for the ‘NSA’ Category

The US has suffered a massive cyberbreach. It’s hard to overstate how bad it is – The Guardian

Recent news articles have all been talking about the massive Russian cyber-attack against the United States, but thats wrong on two accounts. It wasnt a cyber-attack in international relations terms, it was espionage. And the victim wasnt just the US, it was the entire world. But it was massive, and it is dangerous.

Espionage is internationally allowed in peacetime. The problem is that both espionage and cyber-attacks require the same computer and network intrusions, and the difference is only a few keystrokes. And since this Russian operation isnt at all targeted, the entire world is at risk and not just from Russia. Many countries carry out these sorts of operations, none more extensively than the US. The solution is to prioritize security and defense over espionage and attack.

Heres what we know: Orion is a network management product from a company named SolarWinds, with over 300,000 customers worldwide. Sometime before March, hackers working for the Russian SVR previously known as the KGB hacked into SolarWinds and slipped a backdoor into an Orion software update. (We dont know how, but last year the companys update server was protected by the password solarwinds123 something that speaks to a lack of security culture.) Users who downloaded and installed that corrupted update between March and June unwittingly gave SVR hackers access to their networks.

This is called a supply-chain attack, because it targets a supplier to an organization rather than an organization itself and can affect all of a suppliers customers. Its an increasingly common way to attack networks. Other examples of this sort of attack include fake apps in the Google Play store, and hacked replacement screens for your smartphone.

SolarWinds has removed its customers list from its website, but the Internet Archive saved it: all five branches of the US military, the state department, the White House, the NSA, 425 of the Fortune 500 companies, all five of the top five accounting firms, and hundreds of universities and colleges. In an SEC filing, SolarWinds said that it believes fewer than 18,000 of those customers installed this malicious update, another way of saying that more than 17,000 did.

Thats a lot of vulnerable networks, and its inconceivable that the SVR penetrated them all. Instead, it chose carefully from its cornucopia of targets. Microsofts analysis identified 40 customers who were infiltrated using this vulnerability. The great majority of those were in the US, but networks in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE were also targeted. This list includes governments, government contractors, IT companies, thinktanks, and NGOs and it will certainly grow.

Once inside a network, SVR hackers followed a standard playbook: establish persistent access that will remain even if the initial vulnerability is fixed; move laterally around the network by compromising additional systems and accounts; and then exfiltrate data. Not being a SolarWinds customer is no guarantee of security; this SVR operation used other initial infection vectors and techniques as well. These are sophisticated and patient hackers, and were only just learning some of the techniques involved here.

Recovering from this attack isnt easy. Because any SVR hackers would establish persistent access, the only way to ensure that your network isnt compromised is to burn it to the ground and rebuild it, similar to reinstalling your computers operating system to recover from a bad hack. This is how a lot of sysadmins are going to spend their Christmas holiday, and even then they cant be sure. There are many ways to establish persistent access that survive rebuilding individual computers and networks. We know, for example, of an NSA exploit that remains on a hard drive even after it is reformatted. Code for that exploit was part of the Equation Group tools that the Shadow Brokers again believed to be Russia stole from the NSA and published in 2016. The SVR probably has the same kinds of tools.

Even without that caveat, many network administrators wont go through the long, painful, and potentially expensive rebuilding process. Theyll just hope for the best.

Its hard to overstate how bad this is. We are still learning about US government organizations breached: the state department, the treasury department, homeland security, the Los Alamos and Sandia National Laboratories (where nuclear weapons are developed), the National Nuclear Security Administration, the National Institutes of Health, and many more. At this point, theres no indication that any classified networks were penetrated, although that could change easily. It will take years to learn which networks the SVR has penetrated, and where it still has access. Much of that will probably be classified, which means that we, the public, will never know.

And now that the Orion vulnerability is public, other governments and cybercriminals will use it to penetrate vulnerable networks. I can guarantee you that the NSA is using the SVRs hack to infiltrate other networks; why would they not? (Do any Russian organizations use Orion? Probably.)

While this is a security failure of enormous proportions, it is not, as Senator Richard Durban said, virtually a declaration of war by Russia on the United States While President-elect Biden said he will make this a top priority, its unlikely that he will do much to retaliate.

The reason is that, by international norms, Russia did nothing wrong. This is the normal state of affairs. Countries spy on each other all the time. There are no rules or even norms, and its basically buyer beware. The US regularly fails to retaliate against espionage operations such as Chinas hack of the Office of Personal Management (OPM) and previous Russian hacks because we do it, too. Speaking of the OPM hack, the then director of national intelligence, James Clapper, said: You have to kind of salute the Chinese for what they did. If we had the opportunity to do that, I dont think wed hesitate for a minute.

We dont, and Im sure NSA employees are grudgingly impressed with the SVR. The US has by far the most extensive and aggressive intelligence operation in the world. The NSAs budget is the largest of any intelligence agency. It aggressively leverages the USs position controlling most of the internet backbone and most of the major internet companies. Edward Snowden disclosed many targets of its efforts around 2014, which then included 193 countries, the World Bank, the IMF and the International Atomic Energy Agency. We are undoubtedly running an offensive operation on the scale of this SVR operation right now, and itll probably never be made public. In 2016, President Obama boasted that we have more capacity than anybody both offensively and defensively.

He may have been too optimistic about our defensive capability. The US prioritizes and spends many times more on offense than on defensive cybersecurity. In recent years, the NSA has adopted a strategy of persistent engagement, sometimes called defending forward. The idea is that instead of passively waiting for the enemy to attack our networks and infrastructure, we go on the offensive and disrupt attacks before they get to us. This strategy was credited with foiling a plot by the Russian Internet Research Agency to disrupt the 2018 elections.

But if persistent engagement is so effective, how could it have missed this massive SVR operation? It seems that pretty much the entire US government was unknowingly sending information back to Moscow. If we had been watching everything the Russians were doing, we would have seen some evidence of this. The Russians success under the watchful eye of the NSA and US Cyber Command shows that this is a failed approach.

And how did US defensive capability miss this? The only reason we know about this breach is because, earlier this month, the security company FireEye discovered that it had been hacked. During its own audit of its network, it uncovered the Orion vulnerability and alerted the US government. Why dont organizations like the departments of state, treasury and homeland security regularly conduct that level of audit on their own systems? The governments intrusion detection system, Einstein 3, failed here because it doesnt detect new sophisticated attacks a deficiency pointed out in 2018 but never fixed. We shouldnt have to rely on a private cybersecurity company to alert us of a major nation-state attack.

If anything, the USs prioritization of offense over defense makes us less safe. In the interests of surveillance, the NSA has pushed for an insecure cellphone encryption standard and a backdoor in random number generators (important for secure encryption). The DoJ has never relented in its insistence that the worlds popular encryption systems be made insecure through back doors another hot point where attack and defense are in conflict. In other words, we allow for insecure standards and systems, because we can use them to spy on others.

We need to adopt a defense-dominant strategy. As computers and the internet become increasingly essential to society, cyber-attacks are likely to be the precursor to actual war. We are simply too vulnerable when we prioritize offense, even if we have to give up the advantage of using those insecurities to spy on others.

Our vulnerability is magnified as eavesdropping may bleed into a direct attack. The SVRs access allows them not only to eavesdrop, but also to modify data, degrade network performance, or erase entire networks. The first might be normal spying, but the second certainly could be considered an act of war. Russia is almost certainly laying the groundwork for future attack.

This preparation would not be unprecedented. Theres a lot of attack going on in the world. In 2010, the US and Israel attacked the Iranian nuclear program. In 2012, Iran attacked the Saudi national oil company. North Korea attacked Sony in 2014. Russia attacked the Ukrainian power grid in 2015 and 2016. Russia is hacking the US power grid, and the US is hacking Russias power grid just in case the capability is needed someday. All of these attacks began as a spying operation. Security vulnerabilities have real-world consequences.

Were not going to be able to secure our networks and systems in this no-rules, free-for-all every-network-for-itself world. The US needs to willingly give up part of its offensive advantage in cyberspace in exchange for a vastly more secure global cyberspace. We need to invest in securing the worlds supply chains from this type of attack, and to press for international norms and agreements prioritizing cybersecurity, like the 2018 Paris Call for Trust and Security in Cyberspace or the Global Commission on the Stability of Cyberspace. Hardening widely used software like Orion (or the core internet protocols) helps everyone. We need to dampen this offensive arms race rather than exacerbate it, and work towards cyber peace. Otherwise, hypocritically criticizing the Russians for doing the same thing we do every day wont help create the safer world in which we all want to live.

Visit link:
The US has suffered a massive cyberbreach. It's hard to overstate how bad it is - The Guardian

Today’s D Brief: Vaccines, compared; NSA/CYBERCOM split?; More Trump deference to Russia; Welcome, ‘guardians’; And a bit more. – Defense One

A second COVID vaccine has begun distribution. This ones made by Moderna, and STAT News has an informative side-by-side comparison with the Pfizer vaccine thats been going out for just over a week.

What they do, and dont do: Both vaccines seemed to reduce the risk of severe COVID disease. Its not yet known if either prevents asymptomatic infection with the SARS-CoV-2 virus. Nor is it known if vaccinated people can transmit the virus if they do become infected but dont show symptoms. Read on, here.

The coronavirus is mutating, as viruses do. A new faster-spreading variant has Britain locking down even harder, but scientists say it appears unlikely to change in ways that make the vaccines less effective.

The 7-day average of U.S. COVID deaths keeps setting records. Yesterday it hit 2,639, per the New York Times tracker one death every 33 seconds.

Help is on the way, President-elect Joe Biden said Sunday after lawmakers reportedly reached a deal on roughly $900 billion in coronavirus relief for Americans. The bill "provides an important downpayment on the investment we need in vaccine procurement and distribution," Biden said, but cautioned, "We need to scale up vaccine production and distribution and acquire tens of millions more doses."

Then what? "In our first 100 days, well be asking all Americans to mask up for 100 days," he continued. "Well have a plan to administer 100 million vaccine shots in 100 days and to get most schools open in the first 100 days. These are bold, but doable steps to contain the virus and get back to our lives."

The Biden White House also says it's planning a sort of public relations campaign for vaccines "to educate the American people in the efficacy and safety...so that we can all reap the benefits of their protection." More to that, here.

Trump Officials Deliver Plan to Split Up Cyber Command, NSA // Katie Bo Williams: An end to the dual hat arrangement has been debated for years but the timing raises questions. The plan requires Milley's certification to move ahead.

Space Force Troops Get a Name: Guardians // Marcus Weisgerber: VP Pence revealed the moniker for Trumps oft-teased newest military service branch to stand alongside soldiers, airmen, sailors, and Marines.

Defense One Radio, Ep. 83 // Defense One Staff : Interview with CENTCOMs Marine Gen. Frank McKenzie.

A Day of Deaths 25 Percent Higher Than Springs Worst / The COVID Tracking Project: For the second week in a row, more COVID-19 deaths were reported in the U.S. than at any other time in the pandemic.

How Were Building a 21st-Century Space Force // Gen. John W. Raymond is Chief of Space Operations, U.S. Space Force: Only by staying lean, agile, and tightly focused on our mission can we succeed in protecting the United States.

Pushing Billions in Arms Sales Is Not an Accomplishment // William D. Hartung: It matters to whom the weapons are flowing and how they will be used.

Welcome to this Monday edition of The D Brief from Ben Watson and Bradley Peniston. Send us tips from your community right here. And if youre not already subscribed to The D Brief, you can do that here. On this day in 1945, George Smith Patton Jr., passed away from pulmonary edema and congestive heart failure 13 days after an automobile accident in Germany paralyzed him from the neck down. He was 60 years old.

Trumps deference to Russia continues. Nearly a week after news broke about the large and historic cyber intrusion across multiple federal agencies, President Trump finally spoke up about it in a tweet on Saturday.The Cyber Hack is far greater in the Fake News Media than in actuality," Trump tweeted about the impact and damage, which has already entangled the State, Treasury, Energy, Homeland Security and Commerce Departments as well as the National Institutes of Health.A grave risk to the federal government is how DHSs Cybersecurity and Infrastructure Security Agency described it in a statement updated today.[I]t may be China, Trump tweeted Saturday, without even a suggestion of evidence. He went on to speculate again, without evidence that the cyber intrusions across the federal agencies might somehow be related to voting machines. Read the rest of that paranoid and virtually incomprehensible tweet, here.

Will feds selloff of 5G frequencies risk more airplane crashes? Maybe, say officials with the Federal Aviation Administration and the Department of Transportation, who are asking the Federal Communications Commission to halt the ongoing auction. And the Defense Department? Leaders, who are kinda just tuning in to this 5G wrinkle, are meeting today with counterparts at FAA and DOT to figure out the path forward, Defense News reports.

Lockheed Martin is acquiring rocket-maker Aerojet Rocketdyne Holdings for more than $4 billion, Lockheed announced Sunday. The two firms have been working together for some time already on several advanced systems across [LMTs] Aeronautics, Missiles and Fire Control and Space business areas, Lockheed said in its statement. More from Reuters, here.

The UAE and/or Saudi Arabia appear to be behind a cell phone hacking operation that spanned dozens of Middle Eastern journalists working for Qatar-based al-Jazeera, the Washington Post reports. That probable conclusion is from an alarming report by researchers with the Citizen Lab at the University of Torontos Munk School of Global Affairs and Public Policy.Apparently, victims didnt have to do anything to get hacked; and thats why researchers called the vulnerability a zero-click exploit.One big takeaway: All iOS device owners should immediately update to the latest version of the operating system. More here.

Russian opposition leader Alexey Navalny duped an FSB agent into confessing details of the poisoning operation that was supposed to kill him, CNN reports on the heels of their joint investigation into Russias attempts to kill Navalny.

Here are 15 ways the U.S. military says it will try to improve its racial diversity and inclusiveness, via a report commissioned in the wake of protests against police brutality this summer after the death of George Floyd:

The Secretary of the Air Force chaired the Board on Diversity and Inclusion, which also included the Senior Enlisted Advisor to the Chairman of the Joint Chiefs of Staff and the Under Secretary of Defense for Personnel and Readiness, and Service members from each branch of the Military Services and the National Guard Bureau. The group reviewed industry best practices, and assessed pertinent data and reports when writing up its 15 recommendations.After reviewing the Board' s 15 recommendations, Acting Defense Secretary Chris Miller wrote in a department memo released Friday evening by the Pentagon, I am pleased to see such a methodical evaluation leading to the development of such rigorous actions to address diversity and inclusion. I expect all leaders to take an aggressive approach to embed diversity and inclusion practices into the core of our military culture...We must not accept-and must intentionally and proactively remove any barriers to an inclusive and diverse force and equitable treatment of every Service member.The first phase of post-report actions are expected by March 31, according to Millers reaction plan to each of the 15 recommendations. And that will involve

And the Pentagon must begin working on how to reduce extremist or hate group activity by March 31, with a plan of action and milestones to be spelled out by the end of June. That falls to the Pentagon's Under Secretary of Defense for Personnel and Readiness and its Under Secretary for Intelligence and Security. For more on what lies ahead, see Acting SecDef Millers memo (PDF) in full, here.

And lastly today, Space Forcer troops got a collective name on Friday: guardians. As in soldiers, sailors, airmen, Marines, and guardians. Reports Defense Ones Marcus Weisgerber: The new name for militarys space professionals, announced on Friday by Vice President Mike Pence, may appear to be a play on the Marvel superhero film Guardians of the Galaxy. But Space Force officials said it was a callback to a 1983 motto.That didnt stop various Hollywood types associated with the movie from chipping in their two cents. Tweeted Clark Gregg, who plays S.H.I.E.L.D. agent Phil Coulson: My pet raccoon just got a draft notice. WTF.The new name was missing from the Chief of Space Operations oped published by The Atlantic on Sunday. Only by staying lean, agile, and tightly focused on our mission can we succeed in protecting the United States, wrote Gen. John W. Raymond. Read that, here.

Go here to read the rest:
Today's D Brief: Vaccines, compared; NSA/CYBERCOM split?; More Trump deference to Russia; Welcome, 'guardians'; And a bit more. - Defense One

International Gold Cup and Other Reasons for Giving Thanks – Middleburg Eccentric

Thanksgiving heralds the holiday season, and we have many reasons to be grateful despite and because of all the challenges thrown at us throughout 2020. Now more than ever, staying well is a priority that requires significant effort and planning. It isnt easy or fun to protect ourselves from OPGs (other peoples germs), although some have been doing this for years. It isnt a political statement to wear masks, practice good hygiene, and distance yourself from others. Its just plain old-fashioned common sense.

A big thank you on behalf of all racing and chasing enthusiasts to the National Steeplechase Association and its NSA Network for making sure that you had options if you couldnt be there in person. They provided Live Streams of each race meet on the day, bringing sanctioned meets into the safety of our homes, and the archived videos are available to one and all.

Will OKeefe is one of the greatest and possibly the best race announcer. We think he deserves a special lifetime achievement award and heaven help chasing and point-to-points when he retires. It hasnt mattered whether Will is calling the races for a mega-crowd of thousands or spectator-free meets. His passion for the sport comes through loud and clear as he narrates each contest from start to finish.

The video camera work is excellent, even with changes in natural lighting on various portions of the course, but its all there: gorgeous Thoroughbreds piloted by jockeys in bright silks, beautifully framed by the undulating sea of green turf. Will keeps you posted on whos in the lead, who might be challenging, and, with videos, you can see so much more detail. Its almost as good as being there, and almost is way better than no racing at all.

Now, however, the fall steeplechase season is a wrap, and standings are final for both sanctioned and point-to-points. Its challenging to contemplate Great Meadow on October 24 without its signature crowds of nearly 50,000 arranged around three sides of the course, but this season has been all about the horses. Tod Marks, the official NSA photographer, writes terrific previews and reports, and we enjoyed what he wrote about this years International Gold Cup.

Heres Tods opening sentence: Saturdays 10-race card at Great Meadow Race Course in The Plains, Va., had it all: Blow-out wins, white-knuckle finishes, and outstanding rides by apprentice riders. And of all the highlights, none shone brighter than Curve of Stones victory in the $25,000 International Gold Cup, his second timber-stakes score in two weeks.

Everyone was there, and Tod gives the full scoop better than we ever could do it. Suffice it to say, when the racing concluded in November, Jonathan Sheppard ended up adding a win and purse money from five horses, thereby boosting his bid for yet another top trainer title in both races won (16) and money won. Jack Fisher ran a very close second in Money Won but saddled only half the winners.

It was an interesting season, no matter how you view it. But its all about the horses really. One favorite race is the Steeplethon, a very unusual hybrid mix of timber and hurdles that demand a special Thoroughbred.

Starlight Racing LLCs Invocation, this years Steeplethon winner, was pretty brilliant over hurdles earlier in the geldings career, as stated in Will OKeefes Central Entry treasure trove of racing information and statistics. In October 2016, Invocation debuted as a 3-year old over hurdles, placing third, and four weeks later, proved best in a field of nine at the Colonial Cup for his first win. He earned eight firsts over hurdles and on the flat by mid-2019 when he went to a new trainer, Mark Beecher, who grew up in the saddle in Ireland and crossed the big puddle to the USA in 2010. Within two years, Marks career as a jump jockey took off like a rocket. He retired from race-riding in a blaze of glory after piloting Mystic Strike to victory in the 2019 Pennsylvania Hunt Cup. Among his many awards are seven NSA titles, including several as leading rider over timber.They say it takes one to know one, and no doubt this trainer and the horses in his program have come to a good understanding because Invocation has gone from flat to steeplethon to hurdle to timber to steeplethon as if its all in a days work. It will be interesting to see how next season goes for Invocation and whats in store for him and his trainer.

All this research has made us very keen to engage in a marathon of following some favorite horses in their careers by taking a ride down memory lane via NSA Networks archived videos. Because watching these amazing equine athletes and their riders is a great way to get some joy and alleviate cabin fever the next best thing to being there

Happy Healthy Thanksgiving!

Centralentryoffice.comNationalSteeplechase.comThisIsHorseRacing.com

Continue reading here:
International Gold Cup and Other Reasons for Giving Thanks - Middleburg Eccentric

The NSA Warns That Russia Is Attacking Remote Work Platforms – WIRED

Throughout 2020, an unprecedented portion of the world's office workers have been forced to work from home as a result of the Covid-19 pandemic. That dispersal has created countless opportunities for hackers, who are taking full advantage. In an advisory today, the National Security Agency said that Russian state-sponsored groups have been actively attacking a vulnerability in multiple enterprise remote-work platforms developed by VMware. The company issued a security bulletin on Thursday that details patches and workarounds to mitigate the flaw, which Russian government actors have used to gain privileged access to target data.

Institutions have scrambled to adapt to remote work, offering employees secure remote access to enterprise systems. But the change comes with different risks and has created new exposures versus traditional office networks. Flaws in tools like VPNs have been especially popular targets, since they can give attackers access to internal corporate networks. A group of vulnerabilities affecting the Pulse Secure VPN, for example, were patched in April 2019, but US intelligence and defense agencies like the Cybersecurity and Infrastructure Security Agency issued warnings in October 2019, and again in January and April, that hackers were still attacking organizationsincluding government agencies that had not applied the patch.

On Thursday, CISA issued a brief advisory encouraging administrators to patch the VMware vulnerability immediately. "An attacker could exploit this vulnerability to take control of an affected system," the agency said.

In addition to warning the general public about the VMware bug, the NSA emphasized repeatedly that it "encourages National Security System (NSS), Department of Defense (DOD), and Defense Industrial Base (DIB) network administrators to prioritize mitigation of the vulnerability on affected servers."

Its one of those things where the messenger is notable as well as the message, says Ben Read, senior manager of cyberespionage analysis at the threat intelligence firm FireEye. Its a remote code execution vulnerability, its something that people definitely want to patch, but these things happen. So the fact that the NSA wanted to make a big deal about it is likely based on the fact that it was being used by Russias folks in the wild and presumably against a target that the NSA is worried about.

The affected VMware products all relate to cloud infrastructure and identity management, including VMware Workspace One Access, its predecessor, VMware Identity Manager, and VMware Cloud Foundation. VMware said in a statement that "upon notification of the issue, VMware has worked to assess this issue, and has provided the appropriate updates and patches to mitigate this issue."

The company noted in its advisory that it rates the flaw's severity as "Important," a step below "Critical," because attackers must have access to a web-based, password-protected management interface before they can exploit the vulnerability. The NSA points out that securing this interface with a strong, unique password, or setting it up so it isn't accessible from the public internet, are both steps that can reduce the risk of attack. Fortunately, VMware did not design the affected systems with the option to use default passwords that would be trivially easy for attackers to guess.

Once a hacker has access, they can exploit the vulnerability to manipulate authentication requests called "SAML assertions" (from Security Assertion Markup Language, an open standard) as a way of burrowing deeper into an organization's network. And they can use that position to access other servers that contain potentially sensitive information.

FireEyes Read notes that while the bug does first require a legitimate password to exploit, that's not an insurmountable hurdle, particularly for Russian hackers who have a known facility with credential theft techniques like password spraying. I would guess the NSA is writing something because they have seen it work, even if it is in theory not the worst vulnerability out there, he says.

"The messenger is notable as well as the message."

Ben Read, FireEye

When so many employees are working remotely, it can be difficult to use traditional network monitoring tools to flag potentially suspicious behavior. But the NSA points out that vulnerabilities like the VMware bug present a unique challenge regardless, because the malicious activity would all happen in encrypted connections to the web interface that aren't distinguishable from legitimate logins. The NSA recommends instead that organizations comb their server logs for what are known as "exit statements" that can indicate suspicious activity.

Here is the original post:
The NSA Warns That Russia Is Attacking Remote Work Platforms - WIRED

Former NSA contractor Reality Winner loses appeal, will remain imprisoned – CyberScoop

Written by Joe Warminsky Dec 8, 2020 | CYBERSCOOP

The former National Security Agency contractor convicted in 2018 of illegally leaking top secret information to a news organization will remain in federal prison after an appeals court upheld a ruling against a compassionate release amid the COVID-19 pandemic.

The eight-page opinion Monday from the U.S. Court of Appeals for 11th Circuit backed an earlier ruling that lawyers for Reality Winner had not sufficiently shown that her medical conditions or prison conditions justified an early release. The appeals court didnt rule on the merits of Winners argument it simply said the lower court had considered her request properly.

After careful consideration and with the benefit of oral argument, we conclude that the District Court did not abuse its discretion in denying Ms. Winners motion, Mondays opinion says. Because we resolve her appeal on this basis alone, we need not (and do not) address Ms. Winners other arguments.

In early April, Winner, now 29, had filed a motion for compassionate release with the U.S. District Court for the Southern District of Georgia, saying that she suffers from depression and an eating disorder, and that COVID-19 related prison lockdowns affected her ability to cope with those conditions, thus making her more susceptible to further illness. The district court rejected Winners motion without holding an evidentiary hearing.

Winner was working as a linguist for Pluribus International Corp., a government contractor, when she was accused of leaking leaking a report on Russian interference in U.S. elections. The Intercept published details from the document but says it did not know the exact source. Afterward, Winner was arrested and pleaded guilty to violating the Espionage Act.

Some have branded Winner a whistleblower, given that the leaked document expanded the publicly available information about the Russian threat to elections at a time when the White House was claiming it was a hoax.

Winner is serving her 63-month prison sentence at Federal Medical Center Carswell in Fort Worth, Texas, where it was reported this summer that she and about 500 other detainees had contracted COVID-19. She could be released by November 2021.

Her lawyers have noted that she is a nonviolent first offender who admitted her mistake. Those arguments and others werent enough to persuade the district court.

Winner has not carried the burden of demonstrating that her specific medical conditions under the particular conditions of confinement at FMC Carswell place her at a risk substantial enough to justify early release, U.S. District Judge J. Randal Hall wrote in April, in rejecting Winners motion. In fact, the court is constrained to observe that Winner is in a medical prison, which is presumably better equipped than most to deal with any onset of COVID-19 in its inmates.

U.S. courts have been hearing many requests like Winners this year as the COVID-19 pandemic rips through prison populations. In some cases, motions for compassionate release do succeed: Late last week a federal judge in Virginia sent a native of Kosovo back to his home country after the convicted hacker argued for his release.

Read the original here:
Former NSA contractor Reality Winner loses appeal, will remain imprisoned - CyberScoop