Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 6 hours 13 sec ago

Half of all Phishing Sites Now Have the Padlock

Tue, 11/27/2018 - 07:22
You may have heard you should look for the padlock symbol at the top of a website before entering your password or credit card information into an online form. It's well-meaning advice, but new data shows it isn't enough to keep your sensitive information secure. From a report: Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. That's up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018. This alarming shift is notable because a majority of Internet users have taken the age-old "look for the lock" advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe. In reality, the https:// part of the address (also called "Secure Sockets Layer" or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and can't be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.

IBM CEO Joins Apple In Blasting Data use By Silicon Valley Firms

Mon, 11/26/2018 - 17:50
IBM CEO Ginni Rometty joined a growing chorus of tech executives lambasting web platforms, like Google and Facebook, over their collection of user data and urged governments to target regulation at those companies. Bloomberg reports: Without naming company names, Rometty pointed to the "irresponsible handling of personal data by a few dominant consumer-facing platform companies" as the cause of a "trust crisis" between users and tech companies, according to an advanced copy of her remarks. Rometty's comments, given at a Brussels event with top EU officials Monday, echoed recent statements by Apple CEO Tim Cook, who in October slammed Silicon Valley rivals over their use of data, equating their services to "surveillance." IBM meanwhile has seen revenue decline since Rometty took the CEO role in 2012, largely due to falling sales in existing hardware, software and services offerings. She has since been trying to steer IBM toward more modern businesses, such as the cloud, artificial intelligence, and security software. Seeking to separate IBM -- which operates primarily at a business-to-business level -- from the troubled tech companies, Rometty said governments should target regulation at consumer-facing web platforms, like social media firms and search engines. In particular, Rometty pushed for more measures around the transparency of artificial intelligence as well as controversial rules around platform liability.

Lawmakers Introduce Bill To Stop Bots From Ruining Holiday Shopping

Mon, 11/26/2018 - 14:30
Democrats have proposed the "Stopping Grinch Bots Act" to make it illegal to use bots to shop online and also outlaw reselling items purchased by bots. "Lawmakers label them 'Grinch' bots because, during the holiday season, resellers use them to buy inventory of highly coveted toys that can be resold at highly inflated prices," reports CNET. "Often times, these bots are so quick that they can purchase entire stocks of items before people can even add them to their carts." From the report: Sens. Tom Udall, Richard Blumenthal and Chuck Schumer along with Rep. Paul Tonko made the announcement on Black Friday. While the proposed legislation is focused around the holiday season and toys, the Grinch Bots act would apply to all retailers online. Toys aren't the only items that resellers online send swarms of bots to. Security researchers noted that bots designed to buy rare sneakers are a persistent issue, as developers will create AI to buy shoes from companies like Nike and Adidas as quickly as possible. The proposed bill leaves it open for security researchers to use bots on retailer websites to find vulnerabilities. "Middle class folks save up -- a little here, a little there -- working to afford the hottest gifts of the season for their kids but ever-changing technology and its challenges are making that very difficult. It's time we help restore an even playing field by blocking the bots," said Schumer, a Democrat from New York, in a statement.

Germany Proposes Router Security Guidelines

Mon, 11/26/2018 - 08:40
German government would like to regulate what kind of routers are sold and installed across the country. From a report: The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers. Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community. Once approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance. The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features.

Richard Stallman Criticizes Bitcoin, Touts a GNU Project Alternative

Mon, 11/26/2018 - 00:34
Richard Stallman doesn't like bitcoin, and has never used it, reports CoinDesk: To Stallman, bitcoin isn't suitable as a digital payment system. His biggest complaint: bitcoin's poor privacy protections. He told CoinDesk, "What I'd really like is a way to make purchases anonymously from various kinds of stores, and unfortunately it wouldn't be feasible for me with bitcoin." Using a crypto exchange would allow that company and ultimately the government to identify him, he said.... Asked what he thought about so-called privacy coins, Stallman said he'd gotten an expert to assess their potential, and "for each one he would point out some serious problems, perhaps in its security or its scalability." And speaking broadly, Stallman continued: "If bitcoin protected privacy, I'd probably have found a way to use it by now." Fortunately, Stallman's GNU Project has a better answer: The GNU Project, which Stallman founded, is working on an alternative digital payments system called Taler, which is based on cryptography but is not -- forgive the hair-splitting -- a cryptocurrency. The Taler project's maintainer Christian Grothoff told CoinDesk that the system is, rather, designed for a "post-blockchain" world.... It's based on blind signatures, a cryptographic technique invented by David Chaum, whose DigiCash was among the first attempts at creating secure electronic money. Plus, Taler's attempt to create a digital money that resists surveillance by governments and payments companies aligns it with many cryptocurrency projects. Yet, Taler does not attempt to bypass centralized authority. Payments are processed by openly centralized "exchanges" rather than peer-to-peer networks of miners because, Grothoff said, such a system "would again enable dangerous, money laundering kind of practice." Indeed, in a break with the anti-government ethos that has tended to characterize bitcoin and some of its peers, Taler's design explicitly tries to block opportunities for tax evasion.... Privacy in the Taler system, then, is limited to users spending their digital cash. They are shielded from surveillance because, Grothoff said, "the exchange, when coins are being redeemed, cannot tell if it was customer A or customer B or customer C who received the coin, because they all look identical from the exchange. Nobody," he added, "exactly knows who has how many tokens." Merchants (or anyone) receiving payments, on the other hand, do so visibly and in the open, making it possible for governments to assess taxes on their income -- not to mention harder for the recipients to participate in money laundering.... Currently, Taler is in talks with European banks to allow withdrawal into the Taler wallet and also re-deposit from the Taler system back into the traditional banking system. "I wouldn't want perfect privacy," Stallman says in the interview, "because that would mean it would be impossible to investigate crimes at all. And that's one of the jobs we need the state to do."

AI Mistakes Ad On a Bus For an Actual CEO, Then Publicly Shames Them For 'Jaywalking'

Sun, 11/25/2018 - 21:35
An anonymous reader quotes the South China Morning Post: Since last year, many Chinese cities have cracked down on jaywalking by investing in facial recognition systems and AI-powered surveillance cameras. Jaywalkers are identified and shamed by displaying their photographs on large public screens... Developments are also underway to engage the country's mobile network operators and social media platforms, such as Tencent Holdings' WeChat and Sina Weibo, to establish a system in which offenders will receive personal text messages as soon as they are caught violating traffic rules.... Making a compelling case for change is the recent experience of Dong Mingzhu, chairwoman of China's biggest maker of air conditioners Gree Electric Appliances, who found her face splashed on a huge screen erected along a street in the port city of Ningbo... That artificial intelligence-backed surveillance system, however, erred in capturing Dong's image on Wednesday from an advertisement on the side of a moving bus. The traffic police in Ningbo, a city in the eastern coastal province of Zhejiang, were quick to recognise the mistake, writing in a post on microblog Sina Weibo on Wednesday that it had deleted the snapshot. It also said the surveillance system would be completely upgraded to cut incidents of false recognition in future. The article says the mistakenly-accused CEO's company later thanked the traffic police for their hard work, and "called on people to obey traffic rules to keep the streets safe." "The Chinese government is currently working to combine the operations of more than 170 million public security cameras to strengthen its surveillance network's ability to track and monitor the country's 1.4 billion citizens. Research firm IHS Markit has estimated that the number of surveillance cameras in China could reach 450 million by 2020."

New Gmail Bug Allows Sending Messages Anonymously

Sun, 11/25/2018 - 12:34
Earlier this week software developer Tim Cotten discovered a serious glitch in Gmail. An anonymous reader quotes BleepingComputer: Tampering with the 'From:' header by replacing some text with an <object>, <script> or <img> tag causes the interface to show a blank space instead of the sender's address.... Opening the email does not help, either, as the sender's address continues to remain hidden and shows no info even when hovering on it, an action that typically reveals the details.... Trying to reply to the message is also of no help. Cotten attempted this thinking that Gmail would read the original email headers and determine the destination. "Wrong again! Gmail is at a complete loss at what to do!" Cotten writes in a blog post that details his new finding.... Using the Show Original option, which allows users with more experience to trace an email, the desired detail is still unavailable in the user-friendly view. Looking at the raw info, however, shows the source address buried at the end of the <img> tag Cotten used in his experiment. He didn't even have to spell correctly the data type to trigger the bug. Unfortunately, it is highly unlikely that the average Gmail user will be able to navigate to this area and determine who the apparently anonymous message is coming from. Due to this, for these users the risk of phishing is high. Cotten's bug report "relies on his previous discovery that proved how a malformed 'From:' header allows placing an arbitrary email address in the sender field," the article points out, also noting a third recently-reported Gmail bug that "allows fraudsters to create a 'mailto:' link that populates the destination field in the app with whatever address they want; the latter was reported about 19 months ago to Google and is still present in the Gmail app for Android." "According to the developer, one solution Google could implement to avoid forging the From field is to properly check the email headers and deny communication with an anomalous structure in the sender or recipient fields. Another method proposed by Cotten is Joran Greef's project Ronomon, which can trigger errors when email specifications are not followed." Threatpost reported Tuesday that Google "did not respond to a request for comment."

Two Linux Kernels Revert Performance-Killing Spectre Patches

Sun, 11/25/2018 - 06:34
Friday Greg Kroah-Hartman released stable point releases of Linux kernel 4.19.4, as well as 4.14.83 and 4.9.139. While they were basic maintenance updates, the 4.19.4 and 4.14.83 releases are significant because they also reverted the performance-killing Spectre patches (involving "Single Thread Indirect Branch Predictors", or STIBP) that had been back-ported from Linux 4.20, according to Phoronix: There is improved STIBP code on the way for Linux 4.20 that by default just applies STIBP to SECCOMP threads and processes requesting it via prctl() but otherwise is off by default (that behavior can also be changed via kernel parameters). Once that code is ready to go for Linux 4.20, we may see it then back-ported to these stable trees. Aside from reverting STIBP, these point releases just have various fixes in them as noted for 4.19.4, 4.14.83, and 4.9.139. Last Sunday Linus Torvalds complained that the performance impact of the STIPB code "was clearly way more expensive than people were told," according to ZDNet: "When performance goes down by 50 percent on some loads, people need to start asking themselves whether it was worth it. It's apparently better to just disable SMT entirely, which is what security-conscious people do anyway," wrote Torvalds. "So why do that STIBP slow-down by default when the people who *really* care already disabled SMT?"

The Fax is Not Yet Obsolete

Sat, 11/24/2018 - 15:30
Fax, once at the forefront of communications technologies but now in deep decline, has persisted in many industries. From a report: Law-enforcement agencies remain heavily reliant on fax for routine operations, such as bail postings and return of public-records requests. Health care, too, runs largely on fax. Despite attempts to replace it, a mix of regulatory confusion, digital-security concerns, and stubbornness has kept fax machines droning around the world. An early facsimile message was sent over telegraph lines in London in 1847, based on a design by the Scottish inventor Alexander Bain. There is some dispute over whether it was the first fax: Competing inventors, including Bain in the United Kingdom and Thomas Edison and Alexander Graham Bell across the Atlantic, sought to father facsimile technology, which was a kind of white whale for inventors. Telegraphs already allowed messages to be passed across distances, one letter at a time using Morse code. But the dream of transmitting copies of messages and images instantly over wires was very much alive. Writing in 1863, Jules Verne imagined that the Paris of the 1960s would be replete with fax machines, or as he called them, "picture-telegraphs." The technology did eventually lead to a revolution in communication, though it didn't happen until years later. It first became known to many Americans after the 1939 New York World's Fair, where a fax machine transmitted newspaper images from around the world at a rate of 18 minutes per page -- lightning speed for the time. Further reading: 'You Had to Be There': As Technologies Change Ever Faster, the Knowledge of Obsolete Things Becomes Ever Sweeter.

Your Credit Score Isn't a Reflection of Your Moral Character. But the Department of Homeland Security Seems To Think It Is.

Sat, 11/24/2018 - 07:40
What kind of person racks up debts and doesn't pay them? Your credit score is an attempt to answer this question. A report elaborates: These important three-digit numbers summarize our statistical risk for lenders. The allure of the credit score is its clarity: It cuts through appearances and converts our messy lives into an easily readable metric. The difference between a score of 750 and 600 is obvious. One is an excellent bet for a lender to make; the other is not. On balance, credit scores have made borrowing more convenient, and fairer, for consumers. But the U.S. Department of Homeland Security wants to use credit scores for an entirely different purpose, one they were never built for and are not suited for. The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status. The new rule, contained in a proposal signed by DHS Secretary Kirstjen Nielsen, is designed to help immigration officers identify applicants likely to become a "public charge" -- that is, a person primarily dependent on government assistance for food, housing, or medical care. According to the proposal, credit scores and other financial records (including credit reports, the comprehensive individual files from which credit scores are generated) would be reviewed to predict an applicant's chances of "self-sufficiency." The proposal is open for public comment until Dec. 10. Setting aside the proposal's moral abdication when it comes to the needy, we should be troubled by another injustice: its abuse of personal metrics.

Rowhammer Attacks Can Now Bypass ECC Memory Protections

Sat, 11/24/2018 - 03:30
Catalin Cimpanu, reporting for ZDNet: Academics from the Vrije University in Amsterdam, Holland, have published a research paper this week describing a new variation of the Rowhammer attack. For readers unfamiliar with the term, Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards. By default, a memory card stores temporary data inside storage units named cells, which are arranged on the physical silicon chip in multiple rows, in the form of a grid. [...] In research [PDF] published today, named ECCploit, academics expanded the previous Rowhammer techniques with yet another variation. This one, they said, bypasses ECC memory, one of the memory protections that hardware makers said could detect and prevent Rowhammer attacks in the past. ECC stands for Error-Correcting Code and is a type of memory storage included as a control mechanism with high-end RAM, typically deployed with expensive or mission-critical systems. ECC memory works by protecting against rogue bit flips, like the ones caused by Rowhammer attacks. Surprisingly, it wasn't developed to deal with Rowhammer. It was initially developed in the 90s to protect against bit flips caused by alpha particles, neutrons, or other cosmic rays, but when Rowhammer came out, it also proved to be effective against it, as well. But after spending months reverse engineering the designs of ECC memory, the Vrije University team discovered that this protection mechanism has its limits.

New Linux Crypto-miner Steals Your Root Password and Disables Your Antivirus

Fri, 11/23/2018 - 23:25
Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by. ZDNet reports: The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn't have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174. But despite the generic name, the trojan is a little bit more complex than most Linux malware, mainly because of the plethora of malicious features it includes. The trojan itself is a giant shell script of over 1,000 lines of code. This script is the first file executed on an infected Linux system. The first thing this script does is to find a folder on disk to which it has write permissions so it can copy itself and later use to download other modules. Once the trojan has a foothold on the system it uses one of two privilege escalation exploits CVE-2016-5195 (also known as Dirty COW) and CVE-2013-2094 to get root permissions and have full access to the OS.

Google, Mozilla Working on Letting Web Apps Edit Files Despite Warning That it Could Be Abused

Fri, 11/23/2018 - 13:20
Google and Mozilla are heading a group that is devising a way for users to save changes they make using web apps. From a report: The idea is to allow users to save changes they've made using web apps, without the hassle of having to download new files after each edit, as is necessary today. "Today, if a user wants to edit a local file in a web app, the web app needs to ask the user to open the file," said Google developer advocate Pete LePage. "Then, after editing the file, the only way to save changes is by downloading the file to the Downloads folder, or having to replace the original file by navigating the directory structure to find the original folder and file. This user experience leaves a lot to be desired, and makes it hard to build web apps that access user files." To this end, the W3C Web Incubator Community Group (WICG), which is chaired by representatives from Chrome developer Google and Firefox developer Mozilla, is working on developing the new Writable Files API, which would allow web apps running in the browser to open a file, edit it, and save the changes back to the same file. However, the group says the biggest challenge will be guarding against malicious sites seeking to abuse persistent access to files on a user's system. "By far the hardest part for this API is of course going to be the security model to use," warns the WICG's explainer page for the API. "The API provides a lot of scary power to websites that could be abused in many terrible ways."

Microsoft, Google and Qualcomm Working On Chrome For Windows On ARM

Wed, 11/21/2018 - 15:30
Microsoft and Google engineers appear to be working on a Chrome browser running on Windows on ARM. "9to5Google has spotted various commits by Microsoft engineers assisting with the development of Chrome for Windows 10 on ARM," reports The Verge. "The details follow claims by a Qualcomm executive last month that the chip maker was working on an ARM version of Chrome for Windows 10." From the report: A native ARM version of Chrome would make a lot of sense for Qualcomm, Microsoft, and Google. Chrome is one of the most popular desktop apps available on Windows 10, and without a native version for ARM it's difficult to take ARM-powered Windows 10 devices seriously for many. However, it was only last year that Microsoft pulled Google's Chrome installer from the Windows Store, because it violated store policies. Those policies restrict rival browsers to using Microsoft's own Edge rendering engine, specifically that "products that browse the web must use the appropriate HTML and JavaScript engines provided by the Windows Platform." Microsoft also blocked similar browser apps for Windows 8. Unless Microsoft relaxes its rules then this native Chrome support for Windows on ARM won't be found in the Windows Store. Microsoft and Google's work could still help improve performance for Electron-based apps like Slack and Visual Studio Code which rely on parts of Chromium.

Amazon Has Emailed an Unspecified Number of Customers To Inform Them That Their Names and Addresses Were Disclosed by the Website, Blames 'Technical Error'

Wed, 11/21/2018 - 06:40
If you have received a strange email from Amazon today, you're not alone. A number of customers on Wednesday received an email from the company in which it notes that it "inadvertently disclosed your name and email address due to a technical error." The company confirmed to BetaNews that the emails are genuine, but did not discuss the nature and severity of the technical error and how many customers are impacted. The technical error impacted customers in the United States as well as United Kingdom. It remains unclear if customers elsewhere were affected too. In a statement, the company said, "We have fixed the issue and informed customers who may have been impacted."

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used To Be

Tue, 11/20/2018 - 13:30
As you travel this holiday season, bouncing from airport to airplane to hotel, you'll likely find yourself facing a familiar quandary: Do I really trust this random public Wi-Fi network? As recently as a couple of years ago, the answer was almost certainly a resounding no. But in the year of our lord 2018? Friend, go for it. Wired: This advice comes with plenty of qualifiers. If you're planning to commit crimes online at the Holiday Inn Express, or to visit websites that you'd rather people not know you frequented, you need to take precautionary steps that we'll get to in a minute. Likewise, if you're a high-value target of a sophisticated nation state, stay off of public Wi-Fi at all costs. But for the rest of us? You're probably OK. That's not because hotel and airport Wi-Fi networks have necessarily gotten that much more secure. The web itself has. "A lot of the former risks, the reasons we used to warn people, those things are gone now," says Chet Wisniewski, principle researcher at security firm Sophos. "It used to be because almost nothing on the internet was encrypted. You could sit there and sniff everything. Or someone could set up a rogue access point and pretend to be Hilton, and then you would connect to them instead of the hotel." In those Wild West days, in other words, signing onto a shared Wi-Fi network exposed you to myriad attacks, from hackers tracking your every move online, to so-called man-in-the-middle efforts that tricked you into entering your passwords, credit card information, or more on phony websites. A cheap, easy to use device called a Wi-Fi Pineapple makes those attacks simple to pull off. All of that's still technically possible. But a critical internet evolution has made those efforts much less effective: the advent of HTTPS.

Department of Commerce Could Be the First US Entity To Broadly Regulate an Aspect of AI

Tue, 11/20/2018 - 07:20
Dave Gershgorn and Max de Haldevang, writing for Quartz: Artificial intelligence technology has the capability to be the most impactful software advance in history and the US government has no idea how to properly regulate it. The US does know that it doesn't want other countries using its own AI against it. A new proposal published this week by the Department of Commerce lists wide areas of AI software [PDF] that could potentially require a license to sell to certain countries. These categories are as broad as "computer vision" and "natural language processing." It also lists military-specific products like adaptive camouflage and surveillance technology. The small number of countries these regulations would target includes a big name in AI: China. Donald Trump, who has placed tariffs on hundreds of billions of dollars of Chinese goods as part of a simmering trade war, has long railed against China's alleged theft of intellectual property. This proposal looks like a warning from US officials, just as Chinese president Xi Jinping aims to boost AI in his own country. "This is intended to be a shot across the bow, directed specifically at Beijing, in an attempt to flex their muscles on just how broad these restrictions could be," says R. David Edelman, a former adviser to president Barack Obama who leads research on technology and public policy issues at the Massachusetts Institute of Technology.

Retaliatory Cyber Attacks Are Only Way To Stop China, Says Former FBI Director

Tue, 11/20/2018 - 06:40
Targeted cyber attacks and a strong deterrence capability are the most effective way of preventing China and other countries continuing to steal Australian commercial secrets, according to a former director of the Federal Bureau of Investigation. From a report: Louis Freeh, who ran the FBI for almost eight years until 2001, said the threat of criminal charges or jail time would do little to prevent state-sponsored hackers from continuing to steal valuable intellectual property. "It's like trying to serve a subpoena on [Osama] Bin Laden -- it's not very effective," Mr Freeh said on the sidelines of a speech in Sydney on Monday night. His comments come as the federal government considers how best to respond to a surge in cyber attacks directed by China's peak security agency over the past year. An investigation by The Australian Financial Review and Nine News confirmed China's Ministry of State Security (MSS), was responsible for the recent wave of attacks on Australian companies. These formed part of what is known in cyber circles as "Operation Cloud Hopper", which was detected by Australia and its partners in the Five Eyes intelligence sharing alliance.

Microsoft Pulls Some Non-Security Updates For Microsoft Office 2010, 2013 and 2016 That It Released Earlier This Month

Tue, 11/20/2018 - 06:00
Mark Wilson, writing for BetaNews: Having released a series of updates for Office 2010, 2013 and 2016 as part of this month's Patch Tuesday, Microsoft has now pulled two of them and advised sysadmins to uninstall the updates if they have already been installed. In both instances -- KB4461522 and KB2863821 -- Microsoft says that the problematic updates can lead to application crashes. While this is not as serious a problem as, say, data loss, it does little to quieten the fears that have been voiced about the quality control Microsoft has over its updates.

Russia Wants DNC Hack Lawsuit Thrown Out, Citing International Conventions

Mon, 11/19/2018 - 15:20
An anonymous reader quotes a report from ZDNet: The Russian Federation has responded to a lawsuit filed by the Democratic National Committee and has requested the overseeing court to throw out the lawsuit altogether. The lawsuit, filed by the DNC in April 2018, names a slew of figures as defendants, such as the Russian state, Russia's military intelligence service GRU, the hacker known as Guccifer 2.0, WikiLeaks and its founder Julian Assange, and several members of the Trump campaign, such as Donald Trump, Jr., Paul Manafort, Roger Stone, Jared Kushner, and George Papadopoulos. According to an 87-page indictment, the DNC accused Russia and the other defendants of carrying out the hacking of DNC servers in 2016 and then leaking data online via the WikiLeaks portal in an orchestrated manner for the benefit of the Trump presidential campaign. The lawsuit, which has its own Wikipedia page and was likened to a lawsuit the DNC filed against Nixon after the Watergate scandal, seeks damages, but also for the court to issue a declaration about the defendants' conspiracy. But in a letter sent to a New York court, presented by the Russian Embassy in the U.S. and signed by a representative of the Russian Ministry of Justice, the Russian Federation wants the lawsuit thrown out. In the 12-page letter, the Russian Federation argues that the U.S. Foreign Sovereign Immunities Act ("FSIA") grants Russia immunity. "The FSIA provides that foreign sovereign States enjoy absolute jurisdictional immunity from suit unless a plaintiff can demonstrate that one of the FSIA's enumerated 'exceptions' applies'," the letter argues. "The DNC's allegations regarding a purported 'military attack' by 'Russia's military intelligence agency' do not fall within any of the FSIA's enumerated exceptions to the Russian Federation's sovereign immunity." "Any alleged 'military attack' is a quintessential sovereign act that does not fall within any exception to the FSIA or the customary international law of foreign sovereign immunity. The Russian Federation's sovereign immunity with respect to claims based upon such allegations is absolute."