19 April 21
Unfortunately We Must Change Course
With fundraising overall at an abysmal level we must turn our attention away from critically important stories that badly need everyone’s attention and focus on obtaining the little funding the organization needs to function.
This is the last thing we ever want to do.
Motivating this group to contribute is now job one.
Marc Ash
Founder, Reader Supported News
Sure, I'll make a donation!
Update My Monthly Donation
If you would prefer to send a check:
Reader Supported News
PO Box 2043
Citrus Hts
CA 95611
19 April 21
It's Live on the HomePage Now:
Reader Supported News
FOLKS WE NEED TO RAISE A LITTLE MONEY — We don’t need much, but we do need some. Most of you are not donating. We wish that was OK, but it’s not working. We have a fantastic formula, capable of great things. But if everyone sits around and waits for someone else to donate then the process collapses. If you are not donating, you know you are not donating. You’re the one. / Marc Ash, Founder Reader Supported News
Sure, I'll make a donation!
Throughout Trial Over George Floyd's Death, Killings by Police Mount
John Eligon and Shawn Hubler, Yahoo! News
Excerpt: "Just seven hours before prosecutors opened their case against Derek Chauvin, a former Minneapolis police officer charged with killing George Floyd, a Chicago officer chased down a 13-year-old boy in a West Side alley and fatally shot him as he turned with his hands up."
One day later, at a hotel in Jacksonville, Florida, officers fatally shot a 32-year-old man, who, police say, grabbed one of their Tasers. The day after that, as an eyewitness to Floyd’s death broke down in a Minneapolis courtroom while recounting what he saw, a 40-year-old mentally ill man who said he was being harassed by voices was killed in Claremont, New Hampshire, in a shootout with the state police.
On every day that followed, all the way through the close of testimony, another person was killed by the police somewhere in the United States.
The trial has forced a traumatized country to relive the gruesome death of Floyd beneath Chauvin’s knee. But even as Americans continue to process that case — and anxiously wait for a verdict — new cases of people killed by the police mount unabated.
Since testimony began March 29, at least 64 people have died at the hands of law enforcement nationwide, with Black and Latino people representing more than half of the dead. As of Saturday, the average was more than three killings a day.
The deaths, culled by The New York Times from gun violence databases, news media accounts and law enforcement releases, offer a snapshot of policing in America in this moment. They testify not only to the danger and desperation that police officers confront daily but also to the split-second choices and missteps by members of law enforcement that can escalate workaday arrests into fatalities.
They are the result of domestic violence calls, traffic stops gone awry, standoffs and chases. The victims often behave erratically, some suffering from mental illness, and the sight of anything resembling a weapon causes things to escalate quickly.
And their fallout has been wrenchingly familiar, from the graphic videos that so often emerge to the protests that so often descend into scuffles between law enforcement and demonstrators on streets filled with tear gas. Just as one community confronts one killing, another happens.
Across the spectrum, from community activists to law enforcement personnel, there is emotional and mental exhaustion — and the feeling that the nation cannot get this right.
“How many more losses must we mourn?” Miski Noor, co-executive director of the Minneapolis-based activist group Black Visions, said in a statement after the killing of Daunte Wright, 20, during a recent traffic stop in Brooklyn Center, Minnesota.
The pain of Floyd’s death “is still scarred into our minds and yet history continues to repeat itself,” the statement continued. “Our community has reached its breaking point.”
This past week the mayor of Chicago called for calm as “excruciating” body camera footage was released in the police killing of the 13-year-old, Adam Toledo. The shaky video shows a police officer, responding to a call of shots fired, chasing a boy with what appears to be a gun down an alley at night in a predominantly Latino neighborhood.
“Stop right now!” the officer screams while cursing. “Hands. Show me your hands. Drop it. Drop it.” A single shot fells the boy as he turns, lifting his hands.
Other recent lethal force incidents have rocked communities large and small: Michael Leon Hughes, 32, a Black man shot to death March 30 after, police say, he used a Taser on a Jacksonville police officer responding to a domestic dispute in a motel; Iremamber Sykap, 16, a Pacific Islander killed April 5 as he fled from the Honolulu police in a stolen Honda Civic; and Anthony Thompson Jr., 17, a Black teenager in Knoxville, Tennessee, killed by the police April 12 in a high school bathroom after reports that a student had brought a gun onto campus.
All of those killings and many more occurred as testimony in the Minneapolis trial unfolded, though few attracted as much national attention as the shooting of Wright less than 10 miles from the courthouse where Chauvin stood trial. Protests erupted in Brooklyn Center after a veteran police officer fatally shot Wright, saying she mistook her gun for her Taser as he attempted to flee during a traffic stop.
Abigail Cerra, a Minneapolis civil rights lawyer and a member of the Minneapolis Police Conduct Oversight Commission, said it was unclear why the officers stopped him for an expired registration, an issue for many drivers in the state during the coronavirus pandemic.
But two aspects of the case, she said, were infuriatingly familiar: that Wright was Black and that the police tasked with delivering him safely to the courts, where violations of the law are supposed to be adjudicated, effectively delivered a death sentence.
“It’s just another example of a nothing offense escalated to lethality,” Cerra said.
Although many of these killings have a familiar ring, it is unfair to blame them all on law enforcement, said Patrick Yoes, a retired sheriff’s office captain and president of the national Fraternal Order of Police.
“In a lot of cities, it has to do with people feeling hopeless,” he said. “It’s poverty. It’s a failing education system. It’s all of these things that are vitally important to stability of a community.”
That instability often places officers in situations in which they confront individuals who may be dangerous and noncompliant, he said. Part of the reason society has been unable to prevent deadly encounters between law enforcement and the community is that some people are unwilling to discuss the real challenges of crime that officers sometimes encounter, he said.
“There’s just so many factors that people have already made up their minds and they think that law enforcement is based off of race,” said Yoes, who is white.
Federal and state laws generally hold that officers are justified in using lethal force as long as they have a “reasonable” fear of “imminent” injury or death for themselves or another person. And jurors tend not to second-guess what might be “reasonable” force in the moment.
Of the 64 fatal encounters compiled by the Times for the past three weeks, at least 42 involved people accused of wielding firearms. More than a dozen involved confrontations with people who were mentally ill or in the throes of a breakdown. And at least 10 arose as the police responded to reports of domestic violence.
Some dispute the notion that danger, rather than bias, is more likely to drive a law enforcement officer’s reactions.
“What I see sometimes is, in these encounters with people of color, there is a different aggression,” said Ron Johnson, a retired Missouri State Highway Patrol captain who led the police response in Ferguson, Missouri, after the police killing of Michael Brown in 2014.
“This adrenaline starts going out of the roof,” added Johnson, who is Black. “And why? It’s because we don’t have these experiences and these understandings of each other. And in some cases, it’s about humanity. We don’t see them in the same human way that we see ourselves.”
Since at least 2013, with a slight dip because of the pandemic, about 1,100 people have been killed each year by law enforcement officers, according to databases compiled by Mapping Police Violence, a research and advocacy group that examines all such killings, including non-gun-related deaths such as Floyd’s. The Washington Post, whose numbers are limited to police shootings, reflect a similarly flat trend line.
Nearly all the victims since March 29 have been men, with Black or Latino people substantially overrepresented — a pattern that reflects broader criminal justice research. And most were younger than 30. Four were teenagers.
Philip Stinson, a professor in the criminal justice program at Bowling Green State University who studies civilian killings by members of law enforcement, said the most striking aspect of the statistics on lethal police force is how little the numbers have changed in the decade or two since researchers began to comprehensively track them.
Even as cellphone videos and body cameras make it harder to hide human error and abuses of authority by law enforcement — and even as social media amplifies public outrage — only about 1.1% of officers who kill civilians are charged with murder or manslaughter, Stinson said.
Since the beginning of 2005, he said, 140 nonfederal sworn law enforcement officers — such as police officers, deputy sheriffs and state troopers — have been arrested on charges of murder or manslaughter resulting from an on-duty shooting. Of those, 44 have been convicted of a crime resulting from the incident, in most cases for a lesser offense.
That could be because many of the shootings are legally justified — or also, as Stinson believes, because the legal system and laws themselves are overly deferential to the police. That deference, he added, protects the status quo in the more than 18,000 law enforcement agencies across the country.
“All law enforcement is local,” he said. “Culture eats policy, as the saying goes, and we have a police subculture whose core elements in many places include a fear of Black people.”
Stinson cited the now-infamous traffic stop of a uniformed Army medic who was held at gunpoint and doused with pepper spray by the police in Windsor, Virginia, a rural town near Norfolk. The encounter, which occurred in December, was brought to light this month after Caron Nazario, a second lieutenant in the U.S. Army Medical Corps, filed a federal lawsuit.
Body camera footage shows members of the Windsor Police Department threatening and attacking Nazario, who is Black and Latino, after stopping him because he had not yet put permanent license plates on his new Chevrolet Tahoe.
The footage underscores the extent to which police culture has resisted change in much of the country, Stinson said.
“We only know about this one because he has a lawyer, they filed a civil lawsuit, and they were able to get recordings they could release,” he said.
For many victims of police violence and their families, however, there is no video evidence to rely on.
Daly City, California, police officers were not wearing body cameras when they got into a struggle with Roger Allen, 44, as he sat in a car idled with a flat tire April 7. The officers say that Allen had what appeared to be a gun on his lap, according to Stephen Wagstaffe, the San Mateo County district attorney, who is investigating the case. It turned out to be a pellet gun, but an officer fired a fatal bullet to Allen’s chest during the fracas.
Now Talika Fletcher, 30, said she was struggling to come to terms with the fact that her older brother, who was like a father figure, had joined the grim tally of Black men who died at the hands of law enforcement.
“I never thought in a million years that my brother would be a hashtag,” she said.
She has little faith that the dynamic between Black men and law enforcement will be any better once her 14-month-old son, Prince, grows up.
“The cycle,” she said, “it’s not going change.”
READ MORE
Dr. Anthony Fauci. (photo: Getty Images)
Fauci: Gun Violence Is a Public Health Issue
Colin Campbell, Yahoo! News
Campbell writes: "Dr. Anthony Fauci said Sunday that the 'horrifying' spate of mass shootings in the U.S. shows why gun violence is a public health issue."
"As a public health person, I think you can't run away from that," Fauci said on CNN's "State of the Union" when host Dana Bash asked if gun violence is a "public health emergency."
"I mean, in this last month, it's just been horrifying," replied Fauci, the U.S. government's foremost infectious disease expert. "How can you say that's not a public health issue?"
The question came in the aftermath of Thursday's mass shooting at an Indianapolis FedEx facility, where nine people were left dead, including the gunman.
Another eight people were killed in the Atlanta area last month, when a shooter attacked spa businesses. And 10 people were killed last month in a supermarket in Boulder, Colo. All the incidents put together, CNN reported, totaled to more than 40 mass shootings in the past month.
Earlier this month, President Biden called gun violence an "epidemic" and "international embarrassment" when he announced a half-dozen executive actions on issues such as homemade firearms. The modest rules stopped short of Biden’s more ambitious proposals made on the campaign trail.
Mass shootings occurred much less frequently last year during the coronavirus pandemic and related lockdowns. According to the Associated Press, 2020 had the smallest number of such shootings in more than a decade.
Former President Barack Obama, who had to repeatedly address mass shootings during his eight years in office, argued after the Boulder shooting last month that the U.S. can't rely on a "once-in-a-century pandemic" to slow such attacks.
"We shouldn't have to choose between one type of tragedy and another," Obama said, pushing for political leaders to enact reforms to make it harder for some people to purchase firearms.
Twenty-five years ago, Congress banned the Centers for Disease Control and Prevention from spending money to "advocate or promote gun control." But in 2019, Congress allocated $25 million to the CDC and National Institutes of Health in order to study the issue.
READ MORE
Fidel Castro. (photo: New York Times Co.)
Cubans Greet the End of 62 Years of Castro Rule
Ruaridh Nicoll, Guardian UK
Nicoll writes: "News travels swiftly through Havana, bumping against people so they turn, then rolling on. Cubans have a phrase for it: la bola en la calle, the ball in the street."
eople in Havana more concerned about buying chicken suspect little will change with Raúl’s departure
News travels swiftly through Havana, bumping against people so they turn, then rolling on. Cubans have a phrase for it: la bola en la calle, the ball in the street.
Raúl Castro’s announcement on Friday that he is to retire and bring 62 years of Castro rule on the island to a close caused barely a ripple, even if it sent waves around the world.
Cubans were expecting it, and for those battling to buy food in what are increasingly tough times, there was skepticism about what difference it would make.
“I don’t think there will be any significant changes in the near future,” said one man. “Not as long as the old guard casts its shadow and influence on Cuban politics.”
He was instead following news that chicken had been spotted at a shop on Linea avenue, one that accepted Cuban pesos rather than US dollars. A vast queue had formed, swelling and writhing at its centre as tempers flared. The police arrived to keep the peace.
In his speech to the eighth congress of the Cuban Communist party (PCC), Castro told delegates he was stepping down with the satisfaction of having fulfilled his duty and “with confidence in the future of the country”.
Even if the population was distracted, the speech was intriguing. It distilled what we know about a man who for decades was a shadow next to his flamboyant brother.
It showed how far he had travelled from Marxist-Leninism in the 1960s toward market solutions, so long as the one-party rule he sees as a bulwark against US exploitation remains unthreatened.
Since he took over from Fidel as president in 2008, and then as the more powerful first secretary of the party in 2011, he has introduced important economic reforms. Small-scale private businesses appeared, the buying and selling of houses and cars was allowed, and then came the arrival of mobile internet.
On Friday he said: “We have to eliminate the tired illusion … that Cuba is the only country where you can live without working.” He told the state media not to obscure the country’s problems with “triumphalism and superficiality”. He returned to his call for a new generation of leaders to emerge.
When the two brothers emerged from the Sierra Maestra mountains in 1959 with a surprising number of those still in positions of power, they were at the forefront of the battle for gender and racial equality. Many Cubans, however, believe those early gains have long been given up. Pockets of dissent have started appearing in poorer barrios.
Castro acknowledged the problem. The party released figures to show it reflected the make-up of society, but he said the promotion of women and people of colour was “still insufficient in terms of the top offices in the party, state and government”.
Change does not come easily, though. It’s all but certain that Castro will be replaced as the party’s supremely powerful first secretary by Miguel DÃaz Canel, the 60-year-old, white male president.
Rune-readers now look to a new second secretary for a shift. “There is one person who would send a message,” said William LeoGrande of the American University in Washington. “The [Afro-Cuban] first secretary of the party in Havana, Lázara López-Acea. People speak really highly of her.”
For Cubans, the priority remains food. Donald Trump derailed Castro’s most significant achievement, the 2016 detente with the Obama administration.
Trump’s administration retightened sanctions, making financial transactions on the island all but impossible. Relatives lost their ability to wire money to Cuba through Western Union. Cruises were banned, tourism discouraged.
A rally against “the US blockade” took place in Havana recently, a long, loud trail of bikes and cars flying Cuban flags passing the US embassy on the Malecon corniche.
Even hard-nosed business people have been surprised at Joe Biden’s refusal to reverse Trump’s course. “He hasn’t even made the changes that were telegraphed,” said John Kavuvitch, the president of US Cuba Trade and Economic Council. “Removing the cap on US remittances wouldn’t even require an interaction with the Cuban government.”
Covid destroyed what was left of the economy, despite Cuba’s initial success in keeping it out and a remarkable move to create its own vaccines. By the government’s own measure the economy shrunk by 11% in 2020, causing imports to fall by 40%.
DÃaz-Canel shows no signs of veering from intransigence. He cleaves to #SomosContinuidad – we are continuity – as a Twitter hashtag. The slogan of the Congress is “Continuity and Unity”. Ada Ferrer, the author of the forthcoming Cuba: An American History, says: “Continuity in what? Scarcity?”
Marta Deus is the 33-year-old founder of Mandao, a sort of Cuban Deliveroo. It is the business success story of lockdown, keeping many of Havana’s restaurants – not to say residents – alive.
“Running a business here is super, super complicated,” she said. “Some ministers and vice-ministers want to change things, but the bureaucracy is still super hard. In my experience, nothing much has changed.”
Outside the shop on Linea the queue has gone, along with any memory of chicken. All that remains are endless shelves of filtered water.
News also travels swiftly through Havana by WhatsApp in the form of brutal memes, and one comes to mind. Why do Cuban shops now resemble the human body? Because they’re 70% water.
READ MORE
An NPR investigation into the SolarWinds attack reveals a hack unlike any other, launched by a sophisticated adversary intent on exploiting the soft underbelly of our digital lives. (photo: Zoë van Dijk/NPR)
A 'Worst Nightmare' Cyberattack: The Untold Story of the SolarWinds Hack
Dina Temple-Raston, NPR
Temple-Raston writes: "The routine software update may be one of the most familiar and least understood parts of our digital lives."
”This release includes bug fixes, increased stability and performance improvements."
he routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.
Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare — bug fixes, performance enhancements — to the company's popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company's network. Customers simply had to log into the company's software development website, type a password and then wait for the update to land seamlessly onto their servers.
The routine update, it turns out, is no longer so routine.
Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion's software and then used it as a vehicle for a massive cyberattack against America.
"Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020," Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR. "If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don't know the exact numbers. We are still conducting the investigation."
On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the "seen and unseen" response to the SolarWinds breach.
NPR's months-long examination of that landmark attack — based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration's response — reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.
By design, the hack appeared to work only under very specific circumstances. Its victims had to download the tainted update and then actually deploy it. That was the first condition. The second was that their compromised networks needed to be connected to the Internet, so the hackers could communicate with their servers.
For that reason, Ramakrishna figures the Russians successfully compromised about 100 companies and about a dozen government agencies. The companies included Microsoft, Intel and Cisco; the list of federal agencies so far includes the Treasury, Justice and Energy departments and the Pentagon.
The hackers also found their way, rather embarrassingly, into the Cybersecurity and Infrastructure Security Agency, or CISA — the office at the Department of Homeland Security whose job it is to protect federal computer networks from cyberattacks.
The concern is that the same access that gives the Russians the ability to steal data could also allow them to alter or destroy it. "The speed with which an actor can move from espionage to degrading or disrupting a network is at the blink of an eye," one senior administration said during a background briefing from the White House on Thursday. "And a defender cannot move at that speed. And given the history of Russia's malicious activity in cyberspace and their reckless behavior in cyberspace, that was a key concern."
"The tradecraft was phenomenal"
Network monitoring software is a key part of the backroom operations we never see. Programs like Orion allow information technology departments to look on one screen and check their whole network: servers or firewalls, or that printer on the fifth floor that keeps going offline. By its very nature, it touches everything — which is why hacking it was genius.
"It's really your worst nightmare," Tim Brown, vice president of security at SolarWinds, said recently. "You feel a kind of horror. This had the potential to affect thousands of customers; this had the potential to do a great deal of harm."
When cybersecurity experts talk about harm, they're thinking about something like what happened in 2017, when the Russian military launched a ransomware attack known as NotPetya. It, too, began with tainted software, but in that case the hackers were bent on destruction. They planted ransomware that paralyzed multinational companies and permanently locked people around the world out of tens of thousands of computers. Even this much later, it is considered the most destructive and costly cyberattack in history.
Intelligence officials worry that SolarWinds might presage something on that scale. Certainly, the hackers had time to do damage. They roamed around American computer networks for nine months, and it is unclear whether they were just reading emails and doing the things spies typically do, or whether they were planting something more destructive for use in the future.
"When there's cyber-espionage conducted by nations, FireEye is on the target list," Kevin Mandia, CEO of the cybersecurity firm FireEye, told NPR, but he believes there are other less obvious targets that now might need more protecting. "I think utilities might be on that list. I think health care might be on that list. And you don't necessarily want to be on the list of fair game for the most capable offense to target you."
The SolarWinds attackers ran a master class in novel hacking techniques. They modified sealed software code, created a system that used domain names to select targets and mimicked the Orion software communication protocols so they could hide in plain sight. And then, they did what any good operative would do: They cleaned the crime scene so thoroughly investigators can't prove definitively who was behind it. The White House has said unequivocally that Russian intelligence was behind the hack. Russia, for its part, has denied any involvement.
"The tradecraft was phenomenal," said Adam Meyers, who led the cyber forensics team that pawed through that tainted update on behalf of SolarWinds, providing details for the first time about what they found. The code was elegant and innovative, he said, and then added, "This was the craziest f***ing thing I'd ever seen."
Like razor blades in peanut butter cups
Meyers is the vice president for threat intelligence at the cybersecurity firm CrowdStrike, and he's seen epic attacks up close. He worked on the 2014 Sony hack, when North Korea cracked into the company's servers and released emails and first-run movies. A year later, he was on the front lines when a suspected Kremlin-backed hacking team known as "Cozy Bear" stole, among other things, a trove of emails from the Democratic National Committee. WikiLeaks then released them in the runup to the 2016 election.
"We're involved in all kinds of incidents around the globe every day," Meyers said. Typically he directs teams, he doesn't run them. But SolarWinds was different: "When I started getting briefed up, I realized [this] was actually quite a big deal."
The attack began with a tiny strip of code. Meyers traced it back to Sept. 12, 2019. "This little snippet of code doesn't do anything," Meyers said. "It's literally just checking to see which processor is running on the computer, if it is a 32- or 64-bit processor and if it is one or the other, it returns either a zero or a one."
The code fragment, it turns out, was a proof of concept — a little trial balloon to see if it was possible to modify SolarWinds' signed-and-sealed software code, get it published and then later see it in a downloaded version. And they realized they could. "So at this point, they know that they can pull off a supply chain attack," Meyers said. "They know that they have that capability."
After that initial success, the hackers disappeared for five months. When they returned in February 2020, Meyers said, they came armed with an amazing new implant that delivered a backdoor that went into the software itself before it was published.
To understand why that was remarkable, you need to know that finished software code has a kind of digital factory seal. If you break that seal, someone can see it and know that the code might have been tampered with. Meyers said the hackers essentially found a way to get under that factory seal.
They began by implanting code that told them any time someone on the SolarWinds development team was getting ready to build new software. They understood that the process of creating software or an update typically begins with something routine such as checking a code out of a digital repository, sort of like checking a book out of the library.
Under normal circumstances, developers take the code out of the repository, make changes and then check it back in. Once they finish tinkering, they initiate something called the build process, which essentially translates the code a human can read to the code a computer does. At that point, the code is clean and tested. What the hackers did after that was the trick.
They would create a temporary update file with the malicious code inside while the SolarWinds code was compiling. The hackers' malicious code told the machine to swap in their temporary file instead of the SolarWinds version. "I think a lot of people probably assume that it is the source code that's been modified," Meyers said, but instead the hackers used a kind of bait-and-switch.
But this, Meyers said, was interesting, too. The hackers understood that companies such as SolarWinds typically audit code before they start building an update, just to make sure everything is as it should be. So they made sure that the switch to the temporary file happened at the last possible second, when the updates went from source code (readable by people) to executable code (which the computer reads) to the software that goes out to customers.
The technique reminded Meyers of old fears around trick-or-treating. For decades, there had been an urban myth that kids couldn't eat any Halloween candy before checking the wrapper seal because bad people might have put razor blades inside. What the hackers did with the code, Meyers said, was a little like that.
"Imagine those Reese's Peanut Butter Cups going into the package and just before the machine comes down and seals the package, some other thing comes in and slides a razor blade into your Reese's Peanut Butter Cup," he said. Instead of a razor blade, the hackers swapped the files so "the package gets sealed and it goes out the door to the store."
The update that went out to SolarWinds' customers was the dangerous peanut butter cup — the malicious version of the software included code that would give the hackers unfettered, undetected access to any Orion user who downloaded and deployed the update and was connected to the Internet.
But there was something else about that code that bothered Meyers: It wasn't just for SolarWinds. "When we looked at [it], it could have been reconfigured for any number of software products," Meyers said. In other words, any number of other software developers using the same compiler may also be on the receiving end of a cyberattack, he said, and they just don't know it yet.
Picking and choosing targets
Meyers said it's hard not to admire just how much thought the hackers put into this operation. Consider the way they identified targets. The downside of breaking into so many customer networks all at once is that it is hard to decide what to exploit first. So the hackers created a passive domain name server system that sent little messages with not just an IP address, which is just a series of numbers, but also with a thumbnail profile of a potential target.
"So they could then say, 'OK, we're going to go after this dot gov target or whatever,' " Meyers said. "I think later it became clear that there were a lot of government technology companies being targeted."
The hackers also reverse-engineered the way Orion communicated with servers and built their own coding instructions mimicking Orion's syntax and formats. What that did is allow the hackers to look like they were "speaking" Orion, so their message traffic looked like a natural extension of the software.
"So once they determined that a target was of interest, they could say, 'OK, let's go active, let's manipulate files, let's change something,' " Meyers said, and then they would slip in unnoticed through the backdoor they had created. "And there is one other thing I should mention: This backdoor would wait up to two weeks before it actually went active on the host. This was a very patient adversary."
None of the tripwires put in place by private companies or the government seems to have seen the attack coming. Christopher Krebs, who had been in charge of the office that protected government networks at DHS during the Trump administration, told NPR that DHS' current system, something known (without irony) as Einstein, only catches known threats. The SolarWinds breach, he said, was just "too novel."
"Upwards of 90[%] to 95% of threats are based on known techniques, known cyberactivity," Krebs explained. "And that's not just criminal actors, that's state actors, too, including the Russian intelligence agencies and the Russian military. This was a previously unidentified technique."
And there is something else that Einstein doesn't do: It doesn't scan software updates. So even if the hackers had used code that Einstein would have recognized as bad, the system might not have seen it because it was delivered in one of those routine software updates.
The National Security Agency and the military's U.S. Cyber Command were also caught flat-footed. Broadly speaking, their cyber operators sit in foreign networks looking for signs of cyberattacks before they happen. They can see suspicious activity in much the same way a satellite might see troops amassing on the border. Critics said they should have seen the hackers from the Russian intelligence service, the SVR, preparing this attack.
"The SVR has a pretty good understanding that the NSA is looking out," Krebs said. "What the SVR was able to do was make the transition from wherever they were operating from into the U.S. networks. They move like ghosts. They are very hard to track."
The hackers didn't do anything fancy to give them the domestic footprint, officials confirmed. In fact, they just rented servers from Amazon and GoDaddy.
Early warnings
There were some indications, elsewhere, though, that something was wrong.
In early July, Steven Adair, the founder of a Washington, D.C.-based cybersecurity company called Volexity, saw some suspicious activity on a client's computers. "We traced it back, and we thought it might be related to a bad update with SolarWinds," Adair told NPR. "We addressed the problem, made sure no one was in our customers' systems, and we left it at that."
Adair said he didn't feel he had enough detail to report the problem to SolarWinds or the U.S. government. "We thought we didn't have enough evidence to reach out," he said.
That was the first missed sign.
The second came three months later when a California-based cybersecurity company called Palo Alto Networks discovered a malicious backdoor that seemed to emanate from the Orion software.
In that case, according to SolarWinds' Ramakrishna, the security teams at SolarWinds and Palo Alto worked together for three months to try to pick up the thread of the problem and walk it back. "None of us could pinpoint a supply chain attack at that point," Ramakrishna told NPR. "The ticket got closed as a result of that. If we had the benefit of hindsight, we could have traced it back" to the hack.
Palo Alto Networks had agreed to speak to NPR about the incident last month and then canceled the interview just an hour before it was supposed to take place. A spokesperson declined to say why and sent a few blog posts and wrote: "I'm afraid this is all we have to help at this time."
"Just 3,500 lines long"
It was the cybersecurity firm FireEye that finally discovered the intrusion. Mandia, the company's CEO, used to be in the U.S. Air Force Office of Special Investigations, so his specialty was criminal cases and counterintelligence. In the intervening years, the kinds of patterns he learned to recognize in special investigations kept appearing in his cyber security work.
The first indication that hackers had found their way into FireEye's networks came in an innocuous way. Someone on the FireEye security team had noticed that an employee appeared to have two phones registered on his network, so she called him. "And that phone call is when we realized, hey, this isn't our employee registering that second phone, it was somebody else," Mandia said.
Mandia had a security briefing a short time later and everything he heard reminded him of his previous work in the military. "There was a lot of pattern recognition from me," he told NPR. "I spent from 1996 to 1998 responding to what I would equate to the Russian Foreign Intelligence Service, and there were some indicators in the first briefing that were consistent with my experience in the Air Force."
He called a board meeting the same day. "It just felt like the breach that I was always worried about."
What his team discovered over the course of several weeks was that not only was there an intruder in its network, but someone had stolen the arsenal of hacking tools FireEye uses to test the security of its own clients' networks. FireEye called the FBI, put together a detailed report, and once it had determined the Orion software was the source of the problem, it called SolarWinds.
Brown, vice president of security at SolarWinds, took the Saturday morning phone call. "He said, 'Essentially, we've decompiled your code. We found malicious code,' " Brown said. FireEye was sure SolarWinds "had shipped tainted code."
The tainted code had allowed hackers into FireEye's network, and there were bound to be others who were compromised, too. "We were hearing that different reporters had the scoop already," Mandia said. "My phone actually rang from a reporter and that person knew and I went, OK, we're in a race."
Mandia thought they had about a day before the story would break.
After that, events seemed to speed up. SolarWinds' chief security officer, Brown, called Ron Plesco, a lawyer at the firm DLA Piper, and told him what had happened. One of the first things companies tend to do after cyberattacks is hire lawyers, and they put them in charge of the investigation. They do this for a specific reason — it means everything they find is protected by attorney-client privilege and typically is not discoverable in court.
Plesco, who has made cybercrimes a specialty of his practice, knew that once the story broke it would be saying "to the world that, ready, set, go, come after it," Plesco said. "So that puts you on an accelerated timeline on two fronts: Figure out what happened if you can and get a fix out as soon as possible."
The company worked with DHS to craft a statement that went out on Dec. 13.
To investigate a hack, you have to secure a digital crime scene. Just as detectives in the physical world have to bag the evidence and dust for prints for the investigation later, SolarWinds had to pull together computer logs, make copies of files, ensure there was a recorded chain of custody, all while trying to ensure the hackers weren't inside its system watching everything they did.
"I've been in situations where, while you're in there doing the investigation, they're watching your email, they're compromising your phone calls or your Zooms," Plesco said. "So they're literally listening in on how you're going to try to get rid of them."
By mid-January, Meyers and the CrowdStrike team had isolated what they thought was the attack's tiny beating heart. It was an elegant, encrypted little blob of code "just 3,500 lines long," he said. The best code is short and to the point, like a well-written sentence. This little encrypted strip, Meyers thought, might help them figure out who was behind the attack.
Little blobs of clues
Think of forensic cyber teams as digital detectives looking for patterns. Coding tics can sometimes help identify perpetrators or sometimes forensic teams find small cultural artifacts — such as Persian script, or Korean hangul. When an elite Russian hacking team took over the electrical grid in Ukraine in 2015, it had more literary aspirations: It sprinkled its malicious code with references to Frank Herbert's Dune novels. That's why CrowdStrike found that little blob of malicious code so intriguing.
After weeks of working with the code, Meyers convened a Zoom call with leaders at SolarWinds and members of his team from around the world. He shared his screen so everyone could all watch the encryption fall away in real time. He began walking the spectators through the code as it was revealed, like a play-by-play analysis of a game. Meyers kept watching for the big reveal. "We're hoping it's going to have, you know, variable names or maybe some comments in Cyrillic or Mandarin to give us some clue who wrote this thing," he said.
But as CrowdStrike's decryption program chewed its way through the zeroes and ones, Meyers' heart sank. The crime scene was a bust. It had been wiped down. "They'd washed the code," Meyers said. "They'd cleaned it of any human artifact or tool mark. And that was kind of mind-blowing that [they] had the wherewithal to hide anything that a human might have inadvertently left behind as a clue."
Holy s***, he thought to himself, who does that?
Just type "solarwinds123"
Against such a sophisticated hack, it is easy to suggest this could have happened to just about any software company. But there were some troubling signs at SolarWinds that may have made it a target.
Consider its online marketing website. It contained a list of clients, including specific companies and government agencies, that ran its Orion software. While a lot of companies do that, the SolarWinds site was very specific. It was, two cybersecurity analysts told NPR, like a shopping list for adversaries.
Ramakrishna pushed back on the criticism. "Lots of companies do it. That is their badge of honor, saying all these customers rely on my technology," he said. "I wouldn't say that was the reason for why we were targeted." Ramakrishna said the hackers were "a lot more sophisticated" than that. Shortly after the attack, though, that particular page on the marketing website was taken down.
There was another unsettling report about passwords. A security researcher in Bangalore, India, named Vinoth Kumar told NPR that he had found the password to a server with SolarWinds apps and tools on a public message board and the password was: "solarwinds123." Kumar said he sent a message to SolarWinds in November and got an automated response back thanking him for his help and saying the problem had been fixed.
When NPR asked SolarWinds' vice president of security, Brown, about this, he said that the password "had nothing to do with this event at all, it was a password to a FTP site." An FTP site is what you use to transfer files over the Internet. He said the password was shared by an intern and it was "not an account that was linked to our active directory."
Ramakrishna said it was a password for a third-party site where some of SolarWinds' tools and apps were available for download. Ramakrishna admitted, though, that while the matter was unconnected to the breach, it was a problem to have that kind of password on a site that contained something someone might download thinking it was a SolarWinds product.
"We used that as another opportunity to reeducate everybody on password policies," he said. "I do not want to minimize it or be casual about it, but I want to highlight that it had nothing to do" with the attack on Orion.
Ramakrishna inherited this attack. He was hired as the SolarWinds CEO shortly before the breach was discovered and stepped into the top job just as the full extent of the hack became clear. In a way, that has given him an incredible freedom. He can't be blamed for something that happened before he got there, and the changes he's making could be seen in the context of a new man in charge instead of a response to the attack.
Shortly after he arrived, he published a long blog post providing what was essentially an 11-point plan to improve company security. "Armed with what we have learned of this attack, we are also reflecting on our own security practices," he wrote in the blog post, adding that his goal was to put in place an "immediate improvement of critical business and product development systems."
Ramakrishna said he planned to transform SolarWinds into a truly "secure by design" organization with more robust threat protection and detection tools across its network, with a particular focus on where it developed and built software — the places that the SVR hackers used to break in.
He said he would establish privileged accounts and all accounts used by anybody who had anything to do with Orion and the company would enforce multifactor authentication, or MFA, across the board.
"If I come up with an 11-point plan to improve my company's security, one interpretation of that could be that we have learned a valuable lesson from what the hack was," said Ian Thornton-Trump, chief information security officer at Cyjax, a threat intelligence company. "The other interpretation could be, is that there were at least 11 material deficiencies in the actual security we had. I see that the 11-point plan is actually an admission that things were not good in this security house."
Thornton-Trump used to work at SolarWinds and was on the security team. Thornton-Trump left the company in 2017 because, by his own account, SolarWinds' management (Kevin Thompson was CEO at the time. Ramakrishna wouldn't arrive for another three years.) didn't want to spend enough on security.
Thornton-Trump concedes that the hackers who broke into the company were so sophisticated it would have been hard for anyone to defend against them. "But if you're driving drunk, rolling down the road, and it was raining and you smash up your car," he said, "why are we focused so much on the damage to the car, instead of what actually led up to the series of events that led to the great undoing?"
In other words, does the overhaul of SolarWinds' security practices add up to an admission that something was wrong, or is it simply a responsible upgrade?
Ramakrishna said it was both. "Oftentimes what happens is people conduct investigations, identify learnings and then implement something like this," he said. "Can we do things better? Absolutely. And honestly, even after implementing these 11 things, I'll be looking for the next 11 things to work on because the adversaries are becoming smarter and smarter every single day."
Ramakrishna said he wonders why, of all the software companies it had to choose from, the Russian intelligence service ended up targeting SolarWinds.
"I've thought about this quite a bit as to why us, why not somebody else," he said. "And that goes on through any investigation. As you think about this, we are deployed in more than 300,000 customers today. And so we are fairly broadly deployed software and where we enjoy administrative privileges in customer environments. So in a supply chain attack like this, the goal will be to try to get a broad swath of deployment and then you pick and choose what you want to do from there."
Whatever the reason SolarWinds ended up in the crosshairs, the attack revealed the U.S. cyber community's spectacular inability to connect the dots. Not just the early warnings from Volexity or the investigation with Palo Alto Networks, but a simple discovery from a lone cyber researcher in Bangalore suggests that something is not right in our digital world.
Bigger attacks
"It's one of the most effective cyber-espionage campaigns of all time," said Alex Stamos, director of the Internet Observatory at Stanford University and the former head of security at Facebook. "In doing so, they demonstrated not just technical acumen, but the way they did this demonstrated that they understand how tech companies operate, how software companies operate. ... This certainly is going to change the way that large enterprises think about the software they install and think about how they handle updates."
Intelligence analysts, already years ahead of the rest of us, are paid to imagine the darkest of scenarios. What if the hackers planted the seeds of future attacks during that nine months they explored SolarWinds' customer networks — did they hide code for backdoors that will allow them to come and go as they please at a time of their choosing? When hackers shut down the Ukraine's power grid in 2015 and disabled a Saudi refinery with computer code a year later, they showed it was possible to jump from a corporate network to system controls. Will we find out later that the SolarWinds hack set the stage for something more sinister?
Even if this was just an espionage operation, FireEye's Mandia said, the attack on SolarWinds is an inflection point. "We ... kind of mapped out the evolution of threats and cyber," he said. "And we would have landed at this day sooner or later, that at some point in time, software that many companies depend on is going to get targeted and it's going to lead to exactly what it led to," Mandia said. "But to see it happen, that's where you have a little bit of shock and surprise. OK, it's here now, nations are targeting [the] private sector, there's no magic wand you can shake. ... It's a real complex issue to solve."
The Biden administration is working on a second executive order — beyond the sanctions — that is supposed to address some of the issues SolarWinds has put in stark relief.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology in charge of the SolarWinds attack response, is preparing an order that would, among other things, require companies that work with the U.S. government to meet certain software standards, and federal agencies would be required to adopt basic security practices such as encrypting data in their systems.
In addition, software companies such as SolarWinds could be required to have their so-called build systems — the place where they assemble their software — air-gapped, which means they would not be connected to the Internet. Those elements are all still under discussion as part of the executive order, NPR has learned.
Another idea starting to gain traction is to create a kind of National Transportation Safety Board, or NTSB, to investigate cyberattacks in a more formal way.
"When the Boeing 737 Maxes started crashing, there was a government agency whose entire job it was to gather up the facts of all those different crashes and then come up with a theory of what needed to be fixed and then oversaw the fixes that went into that," Stamos said. "We need the same kind of function in the U.S. government."
The FBI could do its investigation of the cybercrime and some sort of federal agency would look at the root causes of a cyberattack and make the appropriate changes to the way we do things. Mandia said something like that probably needs to exist.
"When you think about the conflict, you have air, land and sea and space and now cyber," he said. "But in cyber, the private sector is front and center. Any conflict in cyberspace, whether motivated by a criminal element or motivated by geopolitical conditions, it's going to involve both the government and the private sector. And that response, because it impacts both, you almost need a triage that both sides, both private and public sector, benefit from similar to the NTSB."
Mandia envisions a review board for significant incidents where intelligence is gathered and the nation finds a way to defend itself appropriately. Right now, the onus is on private companies to do all the investigations.
A Biden administration official told reporters during a background briefing Thursday that one reason the White House responded so strongly to the SolarWinds attack is because these kinds of hacks put an undue burden on private companies.
A federal review might help with one of the issues that has plagued cyberspace up to now: how to ensure software and hardware vendors disclose hacks when they discover them. Could a review board take the sting out of the reputation damage of admitting publicly you've been hacked? Would it give companies such as Volexity and Palo Alto Networks somewhere to go when they see a problem?
Ultimately, the goal is to connect the dots and respond in a way that makes us safer. And the impetus for all of this might be that tainted routine update. That's one of the key reasons SolarWinds decided to go public, Ramakrishna said.
"We went out and published the entire source code because what we wanted people to do, no matter the vendor, whether it could be a competitor of ours or not, is to check your software, make sure you don't have a situation like this, and if there is, clean it up," he said. "So while it was unfortunate that we were the subject of this attack, my hope is, by us learning from it, we can also help the broader community."
Even so, there are parts of this story that may sound familiar: missed opportunities, hints of a problem that were ignored, the failure of U.S. intelligence officials to connect the dots. Who would have thought a routine software update could launch a cyberattack of epic proportions?
"This was an intelligence collection operation meant to steal information, and it's not the last time that's going to happen," CrowdStrike's Meyers warned. "This is going to happen every day. ... And I think there's a lot that we all need to do to work together to stop this from happening."
READ MORE
Members of the Sikh community gather in mourning in Indianapolis on Saturday. (Megan Jelinger/WP)
After the FedEx Shooting, Sikhs in Indianapolis Feel Targeted - Again
Meryl Kornfield, The Washington Post
Kornfield writes: "Amarjeet Kaur Johal was once a regular at Sikh Satsang of Indianapolis, volunteering to cook and clean up after communal meals."
On Saturday, Johal’s family, friends and co-workers gathered at the temple without her.
Johal, a grandmother of five, was one of the eight workers killed when a gunman opened fire at a FedEx warehouse Thursday night. Four of the victims were Sikh, a loss that cuts deep in this tightknit community, connected by faith and a common heritage tied to the Punjabi region of India.
At the gurdwara, a Sikh place of worship, people gathered to make sense of the violence and to talk about how they can protect their community.
“In a tough time, we have to get together to be safe,” said Gurpreet Singh, the temple’s president. “We need to be together, we need to raise our voice and unite. Because united we stand, but divided we fall.”
Between 8,000 and 10,000 Sikhs call Indiana home, according to the Sikh Coalition. Many Sikh families with agricultural backgrounds immigrated from India to the Midwest because of its auto and trucking industries, said Amrith Kaur, the coalition’s legal director.
The community has grown over the past several decades, with some Sikhs also coming from more populous hubs in California and Canada.
On weekends, the Sikh Satsang is a popular meeting spot, where temple members gather for prayer and meals.
In the kitchen, lined by long maroon rugs for used for seating on the linoleum floor, chattering among friends can sometimes drown out songs of prayer from down the hall. Members, standing shoulder-to-shoulder, cook and serve traditional vegetarian dishes.
Saturday was no different, except this time four members of the community were missing — Johal, 66; Jaswinder Singh, 68; Jasvinder Kaur, 50 and Amarjit Sekhon, 48. All four had visited the gurdwara, one of the oldest in the city, though Johal was the only frequent attendee.
The Sikhs at the meeting, from eight different temples across Indianapolis, spoke about the prejudice they’ve faced. They exchanged stories about when they were harassed for wearing turbans or singled out for speaking Punjabi, a language native to the Punjabi region in India.
“People see turban and think terrorist,” said Romandeep Chohan, 28. Johal was her aunt. “But at the end of the day, this is us. We’re your neighbor, we’re your friend.”
Others spoke about past violence. In 2012, a white supremacist entered a gurdwara in Oak Creek, Wis., killing six people before fatally shooting himself.
The massacre, nearly 300 miles from Indianapolis, felt tragic but distant to Maninder Singh, one of the leaders of the Sikh Satsang. But as Singh waited Friday with relatives of workers to find out if they had survived, he was reminded of the lives lost nine years ago.
“It came to my mind right away,” he said. “Did we ever think this could happen to us? No. We never thought it could happen here.”
Aasees Kaur, a representative of the Sikh Coalition, said the deadly assault in Indianapolis underscores the bigotry that Sikhs have faced and the need for more-robust efforts to track hate crimes, which are underreported and difficult to prosecute.
Though authorities have not yet offered a motive for the shooting, Kaur said it feels like her community was targeted. The FedEx warehouse employed many older Sikhs whose native language is Punjabi, because English fluency is not essential to the jobs.
“Given everything our community has experienced in the past, the pattern of violence, bigotry and backlash we have faced, it is impossible not to feel that same pain and targeting in this moment,” she said.
In a letter to the White House on Saturday, the coalition implored the administration to tackle a long-standing concern that hate crimes against Sikhs go undetected and unchallenged.
The coalition noted a 2018 incident in Illinois when a Sikh Uber driver, Gurjeet Singh, was held at gunpoint by a passenger who said, “I hate turban people. I hate beard people.” The assailant was not arrested.
Among the list of requests appended to the letter, the coalition asked President Biden to visit Indianapolis, to appoint a Sikh American liaison in the White House and to reintroduce a bill preventing firearm sales to those convicted of hate crimes. The letter also asked for federal security funding for places of worship, including Sikh temples.
At the temple Saturday, the assembled group brainstormed how they might make something good out of the tragedy.
Some talked about the need for Sikh representation in politics. Although there are more than 500,000 Sikhs living in the United States, according to the coalition, few have held elected offices until recently. The first turbaned Sikh mayor in U.S. history, Satyendra Huja, was elected in 2012 in Charlottesville.
One of the gurdwara leaders, K.P. Singh, called for members to better communicate the ideals of Sikhism, using English to reach people unfamiliar with its traditions. He recalled that when the Sikh community in Indianapolis held a vigil for the victims of the 2012 shooting, it was done completely in Punjabi. This time, he said, needs to be different.
“We pray to each one of you, not to think about what Channel 8 can do for us,” he told the gathering. “Don’t worry about it. Not what Governor Eric Holcomb can do for us. Not what Mayor Hogsett can do for us, or what each of your Sikh leaders can do for us.”
Echoing President John F. Kennedy, he commanded, “Ask yourself: What am I willing to do for each of us?”
Singh recalled that shortly after he moved to the United States, about 50 years ago, the local newspaper ran a photo of him in its “oddities” section. He didn’t take offense, he said, but believed it was his mission to inform others about his beliefs. Decades later, he worries that Sikhs continue to be an enigma to their neighbors.
“How is it that, as a community, after being here for more than a century, we are still being targeted at different levels by fools, by people who refuse to think that we’re not part of their own family?” he asked.
Rimpi Girn, a relative of two of the victims, Jasvinder Kaur and Amarjit Sekhon, spoke about how the tragic burden of gun violence is shared by marginalized people across the United States. Calling for stricter gun enforcement, Girn said the violence will cease only after lawmakers take action.
“It doesn’t matter which community you belong to, which ethnicity, which race, which place,” she said. “What does matter is human life.”
READ MORE
A woman holds an EU flag outside the Russian embassy in Prague. (photo: David W Cerny/Reuters)
Russia Expels 20 Czech Diplomats in Retaliatory Move
Al Jazeera
Excerpt: "Russia on Sunday expelled 20 Czech diplomats in retaliation for a slew of diplomatic expulsions by Prague and gave the affected Czech diplomats just over 24 hours to leave the country, the RIA news agency quoted the foreign ministry as saying."
Russia gives diplomats just over 24 hours to leave the country, in response to Czech expulsion of 18 Russian diplomats.
ussia on Sunday expelled 20 Czech diplomats in retaliation for a slew of diplomatic expulsions by Prague and gave the affected Czech diplomats just over 24 hours to leave the country, the RIA news agency quoted the foreign ministry as saying.
The Czech Republic on Saturday expelled 18 Russian diplomats, giving them 72 hours to leave, after saying that two alleged Russian spies accused of a nerve agent poisoning in Britain in 2018 were behind a deadly explosion at a Czech ammunition depot four years earlier.
The Czech Republic said it had informed NATO and European Union allies that it suspected Russia of causing the 2014 blast, and European Union foreign ministers were set to discuss the matter at their meeting on Monday.
The US State Department commended Prague’s firm response to “Russia’s subversive actions on Czech soil”.
The row is the biggest between Prague and Moscow since the end of decades of Soviet domination of eastern Europe in 1989.
It also adds to growing tensions between Russia and the West in general, raised in part by Russia’s military build-up on its Western borders and in Crimea, which Moscow annexed from Ukraine in 2014, after a surge in fighting between government and pro-Russian forces in Ukraine’s east.
Czech police said they were seeking two Russians in connection with the 2014 blast that killed two people, and who carried passports used by suspects in the attempted poisoning of former Russian double agent Sergei Skripal in 2018.
Russia said Prague’s accusations were absurd as it had previously blamed the blast at Vrbetice, 300 km (210 miles) east of the capital, on the depot’s owners.
It called the expulsions “the continuation of a series of anti-Russian actions undertaken by the Czech Republic in recent years”, accusing Prague of “striving to please the United States against the backdrop of recent US sanctions against Russia”.
Earlier this week, the US announced sanctions and the expulsion of 10 Russian diplomats in retaliation for what Washington said was the Kremlin’s US election interference, a massive cyber attack and other hostile activity.
Russia responded in kind, saying it would expel 10 US diplomats and take other retaliatory moves in a tense showdown with Washington.
‘Full support’
EU and NATO partners stood by Czech officials, with British Foreign Secretary Dominic Raab saying on Sunday that Britain “stands in full support of our Czech allies”.
“I resolutely condemn the subversive activities targeting the security of … our closest neighbour and ally,” Slovak Foreign Minister Ivan Korcok said in a tweet.
“Killing the citizens of the Czech Republic on its territory by another country, that’s almost an act of war,” protester Tomas Peszynski told AFP news agency at a rally outside the Russian embassy in Prague on Sunday afternoon.
About 100 protesters sported banners, saying: “We’re not Russia’s backyard”. They chanted “Shame” while waving EU and NATO flags.
The night before, police detained seven people who had smeared the embassy wall with ketchup, symbolising blood.
Czech politicians joined the outcry, with government ministers saying Russian companies should not take part in the planned construction of a new nuclear unit worth billions of euros for security reasons.
“I can’t imagine (Russian energy giant) Rosatom getting as far as the security assessment,” Industry Minister Karel Havlicek said.
READ MORE
Plastic bails, left, and aluminum bails, right, are photographed at the Green Waste material recovery facility on Thursday, March 28, 2019, in San Jose, California. (photo: Aric Crabb/Digital First Media/Bay Area News/Getty Images)
Spare Yourself the Guilt Trip This Earth Day - It's Companies That Need to Clean Up Their Acts
Courtney Lindwall, The Natural Resources Defense Council
Lindwall writes: "Coined in the 1970s, the classic Earth Day mantra 'Reduce, Reuse, Recycle' has encouraged consumers to take stock of the materials they buy, use, and often quickly pitch - all in the name of curbing pollution and saving the earth's resources."
oined in the 1970s, the classic Earth Day mantra "Reduce, Reuse, Recycle" has encouraged consumers to take stock of the materials they buy, use, and often quickly pitch — all in the name of curbing pollution and saving the earth's resources. Most of us listened, or lord knows we tried. We've carried totes and refused straws and dutifully rinsed yogurt cartons before placing them in the appropriately marked bins. And yet, nearly half a century later, the United States still produces more than 35 million tons of plastic annually, and sends more and more of it into our oceans, lakes, soils, and bodies.
Clearly, something isn't working, but as a consumer, I'm sick of the weight of those millions of tons of trash falling squarely on consumers' shoulders. While I'll continue to do my part, it's high time that the companies profiting from all this waste also step up and help us deal with their ever-growing footprint on our planet.
An investigation last year by NPR and PBS confirmed that polluting industries have long relied on recycling as a greenwashing scapegoat. If the public came to view recycling as a panacea for sky-high plastic consumption, manufacturers—as well as the oil and gas companies that sell the raw materials that make up plastics—bet they could continue deluging the market with their products.
There are currently no laws that require manufacturers to help pay for expensive recycling programs or make the process easier, but a promising trend is emerging. Earlier this year, New York legislators Todd Kaminsky and Steven Englebright proposed a bill—the "Extended Producer Responsibility Act"—that would make manufacturers in the state responsible for the disposal of their products.
Other laws exist in some states for hazardous wastes, such as electronics, car batteries, paint, and pesticide containers. Paint manufacturers in nearly a dozen states, for example, must manage easy-access recycling drop-off sites for leftover paint. Those laws have so far kept more than 16 million gallons of paint from contaminating the environment. But for the first time, manufacturers could soon be on the hook for much broader categories of trash—including everyday paper, metal, glass, and plastic packaging—by paying fees to the municipalities that run waste management systems. In addition to New York, the states of California, Washington, and Colorado also currently have such bills in the works.
"The New York bill would be a foundation on which a modern, more sustainable waste management system could be built," says NRDC waste expert Eric Goldstein.
In New York City alone, the proposed legislation would cover an estimated 50 percent of the municipal waste stream. Importantly, it would funnel millions of dollars into the state's beleaguered recycling programs. This would free up funds to hire more workers and modernize sorting equipment while also allowing cities to re-allocate their previous recycling budgets toward other important services, such as education, public parks, and mass transit.
The bills aren't about playing the blame game—they are necessary. Unsurprisingly, Americans still produce far more trash than anyone else in the world, clocking in at an average of nearly 5 pounds per person, every day—clogging landfills and waterways, harming wildlife, contributing to the climate crisis, and blighting communities. As of now, a mere 8 percent of the plastic we buy gets recycled, and at least six times more of our plastic waste ends up in an incinerator than gets reused.
It's easy to see why. Current recycling rules vary widely depending on where you live—and they're notoriously confusing. Contrary to what many of us have been told, proper recycling requires more than simply looking for that green-arrowed triangle, a label that may tell you what a product is made out of and that it is recyclable in theory, but not whether that material can be recycled in your town—or anywhere at all. About 90 percent of all plastic can't be recycled, often because it's either logistically difficult to sort or there's no market for it to be sold.
That recycling marketplace is also ever changing. When China, which was importing about a third of our country's recyclable plastic, started refusing our (usually contaminated) waste streams in 2018, demand for recyclables tanked. This led to cities as big as Philadelphia and towns as small as Hancock, Maine, to send even their well-sorted recyclables to landfills. Municipalities now had to either foot big bills to pick up recyclables they once sold for a profit or shutter recycling services altogether.
According to Goldstein, New York's bill has a good shot of passing this spring—and it already has the support of some companies that see the writing on the wall, or as the New York Times puts it, "the glimmer of a cultural reset, a shift in how Americans view corporate and individual responsibility." If the bill does go through, New Yorkers could start to see changes to both local recycling programs and product packaging within a few years.
What makes these bills so groundbreaking isn't that they force manufacturers to pay for the messes they make, but that they could incentivize companies to make smarter, less wasteful choices in the first place.
New York's bill, for instance, could help reward more sustainable product design. A company might pay less of a fee if it reduces the total amount of waste of a product, sources a higher percentage of recycled material, or makes the end product more easily recyclable by, say, using only one type of plastic instead of three.
"Producers are in the best position to be responsible because they control the types and amounts of packaging, plastics, and paper products that are put into the marketplace," Goldstein says.
Bills like these embody the principles of a circular economy—that elusive North Star toward which all waste management policies should point. By encouraging companies to use more recycled materials, demand for recyclables goes up and the recycling industry itself is revitalized. What gets produced gets put back into the stream for reuse.
If widely adopted, we could significantly reduce our overall consumption and burden on the planet. With less paper used, more forests would stay intact—to continue to store carbon, filter air and water, and provide habitat for wildlife and sustenance for communities. With less plastic produced, less trash would clog oceans and contaminate ecosystems and food supplies. In turn, we'd give fossil fuels even more reasons to stay in the ground, where they belong.
That would be my Earth Day dream come true—with little hand-wringing of fellow guilt-stricken individuals required.
READ MORE
Contribute to RSN
Update My Monthly Donation
