SEC Says Hackers Like NSA Are Biggest Threat to Global Financial System

Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.

Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

After which point, James Clapper started pointing to similar attacks as a major global threat.

I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.

Hillary’s Bold Plan to Financially Penalize Recidivist Super-Predators

The other day Hillary promised she would appoint Attorneys General like Eric Holder and Loretta Lynch. “I will appoint an Attorney General who will continue the courageous work of Eric Holder and Loretta Lynch.” Given that the comments came at an Al Sharpton event, I assumed the comment meant to invoke Holder and Lynch’s efforts to reform criminal justice and, presumably, their even more laudable support for civil rights.

Nevertheless, it was a disturbing comment, given that Holder and Lynch have also both coddled the bankers who crashed our economy. Indeed, when Hillary tries to defend her huge donations from bankers, she always points to Obama’s even huger ones, and insists that there’s no evidence he was influenced by them. But the Obama DOJ record on bank crime is itself the counter to Hillary’s claim those donations didn’t influence the President.

But then, last night, Hillary said something even more outrageous, which I take to be a solid promise to her funders they’ll continue to get special treatment before the law. Amid a comment shifting from Too Big to Fail into the serial settlements the banks have signed for their crimes, Hillary took the bold step of calling for financial penalties for the people directing that crime.

CLINTON: Dana, let me add here that there are two ways to at this under Dodd-Frank, which is after all the law we passed under President Obama, and I’m proud that Barney Frank, one of the authors, has endorsed me because what I have said continuously is, yes, sometimes the government may have to order certain actions. Sometime the government can permit the institution themselves to take those actions. That has to be the judgement of the regulators.

But, there’s another element to this. I believe strongly that executives of any of these organizations should be financially penalized if there is a settlement.

(APPLAUSE)

CLINTON: They should have to pay up through compensation or bonuses because we have to go after not just the big giant institution, we have got to go after the people who are making the decisions in the institutions.

Granted, under Holder and Lynch, those courageous Attorneys General Hillary would model her own pick on, the banksters haven’t even been asked to do this much.

But the fact that Hillary thought a great punishment for those harming the country with their serial crime wave is to fine them is a testament that she doesn’t even see the underlying crimes.

This is behavior that has continued over years, often after previous settlements. If anyone can be called a super-predator, it’s the bankers who toy with millions of people’s livelihoods and savings to make a buck. If there were a Three Strikes law for bankers most of these guys would be looking at life imprisonment.

And yet Hillary’s bold plan is not to incarcerate them, but instead to take a little bit of their money.

Tuesday Morning: What’s News, Tiwes?

[Screencap, Newsmap, 0815h EDT]

[Screencap, Newsmap, 0815h EDT]

It’s the day belonging to Tiwes, the Norse god of single combat. What will we engage in battle about today? Looks like sketchy news coverage is a good reason, after taking a peek at Newsmap this morning to check global media coverage of the Panama Papers.

Very thin reporting, according to the results. Canada, come on — Bill Cosby is bigger news than global corruption?

Ditto for India, which covered the HSBC money laundering scandal exhaustively last year. Very little coverage in that country’s English language outlets.

Don’t get all peeved off about the U.S. media, which hasn’t done a particularly good job over the last 24 hours. It’s not just us; the lack of coverage may say something about media ownership around the world.

One possible example on shore here: the acquisition of the Las Vegas-Review Journal last year. Nevada happens to be the eighth most popular tax haven in the world, and Las Vegas is its heart. Was this paper acquired in order to influence reporting in and about this topic?

Mossack Fonseca has a subsidiary in Las Vegas, by the way.

Let’s take a look at science and technology news…

  • No change yet to claims that Panama Papers were obtained by an attack on Mossack Fonseca’s email server (The Register-UK) — Of particular note, this observation by this tech news outlet:

    To date, The Register hasn’t seen a strong presence from the tech sector in the staged release of the documents, perhaps because the “Double Irish Dutch Sandwich” tactic favoured in this business works without hiding companies’ links to their international associates.

    The comments at that link are rather interesting, offering both a perspective from our overseas “cousins” as well as technical assessment about the leak.

  • Are you ready for some Thursday night Twitter streaming? (WaPo) — NFL’s awarded a deal to Twitter for streaming some of its games. This is an interesting development, given how much co-watching TV Twitter users do.
  • I’m afraid I can’t do THAT, Dave: humans aroused by touching robots special places (Phys.org) — Ewww. Don’t ask me to travel through the Uncanny Valley with you on this one.
  • Revolv’s home automation hub now a casualty in the Internet of Things universe (BoingBoing) — Device fell out of the product plans for Google’s home automation subsidiary, Nest. Unfortunately, Revolv was sold with a lifetime subscription which will be defunct in May.
  • “Routine management reshuffle” replaces three senior execs at China’s telecom manufacturer ZTE (Reuters) — coincidentally happens weeks after U.S. authorities revealed attempts by ZTE to circumvent sanctions against Iran.
  • Name a non-Zika disease also transmitted by Aedes aegypti mosquitoes, facing a drastic vaccine shortage (Science) — You win if you said yellow fever, which has no cure and can be deadly.
  • Article 27: Algorithmic Politics (Furtherfield) — Necrocapitalism. Wrap your head around that term. A thought-provoking essay about a world where algorithms are our political system.

That’s enough for your coffee break or lunch hour. Catch you here tomorrow morning!

Why Do They Call It Panama Papers, Anyway?

Over the weekend, a bunch of media outlets let loose shock and awe in bulk leak documents, PanamaPapers, with project leaders ICIJ and Sueddeutsche Zeitung — as well as enthusiastic partner, Guardian — rolling out bring spreads on a massive trove of data from the shell company law firm Mossack Fonseca.

If all goes well, the leak showing what MF has been doing for the last four decades will lead us to have a better understanding of how money gets stripped from average people and then hidden in places where it will be safe from prying eyes.

Before I raise some questions about the project, I wanted to point to one of the best pieces of journalism I’ve seen from the project so far: this Miami Herald piece showing how its high end real estate boom has been facilitated by the money laundering facilitated by MF.

At the end of 2011, a company called Isaias 21 Property paid nearly $3 million — in cash — for an oceanfront Bal Harbour condo.

But it wasn’t clear who really owned the three-bedroom unit at the newly built St. Regis, an ultra-luxury high-rise that pampers residents with 24-hour room service and a private butler.

In public records, Isaias 21 listed its headquarters as a Miami Beach law office and its manager as Mateus 5 International Holding, an offshore company registered in the British Virgins Islands, where company owners don’t have to reveal their names.

[snip]

Buried in the 11.5 million documents? A registry revealing Mateus 5’s true owner: Paulo Octávio Alves Pereira, a Brazilian developer and politician now under indictment for corruption in his home country.

A Miami Herald analysis of the never-before-seen records found 19 foreign nationals creating offshore companies and buying Miami real estate. Of them, eight have been linked to bribery, corruption, embezzlement, tax evasion or other misdeeds in their home countries.

That’s a drop in the ocean of Miami’s luxury market. But Mossack Fonseca is one of many firms that set up offshore companies. And experts say a lack of controls on cash real-estate deals has made Miami a magnet for questionable currency.

The story is deeply contextualized with localized reporting that goes beyond the leaked documents. And it can lead to policy changes — restrictions on cash real estate transactions — that can help to stem (or at least redirect) the flow of this corrupt money. You could tell similar stories from big cities around North America (this has been a particular focus in NYC and Vancouver). And with effort, cities could crack down on such cash transactions, with all the negative effects they bring to localities.

But much of the other reporting so far remains at the level of shock and awe. Biggest leak ever! Putin Putin Putin! And much of the reporting reflects not just editorial bias, but some apparent innumeracy (though no one has yet released the real numbers) to claim that people from evil countries are proportionally more corrupt than people from good countries like the UK.

Where did these documents come from?

Screen Shot 2016-04-04 at 10.00.01 AM

Here’s how SZ describes how they got these documents.

Over a year ago, an anonymous source contacted the Süddeutsche Zeitung (SZ) and submitted encrypted internal documents from Mossack Fonseca, a Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to cover up their business dealings, no matter how shady.

In the months that followed, the number of documents continued to grow far beyond the original leak. Ultimately, SZ acquired about 2.6 terabytes of data, making the leak the biggest that journalists had ever worked with. The source wanted neither financial compensation nor anything else in return, apart from a few security measures.

Nowhere I’ve seen explains where this source got the documents.

For almost three years, we have openly debated what I consider a fair question: what was Edward Snowden’s motivation for stealing the NSA’s crown jewels and was any foreign country involved? People have also asked questions about how he accessed so much: Did he steal colleagues’ passwords? Did he join Booz Allen solely to be able to steal documents? I think the evidence supports an understanding that his motives were good and his current domicile an unfortunate outcome. And we know some details about how he managed to get what he did — but the key detail is that he was a Sysadmin in a location where insider detection systems were not yet implemented and credentials to have unaudited access to many of the documents he obtained. Those details are a key part of understanding some of the story behind his leaks (and how NSA and GCHQ are organized).

Somehow, journalists aren’t asking such questions when it comes to this leak, the Unaoil leak that broke last week, or the leak of files on British Virgin Isles have activity a few years back (which, like this project, ICIJ also had a central role in). I’m sympathetic to the argument that IDing who stole these documents would put her or him in terrible danger (depending on who it is). But I also think this level of description the Intercept gave — in the first paragraph of a story about stolen recordings of jailhouse phone calls that revealed improper retention of attorney client conversations — would be useful.

The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. [my emphasis]

The Intercept’s source, knowing of the problem, hacked recordings from an inadequately protected server.

As the Guardian’s own graphic makes clear, this leak dwarfs the leaks by Chelsea Manning and Hervé Falciani (the security engineer behind the HSBC leak). It probably dwarfs the Snowden leak (though oddly the Guardian, which had fingers in both, doesn’t include Snowden in its graphic). That ought to raise real questions about how someone could access so much more information than tech experts with key credentials working at the core of security in the targeted organizations could. And those questions are worth asking because if these files come from an external hacker — a definite possibility — than it ought to raise questions about how they were able to get so much undetected and even — as everyone felt appropriate to ask with Snowden — whether an intelligence agency was involved.

Where are the corrupt Americans?

As with the BVI leak before it, thus far this leak has included no details on any Americans. Some have suggested that’s because the Panama trade deal already brought transparency on US persons’ activities through the haven of Panama, except these files go back four decades and. Americans not only used Panama as a haven before that, but the CIA used it as a key laundering vehicle for decades, as Manuel Noriega would be all too happy to explain if western countries would let him out of prison long enough to do so.  Moreover, the files are in no way restricted to Panama (indeed, some of the stories already released describe the establishment of shell companies within the US).

Screen Shot 2016-04-04 at 10.17.39 AMNot only haven’t we heard about any Americans, but even for the close American friends identified so far — starting with Saudi Crown Prince and close CIA buddy Mohammed bin Nayef — the details provided to date are scanty, simply the name of the shell he was using.

Craig Murray has already been asking similar questions.

Russian wealth is only a tiny minority of the money hidden away with the aid of Mossack Fonseca. In fact, it soon becomes obvious that the selective reporting is going to stink.

The Suddeutsche Zeitung, which received the leak, gives a detailed explanation of the methodology the corporate media used to search the files. The main search they have done is for names associated with breaking UN sanctions regimes. The Guardian reports this too and helpfully lists those countries as Zimbabwe, North Korea, Russia and Syria. The filtering of this Mossack Fonseca information by the corporate media follows a direct western governmental agenda. There is no mention at all of use of Mossack Fonseca by massive western corporations or western billionaires – the main customers. And the Guardian is quick to reassure that “much of the leaked material will remain private.”

What do you expect? The leak is being managed by the grandly but laughably named “International Consortium of Investigative Journalists”, which is funded and organised entirely by the USA’s Center for Public Integrity. Their funders include

Ford Foundation
Carnegie Endowment
Rockefeller Family Fund
W K Kellogg Foundation
Open Society Foundation (Soros)

among many others. Do not expect a genuine expose of western capitalism. The dirty secrets of western corporations will remain unpublished.

Expect hits at Russia, Iran and Syria and some tiny “balancing” western country like Iceland. A superannuated UK peer or two will be sacrificed – someone already with dementia.

Now, in response to people like me and Murray and Moon of Alabama asking those questions, the SZ editor in charge of their side of the project promises dirt on Americans will be coming. Let’s hope so, because this is a worthwhile leak of data, and it would be unfortunate for Americans and Brits to be deprived of learning more about the corruption among their elite.

Does this project follow up on Ken Silverstein’s earlier reporting?

Back in December 2014, Ken Silverstein did a fairly thorough review of MF at Vice (though he worked at the Intercept at the time).

[A] yearlong investigation reveals that Mossack Fonseca—which theEconomist has described as a remarkably “tight-lipped” industry leader in offshore finance—has served as the registered agent for front companies tied to an array of notorious gangsters and thieves that, in addition to Makhlouf, includes associates of Muammar Gaddafi and Robert Mugabe, as well as an Israeli billionaire who has plundered one of Africa’s poorest countries, and a business oligarch named Lázaro Báez, who, according to US court records and reports by a federal prosecutor in Argentina, allegedly laundered tens of millions of dollars through a network of shell firms, some which Mossack Fonseca had helped register in Las Vegas.

Documents and interviews I’ve conducted also show that Mossack Fonseca is happy to help clients set up so-called shelf companies—which are the vintage wines of the money-laundering business, hated by law enforcement and beloved by crooks because they are “aged” for years before being sold, so that they appear to be established corporations with solid track records—including in Las Vegas. One international asset manager who talked to Mossack Fonseca about doing business with them told me that the firm offered to sell a 50-year-old shelf company for $100,000.

If shell companies are getaway cars for bank robbers, then Mossack Fonseca may be the world’s shadiest car dealership.

Silverstein clearly had some documents, though there’s no indication he had the trove that started getting leaked to SZ and ICIJ in early 2015, just weeks after Silverstein’s story.

On Twitter, Silverstein suggested his story never got published because this was the period when the Intercept wasn’t publishing (I had something similar happen to me while there).

But given the close continuity between Silverstein’s story and SZ receipt of the first documents, are they part of the same effort?

Why do they call it the Panama Papers?

These aren’t papers showing the corruption that flows through Panama (for that matter, neither did the BVI leaks show all the corruption that flows through BVI, and there’s a significant BVI aspect to this leak). Rather, they show the corruption flowing through a Panamian-based but global firm, Mossack Fonseca. Reporting on this tells us MF is only the fourth largest of these laundering specialists.

So, aside from the fact that few people have heard of MF, why are we calling this the Panama Papers and not “Here’s what the fourth largest of these companies is involved with”?

All of which is to say as huge as this leak is — which is good! — it’s still just a tiny fraction of what’s out there.

Let the resignations begin

None of this is meant to undermine the importance of this leak or the reporting the team of journalists covering it. Indeed, the story already threatens to take down the Prime Minister of Iceland whose conflict of interest the files revealed. We should have more of these leaks, covering all the havens and shell-creators.

Just remember, as you’re watching the coverage, that we’re getting selective coverage of one particular corner of that industry (ICIJ has said something about releasing files in several months). By all means let’s go after the crooks this story exposes, but let’s remember the crooks who, for whatever reason, aren’t included in this one.

Update: Fusion, which is part of the data sharing, admits there are only 211 Americans identified in the stash, though thus far this is just from recent years (that is, the years that might be affected by the trade agreement).

International Consortium of Investigative Journalists (ICIJ) has only been able to identify 211 people with U.S. addresses who own companies in the data (not all of whom we’ve been able to investigate yet). We don’t know if those 211 people are necessarily U.S. citizens.

All that said, the very good experts (including Jack Blum, who’s as good on these issues as anyone) don’t have very compelling explanations why there aren’t Americans in the stash.

Update: McClatchy describes some of the 200-some Americans whose passports show up in the files. All the ones it describes have been prosecuted (though several got light punishments).

Monday Morning: Welcome to BVI – Have a Tax-Free Day

Aw, shucks. Spring Break is over just as I find another warm place to visit. The British Virgin Islands expect a balmy daytime high of 84F/29C degrees today with partly cloudy skies.

And a 100% chance of tax havens galore.

Blood’s in the water, though, stay ashore. You may hear a lot in the media today about the Panama Papers leak dump in which the BVI feature prominently. What you won’t hear much about: this is the second leak about tax havens in exactly three years.

Jack-doodly-squat happened after the first one in April 2013.

The UK’s PM David Cameron was pressed in 2013 to do something about BVI’s tax laws. He said he would work with the G8 to tackle tax evasion. Of course, we now know why he sat on his hands; he had highly-rewarding and substantial familial interest in doing nothing but continue his family’s tax avoidance scheme. And yet he still managed to get reelected last year, the corrupt pig fucker.

If governments had felt any pressure at all to do something corrective, there wouldn’t be a second wave of leaks, right? But the 1% have continued to milk profits from businesses, transfer the money offshore, and buy themselves enough politicians and corporate media to ensure things remained nice and cozy.

Color me skeptical that anything will come of investigations into tax shelters which are for the most part legal, thanks to pwned and compromised governance. But the unfolding story sheds new light on older ones.

Like the decade-plus work on tax havens and abusive tax schemes by the U.S. of Permanent Senate Committee on Investigations, which did not slow or stop the offshoring of capital. B-schools continue to teach offshore tax shelters as ‘A Good Thing’, right alongside ‘Taxes Are Bad’ — because the 1% have amassed enough money to make sure legislators and B-schools’ leadership stay bought.

How much do the Panama Papers leak materials overlap with the Swiss Leaks scandal, including India’s investigation into HSBC, money laundering and influence peddling, reaching into the UK and beyond?

Or a more recent story about hacked elections, including Argentina’s. Has laundered money acquired the services necessary to manipulate elections in order to ensure nothing would change in tax laws?

Perhaps the Panama Papers will offer a more cohesive picture of just how badly the 99% are being screwed, if nothing else.

Nothing else, that is, besides the No Confidence vote Iceland’s Prime Minister Sigmundur David Gunnlaugsson now faces after the Panama Papers revealed his financial interests in BVI.

It’s actually rather quiet on the technology front as I write this. I’ll add a few snippets later after caffeination.

SWIFT and the Bangladeshi Bank Heist

I’ve been following the story of how what are described to be criminal hackers tried to steal $1 billion from Bangladesh’s national bank, in part because of the tie to SWIFT, the financial transfer company (as of now, $81 million are still missing, but Sri Lanka and the Fed managed to reverse or prevent the remainder of the theft attempt). As part of the hack, the thieves stole Bangladesh’s SWIFT credentials (it appears they did this after Bangladesh connected the server running SWIFT transactions to 3 other servers).

“Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers,” the interim report said. Those servers are operated by the bank but run the SWIFT interface, and the report makes it clear the breach stretches into other parts of the bank’s network as well. “The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation.”

SWIFT is a member-owned cooperative that provides international codes to facilitate payments between banks globally. It can’t comment on the investigation, according to Charlie Booth from Brunswick Group, a corporate advisory firm that represents SWIFT.

“We reiterate that the SWIFT network itself was not breached,” Booth said in an e-mail. “There is a full investigation underway, on what appears to be a specific and targeted attack on the victim’s local systems.” SWIFT said last week its “core messaging services were not impacted by the issue and continued to work as normal.”

Dedicated servers running the SWIFT system are located in the back office of the Accounts and Budgeting Department of Bangladesh Bank. They are connected with three terminals for payment communications.

While SWIFT insists it has not been breached, the hackers used a name making it clear they were targeting the SWIFT system.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

SWIFT is sending out a security advisors to its members, advising them to shore up their local operating environments.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

In separate news, a local security researcher who had been working on the hack disappeared last week.

In a weird turn of events, one of the security researchers who voiced their criticism at the central bank’s security measures disappeared on Wednesday night.

Family members are saying that Zoha met with a friend at 11:30 PM on Wednesday night, March 16. While coming home, a jeep pulled in front of their auto-rickshaw, and men separated the two, putting them in two different cars.

Zoha’s friend was dumped somewhere in the city (Dhaka) and was able to get home by 02:00 AM, the next day. He then contacted Zoha’s family, who said the security researcher never came home.

The next day, family members tried to report the researcher missing, but police officers just kept redirecting them from one police station to another until the family gave up and contacted the media for help.

[snip]

According to BDNews24, Zoha was a former collaborator of Bangladesh’s ICT (Information and Communication Technology) Division and worked with various government agencies in the past. It appears that his comments about the Bangladesh central bank cyber-heist were made working as a “shadow investigator” for a security company that family members declined to name.

Answering questions about his own investigation into the central bank’s cyber-heist, Zoha said that the “database administrator of the [Bangladesh Bank] server cannot avoid responsibility for such hacking” and that he “noticed apathy about the [server’s] security system.”

From this description and those based on the FireEye report, it seems like Bangladeshi authorities, and not SWIFT, would be the powerful people who might want to make this guy disappear. But I find it interesting that someone who was presumably mirroring FireEye’s work has apparently been kidnapped.

Remember: NSA’s TAO hackers hacked into SWIFT (even though the US has access to SWIFT to obtain counterterrorism information via an intelligence agreement anyway), apparently by accessing printer traffic from what sounds like member banks.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

While we don’t have enough detail to assess, it does sound like the NSA got in through vulnerabilities at the member bank level, like these thieves did.

Again, I assume the kidnapping is best explained by Bangladeshi efforts to cover up their own incompetence. But I do find the possibility that SWIFT might be vulnerable due to vulnerabilities at its member banks, too.

How Hillary Helped Banks Foreclose on 5 Million Families

Let me be clear at the outset: I think what follows is a bullshit argument. But I think it is less unfair of an argument than Hillary’s claim that, by voting to withhold the second tranche of TARP funding on January 15, 2009, Bernie Sanders voted against the auto bailout.

As you’ll recall, in October 2008, the Bush Administration threw some vaguely laid out plans on some cocktail napkins over the wall to Congress and got it to release $700 billion dollars to bail out the banks. Between the time the new Congress got sworn in but before Obama became President, Republicans in the Senate wrote a bill to withhold the second tranche, or $350 billion, of those funds. In the days before the vote, Larry Summers threw two more cocktail napkins of promises to Congress. Bernie was one of seven Democrats who voted not to release the funds based on a series of what were effectively ideas on cocktail napkins.

One of the things on those cocktail napkins, though, was a promise from the Obama Administration that actual human persons facing a crisis, rather than just banks, would get some of the second tranche of money.

The Obama Administration will commit substantial resources of $50-100B to a sweeping effort to address the foreclosure crisis.  We will implement smart, aggressive policies to reduce the number of preventable foreclosures by helping to reduce mortgage payments for economically stressed but responsible homeowners, while also reforming our bankruptcy laws and strengthening existing housing initiatives like Hope for Homeowners. Banks receiving support under the Emergency Economic Stabilization Act will be required to implement mortgage foreclosure mitigation programs.

Of course, it was just a cocktail napkin, and by voting to release the funds without tying them to actual legislation requiring the Administration actually use the funds in a such a way as to help homeowners, Hillary — and all the other Democrats who voted to give their new President funds without real limits on how they could spend it — gave away any leverage they had to actually force the Administration to implement such a plan.

Last year David Dayen described how the Administration not only never spent $50 billion — they only ever spent $12.8 billion — but the number of people helped was far lower than promised, and most people “helped” actually weren’t helped at all.

On January 15, 2009, Obama’s chief economic policy adviser, Larry Summers, wrote to convince Congress to release the second tranche of TARP funds, promising that the incoming administration would “commit $50-$100 billion to a sweeping effort to address the foreclosure crisis … while also reforming our bankruptcy laws.” But the February 2009 stimulus package, another opportunity to legislate mortgage relief, did not include the bankruptcy remedy either; at the time, the new administration wanted a strong bipartisan vote for a fiscal rescue, and decided to neglect potentially divisive issues. Having squandered the must-pass bills to which it could have been attached, a cramdown amendment to a housing bill failed in April 2009, receiving only 45 Senate votes.

Senate Majority Whip Dick Durbin, who had offered the amendment, condemned Congress, declaring that the banks “frankly own the place.” In fact, the administration had actively lobbied Congress against the best chances for cramdown’s passage, and was not particularly supportive when it came up for a vote, worrying about the impacts on bank balance sheets. Former Treasury Secretary Timothy Geithner admitted in his recent book, “I didn’t think cramdown was a particularly wise or effective strategy.” In other words, to get the bailout money, the economic team effectively lied to Congress when it promised to support cramdown.

[snip]

According to a recent Government Accountability Office report, 64 percent of all applications for loan modifications were denied. Employees at Bank of America’s mortgage servicing unit offered perhaps the most damning revelations into servicer conduct. In a class-action lawsuit, these employees testified that they were told to lie to homeowners, deliberately misplace their documents, and deny loan modifications without explaining why. For their efforts, managers rewarded them with bonuses—in the form of Target gift cards—for pushing borrowers into foreclosure.

Because of all this, HAMP never came close to the 3–4 million modifications President Obama promised at its inception. As of August 2014, 1.4 million borrowers have obtained permanent loan modifications, but about 400,000 of them have already re-defaulted, a rate of about 30 percent. The oldest HAMP modifications have re-default rates as high as 46 percent.

Effectively, because Congress didn’t force the Administration to adopt cramdown (which would have resulted in real modifications which would have mean more people kept their homes and didn’t lose their wealth), Treasury could instead use the promise to “foam the runways” to help the banks string out losses and therefore avoid accountability for their recklessness.

This was a direct result of voting to give the Executive continued free rein on what to do with massive amounts of bailout money. So was bailing out the car industry, but the vote in January was primarily about whether to continue letting the Executive spend billions without clear guidelines.

So Hillary, according to her own logic, voted to help banks foreclose on 5 million people, which resulted in a tragic loss of wealth for American families.

Again, I think this is a bullshit argument. I assume Hillary intended to get real foreclosure relief (indeed, one domestic policy on which she was better than Obama in 2008 did just that). Though for someone who claims to know how to “get things done,” she showed no awareness of how to do that here. Nevertheless, it is the kind of bullshit argument she is making.

And having gone there — having permitted herself to engage in this kind of bullshit argument — she makes such arguments fair game for Donald Trump to make about her in June.

Ultimately, I think this vote was about whether the Executive should be able to operate without real limits. Bernie voted against that, Hillary voted for it (which makes it similar, in many ways, to the Iraq War vote in 2003, and had equally foreseeably bad results). Hillary will never make such votes for freeing the Executive of meaningful restraints again. But it’s pretty clear she’s a fan of letting the Executive operate without them.

That, to me, is the meaningful, non-bullshit, takeaway from that vote.

How Hillary Turned Her Support for Welfare for Banks into an Auto Bailout Attack

For a campaign that has spent days insisting Bernie Sanders should not launch attacks against her, the Hillary Clinton campaign sure engaged in some dishonest hackery last night.

During the debate in Flint, Hillary attacked Bernie for “vot[ing] against the money that ended up saving the auto industry.” She was talking about a January 15, 2009 attempt to withhold the second $350 billion of TARP funding that failed (here’s the resolution); Bernie voted not to release those funds. But the vote was not directly about auto bailout funding. It was about bailing out the banks and funding what turned out to be completely ineffective efforts to forestall foreclosures.

It is true that Bush’s failure to fund an auto-specific bailout meant that TARP funds got used to fund the $85 billion auto rescue (Bush had already spent some money on the auto companies — basically just enough to ensure they’d go under on Obama’s watch, but not enough to do anything to save them). But that’s not what the vote was (and there might have been enough money for the auto bailout in any case).

Larry Summers’ two letters in support of the additional funding (January 12Janaury 15) in support of the additional funding certainly didn’t describe it as an auto bailout bill. He mentioned “auto” just three times between the two of them. In the January 12 letter, in support of auto loans to consumers, and in the January 15 letter, limits on what I believe is a reference to GM Finance (now Ally)’s Christmas holiday move to turn into a bank so it could access funding. Contemporary reporting on the vote also did not mention the auto bailout (though there had been discussion that it might be used the previous month).

Moreover, there had been an auto bailout vote in the Senate (on a bill already passed by the House) on December 11, which failed. Both Bernie and Hillary voted in support.

So while Hillary’s attack was technically correct — Bernie did vote against giving Jamie Dimon more free money, which had the side effect of voting against the second installment on the fund that would eventually become the auto bailout — he did not vote against the auto bailout.

But Hillary’s attack did its work, largely because national reporters appeared completely unaware that they were fighting about TARP much less aware that there had been votes in December that directly pertained to the auto bailout. Even some local reporters now appear unaware of what went down in 2008-9. John Podesta helped matters along by sowing confusion in post-debate speeches.

Here’s one of what will end up being several exceptions to the shitty reporting on this that will come too late for people to figure out what actually happened.

During the testy exchange over the auto bailout, Clinton called Sanders a “one-issue candidate” for voting against the release of $350 billion in Jan. 15, 2009, to continue funding the bailout of the nation’s banks and mortgage lenders.

Sanders joined seven Democratic senators in voting against the second wave of TARP funds. President Barack Obama ended up using some of TARP to fund the $85 billion rescue of GM, Chrysler and their auto lending arms.

“If everybody had voted the way he did, I believe the auto industry would have collapsed, taking 4 million jobs with it,” Clinton said.

[snip]

David Axelrod, a former top adviser to President Barack Obama, questioned Clinton’s attack on Sanders’ voting record in the middle of the debate.

“It wasn’t explicitly a vote about saving auto industry,” Axelrod wrote on Twitter.

U.S. Sen. Debbie Stabenow, a Clinton supporter, said after the debate that senators, including Sanders, were aware the TARP money would be used to aid the domestic auto industry.

“A lot of folks said we shouldn’t do it because somehow it was helping the banks,” said Stabenow, D-Lansing. “It was the auto bailout we were talking about. I was very clear with colleagues that we had to do this.”

Stabenow’s comment, incidentally, is proof that the money shouldn’t have been granted as it was (it wasn’t spent on auto companies until much later). While she’s right that there had been public discussion of spending some money on the auto bailout, there obviously was still so little limiting what the Executive could do with the money that there needed to be nothing explicit supporting the auto bailout to make it happen. The flimsiness of the guidelines is one of the things that enabled the Obama Administration to avoid providing real foreclosure relief, choosing instead to “foam the runway” for banks.

Don’t get me wrong. Bernie did a number of other things at the debate that hurt him last night, such as his comment about ghettos that suggested all African Americans are poor and no whites are. I think, too, the optics of his efforts to stop Hillary from interrupting him as well as his own gesticulating while she was making responses will go over poorly.

But the auto bailout attack was a pretty shameful ploy, one that otherwise would make it fair game to really hit on Hillary’s own actions in a way Bernie has not yet done. That said, it was also a probably perfectly timed attack, because it will ensure victory for Hillary on Tuesday, eliminating one of the last possibilities that Bernie might really challenge Hillary.

Update: As it turns out, Hillary should be attacking Stabenow according to her own standards, because Stabenow voted no on the first TARP vote that actually paid for the first tranche of funding to the auto companies. (Here’s the second, January 2009 one.)

Why Isn’t Jim Comey Crusading against This Tool Used to Hide Terrorist Secrets?

Several times over the course of Jim Comey’s crusade against strong encryption, I have noted that, if Comey wants to eliminate the tools “bad guys” use to commit crimes, you might as well eliminate the corporation. After all, the corporate structure helped a bunch of banksters do trillions of dollars of damage to the US economy and effectively steal the homes from millions with near-impunity.

It’d be crazy to eliminate the corporation because it’s a tool “bad guys” sometimes use, but that’s the kind of crazy we see in the encryption debate.

Yesterday, Ron Wyden pointed to a more narrow example of the way “bad guys” abuse corporate structures to — among other things — commit terrorism: the shell corporation.

In a letter to Treasury Secretary Jack Lew, he laid out several cases where American shell companies had been used to launder money for crime — including terrorism, broadly defined.

Screen Shot 2016-02-26 at 9.51.49 AM

He then asked for answers about several issues. Summarizing:

  • The White House IRS-registration for beneficial information on corporations probably won’t work. Does Treasury have a better plan? Would the Senate and House proposals to have states or Treasury create such a registry provide the ability to track who really owns a corporation?
  • FinCen has proposed a rule that would not only be easily evaded, but might weaken the existing FATCA standard. Has anyone review this?
  • Does FinCen actually think its rule would identify the natural person behind shell companies?
  • Would requiring financial institutions to report balances held by foreigners help information sharing?

They’re good questions but point, generally, to something more telling. We’re not doing what we need to to prevent our own financial system from being used as a tool for terrorism. Unlike encryption, shell companies don’t have many real benefits to society. Worse, it sounds like Treasury is making the problem worse, not better.

Of course, the really powerful crooks have reasons to want to retain the status quo. And so FBI Director Jim Comey has launched no crusade about this much more obvious tool of crime.

DOJ’s Double Standard on Osama Bin Laden Trophy Photos

Two and a half years ago, I first started pointing to the evidence that several of the guys on the Osama bin Laden operation took trophy photos.

[O]n February 15, 2013, DOJ informed Judicial Watch that CIA had found 7 more photos responsive to their FOIA. That happened just 4 days after Esquire published a splashy story about the guy who claimed to have been the SEAL who actually killed OBL. The current version includes this line.

In the compound, I thought about getting my camera, and I knew we needed to take pictures and ID him.

I had made the connection at the time, and I have a distinct suspicion the language was slightly different in the original (Esquire was making factual corrections along the way but the original is not on Internet Archive), making it clear that the Shooter and possibly others did take pictures, though perhaps not for operational purposes.

What kind of amped up warrior who had just helped kill the bogeyman could resist taking souvenir pictures? Could you blame them, if so?

In any case, I suspected at the time that the reason CIA “located” new photos was because they read about another set of photos in the possession in one of the guys who participated in the op, if not shot the lethal bullet. The ambiguity in the description of McRaven’s order seems to support that.

That is, what SOCOM and CIA appear to be protecting are — in significant part — the personal photos taken by the guys who did the operation.

The Intercept has a story describing how Matt Bissonnette — the guy who wrote No Easy Day — is under continued investigation as a result of having done just that.

It appears the government went after Bissonnette after he published his book, and demanded a cut of his profits and that he turn over a hard drive that had an “unauthorized” picture of OBL.

The retired SEAL voluntarily provided investigators with a copy of his hard drive as part of an agreement not to prosecute him for unlawfully possessing classified material, according to the two people familiar with the deal.

[snip]

Luskin said that he had negotiated a deal in 2014 with the Pentagon and the Justice Department to hand over to the government some of the millions of dollars in book profits Bissonnette had received.

He would not confirm Bissonnette’s possession of the bin Laden photo or whether any investigation still remains open.

But once DOJ got Bissonnette’s hard drive — which according to the Intercept was technically turned over voluntarily (meaning there’d be no warrant to limit the scope of what the government could do with it), they found evidence he may have had side deals associated with his procurement role for the team.

During their search of his hard drive, investigators subsequently found emails and records dealing with Bissonnette’s work as a consultant while he was on active duty at SEAL Team 6. Those records, which were not part of the non-prosecution agreement, led to the widening probe. Federal investigators then became interested in whether Bissonnette’s business ventures with companies that supply military equipment — including companies whose products were used by SEAL Team 6 — were helped by his role in the elite unit’s procurement process, according to one of the people familiar with the case.

Element Group, a company Bissonnette helped set up in Virginia Beach about five years ago, is among the companies NCIS is said to be investigating. According to a former SEAL Team 6 operator familiar with Element Group’s business arrangements, the firm, which has since been shut down, designed prototypes for, and advised, private companies that make sporting and tactical equipment.

According to several former SEAL Team operators familiar with the company, Element Group also did business with at least one Defense Department contractor that sold equipment to SEAL Team 6. The defense contractor, Atlantic Diving Supply, or ADS, has military supply and equipment contracts with SEAL Team 6, according to several former SEAL Team 6 operators, as well as other parts of the departments of Defense and Homeland Security. Federal investigators have been looking into the business relationship between Element Group and ADS.

I don’t defend Bissonnette if his side deals were corrupt. But this is bullshit on several levels.

Of course, many people, including me, have noted that Bissonnette’s book was an attempt to push back on the information asymmetry — and with it, propaganda — that the government uses classification to pull off.

Prosecuting Bissonnette would require admitting that the government used its unilateral authority over the nation’s secrets to tell a fiction–not an egregious one, but still one that served a significant political objective.

Now there are probably legal ways around that problem (they could prosecute Bissonnette for revealing obscure details that no one really cares about, for example). But probably not political ways around it, because at best, it would seem like retaliation for exposing the Administration’s fluffing of the facts.

It appears that Bissonnette has shown that the Administration used its control over secrecy as a political tool, not just an operational one, and to prosecute him, they’d have to make that point even more clear.

In addition, as I noted in a series of posts, DOD did a lot of things that arguably violate classification laws to hide those trophy photos by retroactively classifying them and sending them over to CIA where they’d be further hidden from Judicial Watch and other FOIAs that had already been filed.

[I]f the photos were classified after their FOIA, they would have had to have been classified on a photo by photo basis by the Director of CIA, Deputy Director, or a Senior Agency Official in charge of classifications, the CIA responded by saying that, after the CIA got the photos (which by all appearances happened after the FOIA), they were derivatively classified in accordance with the SAO’s guidance.

CIA doesn’t say whether that official reviewed the photos individually or not. Nor does it explain who wrote “TOP SECRET” on them, without adding all the other required classification markers.

And note how the CIA claims these photos “were always considered to be classified” by them — but not necessarily by SOCOM, which originally had the photos. But they don’t even claim they were always considered to be Top Secret.

If I’m right about the DOD’s efforts to avoid its obligation under FOIA, then it basically went after Bissonnette for improperly handling classified information while it was doing the same thing (albeit to withhold previously unclassified information). Plus, if these photos were unauthorized, classifying them to hide them would amount to classification to hide misconduct.

Finally, whatever the ethical conflicts with Bissonnette’s side deals (they remain under investigation and it’s not clear there was a conflict, in which case this feels like DOJ’s pursuit of NSA whistleblowers Bill Binney et al for their effort to start a business), they’re being investigated at a time when the Intelligence Community has just eliminated some measures designed to facilitate oversight of precisely this kind of conflict. I sure take from that that the powers that be in our IC want to continue to engage in the kind of conflicted business deals that Bissonnette is being investigated for.

Here’s the irony though: I noted James Clapper had pushed that conflict change through, in part because it is so much work to ride herd on conflicts, even while accepting a requirement that his office increase its surveillance of line personnel. I concluded that Clapper has some really funny ideas about insider threats, finding abusive incompetents trading on their position to be less of a problem than leakers.

Clapper’s perfectly willing to expand his bureaucracy to look for leakers, but not to weed out the dangerously incompetent people ordering potential leakers around.

Bissonnette’s problem, I guess, is he was allegedly both, someone who shared information that undercut official propaganda, and someone who traded on his position.

Had he just done the latter everything would have been fine, I guess.