[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

NSA, Lazarus, and Odinaff

/1 Comment/in /by

Reuters has a report that SWIFT — the international financial transfer messaging system — has been hacked again, what it describes as the second effort to steal big money by hacking the system.

Cyber-security firm Symantec Corp said on Tuesday that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded $81 million in the high-profile February attack on Bangladesh’s central bank.

Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.

But it should say the third hack. As the Snowden documents revealed, NSA was double dipping at SWIFT in the 2010 to 2011 timeframe, though to steal information, not money.

What’s interesting about this latest hack, though, is it targets the US and countries closely aligned with it, though it appears to be a criminal organization not a state.

Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

The Reuters report also notes that Symantec thinks the Sony hack was done by a group it calls Lazarus, which may not be the same as North Korea.

As with the Yahoo scan ordered last year — which effectively appears to have hacked all Yahoo’s users — it makes sense to think of US nation-state hacks and criminal or foreign adversary ones in the same breath. Not only might an NSA hack expose methods others might use, but with an entity like SWIFT, there’s no reason to privilege US hacking over others.

On Provenance and Putin: That Sid Blumenthal Story

/21 Comments/in , /by

At a campaign appearance yesterday, Donald Trump quoted a judgment that Kurt Eichenwald made in an article last year on the Benghazi investigation.

One important point has been universally acknowledged by the nine previous reports about Benghazi: The attack was almost certainly preventable. Clinton was in charge of the State Department, and it failed to protect U.S. personnel at an American consulate in Libya. If the GOP wants to raise that as a talking point against her, it is legitimate.

The rest of the article was about how politicized the inquiry was. But right there in the middle of his article, Eichenwald included a namby pamby both-sides paragraph — one that could have better nuanced the conclusions of the many Benghazi reports — that said Benghazi was a legitimate issue to raise against Hillary.

Sucks to be Eichenwald, because Trump just used it on his campaign, to thrilled cries from his frothy supporters.

The quote came up on the campaign trail because Sid Blumenthal had forwarded the article — highlighting the description about the politicized questioning he himself had undergone, but ultimately quoting the entire article, including that namby pamby paragraph — to a bunch of undisclosed recipients, including John Podesta, under the subject line “The truth…” Blumenthal surely meant that Eichenwald’s larger point — that the whole investigation was politicized — was the truth, but he did forward the whole thing, including the namby pamby paragraph, under that heading.

The forwarded story got released by WikiLeaks as part of its Podesta leaks (emails which Hillary effectively confirmed during the debate by explaining one of the emails that had attracted the most attention).

Now, as it turns out, Sputnik published a story on the email, erroneously attributing the entire judgment, including that attacking Hillary for Benghazi was a legit talking point, to Blumenthal, not Eichenwald. They apparently realized their error and took it down. But not before Eichenwald started wondering how Trump came to be quoting his own namby pamby paragraph on the campaign trail.

In an article asserting that Trump got his talking point from the Sputnik story, Eichenwald has given up not only his namby pamby tone, but moderation. In it, having already suggested the misattribution to Blumenthal was due to “incompetence,” he then claims it was also deliberate disinformation. He then states as fact that Trump got this “falsehood” from the Kremlin.

This is not funny. It is terrifying. The Russians engage in a sloppy disinformation effort and, before the day is out, the Republican nominee for president is standing on a stage reciting the manufactured story as truth. How did this happen? Who in the Trump campaign was feeding him falsehoods straight from the Kremlin? (The Trump campaign did not respond to a request for comment).

The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump? That is a topic for another time.

Here’s an earlier version of the article, in which Eichenwald even more obviously asserts that the Sputnik article is both an error and a deliberate falsification.

Of course, this might be seen as just an opportunity to laugh at the incompetence of the Russian hackers and government press—once they realized their error, Sputnik took the article down. But this is not funny at all. The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump. That is a topic for another time.

There are two interesting details about Eichenwald’s story. Nowhere in the piece does he link the actual Wikileaks email, which makes it clear that Blumenthal had, in fact, forwarded that namby pamby paragraph along with everything else. It is clear that the email was just a forwarded Newsweek article, but given that the part Blumenthal highlighted at the top was his own testimony, it is perhaps understandable why someone might make the misattribution.

More interesting still, while Eichenwald links this YouTube of what he says is Trump repeating the Sputnik talking point, he only selectively quotes from it. But it appears (and I admit that this, as with all of Trump’s ramblings, is not entirely clear) that Trump introduces the quote this way:

So Blumenthal writes a quote — this just came out a little while ago, I have to tell you this. “One important point has been …

It’s certainly possible Trump meant, “So Blumenthal writes, I quote,” but at least to my ear, he said, “Blumenthal writes a quote.” If that’s right, then Trump couldn’t have been working from Sputnik (or he at least wasn’t replicating their error), because he would have been properly attributing this judgment as a quote (of Eichenwald). Trump does go on to say “this is Sidney Blumenthal, the only one he was talking to,” after insinuating that one reason Hillary set up her email server may have been to continue talking to “Sleazy Sidney” after Obama told her to stop, but nowhere in the clip do I see Trump IDing it as an email from Blumenthal. Perhaps Eichenwald bases this assertion — “He told the assembled crowd that it was an email from Blumenthal” — on some other part of the appearance.

Eichenwald also notes that Trump was “holding a document in his hand.” But the document appears to be a transcribed talking point; it’s almost certainly not the Sputnik article. So that doesn’t tell us anything about provenance.

In other words, it’s not actually clear where Trump got this from, or whether Trump’s staffers had at least corrected Sputnik’s error. It may well be! But Eichenwald hasn’t made that case.

Apparently this frothy Trump supporter tweeted out the claim, just as Trump stated it, though he has since deleted it. (h/t Emma Jones) The supporter, who joined Twitter in February 2016, could well be a Russian troll (but one that long precedes this particular leak campaign), but he certainly models as an Infowars loving Hillary hater who overreads anything implicating her, something America has in ready supply without Putin’s help.

There’s one other part of this that I find notable, aside from the claim that Sputnik made this error out of both incompetence and deliberate disinformation. A big part of this narrative is that Wikileaks is doing Russia’s bidding rather than — a more logical explanation — attacking Hillary, with whom Julian Assange has had a 6-year adversarial relationship.

screen-shot-2016-10-11-at-8-39-57-am

Wikileaks may well be working with Russia and/or the effect of sharing a mutual interest in weakening Hillary may amount to the same.

But this is actually a case where Russia did not do what has been alleged they might. That is, Wikileaks released what is an email no one contests, a not very controversial one at all. While Wikileaks has made misleading claims about what it has released at times, this is not one of them.

One thing clearly did not happen though. Even assuming Russia is responsible for the Podesta email leak, Russia did not “falsify” the original email to say what Eichenwald is so convinced Russia wanted to claim, that Blumenthal himself had endorsed Eichenwald’s namby pamby judgment that Benghazi is a fair talking point to use against Hillary. That claim only came after Sputnik tried to make it a bigger issue (but then realized its error, according to Eichenwald).

If Russia were doing what Eichenwald claimed — and they might in the future!! — then they would have doctored the email on the front end, not when republishing it in a state outlet.

Update: Unsurprisingly, Glenn Greenwald rips this (especially Eichenwald’s inflammatory tweets about the story) apart. More interesting, WaPo also dings Eichenwald for overclaiming what this incident reveals.

Update, November 1: There’s a very strange coda to this story. The guy who, until this event, worked at Sputnik and was responsible for the mistake, Bill Moran, wrote up this story from his viewpoint. Here’s how he made the mistake.

On Columbus Day, I made an embarrassing mistake. I noticed a series of viral tweets attributing words to Sidney Blumenthal on the Benghazi scandal. The original WikiLeaks document, to which the original article linked, was lengthy – 75 pages. I reviewed the document in a hurry, but I did not read all of them.

[snip]

I was moving too fast and I made a mistake – a mistake that I remain embarrassed about making. I stepped outside to smoke a cigarette after scheduling our social media accounts, stopped halfway through, thought “why hasn’t anybody else picked this up?” gave the document a second review, realized my error, and proceeded to delete the story.

The story was up from 3:23PM EDT to 3:42PM EDT and received 1,061 views before being removed – I’d like to apologize to weekend readers for making that mistake no matter how honest an error it was.

What happened next is weirder. Eichenwald made a series of contacts with the guy, basically trying to persuade him not to tell the real story publicly, including by suggesting he could help him get a job at New Republic and then by threatening him.

Then, as Paste describes, they had a long conversation that Moran, at first, wasn’t going to release. In it, Eichenwald waggles around American spooks.

In Moran’s notes on the call, he quotes Eichenwald as repeating that the “intelligence community” was monitoring both Sputnik and a separate Twitter account, which he holds responsible for the blowback (as opposed to his own story). He went on to say that everyone at Sputnik had an intelligence file on them, and asked if Moran had made any foreign phone calls that might have raised eyebrows. He went on to imply that Moran might have issues getting a re-entry visa into America if he ever traveled abroad, and then offered to help Moran “find a real job” to extricate him from the situation. He went on to say that both Sputnik and Russia Today have been targeted by the intelligence community, and will soon be subject to sanctions that aim at shutting them down for good.

Which Eichenwald does again in a follow-up email (at which point Eichenwald seemed to be going nuts, because he didn’t realize that Moran included Newsweek’s own lawyer on the exchange and instead assumed it was Moran’s lawyer).

Next, he reverts to the threatening language—the “bad cop” persona—telling Moran that he could tie him to the Russians themselves: “Now, there is one alternative here,” Eichenwald writes. “I can write: ‘William Moran, the writer for Sputnik, said he based his article not on directives from the Russian government but on an anonymous tweet that used a clip of the image of the document. He said he accepted the anonymous tweeters’ description that this was from Blumenthal, and did so because he was rushed. However, as the government official with knowledge of the intelligence inquiry said, the original altered document that was tweeted onto the internet came from a location that has been identified as being connected to the Russian disinformation campaigns, and only the news outlet owned by the Russian government published an article based on it.”

In other words, perhaps in an attempt to salvage his reputation, or perhaps in truth, Eichenwald was dragging the intelligence community into this.

Argument: The DNC Hack Attribution Was A Response to Brick and Mortar Events

/22 Comments/in , /by

Last week, ODNI and DHS released a statement widely viewed as attributing the hack and leak of DNC and other Democratic materials to Russia. The statement was actually a bit more nuanced than that:

Assertion 1: Russia compromised DNC and other political organizations

The statement starts with a comment that is spook speak for “we’ve proven this.”

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.

Mind you, this is the bit the IC has been confident of all along: they found hackers at the DNC and the hackers have all the attributes of two different Russian hacking groups.

Assertion 2: The leaking is consistent with stuff Russia has done elsewhere

The next move is the most interesting, in my opinion. The IC strongly suggests the leaking of those hacked files is Russia, but doesn’t use the same spook speak confidence language.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Here, the IC is not saying “we are confident Russia then handed all these files to WikiLeaks, as well as created two cover identities through which to leak them.” Instead, they are saying Russia has done similar things before and has the motivation to do so here. As they have for months, the spooks still appear not to have the same level of proof tying the hacking to the leaking that would allow them to say “we are confident” for this assertion, at least not that they’re willing to admit, which I find incredibly interesting.

Assertion 3: Russia is trying to interfere with the election

Having stated very confidently Russia did the hack and less confidently that it did the leak, the statement brings the nugget language: basically accusing Putin of masterminding the whole thing.

These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

For my purposes here, I’m not interested in testing the truth of this statement — though I am a bit interested in how “influencing public opinion” is deemed to be “interfering with the US election,” because it’s something many people don’t seem to have thought through (nor have they thought through how it differs from the US’ own information operations or PR involvement of other foreign powers in our elections).

Especially given this bit:

Assertion 4: Hackers operating through a Russian server hacked some state election websites, but that may not be the Russian state

The statement goes out of its way to note that the Russian-attributed activity most directly connected to the election, the voter rolls, may not actually be the Russian state, but instead just servers operated by a Russian company.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

Remember, identity thieves have in the past stolen far more voter registration records for identity theft. It’s certainly possible that’s what went on here. More importantly, the IC appears to have nothing from collection on Russia they’re willing to share to claim that this hacking is part of Putin’s mastermind plot.

The rest of the statement goes on to talk about the ways (which I’ve talked about as well) that our localized system of elections makes it really hard to hack an election (though that also makes it really easy to botch an election or even to tamper with elections by disenfranchising select voters, which is what people should be far more concerned about, given that we know such efforts are effective and ongoing).

The IC has long known this but chose to release this statement now

The reason I’ve broken this out into four parts — 1) we know Russia hacked the DNC, 2) the leaks of hacked material is consistent with stuff Russia has done in the past, 3) Putin is in charge, 4) Russia may not have hacked the state websites — is to call attention to the fact that the IC has been leaking assertions 1, 2, and 4 for months. The stated (leaked) reason to hold off on a formal attribution was the uncertain status of assertion 2: the IC doesn’t yet know how the files got from the DNC hackers into Julian Assange’s hands.

But the IC chose to release this statement without growing any more certain about assertion 2 and without solving assertion 4.

In my opinion, that means the IC released this statement to get to assertion 3. Putin is trying to “interfere” in our election by “influencing public opinion.”

The release timing is more about kinetic events elsewhere than it is about IC certainty

So why release this statement now, when the IC doesn’t seem to have gotten any more certain about assertion 2 or 4?

At the end of what I think is an overly pessimistic piece on America’s inability to deter hacking, Jack Goldsmith considers the possibility that undeterred cyberattacks may be a response to brick and mortar conflict.

Without robust defenses or effective deterrence, the United States can expect many more, and more harmful, cyber intrusions by adversaries who are asymmetrically empowered by the rise of digital networks.  There is no end to the ways that they might spy in, steal from, or disrupt U.S. networks, public and private.  That sounds bad, buts the implications are worse.  Asymmetric offensive cyber operations by our adversaries can be an effective response to every element of U.S. foreign and military power.  For all we know the Russian DNC hack is a response to sanctions for Ukraine and an attempt to win leverage in Syria.  Imagine the United States wanted to do more—via sanctions, or through military operations, or in cyber—to slow Russian operations in Eastern Europe or Syria.  The Russians could easily respond via cyber, where it appears to have an asymmetrical advantage.  Indeed, the relatively tepid USG response to Russian aggression in Eastern Europe and Syria may be a result of USG worries about the implications of the DNC hack.  In other words, the Russians may already be using cyber to deter the United States from seemingly unrelated foreign policy actions it might otherwise take.

Aside from his totally inappropriate use of “asymmetric” here — there’s no lack of potential symmetry between the cyber capabilities of the US and Russia, just an emphasis of one tool over another — I agree with this passage. Indeed, I’ve been saying for a long time that the most obvious explanation for why Putin would do all this so blatantly is because in his view the US carried out a coup in Ukraine and is attempting regime change in Syria to choke Russia strategically.

And as Goldsmith argues, the US’ weak spot is its vulnerability to cyber attacks, absolutely. That weakness is made worse, too, by continued  US insistence on retaining access to all potential offensive tools, even if they can be most dangerous against US targets if they ever, say, show up on an online sale (Goldsmith was curiously silent about the Shadow Brokers release here).

I suspect China, in particular, has done the same kind of mapping we have with Treasure Map, with a focus on having cyberattacks ready to launch that would neutralize us if we ever got into a hot war.

But Goldsmith doesn’t consider the possibility that things may also work in the reverse way.

The US released this statement at a time when it was also making a big diplomatic push against Russia — proposing a ceasefire at the UN it knew Russia would veto, after having failed to negotiate a ceasefire with Russia directly because it asked for things (a no fly zone, basically) that Russia has neither the interest nor the legal necessity to agree to, because Russia is in Syria at the behest of the still-recognized government of the state, we’re not. As it happens, the US is ratcheting up this effort at a time when our Saudi allies’ activities in Yemen make it hard to make a principled stance against Russia, because we’re implicated in Yemen in the same way Russia is in Syria.

More importantly, things are getting very very hot, with Russia moving missiles to Kaliningrad and threatening retaliation for any strikes on Syrian controlled territory.

So I would suggest the timing of this announcement — basically confirming the same certainty and uncertainty the IC has had for months, then using it to accuse Putin of trying to intervene directly in our country — is actually our response to more concrete events elsewhere, not the reverse (though there admittedly may be some chicken-and-egg stuff here, in that we may have held off on attribution in hope we could negotiate directly with Russia).

That is, both sides seem intent on ratcheting up the conflict between Russia and the US, and blaming Putin for interfering in our elections is one tool to do that.

If I’m right, the statement may have nothing to do with deterrence. Rather, it may have everything to do with escalation of other conflicts, providing a reason to pitch Russia’s strategic moves elsewhere as a direct threat to the US. I’m not saying Russia isn’t a dangerous adversary. I’m saying that the release of this statement will do nothing to prevent more hacks, but it will provide cause to claim the increasingly hot conflict with Russia directly threatens the US.

Does a Fifth of Yahoo’s Value Derive from (Perceived) Security and Privacy?

/9 Comments/in , /by

The NYPost is reporting that Verizon is trying to get a billion dollar discount off its $4.8 billion purchase price for Yahoo.

“In the last day we’ve heard that [AOL head, who is in charge of these negotiations] Tim [Armstong] is getting cold feet. He’s pretty upset about the lack of disclosure and he’s saying can we get out of this or can we reduce the price?” said a source familiar with Verizon’s thinking.

That might just be tough talk to get Yahoo to roll back the price. Verizon had been planning to couple Yahoo with its AOL unit to give it enough scale to be a third force to compete with Google and Facebook for digital ad dollars.

The discount is being pushed because it feels Yahoo’s value has been diminished, sources said.

AOL/Yahoo will reach about 1 billion consumers if the deal closes in the first quarter, with a stated goal to reach 2 billion by 2020. AOL boss Tim Armstrong flew to the West Coast in the past few days to meet with Yahoo executives to hammer out a case for a price reduction, a source said.

At one level, this is just business. Verizon has the opportunity to save some money, and it is exploring that opportunity.

But the underlying argument is an interesting one, as it floats a potential value — over a fifth of the original purchase price — tied to Yahoo’s ability to offer its users privacy.

As I understand it, the basis for any discount would be an interesting debate, too. The NYP story implies this is a reaction to both Yahoo’s admission that upwards of 500 million Yahoo users got hacked in 2014 and the more recent admission that last year Yahoo fulfilled a FISA order to scan all its incoming email addresses without legal challenge.

Yahoo has claimed that it only recently learned about the 2014 hack of its users — it told Verizon within days of discovering the hack. If that’s true, it’s not necessarily something Yahoo could have told Verizon before the purchase. (Indeed, Verizon should have considered Yahoo’s security posture when buying it.) But there are apparently real questions about how forthcoming Yahoo has been about the extent of the hack. The number of people affected might be in the billions.

Yahoo can’t claim to have been ignorant about its willingness to respond to exotic FISA requests without legal challenge, however.

Verizon bought Yahoo at a time when Yahoo’s aggressive challenged to PRISM back in 2007 was public knowledge. Given that Verizon had been — or at least had been making a show — of limiting what it would agree to do under USA Freedom Act (Verizon got too little credit, in my opinion, for being the prime necessary driver behind the reform), that earlier legal challenge would have aligned with what Verizon itself was doing: limiting its voluntary cooperation with US government spying requests. But now we learn Yahoo had repurposed its own spam and kiddie porn filter to help the government spy, without complaint, and without even telling its own security team.

I’ll let the mergers and acquisitions lawyers fight over whether Verizon has a claim about the purchase price here. Obviously, the $1 billion is just the opening offer.

But there is a real basis for the claim, at least in terms of value. Verizon bought Yahoo to be able to bump its user base up high enough to be able to compete with Google and Facebook. The perception, particularly in Europe, that Yahoo has neither adequately valued user security nor pushed back against exotic US government demands (especially in the wake of the Snowden revelations) will make it a lot harder to maintain, much less expand, the user base that is the entire purpose for the purchase.

So we’re about to learn how much of an international Internet Service Provider’s value is currently tied to its ability to offer security to its users.

BREAKING! There Were State-Sponsored Terrorists Operating in the US in 2015

/7 Comments/in , /by

If we’re to believe the NYT’s explanation for why Yahoo was asked to scan all its email in 2015, there are (or were) state-sponsored terrorists operating in the US. That’s the only logical explanation for why the FBI would use an individualized FISA court order to obligate Yahoo to adapt their kiddie porn filter to search for a signature used by what NYT describes as state sponsored terrorists.

Although the digital signature was individually approved by a judge, who was persuaded that there was probable cause to believe that it was uniquely used by a foreign power, the collection was unusual because it involved the systematic scanning of all Yahoo users’ emails. More typical surveillance court orders instead target specific user accounts.

[snip]

In fact, according to the government official and other people familiar with the matter, Yahoo was served with an individualized court order to look only for code uniquely used by the foreign terrorist organization, and it adapted the scanning systems that it already had in place to comply with that order rather than building a new capability.

Now, I don’t find this explanation all that plausible, because if there were real state-sponsored terrorists operating in the US, the US would be bombing the shit out of the country in question. Pakistan and Saudi Arabia sponsor terrorists, but they’re our friends and we try to overlook the way they foster terrorism. So I’m betting these aren’t real terrorists, but instead entities the government has told the FISA Court are terrorists to make it possible to approve things they otherwise would find questionable. Plus, it sounds so much cooler when you make such explanations than if you admit you were scanning all Yahoo users’ emails to search for hackers.

I’m going to wildarseguess that this really means the US had a line on Iranian Revolutionary Guard hacking techniques. I say that because the government has long argued that Iran (or at least, the Revolutionary Guard) is a terrorist organization so it can use fancy spy tools that have only been approved for terrorism uses. It’s a bullshit claim, but one the FISC has consistently approved going back years, probably to 2006 (and one OLC almost certainly approved under Stellar Wind). If this operation had happened two months later, after USA Freedom Act expanded the definition of foreign power to within two degrees of proliferators, they might have used that excuse, but back then, piggybacking a terrorist claim onto the use of the foreign government tie would provide the most impressive claim to need to scan domestically.

We even know the IRGC uses Yahoo, because that’s what NSA was collecting on in 2011 when someone spamouflaged key IRGC accounts at precisely the moment we were trying to entrap a top IRGC commander in the Scary Iran Plot.

And while the request to Yahoo came at a later time, we know that the US was aggressively going after Iranian hackers at least in late 2014 because they were targeting banks. DOJ would go on to indict a bunch of Iranians for, among other things, hacking a very small dam.

So rest assured, Yahoo users! FBI only made Yahoo scan your emails because it was hunting terrorists in your inbox.

But remember, that also means there are real state-sponsored terrorists — and not just ISIS wannabes — among us.

Update: Revolutionary for Republican fixed.

HAL (er, um, BAH) Bites NSA

/6 Comments/in /by

Way back in August, the government arrested a guy named Harold Thomas Martin III, who goes by Hal. Someone leaked news of the arrest to some of a who’s who list of NYT reporters — including Adam Goldman, Jo Becker, Michael Schmidt, David Sanger, Scott Shane, Matt Apuzzo, and Mark Mazzetti — who wrote what was originally a four paragraph story noting Martin is a Booz contractor and he is suspected of “taking the highly classified ‘source code’ developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea.” That is, the leak suggested that the FBI had found their Shadow Brokers culprit.

The story has since been updated to include, among other things, a claim from an “Administration official” that “investigators suspected that Mr. Martin might have taken the material before Mr. Snowden’s actions became public,” which is rather curious since the classified documents described in the DOJ announcement on the arrest are six 2014 documents obtained from sensitive intelligence that were found in his house and vehicle.

The complaint alleges that among the classified documents found in the search were six classified documents obtained from sensitive intelligence and produced by a government agency in 2014. These documents were produced through sensitive government sources, methods, and capabilities, which are critical to a wide variety of national security issues. The disclosure of the documents would reveal those sensitive sources, methods, and capabilities.

Martin may have started taking documents before Snowden, but if DOJ’s allegations are true, he was able to continue even after Snowden (and would have needed to if he were actually the Shadow Broker source).

The conflicting information on this suggests that DOJ doesn’t have any fucking clue what Hal Martin did yet, or why he did it. FBI was clearly trying to figure that out while someone was leaking to everyone at the NYT in terms that suggested the FBI had found the Shadow Brokers source (including the completely bullshit emphasis on Russian and Chinese targets, ignoring how many American companies have been exposed in the Shadow Brokers leak).

Or perhaps not.

The original Shadow Brokers announcement was (as Rayne’s timeline lays out) on August 15. Martin was arrested on August 27. Since that time there have been two more Shadow Brokers announcements, one of little import that seems to mock Asian diction posted on PasteBin on August 28, and another bizarre self-interview posted on Medium last week. In my quick review the voice of those posts is different from the original (as is the claimed political bent). So it is possible the FBI has kept Martin’s arrest secret to try to lure in someone else with further SB announcements.

Or maybe Martin just stupidly brought work home and is fucked because the NSA believes or believed he could be the source of the Shadow Brokers documents, and they need a scapegoat and he’ll do fine. Good thing he is being represented by the same public defender who got Thomas Drake off with a plea deal.

Which leaves the one certainty we can take away from this thus far. Booz Allen Hamilton — which just got $144 million in new DOD business yesterday (h/t Tim Shorrock) — needs a lot more scrutiny in its ability to keep the nation’s secrets safe … and may well need to lose a lot of business.

Wednesday: This One Day

/9 Comments/in , , /by

In this roundup: British fascists rise, smart fridge serves porn, and a Zika overview.

Today’s featured short film by Crystal Moselle is about finding one’s tribe, finding one’s place, crossing the threshold to adulthood in the safety of community. Men may not feel this one as keenly as women will. Many of us are skating alone, running into obstacles set before us simply because we are. With a little support we could skate the world.

Love how Bikini Kill’s Rebel Girl plays us out at the end. That.

Brexit and broken

  • Ian Dunt: Tories have become Ukip (Politics.co.uk) — Op-ed looks at UK’s Conservative Party and its aggressive shift toward white nationalism.
  • No joke: UK’s Home Secretary sounds like a Nazi (LBC) — Seriously, read the link. Can’t tell Amber Rudd’s speech from Hitler’s Mein Kampf.
  • The Daily Mail as Tories’ key influencer (OpenDemocracy) — Anthony Barnett looks at the Mail’s succession to Murdoch’s right-wing propaganda mill. The Mail was one of the two largest traditional media influences on right-wing politicians and Brexit voters (the other being NewsCorp’s The Sun); an American parallel would be the shift in media influence on public opinion as Fox News gave way to a more rightest, Trump-friendly CNN. We don’t trust CNN any more than we do Fox, and the UK shouldn’t trust the Mail any more than it should trust The Sun.
  • Theresa May’s Tory Conference speech: fascism wearing a progressive mask (VICE) — May isn’t well known by either UK or US public; her speech this week to her own party gave us a better look at the politician, and she’s not at all pretty. May uses progressive language to make her case, but what she’s really pushing is outright fascism.
  • Unwinding a country rich in diversity (OpenDemocracy) — University of Birmingham lecturer and Oxford University research associate Nando Sigona looks at the United Kingdom as an EU citizen. How does a small but densely populated country — land mass the size of Michigan with a population equal to California and Texas combined — move away from the diversity which has made it rich for millennia? Imagine one of those U.S. states (MI/CA/TX) suddenly telling anyone not ‘native’ to that state to leave; what would it do to that state, let alone the people who must leave? It’s not tenable.
  • 80th anniversary of East London’s Battle of Cable Street (Guardian) — The British have apparently forgotten their history and are now condemned to repeat it. Who is this generation’s Oswald Mosely: Boris Johnson, Nigel Farage, Michael Gove, Theresa May? With attacks on immigrants increasing, the new blackshirts already make their presence known; they only lack a Mosely.

Still skeptical about Tories’ aggression? Just look at this tweet from Tim Colburne, former deputy chief of staff for LibDem Party’s Nick Clegg. This is not the work of a party working for business interests. We are watching a new Nazism rapidly engulfing the United Kingdom. I doubt it will remain united much longer at this pace.

Keep in mind some of the foreign workers and children the Tories (and Ukip) want identified are U.S. citizens.

Elsewhat, elsewhere

Cybernia, ho!

  • Ireland not happy about the Yahoo email scandal (ITNews-AU) — Ireland wants to know if Yahoo’s scanning emails on behalf of U.S. government compromises Irish citizens’ privacy. Germany’s Fabio de Masi, a member of the European Parliament, has also asked for more details. Yahoo’s scanning could put the brakes on a US-EU data sharing agreement.
  • Alleged terror plotter charged, had operating system in cufflink (Guardian) — Located in Cardiff, Wales, the accused also possessed a book on missile guidance and control; he was responsible for a blog with information about Isis and cyber-security guidance.
  • Smart refrigerator – now with Pornhub (The Register) — Didn’t manufacturers clue in about so-called smart refrigerators a couple years ago after they were hacked? Clearly not if it’s still possible to hijack displays on Internet of Things devices for porn.

Longread: Overview on Zika
This is a decent meta piece in Omni magazine. Article also points out simple preventive interventions to reduce Zika infections: air conditioning and window screens. Also suggests implementing these in Africa where other arbovirus diseases are endemic, like yellow fever, dengue, chikunguya as well as Zika — except AC will create a greater demand for electricity as well as manufacturing pressure for screens. Also doesn’t really deal with the fact more people are outside during daylight hours in warmer climates, and those who work outdoors (like farmers) have no choice. More comprehensive research on arboviruses is needed and work toward vaccines is probably cheaper, faster, and less taxing to the environment than scaling up electricity and manufacturing. Worth a read if flawed.

Phew. That’s enough for today. Thankfully it’s downhill from here. Catch you later!

Wednesday: Time Travel

/1 Comment/in , , /by

In this roundup: A short film about a mother’s time travel adventure, the Internet of Stupid Things, and more.

Read more

Yahoo’s Three Hacks

/4 Comments/in /by

As a number of outlets have reported, Yahoo has announced that 500 million of its users’ accounts got hacked in 2014 by a suspected state actor.

But that massive hack is actually one of three interesting hacks of Yahoo in recent years.

2012 alleged Peace affiliated hack

In August, Motherboard reported — and reported to Yahoo — that the hacker known as Peace, who may have ties to Ukrainian and/or organized crime and also sold the MySpace and Linked In credentials, was selling credentials from what he said were 200 million accounts hacked in 2012. But when Motherboard tried to verify the data, some of it came back as out of date or invalid.

According to a sample of the data, it contains usernames, hashed passwords (created with md5 algorithm), dates of birth, and in some cases back-up email addresses. The data is being sold for 3 bitcoins, or around $1,860, and supposedly contains 200 million records from “2012 most likely,” according to Peace. Until Yahoo confirms a breach, however, or the full dataset is released for verification, it is possible that the data is collated and repackaged from other major data leaks.

[snip]

Motherboard obtained a very small sample of the data—only 5000 records—before it was publicly listed, and found that most of the two dozen Yahoo usernames tested by Motherboard did correspond to actual accounts on the service. (This was done by going to the login section of Yahoo, entering the email address, and clicking next; when the email address wasn’t recognised, it was not possible to continue.)

However, when Motherboard attempted to contact over 100 of the addresses in the sample set, many returned as undeliverable. “This account has been disabled or discontinued,” read one autoresponse to many of the emails that failed to deliver properly, while others read “This user doesn’t have a yahoo.com account.”

2014 state actor hack

Yahoo claims it discovered the 500 million user hack in its investigation of the Peace allegations in August. The details being released now, in particular the encryption used with the account, vary from what Peace claimed in August.

A source familiar with the investigation told Motherboard on Thursday that, although no direct evidence was found to support Peace’s claims, Yahoo conducted a broader investigation, and during that time, they found the attack from what they described as a state-sponsored actor in 2014. The source declined to provide any evidence that the attack was state-sponsored, but said that the company strongly believed it to be the case.

According to Yahoo’s announcement, the majority of passwords were hashed with the strong hashing function bcrypt, meaning that hackers will have a much harder time at obtaining many users’ real passwords. The source claimed that only a very small percentage of password hashes were not bcrypt.

Note, while Yahoo is claiming this was a hack done by a state actor, it has not said what state actor.

Also, Yahoo appears to be suggesting that Peace’s claim he had Yahoo credentials was not true. Though, given that Yahoo is being acquired by Verizon at the moment, they would have an incentive to claim they didn’t know about this massive hack earlier.

2016 individual hack tied to DNC

Finally, an individualized hack of a Yahoo user — DNC consultant Alexandra Chalupa — was an independent source of the claim that DNC hackers might have ties to Russia or Ukraine. While the hack was evident from emails released by WikiLeaks, Chalupa had worked with Yahoo’s Michael Isikoff previously and he added details explaining her suspicions about the timing.

“I was freaked out,” Chalupa, who serves as director of “ethnic engagement” for the DNC, told Yahoo News in an interview, noting that she had been in close touch with sources in Kiev, Ukraine, including a number of investigative journalists, who had been providing her with information about Manafort’s political and business dealings in that country and Russia.

“This is really scary,” she said.

[snip]

Chalupa’s message, which had not been previously reported, stands out: It is the first indication that the reach of the hackers who penetrated the DNC has extended beyond the official email accounts of committee officials to include their private email and potentially the content on their smartphones. After Chalupa sent the email to Miranda (which mentions that she had invited this reporter to a meeting with Ukrainian journalists in Washington), it triggered high-level concerns within the DNC, given the sensitive nature of her work. “That’s when we knew it was the Russians,” said a Democratic Party source who has knowledge of the internal probe into the hacked emails. In order to stem the damage, the source said, “we told her to stop her research.”

A Yahoo spokesman said the pop-up warning to Chalupa “appears to be one of our notifications” and said it was consistent with a new policy announced by Yahoo on its Tumblr page last December to notify customers when it has strong evidence of “state sponsored” cyberattacks.

Significantly, this story, at least, claims this (and not cyber consultant CrowdStrike) is where DNC certainty that the hack was perpetrated by Russians came from.

Note that Chalupa’s Yahoo address was also affected in the Linked In hack, which exposed a simple password.

For now, I’m just presenting these three separate hacks as data points of interest.

Wednesday: Big Wheels Turning

/4 Comments/in , , , , /by

Hard to believe this was made in 1982. Yeah, the production quality doesn’t match today’s digital capabilities, but the story itself seems really prescient. How can an ethically-compromised bloviating bigot manage to fumble his way into office?

Now you know. Bet you can even offer constructive feedback on how director Danny DeVito could update this script for today’s social media-enhanced election cycle.

Self-Driving Vehicles

  • NHTSA issues guidelines for self-driving cars (Detroit Free Press) — FINALLY. But is it a bit too late now that Uber already has a fleet on the streets of Pittsburgh and Tesla has been running beta cars? Let’s face it: the federal government has been very slow to acknowledge the rise of artificial intelligence in any field, let alone the risks inherent in computer programming used in vehicles. We’re literally at the end of a two-term presidency, on the cusp of entirely new policies toward transportation, and NOW the NHTSA steps in? We need to demand better and faster rather than this future-shocked laggy response from government — and that goes for Congress as well as the White House. Congress fails to see the importance of early regulation in spite of adequate warning:

    Legislators warned automakers at the 15 March Senate hearing that the governing body took a dim view of the industry’s ability to self-regulate. “Someone is going to die in this technology,” Duke University roboticist Missy Cummings told the US Senate during a tense hearing where she testified alongside representatives from General Motors and Delphi Automotive, among others.

    Senators Ed Markey and Richard Blumenthal, who questioned car executives at the hearing, had cosponsored a 2015 bill to regulate self-driving automobiles. The bill was referred to committee and never returned to the floor. [source: Guardian]

    In the mean time, we have an initial 15-point guideline the NHTSA wants to address; are they enough? Is a guideline enough? Witness Volkswagen’s years-long fraud, flouting laws; without more serious consequences, would a company with Volkswagen’s ethics pay any heed at all to mere guidelines? Are you ready to drive on the road with nothing but non-binding guidelines to hold makers of autonomous cars accountable?

  • Multiple Tesla car models hackable (Keen Security Lab) — Check this video on YouTube. At first this seems like an innocuous problem, just lights, mirrors, door locks…and then * boom * the brakes while driving. These same functions would also be controlled by AI in a self-driving car, by the way, and they’re already on the road. This is exactly what I mean by the feds being slow to acknowledge AI’s rise.
  • ‘OMG COOL’-like impressions from early self-driving Uber passengers (Pittsburgh Post-Gazette) — Criminy. The naïveté is astonishing. Of course this technology seems so safe and techno-cool when you have an Uber engineer and programmer along for the ride, offering the illusion of safety. Like having a seasoned, licensed taxi driver. Why not just pay for an actual human to drive?
  • Tesla caught in back-and-forth with Mobileye (multiple sources) — After analyzing the May 2016 fatal accident in Florida involving Tesla’s semi-autonomous driving system, Tesla tweaked the system. The gist of the fatal accident appears to have been a false-positive misinterpretation of the semi-trailer as an overhead road sign, for which a vehicle would not slow down. But this particular accident alone didn’t set off a dispute between Tesla and the vendor for its Autopilot system, Mobileye. Another fatal accident in China which occurred in January was blamed on Tesla’s Autopilot — but that, too, was not the point of conflict between Tesla and its vendor. Mobileye apparently took issue with Tesla over “hands on” versus “hands-free” operation; the computer vision manufacturer’s 16-SEP press release claims Tesla said the Autopilot system would be hands on but was rolled out in 2015 as hands-free. Mobileye may also have taken issue with how aggressively Tesla was pursuing its own computer vision technology even before the two companies agreed to end their relationship this past July.  A volley of news stories over the last two weeks suggest there’s more going on than the hands on versus hands-free issue. Interestingly enough, the burst of stories began just after a hacker discovered there’s a previously undisclosed dash cam capturing shots of Tesla vehicle operations — and yet only a very small number of the flurry of stories mentioned this development. Hmm. Unfortunately, the dash cam feature would not have captured snaps for the two known fatal accidents because the nature of the accidents prevented the camera from sending images to Tesla servers.

Artificial Intelligence

  • The fall of humans is upon us with our help (Forbes) — this article asks what happens when white collar jobs are replaced by artificial intelligence. Oh, how nice, Forbes, that you worry about the white collar dudes like yourselves but not the blue collar workers already being replaced.How about discussing alternative employment for 3.5 million truck drivers?
    Or the approximately 230,000 taxi drivers?
    How about subway, streetcar, and tram operators (number of which I don’t currently have a number)?
    How about the administrative jobs supporting these workers?This is just a portion of transportation alone which will be affected by the introduction of AI in self-driving/autonomous vehicles. What about other blue collar jobs at risk — like fast food workers, of which there are 3.5 million? And we wonder why Trump appeals to a certain portion of the working class. He won’t be informed at all about this, will not have a solution except to remove persons of color as competition for employment. But the left must develop a cogent response to this risk immediately. It’s already here, the rise of machines as AI and algorithmic replacements for humans. Let’s not wait for the next Luddite rebellion V.2.0 — or is Trump’s current support the rebellion’s inception?
  • But every business needs AI! (Forbes) — Uh…no conflict here at all with the previous article. Nope. Just playing the refs. Save America, people, just keep buying!(By the way, note how this contributor touts Hello Barbie chatbot as a positive sign, though Mattel’s internet-enabled Barbie products have had some serious problems with security.)
  • The meta-threat of artificial intelligence (MIT Technology Review) — Doubt my opinion? Don’t take it from me, then, take it from experts including one who plans to make a fortune from AI — like Elon Musk.

Longread: Academia becomes the new white collar underclass
You may have noted Long Island University-Brooklyn’s 12-day lockout which was not really resolved last week but deferred by a contract extension. The dispute originated over a pay gap between Brooklyn and two other better paid LIU campuses. Ridiculous sticking point, given the small distance between these campuses LIU barred instructors from campus and halted their benefits during the lockout. Students walked out, infuriated by the temps who subbed in for the locked-out instructors — a cafeteria worker in one case filled in for an English instructor. LIU’s walkout won’t be the only such conflict over academic wages. To understand the scale of the problem, you’ll want to read this piece at Guernica, which explains how academia is being shaken down across the U.S., not just in Brooklyn. I remember asking an academic administrator back in 2006 what would happen when secondary education was commodified; they couldn’t imagine it ever happening. And now the future has arrived. What are we going to do about this while retaining U.S. standard in education?

Hope you’re liking the site revamp! Do leave a comment if you find anything isn’t working up to snuff.