A Cosmopolitan Defense of Snowden

/22 Comments/in , /by

A bunch of human rights groups have started a campaign calling on President Obama to pardon Edward Snowden, to coincide with the release of the Snowden movie today.

With regards to Snowden’s fate, I believe — as I have from the start — that US interest would have been and would be best served if a safe asylum for Snowden were arranged in a friendly country. I had said France at the time, but now Germany would be the obvious location. Obama is not going to pardon Snowden, and Presidents Hillary or Trump are far less likely to do so, not least because if a president pardoned Snowden it would be an invitation for a metaphorical or literal assassination attempt. But I also think it would have always served US interests to keep Snowden out of a place like Russia. That ship has already sailed, but I still think we insist on making it impossible for him to leave Russia (by pressuring allies like Germany that might otherwise have considered asylum) largely out of self-destructive motives, an urge to prove our power that often overrides our interests.

That’s all background to recommending you read this post from Jack Goldsmith arguing against pardon for Snowden. While I disagree with big parts of it, it is the most interesting piece I’ve seen on the Snowden pardon question, for or against.

Like me, Goldsmith believes there’s no chance Snowden will get a pardon, even while admitting that Snowden’s disclosures brought worthwhile transparency to the Intelligence Community. Unlike me, he opposes a pardon, in part, because of the damage Snowden did, a point I’ll bracket for the moment.

More interestingly, Goldsmith argues that a pardon should be judged on whether Snowden’s claimed justification matches what he actually did.

Another difficulty in determining whether a pardon is warranted for Snowden’s crimes is that the proper criteria for a pardon are elusive.  Oliver Wendell Holmes once declared that a pardon “is the determination of the ultimate authority that the public welfare will be better served by inflicting less” than what the criminal law specified.  But how to measure or assess the elusive public welfare?  The Constitution delegates that task exclusively to the President, who can use whatever criteria he chooses.  Many disagreements about whether a pardon is appropriate are at bottom disagreements about what these criteria should be.  Some will question whether Snowden should be pardoned even if his harms were trivial and the benefits he achieved were great.  Indeed, presidents don’t usually grant pardons because a crime brought benefits.  My own view is that in this unusual context, it is best to examine the appropriateness of a pardon in the first instance through an instrumental lens, and also to ask how well Snowden’s stated justification for his crimes matches up with the crimes he actually committed.

Goldsmith goes on to engage in what I consider a narrowly bracketed discussion of Snowden’s leaks about violations of US law (for example, he, as everyone always does, ignores NSA double dipping on Google and Yahoo servers overseas), claiming to assess whether they were violations of the Constitution, but in fact explicitly weighing whether they were a violation of the law.

His exposure of the 702 programs (PRISM and upstream collection) is harder to justify on these grounds, because these programs were clearly authorized by public law and have not sparked nearly the same criticism, pushback, or reform.

After substituting law for Constitution, the former OLC head (the guy who approved of much of Stellar Wind by claiming FISA exclusivity didn’t really mean FISA exclusivity) makes what is effectively an Article II argument — one nowhere nearly as breathtaking as Goldsmith’s Stellar Wind one. Most of Snowden’s leaks can’t be unconstitutional, Goldsmith argues, because they took place overseas and were targeted at non-US persons.

What I do not get, and what I have never seen Snowden or anyone explain, is how his oath to the U.S. Constitution justified the theft and disclosure of the vast number of documents that had nothing to do with operations inside the United States or U.S. persons.  (Every one of the arguments I read for Snowden’s pardon yesterday focused on his domestic U.S. revelations and ignored or downplayed that the vast majority of revelations that did not involve U.S. territory or citizens.)  To take just a few of hundreds of examples, why did his oath to the Constitution justify disclosure that NSA had developed MonsterMind, a program to respond to cyberattacks automatically; or that it had set up data centers in China to insert malware into Chinese computers and had penetrated Huawei in China; or that it was spying (with details about how) in many other foreign nations, on Bin Laden associate Hassam Ghul’s wife, on the UN Secretary General,  and on the Islamic State; or that it cooperates with intelligence services in Sweden and Norway to spy on Russia?; and so on, and so on.  These and other similar disclosures (see here for many more) concern standard intelligence operations in support of national security or foreign policy missions that do not violate the U.S. Constitution or laws, and that did extraordinary harm to those missions.  The losses of intelligence that resulted are not small things, since intelligence information, and especially SIGINT, is a core element of American strength and success (and not just, as many seem to think, related to counterterrorism).  It doesn’t matter that leaks in this context sparked modest reforms (e.g., PPD 28).  The Constitution clearly permits foreign intelligence surveillance, and our elected representatives wanted these obviously lawful practices to remain secret.

Having laid out a (compared to his Stellar Wind defense) fairly uncontroversial argument about the current interpretation of the Constitution reserving wiretapping of non-Americans to the President (though my understanding of the actual wiretapping in the Keith decision, of Americans in Africa, would say Presidents can’t wiretap Americans overseas without more process than Americans’ communications collected under bulk collection overseas currently get), Goldsmith goes onto make his most important point.

The real defense of Snowden stems not from our own Constitution, but from a moral and ethical defense of American values.

What might be the moral and ethical case for disclosing U.S. intelligence techniques against other countries and institutions?  (I will be ignore possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.)  I think the most charitable moral/ethical case for leaking details of electronic intelligence operations abroad, including against our adversaries, is that these operations were harming the Internet, were hypocritical, were contrary to American values, and the like, and Snowden’s disclosures were designed to save the Internet and restore American values.  This is not a crazy view; I know many smart and admirable people who hold it, and I believe it is ethically and morally coherent.

This is a remarkable paragraph. First, it defines what is, I think, the best defense of Snowden. American values and public claims badly conflict with what we were and still are doing on the Internet. I’d add, that this argument also works to defend Chelsea Manning’s leaks: she decided to leak when she was asked to assist Iraqi torture in the name of Iraqi liberation, a dramatic conflict of US stated values with our ugly reality.

But the paragraph is also interesting for the way Goldsmith, almost as an aside, “ignore[s] possible cosmopolitan impulses for Snowden’s theft and leaks, which I think damage the case for a pardon for violations of U.S. law.” I take this to argue that if you’re leaking to serve some universal notion of greater good — some sense of world citizenship — then you can’t very well ask to be pardoned by US law. Perhaps, in that case, you can only ask to be pardoned by universal or at least international law. I’ll come back to this.

Goldsmith contrasts the moral and ethical case based on American values with his own, a moral and ethical one that justifies US spying to serve US interests in a complex and dangerous world.

But it is also not a crazy view, and it is also ethically and morally coherent, to think that U.S. electronic intelligence operations abroad were entirely lawful and legitimate efforts to serve U.S. interests in a complex and dangerous world, and that Snowden’s revelations violated his secrecy pledges and U.S. criminal law and did enormous harm to important American interests and values.

For the record, I think Snowden has said some of US spying does serve US interests in a complex and dangerous world. But from that view, the old defender of Article II argues that a President — the guy or gal who by definition is the only one can decide to pardon Snowden — must always adhere to the latter (Goldsmith’s) moral and ethical stance.

Unfortunately for Snowden’s pardon gambit,  President Obama, and any one who sits in the Oval Office charged with responsibility for American success around the globe, will (and should) embrace the second moral/ethical perspective, and will not (and should not) countenance the first moral/ethical perspective, which I take to be Snowden’s.

Goldsmith then ends where I began, with a more polite explanation that any president that pardoned Snowden would be inviting metaphorical or literal assassination. He also suggests the precedent would lead to more leaks. But that seems to ignore 1) that Snowden leaked even after seeing what they did to Manning (that is, deterrence doesn’t necessarily work) 2) the Petraeus precedent has already exposed the classification system as one giant load of poo.

Anyway, by my reading, Goldsmith argues that this debate pits those motivated out of American values versus those motivated out of perceived American interests, and that any President must necessarily operate from the latter.

I’m interested in that because I think the former motivation really does explain a goodly number of the leakers and whistleblowers I know. People a generation older than me, I think, may have been true believers in the fight against the Evil Empire during the Cold War, only to realize we risk becoming the Evil Empire they spent their life fighting. Every time I see Bill Binney, he makes morbid cracks about how he was the guy who invented “Collect it all,” back when he was fighting Russia. People a generation younger than me — Snowden, Manning, and likely a lot more — more often responded out of defense of all that is great in America after 9/11, only to find that that we have not adhered to that greatness in prosecuting the war on terror. These are gross generalizations. But I think the conflict is real among a lot of people, and it’s one that will always fight increasingly diligent efforts to tamp down dissent.

That said, I want to note something else Goldsmith did, while making his aside that anyone making a cosmopolitan defense of Snowden cannot ask for a pardon under US law (a view I find fairly persuasive, which may be why I think a reasonable outcome is for Snowden to live out his life in Germany). In making that aside, Goldsmith effectively dismissed the possibility that living US values rather than interests might be both cosmopolitan and in our national interest.

I’ve talked about this repeatedly — the degree to which Snowden’s disclosures (and, to a lesser extent, Manning’s) served to expose some lies that are critical to American hegemony. Our hegemonic position relies — according to people like Goldsmith and, perhaps in reality, though the evidence is mixed — on our global dragnet, which in turn serves our global military presence. But it has also relied on an ideology, every bit as important as ideology was during the Cold War, that espoused democracy and market capitalism and, underscoring both of those, a belief in the worth of every individual (and by extension, individual nation) to compete on equal terms. Without that ideology, we’re just a garden variety empire, which is a lot harder to sustain because it requires more costly (in terms of dollars and bodies) coercion rather than persuasion.

And Snowden’s leaks showed we used our preferential position astride the world’s telecommunications network and our claim to serve freedom of expression to serve as the hegemon. Hell, the aftermath of that shows it even more! Country after country has backed off giving Snowden asylum — the proper cosmopolitan resolution — because the US retains enough raw power and/or access to the fruits of the dragnet to persuade countries that’s not in their “interest.”

This is an issue that has gotten far too little attention in the wake of the Snowden leaks: to what degree is the cost of the Snowden leaks measured in terms of exposing to the subjects of our hegemon facts that their leaders already knew (either because they were and are willing co-participants in the spying or knowledgeable adversaries engaged in equally ambitious but less effective surveillance)? I don’t doubt there are individual programs that have been compromised, though thus far the IC has badly hurt its case by making claims (such as that Al Qaeda only adopted encryption in response to Snowden, or that Snowden taught terrorists how to use burner phones) that are easily falsifiable. But a big part of the leaks are about the degree to which the US can (and does passively in many cases via bulk collection) spy on everyone.

But to me, the big cost has been in terms of exposing America’s hegemonic ideology as the fiction that ideologies always become if they aren’t from the start.

Note, I fully accept that that may be an unacceptable cost. America’s hegemony was already weakening; I believe Snowden’s disclosures simply accelerated that. It is absolutely possible that the weakening of US hegemony will create a vacuum of power that will leave chaos. That chaos may, may have already, led to a desire for strongmen in response. There were outside factors playing into all of this. The Iraq War did far more to rot America’s hegemonic virtue than Edward Snowden’s leaks ever could have. And it’s not clear that an empire based on oil can provide the leadership we need to fight climate change, which will increasingly be the source of chaos. But I accept that it is possible Snowden accelerated a process that may lead to horrible outcomes.

Here’s the thing, though: this younger generation of leakers — of dissident servants of the hegemon — don’t need to be cured of a lifetime of ideology. It may take, as it did with Manning, no more than critical assessment of some flyers confiscated by our so-called partners in liberation for the ideology cementing our hegemonic authority to crumble.

Our hegemony depends on the ideology of our values. That seems to both have been the trigger for and may justify the cosmopolitan interest in exposing our hypocrisy. And whether or not Americans should give a shit about the freedom of non-American subjects of the hegemon, to the extent that servants of that ideology here find the hypocrisy unsustainable, we’re likely to have more Mannings and more Snowdens.

Our global dragnet may very well serve the ethics of those who serve presidentially-defined American interests. As such, Snowden’s leaks are surely seen as unforgivable damage.

But it is also possible that American hegemony is only — was only — sustainable to the degree that we made sure that global dragnet was limited by the values that have always been critical to the ideology underlying our hegemony.

FBI can’t pretend to be the AP without special approval. They can pretend to be Apple.

/6 Comments/in /by

As a number of outlets have reported, the DOJ IG just released a report on FBI’s impersonation of a journalist in 2007. The FBI pretended to be the AP to catch a high school student making bomb threats.

As I will explain in more detail in a follow-up post, the IG report somewhat exonerated the Agents who engaged in that effort. It also gives reserved approval of an interim policy FBI adopted this June (that is, well after the press complained, and just as the IG was finishing this report) that would prevent the FBI from pulling a similar stunt without higher level approval.

But some of the details in the report — as well as one of its recommendations — suggests that the FBI would still be able to pretend to be a software company making a software update. Here’s the recommendation.

Recommendation 2: The FBI should consider the appropriate level of review required before FBI employees in a criminal investigation use the name of third party organizations or businesses without their knowledge or consent.

As the report explains, this concern arises because FBI policies on undercover activities distinguishes between impersonating a biological person and a corporate one.

Finally, as we described in Section III of this report, we learned during the course of this review that while FBIHQ approval is required to use a third person’s “online identity” in undercover online communications or to make “untrue representations . . . concerning the activities or involvement of any third person” without that person’s knowledge or consent, special approval was not required to use the identity of an organization or business in undercover online communications or in other undercover activities. The new interim policy changes that policy as it relates to news organizations, but does not address this issue with regard to non-news organizations or businesses. We think the Department should consider the appropriate level of review necessary before agents in a criminal investigation are allowed to use the name of a third-party organization or business without its knowledge or consent, in light of the potential impact that use might have on the third party’s reputation.30

30 After reviewing a draft of this report, the FBI provided comments explaining that the heightened level of review and approval required for FBI employees to pose as members of the news media was introduced because such activity potentially could “impair news-gathering activities” under the First Amendment, but that such constitutional considerations do not apply to businesses and other third parties. Our recommendation, however, does not rely on equating the reputational interests of some third party organizations and businesses with the constitutional interests of others. We believe that reputational interests, and the potential impact FBI investigations can have on those interests, are themselves sufficiently important to merit some level of review before FBI employees use the names of third party organizations or businesses without their knowledge or consent. [my emphasis]

The new policy requires additional approvals before the FBI can pretend to be a news-gathering organization, but only requires that higher approval for news-gathering organizations, not other corporate entities.

In other words, FBI is only imposing these new restrictions because by pretending to be a journalist, it might impair the news-gathering activities under the First Amendment. But the FBI doesn’t care about the reputational harm that its undercover activities might do to non news media corporations.

And there’s nothing here that would prohibit the FBI to engage in the most obvious undercover activity to accomplish the same objective they had in the bomb threat case: to get someone to click a link that would, unbeknownst to the target, infect their computer with malware.

In other words, by all appearances, the FBI can’t infect you with malware by pretending they want to interview you, but they could infect you with malware by pretending they want to update your software.

A Busy Day for the Bears

/18 Comments/in , /by

Yesterday, there were three arguably big events associated with stolen records alleged to have ties to Russia’s GRU.

Simon Biles treats her ADHD

The first is the leak, by a group explicitly calling itself Fancy Bear (though the hack was once tied to Polish Anonymous), of anti-doping agency records showing the Williams sisters and Simone Biles all got approval for and took drugs on a list of otherwise banned substances. While there are no allegations of impropriety — indeed, Biles explained that in her case the exception involved treating ADHD — the story got covered by the major international press, including the Beeb, NBC, and NYT.

Colin Powell rants

The second alleged-Bear event is the release of Colin Powell emails, obtained by DC Leaks, to The Intercept, BuzzFeed, and Politico. The emails include quite recent ones, including one from August 26. Powell now uses GMail, suggesting his emails should be harder to hack than (for example) his State emails on AOL or emails run on a private server. Whether you worry about Russian influence or not, this hack is quite newsworthy.

There are embarrassing emails with Powell asserting that “Everything HRC touches she kind of screws up with hubris,” as well as emails with Powell complaining about Trump’s racism and the press’ stoking of it.

The emails are not limited to election-related ones, either. They also include correspondence between Powell and Jack Straw and how the Chilcot report got buried in all the Brexit news.

Guccifer 2 goes mainstream

dncarchitecture_mc

Finally, there was the “appearance” at a security conference by Guccifer 2.0, the guy who has released the DNC emails that gave the Democrats an excuse to force Debbie Wasserman Schultz’s to resign, though they had been looking for an excuse for some time.

In point of fact, Guccifer 2.0 didn’t appear in person at the conference. Rather, he sent a speech which got read at the conference, with the transcript released to journalists. The speech focused on the negligence of software companies in security. Guccifer went on for several paragraphs about the power and sloppiness of tech companies, arguing they were to blame for hacks.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It’s well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.

They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn’t mean they will produce better software. That means they will get even more money in return.

Then he returned to a claim he has made on two earlier occasions: that he hacked DNC via a vulnerability in VAN.

So, what’s the right question we should ask about cyber crime?

Who hacked a system?

Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?

How I hacked the DNC???

Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.

Their software is full of holes. And you knew about it even before I came on stage.

You may remember Josh Uretsky, the national data director for Sander’s presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.

However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN’s raw software which had holes and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah?

This scheme shows how NGP VAN is incorporated in the DNC infrastructure.

One of two schemes released with the speech appears above.

Now, Guccifer’s allegation — tying vulnerabilities in the VAN software to his own hack — could be newsworthy. Recall, after all, that one excuse the Bernie staffer gave for nosing around Hillary’s side of VAN was that Sanders’ own data had been compromised earlier that year. Importantly, Guccifer’s persistent focus on VAN, which was a signature moment in Sanders’ voters disillusionment with the DNC conduct in the election, would provide an alternative motive for this hack rather than just a Putinesque plot to tamper with Hillary’s election.

Thing is, there’s nothing in the materials released on VAN that indicates any particular vulnerability (though the dump does include some dated information on DNC’s computer security): effectively Guccifer makes an allegation but — at least from what I’ve seen and heard from a few people who know security better — doesn’t deliver the goods.

Indeed, while there are documents acknowledging the kind of pay-to-play appointments for big donors that both parties practice, and some other financial data that I suspect may prove more interesting with further scrutiny, there’s nothing really newsworthy in this dump. It seems to be interesting primarily to Bernie diehards, not the press generally, which is rightly more interested by the Powell emails.

Which, again, emphasizes how much Guccifer has been feeding Bernie diehards, either out of his own motivation or his handler’s. It is worth noting that while Guccifer claims to oppose Trump’s policies, he did say this about Sanders: “I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!”

Why stomp on the Bears other big blasts?

Which has me wondering about yesterday generally. If someone is orchestrating all these leaks, why have Guccifer “give a speech” on the same day as two highly managed releases, especially given that Guccifer failed to deliver the goods? Indeed, why invite Guccifer to, or have him accept an invitation from, a pretty staid security conference at all?

And what is the role of Darren Martyn, a LulzSec Irish hacker who was indicted along with Jeremy Hammond but apparently never extradited. He’s apparently the one who read Guccifer’s speech. Which raises all sorts of questions about Guccifer’s ties to the Anon group of hackers, or maybe also to what Martyn has been doing since he was indicted in the US.

Let me just close with an observation.

The Democrats have, rightly, been worried about what Guccifer will release closer to the election; I’ve heard specific concerns from connected Dems that he will release far more damning financial documents. The FBI, too, appears uncertain whether the set of documents Guccifer has is the same that the GRU-related hackers are believed to have spied on at the DNC. Thus, both the DNC and FBI would love to do something to make Guccifer show more of his hand.

Before this hack, we were all just waiting to see what Julian Assange, who is clearly maximizing damage to Hillary, will drop next.

And instead, by inviting Guccifer to appear at a conference, someone got Guccifer to drop an additional 700 MB of files while everyone is busy looking at the Powell emails.

 

The Misunderstandings of the Anti-Transparency Hillary-Exonerating Left

/13 Comments/in , /by

It wasn’t enough for Matt Yglesias to write a widely mocked piece calling for less transparency, now Kevin Drum has too. It all makes you wonder whether there’s some LISTERV somewhere — the successor to JOURNOLIST, from which leaked emails revealed embarrassing discussions of putting politics above principle, perhaps — where a bunch of center-left men are plotting about how to finally end the email scandal that Hillary herself instigated with a stupid decision to host her own email. Especially given this eye-popping paragraph in Drum’s piece:

Part of the reason is that Hillary Clinton is a real object lesson in how FOIA can go wrong when it’s weaponized. Another part is that liberals are the biggest fans of transparency, and seeing one of their own pilloried by it might make them take a second look at whether it’s gone off the rails. What we’ve seen with Hillary Clinton is not that she’s done anything especially wrong, but that a story can last forever if there’s a constant stream of new revelations. That’s what’s happened over the past four years. Between Benghazi committees and Judicial Watch’s anti-Hillary jihad, Clinton’s emails have been steadily dripped out practically monthly, even though there’s never been any compelling reason for it. It’s been done solely to keep her alleged corruption in the public eye.

Even setting aside that his piece generally ignores (perhaps, betrays no knowledge of) the widely-abused b5 exemption that already lets people withhold precisely the kinds of deliberations that Drum wants to kill FOIA over (and is used to withhold a lot more than that), this paragraph betrays stunning misunderstanding about the Clinton email scandal. Not least, the degree to which many of the delays have arisen from Clinton’s own actions.

It led me to go back to read this post, which engages in some cute spin and selective editing, but really gives up the game in this passage.

Oddly, the FBI never really addresses the issue of whether Hillary violated federal record retention rules. They obviously believe that she should have used a State email account for work-related business, but that’s about it. I suppose they decided it was a non-issue because Hillary did, in fact, retain all her emails and did, in fact, turn them over quickly when State requested them.

There’s also virtually no discussion of FOIA. What little there is suggests that Hillary’s only concern was that her personal emails not be subjected to FOIA simply because they were held on the same server as her work emails.

Of course the FBI never really addresses how Hillary violated the Federal Records Act. Of course the FBI never really addresses how Hillary tried to avoid FOIA. (Note too that Drum ignores that some of those “personal” emails have been found to be subject to FOIA and FRA and Congressional requests; they weren’t actually personal.)

That’s because this wasn’t an investigation into violating the Federal Records Act. As I wrote in this post summarizing Jim Comey’s testimony to Oversight and Government Reform:

The FBI investigation that ended yesterday only pertained to that referral about classified information. Indeed, over the course of the hearing, Comey revealed that it was narrowly focused, examining the behavior of only Clinton and four or five of her close aides. And it only pertained to that question about mishandling classified information. That’s what the declination was based on: Comey and others’ determination that when Hillary set up her home-brew server, she did not intend to mishandle classified information.

This caused some consternation, early on in the hearing, because Republicans familiar with Clinton aides’ sworn testimony to the committee investigating the email server and Benghazi were confused how Comey could say that Hillary was not cleared to have her own server, but aides had testified to the contrary. But Comey explained it very clearly, and repeatedly. While FBI considered the statements of Clinton aides, they did not review their sworn statements to Congress for truth.

That’s important because the committee was largely asking a different question: whether Clinton used her server to avoid oversight, Federal Record Act requirements, the Benghazi investigation, and FOIA. That’s a question the FBI did not review at all. This all became crystal clear in the last minutes of the Comey testimony.

Chaffetz: Was there any evidence of Hillary Clinton attempting to avoid compliance with the Freedom of Information Act?

Comey: That was not the subject of our criminal investigation so I can’t answer that sitting here.

Chaffetz: It’s a violation of law, is it not?

Comey: Yes, my understanding is there are civil statutes that apply to that. I don’t know of a crimin–

Chaffetz: Let’s put some boundaries on this a little bit — what you didn’t look at. You didn’t look at whether or not there was an intention or reality of non-compliance with the Freedom of Information Act.

Comey: Correct.

Having started down this path, Chaffetz basically confirms what Comey had said a number of times throughout the hearing, that FBI didn’t scrutinize the veracity of testimony to the committee because the committee did not make a perjury referral.

Chaffetz: You did not look at testimony that Hillary Clinton gave in the United States Congress, both the House and the Senate?

Comey: To see whether it was perjurious in some respect?

Chaffetz: Yes.

Comey: No we did not.

[snip]

Comey: Again, I can confirm this but I don’t think we got a referral from Congressional committees, a perjury referral.

Chaffetz: No. It was the Inspector General that initiated this.

Now, let me jump to the punch and predict that OGR will refer at least Hillary’s aides, and maybe Hillary herself, to FBI for lying to Congress. They might even have merit in doing so, as Comey has already said her public claims about being permitted to have her own email (which she repeated to the committee) were not true. Plus, there’s further evidence that Hillary used her own server precisely to maintain control over them (that is, to avoid FOIA).

As I said in my earlier post, I’m loathe to admit this, because I’d really like to be done with this scandal (I’d like, even more, to come up with sensible policy proposals like fixing email and text archiving to prevent this from happening in every presidential administration). All the questions about whether Hillary chose to keep her own server to avoid oversight (or, as Chaffetz asked today, to obstruct OGR’s investigation) has never been investigated by FBI. Those requests even have more merit than Democrats are making out — in part for precisely this reason, FBI has never considered at least some evidence to support the case Hillary deliberately avoided FRA, including a string of really suspicious timing. As I wrote in my other post, I also think they won’t amount to anything, in part because these laws (including laws prohibiting lying to Congress) are so toothless. But they are a fair question.

All that said, it is incorrect to take a report showing the FBI not charging Hillary for intentionally mishandling classified information and conclude from that that hers is an example of FRA and FOIA gone amuck. On the contrary. Hillary has never been exonerated for trying to avoid FOIA and FRA. The evidence suggests it would be hard to do that.

Guccifer 1’s Potentially Russian IP Address

/1 Comment/in /by

I’m a bit late to the FBI report on Hillary’s emails. I’m reading it now for all the details that don’t serve to reinforce one’s assumptions about Hillary’s email scandal (as the report honestly can do for all sides).

But I wanted to point to this detail. In the report’s short discussion of Guccifer 1’s hack of Sidney Blumenthal, the report suggests that Guccifer may have tried to hack Hillary in the days after hacking Blumenthal.

screen-shot-2016-09-07-at-3-05-04-pm

The passage is appropriately ambiguous. Guccifer (Lazar) successfully hacked Blumenthal on March 14, 2013. The next day — and again on March 19 and 21 — there were unsuccessful probes on Hillary’s server. The FBI suggests those may have been Guccifer, though states it doesn’t know whether it is or not (which is weird, because Guccifer has been in US custody for some time, though I suppose his lawyer advised him against admitting he tried to hack Hillary).

I find all this interesting because those probes were made from Russian and Ukrainian IPs. That’s not surprising. Lots of hackers use Russian and Ukrainian IPs. What’s surprising is there has been no peep about this from the Russian fear industry.

That may be because the FBI isn’t leaking wildly about this. Or maybe FBI has less interest to pretend that all IPs in Russia are used exclusively by state agents of Vlad Putin (not least because then they should have been looking for Russians hacking the DNC?).

It’s just an example of what an attempted hack might look like without that Russian fear industry.

 

Jim Comey Impugns Pot Smokers Again

/8 Comments/in , /by

Reason reports that the American Legion just passed a resolution calling on Congress to reclassify cannabis.

One of the potential medical values of medical marijuana is as a treatment for Post-Traumatic Stress Disorder (PTSD). And in what must certainly at this point make it abundantly clear where the majority of Americans stand on marijuana use, the American Legion has just voted at its national convention to support a resolution calling on Congress to legislatively reclassify cannabis and place it in a category that recognizes its potential value.

The resolution, readable here at marijuana.com, highlights a number of important statistics that have helped push the Legion to support it. Across two years, the Department of Veterans Affairs have diagnosed thousands of Afghanistan and Iraq War veterans as having PTSD or Traumatic Brain Injuries (TBI). More than 1,300 veterans in fiscal year 2009 were hospitalized for brain injuries. And the resolution notes that systems in the brain can respond to 60 different chemicals found in cannabis.

Therefore, the American Legion wants the DEA to license privately-funded medical marijuana and research facilities and to reclassify marijuana away from being lumped in with drugs like cocaine and meth.

If veterans suffering from PTSD were able to use cannabis as treatment, we would have to add them to the list of people — like Malia Obama — whom Jim Comey thinks don’t have integrity.

For the second time in as many months, Comey last week used the example of people who smoke pot (on their way to an interview, at least) to describe a lack of integrity.

To have a cyber special agent, you need three buckets of attributes. You need integrity, which is non-negotiable. You need physicality. We’re going to give you a gun on behalf of the United States of America, you need to be able to run, fight, and shoot. So there’s a physicality required. And obviously there’s an intelligence we need for any special agent, but to be a cyber special agent, we need a highly sophisticated, specialized technical expertise.

Those three buckets are rare to find in the same human being in nature. We will find people of great integrity, who have technical talent, and can’t squeeze out more than two or three push-ups. We may find people of great technical talent who want to smoke weed on the way to the interview. So we’re staring at that, asking ourselves, “Are there other ways to find this talent, to equip this talent, to grow this talent?” One of the things we’re looking at is, if we find people of integrity and physicality and high intelligence, can we grow our own cyber expertise inside the organization? Or can we change the mix in cyber squads? A cyber squad today is normally eight special agents—gun-carrying people with integrity, physicality, high intelligence, and technical expertise. Ought the mix to be something else? A smaller group of this, and a group of high-integrity people with technical expertise who are called cyber investigators?

I get that this cute labeling of pot smokers as lacking integrity is part of his script (he used almost the same lines in both speeches), perhaps to avoid thinking about what it means that our nation can’t best fight the alleged biggest threat to it because of outdated laws. But either he has given no thought about the words that are falling out of his mouth (indeed, he also seems to have no understanding of the the words “adult” and “mature” mean, which are other words he tends to wield in profoundly troublesome fashion), or the nation’s top cop really can’t distinguish between law — and that, not even in all states anymore — and ethics.

 

FBI’s Fancy Bear Cyber Structure

/5 Comments/in /by

Back in July, I noted this passage in the latest DOJ IG report on FBI’s cyber prioritization.

According to the FBI, computer intrusion matters Involving national security are the highest priority matters investigated by the FBI Cyber Division. National security computer intrusion matters are intrusions or attempted intrusions into any computer or information system that may compromise the confidentiality, integrity, or availability of critical infrastructure data, components, or systems (e.g., cyber national security incidents or threats to the national Information infrastructure) by or on behalf of a foreign power, or an agent of a to include designated international terrorist groups. [half paragraph redacted]

In FY 2015, to ensure t hat the highest ranked threats are efficiently investigated, the Cyber Division implemented its Cyber Threat Team (CIT) model. A CTT focuses on the investigation of and operations against a specific national security threat. Each CTT is comprised of lead field office, called a Strategic Threat Execution office, up to five field offices assisting in specific aspects of the threat called Tactical Threat Execution offices, and a Cyber Division headquarters threat manager. The CTT bears the responsibility for managing the strategy, operations, and intelligence for its assigned threat. [half paragraph redacted]

The intention of the Cyber Division’s err model is to facilitate the allocation of resources to cyber national security threats, increase efficiency in addressing those threats, and facilitate the development of subject matter expertise within various field offices. Additionally, the CTT model is intended to enable each field office to focus on specific, assigned threats, helping to prevent the previous diffusion of efforts wherein multiple field offices were working the same cyber threat and not coordinating efforts. Prior to the implementation of the err, such overlapping investigations were a great challenge for the FBI. While its field offices each have a territory for which they are responsible, cyber threats are not restricted by geographical boundaries, so a territorial model proved ineffective. Lastly, the err model is intended to assist the FBI in prioritizing and properly allocating resources to each field office based on the threats on which they are assigned to work.

The Cyber Division organizes its headquarters national security intrusion threat operational units geographically, including sections responsible for identifying, pursuing, and defeating cyber adversaries emanating from Asia, Eurasia, and Middle East/Africa. Such geographic delineations of responsibility do not present the same problems at Cyber Division Headquarters, since responsibility for the threats is based on their point or area of origin, and not the multiple U.S. jurisdictions where they might have an impact. The threat operational units coordinate with the errs and with units of the Cyber Intelligence Section, which also are geographically organized and provide actionable intelligence information.

In other words, at both the field office level and at the national level, the FBI’s cyber agents have reorganized around the geography of the threat rather than the geography of the target.

Jim Comey elaborated on this reorganization in a speech on cyber (and back dooring encryption) last week.

The challenge we face today, with a threat that comes at us at the speed of light from anywhere in the world, is that physical place isn’t such a meaningful way to assign work any longer. Where did “it” happen when you’re talking about an intrusion that’s coming out of the other side of the globe, aimed at multiple enterprises either simultaneously or in sequence? That “it” is different than it ever was before.

So we’ve changed the way we’re assigning work. We have now created a Cyber Threat Team model, where we assign the work in the FBI based on ability. Which field office has shown the chops to go after which slice of the threat we face—that stack? And then assign it there.

This does two things for us. It allows us to put the work where the expertise is, and it creates a healthy competition inside the FBI. Everybody wants to be at the front of the list to own important threats that come at us. We assign, in the Cyber Threat Team model, a particular threat. Let’s imagine it’s a particular threat that comes at us from a certain nation-state actor set. We assign that to the Little Rock Division because the Little Rock Division has demonstrated tremendous ability against that threat.

But we’re not fools about important physical manifestations, because that threat is going to touch particular enterprises around the country. And the CEOs of those enterprises and their boards are going to want to know, “Has the FBI been here to talk to us? And what’s the nature of the investigation? And how is it going?” To make sure we accommodate that need, we’re going to allow up to four other offices to help the team that is assigned the threat in Little Rock. If a company is hit in Indianapolis, and one is hit in Seattle, and one is hit in Miami, those field offices will also be able to assist in the investigation, but the lead will be in Little Rock. Then, the air traffic control for all of that to make sure we are not duplicating effort, or sending confusing messages, will come from the Cyber Division at Headquarters.

We’re trying this. We’ve been doing it now for about a year in a half. Seems to be working pretty well. It has set very, very healthy competition inside the FBI, which is good for us. But we’re confronting a challenge and a way of doing work that we’ve never seen before, so we’re eager to get feedback and then iterate as make sense. We want to be humble enough to understand that just as our world has been transformed in our lifetimes, the way in which we do our work is being transformed. We have to be open to changing when it makes sense.

So the Cyber Threat Team model is at the core of our response. Also at the core of our response is a “fly team” of experts that we’ve put together that we call the CAT team—the Cyber Action Team. Just as in terrorism, we have pre-assigned pools of expertise that can jump on an airplane and go anywhere in the world in response to a terrorism threat, we’re building that, and have built, that same capability in respect to cyber, so that, if there is a particular intrusion—let’s say Sony in Los Angeles—we have the talent, the agent talent, the analyst talent, the technical talent, that’s already assigned to the Cyber Action Team that’s ready to deploy at a moment’s notice to literally fly to Los Angeles to support the investigation.

Comey had just defined “the stack” he refers to here as the priority of threats the FBI faces; nation-states, with China, Russia, Iran, and North Korea named, followed by multinational criminal syndicate, followed by “purveyors of ransomware,” followed by hactivists, with terrorists (who Comey says aren’t yet developing a hacking capability) last. This would suggest that this means no ransomware is perpetrated by multinational crime organizations, which would surprise me.

Now, I get the logic of such organization. Not only can network intrusions be launched from anywhere, but they usually hide where they’re launched from. So geographical location, in this scheme, appears to be about holding corporate CEO hands (I guess they get different victim service from the FBI than the rest of us), not investigative venue.

But it also raises a few concerns for me.

Will devolution of cyber lead to more abuse of venue?

First, questions of venue for prosecution. We’ve already seen, with Weev, DOJ prosecuting a hacker (I’m not sure where Weev would be defined in this stack, because he wasn’t doing it for political reasons) in an improper venue because of the nifty precedents there. With Playpen, we’ve got DOJ — before Rule 41 gets rewritten — hacking thousands based off one Eastern District of Virginia magistrate’s warrant.

This dispersed focus would seem to encourage such legally problematic moves.

To the Fancy Bear watchers everything looks like a Fancy Bear

In addition, there’s a potential problem with assigning cases by perceived perpetrator, one that replicates a problem in the private contracting world, where contractors routinely hype the threat of the day (which today is Russia, but which a few years ago was China) because it drove sales.

That is, at some level, FBI appears to be assigning cases based on preliminary evidence to specific CTTs. This seems potentially very problematic from an investigative standpoint, as it answers the question, “whodunnit,” at the beginning of the process, not the end. And that particular CTT has an incentive to keep any big flashy case in its own hands, meaning they’re going to be disinclined to see any other potential actors out there.

Moreover, if a case — say the DNC hack –that could involve multiple intrusions or actors with competing interests gets assigned to the group whose bureaucratic imperative requires it to be just one actor, it is far less likely they’re even going to see the evidence that something more may be going on.

Again, this is just a potential problem, but it could be a very serious one, as it could reverse the investigative model that FBI has traditionally used.

FBI’s 702 activities have been devolved as well and with that devolution undergo less oversight

Finally, this potentially exacerbates a concern I have with how FBI manages Section 702. The most recent batch of Semiannual reports that came out show that more 702-related functions are devolving to FBI Field offices, with one redaction (see italics) suggesting there might be some role involving tasking going on at Field offices. And as this passage from the October 2014 report suggests, ODNI is not monitoring things as closely.

During this reporting period, NSD continued to conduct minimization reviews at FBI field offices in order to review the retention and dissemination decisions made by FBI field office personnel with respect to Section 702-acquired data. As detailed in the attachments to the Attorney General’s Section 707 Report, NSD conducted minimization reviews at sixteen FBI field offices between June 1, 2013, through November 30, 2013 and reviewed [redacted] involving Section 702-tasked facilities.

ODNI participated in one of these reviews,10 and received written summaries regarding any issues discovered in the other reviews. (U//FOUO) NSD’s review of field offices coincided with FBI’s broadening of the use of Section 702-acquired data at these field offices. Although there were isolated instances of noncompliance with the FBI minimization procedures and/or FBI policy, NSD and ODNI found that overall agents understood and were properly applying the requirements of FBI policy and the minimization procedures.11

10 (U) ODNI joins NSD on these reviews when the FBI field offices are located in or within reasonable driving distance of the Washington, D.C. area (e.g., the Washington Field Office and the Baltimore Field Office). During this reporting period, ODNI joined NSD for the Baltimore Field Office review. ODNI plans to continue to accompany NSD during the minimization reviews of the FBI Washington and Baltimore field offices and is continuing to explore the feasibility of joining NSD on reviews of other FBI field offices.

11 (S//NF) NSD’s review found only one instance where U.S. person information was not properly handled as required by the minimization procedures. Specifically, the agent improperly disseminated U.S. person information that did not meet the standard minimization procedures requirement. Although the information reasonably appeared to be foreign intelligence information, it did not seem to have met the requirement that such information shall not be disseminated in a manner that identifies a United States person unless such person’s identity is necessary to understand foreign intelligence information or to assess its importance. In this case, upon NSD’s review, the agent agreed that the disseminated U.S. person identity did not meet the above standard. NSD confirmed that the agent recalled the dissemination and re-issued the dissemination without identifying the U.S. person.

Along with some interesting new redactions in the boilerplate about FBI’s roles in 702, the October 2014 and June 2015 report both include this paragraph:

While prior Joint Assessments provided figures regarding the number of reports FBI had identified as containing minimized Section 702-acquired United States person information, in 2013 FBI transitioned much of its dissemination from FBI Headquarters to FBI field offices. NSD is conducting oversight reviews of FBI field offices use of these disseminations, but because every field office is not reviewed every six months, NSD no longer has comprehensive numbers on the number of disseminations of United States person information made by FBI. FBI does, however, report comparable information on an annual basis to Congress and the FISC pursuant to 50 U.S.C. §1881a(l)(3)(i).

Ummm. We know that the FBI’s numbers on NSLs are bullshit — and FBI doesn’t much care. And when asked about those inaccuracies, FBI told DOJ’s IG,

[T]he FBI told the OIG that while 100 percent accuracy can be a helpful goal, attempting to obtain 100 percent accuracy in the NSL subsystem would create an undue burden without providing corresponding benefits. The FBI also stated that it has taken steps to minimize error to the greatest extent possible.

I’ve even asked ODNI about FBI’s funny NSL numbers, twice, and gotten this response:

¯\_(ツ)_/¯

So we already know that the FBI’s legally mandated reports to Congress on NSL numbers are bogus. Now we learn that FBI has devolved its 702 work to field offices which has led to the discontinuation of one of the key oversight mechanisms on their counting process: an outside check.

That seems like a potentially big oversight loophole.

Wednesday: If I Had a Heart

/2 Comments/in , , , /by

Crushed and filled with all I found
Underneath and inside
Just to come around
More, give me more, give me more

— excerpt, If I Had a Heart by Fever Ray

Today’s featured single is from Fever Ray’s eponymous debut album ‘Fever Ray’, the stage name for Swedish singer, songwriter and record producer Karin Elisabeth Dreijer Andersson. If her work sounds familiar, it may be that she and her brother Olof Dreijer also performed as The Knife. Karin’s work is reminiscent of Lykke Li’s and Bjork’s electronic/ambient works, redolent with dark rhythms and layers of deep and high-pitched vocals — very Nordic feminine.

Fever Ray has been very popular with television programmers; the cut featured here is the theme song for History Channel’s Vikings series. It’s also been used in AMC’s Breaking Bad and WB’s The Following. Other songs by Karin as Fever Ray including Keep the Streets Empty for Me have been used by CBS’ Person of Interest and Canadian TV’s Heartbeats as well as a number of films. I’m looking forward to her next work, wondering if it will be just as popular TV and film industry.

Fossil feud

  • TransCanada approval hearing delayed due to protests (Reuters) — Not just U.S. and Native Americans protesting oil pipelines right now; Canada’s National Energy Board deferred this week’s hearings due to security concerns (they say). The board is scheduled to meet again in early October about the planned pipeline from Alberta to Canada’s east coast. There may be more than security concerns holding up these hearings, though…
  • Big projects losing favor with Big Oil (WaPo-Bloomberg) — The ROI on big projects may be negative in some cases, which doesn’t service massive debt Big Oil companies have incurred. They’re looking at faster turnaround projects like shale oil projects — except that these quick-hit projects have poorly assessed externalities which will come back and bite Big Oil over the long run, not to mention the little problem of fracking’s break-even point at $65/barrel.
  • Big Insurance wants G20 to stop funding Big Fossil Fuel (Guardian) — Deadline the biggest insurers set is 2020; by then, Big Insurance wants the G20 nations to stop subsidizing and financing fossil fuels including Big Oil because subsidies and preferential financing skew the true cost of fossil fuels (hello, externalities).
  • Standing Rock Sioux continue their protest against the North Dakota Access Pipeline (Guardian) — Video of the protest at that link. Calls to the White House supporting the Sioux against the DAPL are solicited. Wonder if anybody’s pointing out fracked shale oil is a losing proposition?

Zika-de-doo-dah

  • Adult mosquitoes can transmit Zika to their offspring (American Journal of Tropical Medicine and Hygiene) — Study looked at infected Aedes aegypti and albopictus mosquitoes and found the virus in subsequent larva. My only beef with this study is that Culex species were not also studied; they aren’t efficient carriers of Zika, but they do carry other flavivirus well and there are too many cases with unexplained transmission which could have been caused by infected Culex. Clearly need to do more about pre-hatch mosquito control regardless of species.
  • Three drugs show promise in halting Zika damage in humans (Johns Hopkins Univerity Hub) — Important to note some of the same researchers who demonstrated Zika caused damage in mice brain models earlier this year have now rapidly screened existing drugs to test against mice brain models. The drugs include an anti-liver damage medication (emricasan), an anti-parasitic (niclosamide), and an experimental antivirus drug. The limitation of this research is that it can’t tell how the drugs act across placenta to fetus and whether they will work as well and safely once through the placenta on fetuses. More research (and funding!) is needed.
  • Contraception no big deal, says stupid old white male GOP senator’s staffer (Rewire) — Right. If only McConnell and his staff could experience the panic of being poor and at risk of Zika. Not everybody in Puerto Rico has ready access to the “limited number of public health departments, hospitals, and Medicaid Managed Care clinics,” let alone other states like Texas which has such awful women’s reproductive care in terms of access and funding the maternal mortality rate has doubled in two years, up 27%. Pro-life, my ass. By the way, this lack of access to contraception affects men, too, who may unknowingly be infected with Zika and tranmit it to their sexual partners.

Longread Must-read: Super court
If you haven’t already done so, you need to read this investigative report by Chris Hamby at BuzzFeed. While it answers a lot of questions about the lack of perp walks, it spawns many more.

Hasta luego, compadres!

Breaking: Russians Claim They’ve Found Extraterrestrial Life to Tamper with Our Elections

/10 Comments/in , /by

Russians secretly found what might be a sign of life coming from a star 95 light years away and people are in a tizzy.

An international team of scientists from the Search for Extraterrestrial Intelligence (SETI) is investigating mysterious signal spikes emitting from a 6.3-billion-year-old star in the constellation Hercules—95 light years away from Earth. The implications are extraordinary and point to the possibility of a civilization far more advanced than our own.

The unusual signal was originally detected on May 15, 2015, by the Russian Academy of Science-operated RATAN-600 radio telescope in Zelenchukskaya, Russia, but was kept secret from the international community. Interstellar space reporter Paul Gilster broke the story after the researchers quietly circulated a paper announcing the detection of “a strong signal in the direction of HD164595.”

It turns out, however, that the story got way overhyped.

“No one is claiming that this is the work of an extraterrestrial civilization, but it is certainly worth further study,” wrote Paul Glister, who covers deep space exploration on the website Centauri Dreams. He seems to have missed headlines like “Alien Hunters Spot Freaky Radio Signal Coming From Nearby Star,” “Is Earth Being Contacted by ALIENS? Mystery Radio Signals Come From a Sun-like Star” and “SETI Investigating Mysterious, Extraterrestrial Signal From Deep Space Star System.”

[snip]

“God knows who or what broadcasts at 11 GHz, and it would not be out of the question that some sort of bursting communication is done between ground stations and satellites,” he told Ars Technica, explaining that the signal was observed in the radio spectrum used by the military. “I would follow it if I were the astronomers, but I would also not hype the fact that it may be at SETI signal given the significant chance it could be something military.”

In other words, there’s a good chance the signal is the product of terrestrial activity rather than a missive crafted by extraterrestrial life on a distant exoplanet. For those who prefer a different outcome, there are plenty of movies that can offer more thrilling narratives.

So in the spirit of the silly season that our election has become, I’m going to go one better, taking the word “Russia” and some very thin evidence and declare this an election year plot. Everything else that has thin evidence and the word Russia is an election year plot, after all.

Consider the latest panic, caused by someone leaking Michael Isikoff an FBI alert on two attacks on voter files that took place this summer. Isikoff wasted no time in finding a cyber contractor willing to sow panic about Russians stealing the election.

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

[snip]

“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”

Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.

Ellen Nakashima claimed the FBI had stated “Russians” were behind the attack and then talked about how Russia (rather than journalists overhyping the story) might raise questions about the integrity of our elections.

Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.

The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week.

It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.

Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government.

[snip]

Until now, countries such as Russia and China have shown little interest in voting systems in the United States. But experts said that if a foreign government gained the ability to tamper with voter data — for instance by deleting registration records — such a hack could cast doubt on the legitimacy of U.S. elections.

She also cites the same Barger fellow that Isikoff did who might make a buck off sowing fear.

Then Politico quoted an FBI guy and someone who works with state election officials (who are not on the normal circulation lists for these alerts) stating that an alert of a kind that often goes to other recipients but which because we’ve recently decided election systems are critical infrastructure is now going to election officials is unprecedented.

But some cyber experts said the FBI’s alert, first revealed by Yahoo News on Monday, could be a sign that investigators are worried that foreign actors are attempting a wide-scale digital onslaught.

A former lead agent in the FBI’s Cyber Division said the hackers’ use of a particular attack tool and the level of the FBI’s alert “more than likely means nation-state attackers.” The alert was coded “Amber,” designating messages with sensitive information that “should not be widely distributed and should not be made public,” the ex-official said.

One person who works with state election officials called the FBI’s memo “completely unprecedented.”

“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.

Multiple former officials and security researchers said the cyberattacks on Arizona’s and Illinois’ voter databases could be part of a suspected Russian attempt to meddle in the U.S. election, a campaign that has already included successful intrusions at major Democratic Party organizations and the selective leaking of documents embarrassing to Democrats. Hillary Clinton’s campaign has alleged that the digital attacks on her party are an effort by Russian President Vladimir Putin’s regime to sway the election to GOP nominee Donald Trump. Moscow has denied any involvement.

Then David Sanger used a logically flawed Harry Reid letter calling for an investigation to sow more panic about the election (question: why is publishing accurate DNC documents considered “propaganda”?).

It turns out the evidence from the voting records hacks in the FBI alert suggests the hacks involved common tools that could have been deployed by anyone, and the Russian services were just one of several included in the hack.

Those clued-in to the incidents already knew that SQL Injection was the likely cause of attack, as anyone familiar with the process could read between the lines when it came to the public statements.

The notion that attackers would use public VPS / VPN providers is also a common trick, so the actual identity of the attacker remains a mystery. Likewise, the use of common SQL Injection scanners isn’t a big shock either.

The interesting takeaway in all of this is that a somewhat sensitive memo was leaked to the press. The source of the leak remains unknown, but flash memos coded to any severity other than Green rarely wind-up in the public eye. Doing so almost certainly sees access to such information revoked in the future.

And yet, there is nothing overly sensitive about the IOCs contained in this memo. The public was already aware of the attacks, and those in the industry were certain that something like SQL Injection was a possible factor. All this does is prove their hunches correct.

As for the attribution, that’s mostly fluff and hype, often used to push an agenda. Those working in the trenches rarely care about the Who, they’re more interested inWhat and How, so they can fix things and get the business back to operational status.

And Motherboard notes that stealing voter data is sort of common.

On Monday, Yahoo reported the FBI had uncovered evidence that foreign hackers had breached two US state election databases earlier this month. The article, based on a document the FBI distributed to concerned parties, was heavily framed around other recent hacks which have generally been attributed to Russia, including the Democratic National Committee email dump.

The thing is, voter records are not some extra-special commodity that only elite, nation-sponsored hackers can get hold of. Instead, ordinary cybercriminals trade this sort of data, and some states make it pretty easy to obtain voter data through legal means anyway.

In December of last year, CSO Online reported that a database of some 191 million US voter records had been exposed online. They weren’t grabbed through hacking, per se: the dump was available to anyone who knew where to look, or was happy to just cycle through open databases sitting on the internet (which, incidentally, common cybercriminals are).

In other words, by all appearances there is no evidence to specifically tie these hacks even to Russian criminals, much less the Russian state. But the prior panic about the DNC hack led to a lower trigger for alerts on a specific kind of target, voter rolls, which in turn has fed the panic such that most news outlets have some kind of story suggesting this is a Russian plot to steal our election (by stealing 200K voter files?). It’s like finding Russian life on Mars based on the shadows you see in the sand.

It’s not the Russians who are raising questions about the voting integrity — beyond questions that have persistently been raised for 15 years which have already justifiably lowered confidence in our voting system. It is shitty reporting.

So I’m going to join in. These ETs 95 light years away? I’m positive they want to steal our election.

Monday: A Different Ark

/2 Comments/in , , /by

[Caution: some content in this video is NSFW] Today’s Monday Movie is a short film by Patrick Cederberg published three years ago. This short reflects the love life of a youth whose age is close to that of my two kids. A few things have changed in terms of technology used — I don’t think either Facebook or Chatroulette is as popular now with high school and college students as it was, but the speed of internet-mediated relationships is the same. It’s dizzying to keep up with kids who are drowning in information about everything including their loved ones.

Their use of social media to monitor each other’s commitment is particularly frightening; it’s too easy to misinterpret content and make a snap decision as this movie shows so well. Just as scary is the ease with which one may violate the privacy of another and simply move on.

Imagine if this youngster Noah had to make a snap decision about someone with whom they weren’t emotionally engaged. Imagine them using their lifetime of video gaming and that same shallow, too-rapid decision-making process while piloting a drone.

Boom.

Goodness knows real adults with much more life experience demonstrate bizarre and repeated lapses in judgment using technology. Why should we task youths fresh out of high school and little education in ethics and philosophy with using technology like remote surveillance and weaponized drones?

Speaking of drones, here’s an interview with GWU’s Hugh Gusterson on drone warfare including his recommendations on five of books about drones.

A, B, C, D, USB…

  • USBKiller no longer just a concept (Mashable) –$56 will buy you a USB device which can kill nearly any laptop with a burst of electricity. The only devices known to be immune: those without USB ports. The manufacturer calls this device a “testing device.” Apparently the score is Pass/Fail and mostly Fail.
  • Malware USBee jumps air-gapped computers (Ars Technica) — Same researchers at Israel’s Ben Gurion University who’ve been working on the potential to hack air-gapped computers have now written software using a USB device to obtain information from them.
  • Hydropower charger for USB devices available in 2017 (Digital Trends) — Huh. If I’m going to do a lot of off-grid camping, I guess I should consider chipping into the Kickstarter for this device which charges a built-in 6,400mAh battery. Takes 4.5 hours to charge, though — either need a steady stream of water, or that’s a lot of canoe paddling.

Hackety-hack, don’t walk back

  • Arizona and Illinois state elections systems breached (Reuters) — An anonymous official indicated the FBI was looking for evidence other states may also have been breached. The two states experienced different levels of breaches — 200K voters’ personal data had been downloaded from Illinois, while a single state employee’s computer had been compromised with malware in Arizona, according to Reuters’ report. A report by CSO Online explains the breaches as outlined in an leaked FBI memo in greater detail; the attacks may have employed a commonly-used website vulnerability testing application to identify weak spots in the states’ systems. Arizona will hold its primary election tomorrow, August 30.
  • Now-defunct Australian satellite communications provider NewSat lousy with cyber holes (Australian Broadcasting Corp) — ABC’s report said Australia’s trade commission and Defence Science Technology Group have been attacked frequently, but the worst target was NewSat. The breaches required a complete replacement of NewSat’s network at a time when it was struggling with profitability during the ramp-up to launch the Lockheed Martin Jabiru-1 Ka-band satellite. China was named as a likely suspect due to the level of skill and organization required for the numerous breaches as well as economic interest. ABC’s Four Corners investigative reporting program also covered this topic — worth watching for the entertaining quotes by former CIA Director Michael Hayden and computer security consultant/hacker Kevin Mitnick in the same video.
  • Opera software users should reset passwords due to possible breach (Threatpost) — Thought users’ passwords were encrypted or hashed, the browser manufacturer still asks users to reset passwords used to sync their Opera accounts as the sync system “showed signs of an attack.” Norwegian company Opera Software has been sold recently to a Chinese group though the sale may not yet have closed.

That’s a wrap for now, catch you tomorrow! Don’t forget your bug spray!