Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
The Internet

Several Sites Including Twitter, GitHub, Spotify, PayPal, NYTimes Suffering Outage -- Dyn DNS Under DDoS Attack [Update] ( 204

Several popular websites and services are down right now for many users. The affected sites include Twitter, SoundCloud, Spotify, and PayPal among others. The cause appears to be a sweeping outage of DNS provider Dyn -- which in turn is under DDoS attack, according to an official blog post. From a TechCrunch report:Other sites experiencing issues include Box, Boston Globe, New York Times, Github, Airbnb, Reddit, Freshbooks, Heroku and Vox Media properties. Users accessing these sites might have more or less success depending on where they're located, as some European and Asian users seem not to be encountering these issues. Last month, Bruce Schneier warned that someone was learning how to take down the internet. Update: 10/21 14:41 GMT by M : Dyn says that it has resolved the issue and sites should function normally. Update: 10/21 17:04 GMT by M :Department of Homeland Security says it is aware of the first DDoS attack on Dyn today and "investigating all potential causes." Dyn says it is still under DDoS attack. News outlet The Next Web says it is also facing issues. Any website that uses Dyn's service -- directly or indirectly -- is facing the issue. Motherboard has more details.Update: 10/21 17:57 GMT by M : It seems even PlayStation Network is also hit. EA Sports Games said it is aware of the issues in live-play. Dyn says it is facing a second round of DDoS attacks.

Update: 10/21 18:45 GMT by M : U.S. government probing whether east coast internet attack was a 'criminal act' - official.

Editor's note: the story is being updated as we learn more. The front page was updated to move this story up. Are you also facing issues? Share your experience in the comments section below.

'Most Serious' Linux Privilege-Escalation Bug Ever Is Under Active Exploit ( 68

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."


HackerOne CEO: Every Computer System is Subject To Vulnerabilities ( 46

An anonymous reader writes: Every computer system in the world is vulnerable to hackers and criminals, according to Marten Mickos, CEO of HackerOne. That's nothing new with major data breaches at Yahoo and the federal government. But not to worry, teams of ethical hackers could be an answer to the growing cybersecurity concerns. "There are far more ethical hackers, white hat hackers, in the world than criminals," Mickos told CNBC's "Squawk Alley" on Thursday. "So when you just invite the good guys to help you, you will always be safe. It's like a neighborhood watch. You're asking the good guys around you to help you see what's wrong with your system and help you fix it." Mickos has assembled 70,000 white hat hackers in his venture-backed company HackerOne. He explains the intent of white hat hackers is to hack for good and not for exploitation.

'Adding a Phone Number To Your Google Account Can Make it Less Secure' ( 91

You may think that adding a backup phone number to your account will make it prone to hack, but that is not always the case. Vijay Pandurangan, EIR at Benchmark (and formerly with Eng Site Lead at Twitter) argues that your phone number is likely the weakest link for many attackers (at least when they are trying to hack your Google account). He has shared the story of his friend who had his Google account compromised. The friend in this case, let's call him Bob, had a very strong password, a completely independent recovery email, hard-to-guess security questions, and he never logged in from unknown devices. Though Bob didn't have multi-factor authentication enabled, he did add a backup phone number. On October 1, when Bob attempted to check his email, he discovered that he was logged out of his Gmail account. When he tried to login, he was told that his password was changed less than an hour ago. He tried calling Verizon, and discovered that his phone service was no longer active, and that the attacker had switched his service to an iPhone 4. "Verizon later conceded that they had transferred his account despite having neither requested nor being given the 4-digit PIN they had on record." The attacker reset Bob's password and changed the recover email, password, name on the account, and enabled two-factor authentication. He got his account back, thanks to support staff and colleagues at Google, but the story illustrates how telco are the weakest link. From the article: Using a few old Google accounts, I experimented with Google's account recovery options and discovered that if a Google account does not have a backup phone number associated with it, Google requires you to have access to the recovery email account OR know the security questions in order to take over an account. However, if a backup phone number is on the account, Google allows you to type in a code from an SMS to the device in lieu of any other information. There you have it: adding a phone number reduces the security of your account to the lowest of: your recovery email account, your security questions, your phone service, and (presumably) Google's last-ditch customer service in case all other options fail. There are myriad examples of telcos improperly turning over their users' accounts: everything from phone hacking incidents in the UK to more recent examples. Simply put, telcos can be quite bad at securing your privacy and they should not be trusted. Interestingly, it appears that if two-factor-auth via SMS is enabled, Google will not allow your password to be reset unless you can also answer a security question in addition to having access to a phone number.
The Military

US Army 'Will Have More Robot Soldiers Than Humans' By 2025, Says Former British Spy ( 108

John Bassett, a British spy who worked for the agency GCHQ for nearly two decades, has told Daily Express that the U.S. was considering plans to employ thousands of robots by 2025. At a meeting with police and counter-terrorism officials in London, he said: "At some point around 2025 or thereabouts the U.S. army will actually have more combat robots than it will have human soldiers. Many of those combat robots are trucks that can drive themselves, and they will get better at not falling off cliffs. But some of them are rather more exciting than trucks. So we will see in the West combat robots outnumber human soldiers." Daily Express reports: Robotic military equipment is already being used by the U.S Navy and Air Force, in the shape of drones and autonomous ships. In April robotic warfare took a major leap forward after the U.S. Navy launched its very first self-piloting ship designed to hunt enemy submarines. Drones have been a feature of U.S. operations in the Middle East to disrupt terrorist groups. However, those aircrafts are still controlled by humans operating from bases in the U.S. Mr. Bassett also said artificial intelligence and robots technology would combine to create powerful fighting machines. The cyber security expert said: "Artificial intelligence, robotics in general, those will begin to mesh together."

How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts ( 107

An anonymous reader quotes a report from Motherboard: On March 19 of this year, Hillary Clinton's campaign chairman John Podesta received an alarming email that appeared to come from Google. The email, however, didn't come from the internet giant. It was actually an attempt to hack into his personal account. In fact, the message came from a group of hackers that security researchers, as well as the U.S. government, believe are spies working for the Russian government. At the time, however, Podesta didn't know any of this, and he clicked on the malicious link contained in the email, giving hackers access to his account. The data linking a group of Russian hackers -- known as Fancy Bear, APT28, or Sofacy -- to the hack on Podesta is also yet another piece in a growing heap of evidence pointing toward the Kremlin. And it also shows a clear thread between apparently separate and independent leaks that have appeared on a website called DC Leaks, such as that of Colin Powell's emails; and the Podesta leak, which was publicized on WikiLeaks. All these hacks were done using the same tool: malicious short URLs hidden in fake Gmail messages. And those URLs, according to a security firm that's tracked them for a year, were created with Bitly account linked to a domain under the control of Fancy Bear. The phishing email that Podesta received on March 19 contained a URL, created with the popular Bitly shortening service, pointing to a longer URL that, to an untrained eye, looked like a Google link. Inside that long URL, there's a 30-character string that looks like gibberish but is actually the encoded Gmail address of John Podesta. According to Bitly's own statistics, that link, which has never been published, was clicked two times in March. That's the link that opened Podesta's account to the hackers, a source close to the investigation into the hack confirmed to Motherboard. That link is only one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016. Each one of these URLs contained the email and name of the actual target. The hackers created them with with two Bitly accounts in their control, but forgot to set those accounts to private, according to SecureWorks, a security firm that's been tracking Fancy Bear for the last year. Bitly allowed "third parties to see their entire campaign including all their targets -- something you'd want to keep secret," Tom Finney, a researcher at SecureWorks, told Motherboard. Thomas Rid, a professor at King's College who studied the case extensively, wrote a new piece about it in Esquire.

India's Biggest ATM Breach? 3.2 Million Debit Cards Across 19 Banks May Have Been Compromised ( 34

A total of 32 lakh (3.2 million) debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement. BloombergQuint adds: "The genesis of the problem was receipt of complaints from few banks that their customer's cards were used fraudulently mainly in China and USA while customers were in India," the NPCI said. "The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI." SISA Security, a Bengaluru-based company is currently undertaking a forensic study to identify the extent of the problem and will submit a final report in November. Initial reports had suggested that ATMs operated by Hitachi Payment Services had been attacked by malware and were the source of the breach. However, the company has said in a statement that an interim report by the audit agency does not suggest any breach or compromise in its systems.

Donald Trump Running Insecure Email Servers ( 407

Donald Trump has slammed Hillary Clinton for using private email servers numerous times, but it turns out his inboxes aren't that secure either. From a report on The Register: Security researcher Kevin Beaumont discovered the Trump organization uses a hopelessly outdated and insecure internet setup. Servers on the Trump Organization's domain,, are using outdated software, run Windows Server 2003 and the built-in Internet Information Server 6 web server. Microsoft cut off support for this technology in July 2015, leaving the systems unpatched for the last 15 months. In addition, Beaumont said he'd found that emails from the Trump Organization failed to support two-factor authentication. That's particularly bad because the Trump Organization's web-based email access page relies on an outdated March 2015 build of Microsoft Exchange 2007, he says. "Windows Server 2003, IIS 6 and Exchange 2003 went end of life years ago. There are no security fixes. They don't have basics down," the UK-based researcher concludes. Beaumont's findings are based simply on inspecting publicly available information rather than actively scanning for vulnerabilities or attempting to gain access to insecure systems, a point lost on Trump supporters who have reported him to the Feds.
Operating Systems

OMGUbuntu: 'Why Use Linux?' Answered in 3 Short Words ( 258

Linux-focused blog OMGUbuntu's Joey-Elijah Sneddon shared a post today in which he is trying to explain why people should Linux. He stumbled upon the question when he typed "Why use" and Google suggested Linux as one of the most frequent questions. From the article: The question posed is not one that I sincerely ask myself very often. The answer has, over the years, become complicated. It's grown into a bloated ball of elastic bands, each reason stretched around and now reliant on another. But I wanted to answer. Helpfully, my brain began to spit out all the predictable nouns: "Why use Linux? Because of security! Because of control! Because of privacy, community, and a general sense of purpose! Because it's fast! Because it's virus free! Because I'm dang-well used to it now! Because, heck, I can shape it to look like pretty much anything I want it to using themes and widgets and CSS and extensions and blingy little desktop trinkets!"

Traditional Keyboard Sounds Can be Decoded By Listening Over a VoIP Connection, Researchers Say ( 56

Reader Trailrunner7 writes: Researchers have known for a long time that acoustic signals from keyboards can be intercepted and used to spy on users, but those attacks rely on grabbing the electronic emanation from the keyboard. New research from the University of California Irvine shows that an attacker, who has not compromised a target's PC, can record the acoustic emanations of a victim's keystrokes and later reconstruct the text of what he typed, simply by listening over a VoIP connection.

The researchers found that when connected to a target user on a Skype call, they could record the audio of the user's keystrokes. With a small amount of knowledge about the victim's typing style and the keyboard he's using, the researchers could accurately get 91.7 percent of keystrokes. The attack does not require any malware on the victim's machine and simply takes advantage of the way that VoIP software acquires acoustic emanations from the machine it's on.


CIA-Backed Surveillance Tool 'Geofeedia' Was Marketed To Public Schools ( 41

An anonymous reader quotes a report from The Daily Dot: An online surveillance tool that enabled hundreds of U.S. law enforcement agencies to track and collect information on social media users was also marketed for use in American public schools, the Daily Dot has learned. Geofeedia sold surveillance software typically bought by police to a high school in a northern Chicago suburb, less than 50 miles from where the company was founded in 2011. An Illinois school official confirmed the purchase of the software by phone on Monday. In the fall of 2014, the Lincolnshire-Prairie School District paid Geofeedia $10,000 to monitor the social media posts of children at Adlai E. Stevenson High School. "We did have for one year a contract with Geofeedia," said Jim Conrey, a spokesperson for Lincolnshire-Prairie School District. "We were mostly interested in the possibility of trying to prevent any kind of harm, either that students would do to themselves or to other students." Conrey said the district simply wanted to keep its students safe. "It was really just about student safety; if we could try to head off any potential dangerous situations, we thought it might be worth it," he said. Ultimately, the school found little use for the platform, which was operated by police liaison stationed on school grounds, and chose not to renew its subscription after the first year, citing cost and a lack of actionable information. "A lot of kids that were posting stuff that we most wanted, they weren't doing the geo-tagging or making it public," Conrey said. "We weren't really seeing a lot there." The school's experience, added Conrey, was that more often than not students would approach school administrators with sensitive issues, as opposed to the school unearthing problems affecting students using Geofeedia. "Quite frankly, we found that it wasn't worth the money," Conrey said.

Half of American Adults Are In a Face-Recognition Database ( 64

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."
United States

Samsung is Setting Up Note 7 Exchange Booths at Airports Around the World ( 46

An anonymous reader writes: Samsung is setting up Galaxy Note 7 exchange booths in airports around the world, hoping to stop customers taking the dangerous device onto flights at the last minute. The first of these new "customer service points" appear to have been introduced in South Korean airports, but Samsung has confirmed the booths are opening in airports across Australia, with reports of the desks appearing in the US as well. The booths are located in "high-traffic terminals" before security screening, says Samsung, and allow Note 7 owners to swap their phone for an unspecified exchange device. According to a report from ABC7News in San Francisco -- where a Samsung exchange desk has appeared at the city's international airport -- employees for the tech company are on hand to help customers transfer their data onto a new phone.

Slashdot Asks: Do We Need To Plan For a Future Without Jobs And Should We Resort To Universal Basic Income? ( 883

Andy Stern (former president of the Service Employees International Union (SEIU), which today represents close to 2 million workers in the United States and Canada) has spent his career organizing workers. He has a warning for all of us: our jobs are really, really doomed. Stern adds that one of the only way outs of this is a universal basic income. Stern has been arguing about the need for a universal basic income (UBI) for more than a year now. Stern pointed out that people with college degrees are not making anywhere near the kind of progress that their parents made, and that it's not their fault. He adds: The possibility that you can end up with job security and retirement attached to it is statistically diminishing over time. The American dream doesn't have to be dead, but it is dying. All the resources and assets are available to make it real. It's just that we have a huge distribution problem. Unions and the government used to play an important part at the top of the market, but this is less true today. The market completely distributes toward those at the top. Unions simply aren't as effective in terms of their impact on the economy, and government has been somewhat on the sidelines in recent years.Making a case for the need of universal basic income, he adds:A universal basic income is essentially giving every single working-age American a check every month, much like we do with social security for elderly people. It's an unconditional stipend, as it were. The reason it's necessary is we're now learning through lots of reputable research that technological change is accelerating, and that this process will continue to displace workers and terminate careers. A significant number of tasks now performed by humans will be performed by machines and artificial intelligence. He warned that we could very well see five million jobs eliminated by the end of the decade because of technology. He elaborates: It looks like the Hunger Games. It's more of what we're beginning to see now: an enclave of extremely successful people at the center and then everyone else on the margins. There will be fewer opportunities in a hollowed out and increasingly zero-sum economy. If capital trumps labor, the people who own will keep getting wealthier and the people who supply labor will become less necessary. And this is exactly what AI and robotics and software are now doing: substituting capital for labor.What's your thoughts on this? Do you think in the next two-three decades to come we will have significantly fewer jobs than we do now?

Hackers Steal Credit Card Data From Visitors of US Senate GOP Committee Website ( 27

pdclarry writes: While all of the recent news has been about hacking the Democratic National Committee, apparently the Republicans have also been hacked over many months (since March 2016). This was not about politics, however; it was to steal credit card numbers. Brian Krebs reports: "a report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the web storefront of the National Republican Senatorial Committee (NRSC). [...] If you purchased a 'Never Hillary' poster or donated funds to the NRSC through its website between March 2016 and the first week of this month [October 2016], there's an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground." Krebs says his information comes from Dutch researcher Willem De Groot, co-founder and head of security at Dutch e-commerce site The Republicans were not alone; theirs was just one of 5,900 e-commerce sites hacked by the same Russian actors. You can view De Groot's analysis of the malware planted on the NRSC's site and other services here. Krebs adds: "The NRSC did not respond to multiple requests for comment, but a cached copy of the site's source code from October 5, 2016 indicates the malicious code was on the site at the time (load this link, click 'view source' and then Ctrl-F for '')."
United Kingdom

UK Security Agencies Unlawfully Collected Data For 17 Years, Court Rules ( 56

British security agencies have secretly and unlawfully collected massive volumes of confidential personal data, including financial information, on citizens for more than a decade, top judges have ruled. The Guardian adds:The investigatory powers tribunal, which is the only court that hears complaints against MI5, MI6 and GCHQ, said the security services operated secret regimes to collect vast amounts of personal communications data, tracking individual phone and web use and large datasets of confidential personal information, without adequate safeguards or supervision for more than 10 years. The ruling said the regime governing the collection of bulk communications data (BCD) -- the who, where, when and what of personal phone and web communications -- failed to comply with article 8 protecting the right to privacy of the European convention of human rights (ECHR) between 1998, when it started, and 4 November 2015, when it was made public. It said the holding of bulk personal datasets (BPD) -- which might include medical and tax records, individual biographical details, commercial and financial activities, communications and travel data -- also failed to comply with article 8 for the decade it was in operation until its public avowal in March 2015.
United States

Report: Russian Hackers Phished The DNC And Clinton Campaign Using Fake Gmail Forms ( 435

Citing a report from SecureWorks, BuzzFeed is reporting that Russian hackers "used emails disguised to look as Gmail security updates to hack into the computers of the Democratic National Committee and members of Hillary Clinton's top campaign staff": The emails were sent to 108 members of Democratic presidential nominee Hillary Clinton's campaign and 20 people clicked on them, at least four people clicking more than once, Secureworks' research found. The emails were sent to another 16 people from the DNC and four people clicked on them, the report said.

Researchers found the emails by tracing the malicious URLs set up by [state-sponsored hacking group] Fancy Bear using Bitly, a link shortening service... "We were monitoring and saw the accounts being created in real time," said Phil Burdette, a senior security researcher at SecureWorks, explaining how they stumbled upon the the URLs set up by Fancy Bear.

The URL apparently resolved to (rather than, and Burdette says "They did a great job with capturing the look and feel of Google."

Cyber Attackers Have Successfully Hit A Nuclear Power Plant And A Lab ( 55

Slashdot reader zootsewt1 quotes a rundown by Security Taco of two unrelated breaches at nuclear-related facilities that were recently disclosed -- one "disruptive" and the other involving the remote theft of documents: Director Yukiya Amano from the IAEA disclosed that a nuclear power generation facility came under cyber attack within the last few years. He declined to state which specific nuclear facility was involved. Mr. Amano advised that "This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it's the tip of the iceberg."

In a separate incident, a nuclear lab in the University of Toyama in Japan conducting research on tritium (used in nuclear power plants), also came under cyber attack earlier this year. The attacker appears to have been able to exfiltrate large large amounts of data, some of which was related to the Fukushima clean-up.

The Reuters article lists other data breaches and malware infections at nuclear sites over the years, and notes that the IAEA director "also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called 'dirty bomb'." At the isotope research center at the University of Toyama, the attacker reportedly compressed more than 1,000 files to make them easier to transmit.

Firefox Users Reach HTTPS Encryption Milestone ( 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).
United States

CIA Prepping For Possible Cyber Strike Against Russia ( 344

Slashdot reader schwit1 reports that the Obama administration "is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election," according to U.S. intelligence officials who spoke to NBC News: Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging "clandestine" cyber operation designed to harass and "embarrass" the Kremlin leadership. The sources did not elaborate on the exact measures the CIA was considering, but said the agency had already begun opening cyber doors, selecting targets and making other preparations for an operation. Former intelligence officers told NBC News that the agency had gathered reams of documents that could expose unsavory tactics by Russian President Vladimir Putin.

Vice President Joe Biden told "Meet the Press" moderator Chuck Todd on Friday that "we're sending a message" to Putin and that "it will be at the time of our choosing, and under the circumstances that will have the greatest impact." When asked if the American public will know a message was sent, the vice president replied, "Hope not."

Not mounting a response would weaken U.S. credibility, one senior U.S. official said, while others said hundreds of millions of dollars has been allocated to the team mounting the attacks. Thursday US officials familiar with the investigation told CNN there was "mounting evidence" that Russia was supplying leaked emails to WikiLeaks, and last week in a conference call organized by the Clinton campaign, former Acting CIA Director Mike Morrell said it was "absolutely clear... WikiLeaks and Guccifer 2 are working with the Russians on this."

Slashdot Top Deals