Rattled: China’s Hardware Hack – SMCI’s Response

/11 Comments/in , /by

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response Bloomberg Businessweek received from Super Micro Computer in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Super Micro Computer’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses to Bloomberg’s story will be posted separately.
__________

Supermicro

While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard.[1] We are not aware of any customer dropping Supermicro as a supplier for this type of issue.[2]

[1] (a) “we are not aware” “nor have we been contacted” — who is we?

(b) “nor have we been contacted by any government agency” — has Supermicro been contacted by customers or their auditors or their security teams, contract or not, about security problems?

[2] Were one or more of Supermicro’s customers dropped by their customers because of security concerns including problems with firmware? Are any of the customers or customers of customers U.S. government entities?

Every major corporation in today’s security climate is constantly responding to threats and evolving their security posture. As part of that effort we are in regular contact with a variety of vendors, industry partners and government agencies sharing information on threats, best practices and new tools. This is standard practice in the industry today. However, we have not been in contact with any government agency regarding the issues you raised.[3]

[3] Has Supermicro been in contact with any government agency regarding any security issues including firmware updates?

Furthermore, Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.[4]

[4] Interesting pointer about networking chips. What other motherboard content does Supermicro not design or manufacture, procuring from other companies? What procured motherboard components have firmware associated with them?

Share this entry

Rattled: China’s Hardware Hack – Amazon’s Response

/5 Comments/in , /by

[NB: Note the byline. Portions of my analysis may be speculative. / ~Rayne]

The following analysis includes a copy of an initial response  received from Amazon by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story Amazon’s response was published on October 4 at this link. The text of Amazon’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses by Amazon to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Amazon

It’s untrue that AWS[1] knew about a supply chain compromise, an issue with malicious chips, or hardware modifications[2] when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI[3] to investigate or provide data about malicious hardware.

[1] Identity – were there ever any third-party contractors or representatives involved in the relationship with Elemental? With Supermicro? Are there more than one Amazon subsidiary entity involved in the evaluation, purchasing, implementation of Elemental or Supermicro products into Amazon or its subsidiary enterprise? Which entity submitted this denial to Bloomberg Businessweek: Amazon, AWS, or some other subsidiary?

[2] What about evidence of bad or mismatched firmware and firmware updates?

[3] Did any law enforcement, military, or intelligence agency work with Amazon or any of its subsidiaries or contractors to investigate or provide data on hardware which failed to operate to specification or as expected?

We’ve re-reviewed our records[4] relating to the Elemental acquisition for any issues related to SuperMicro, including re-examining a third-party security audit[5] that we conducted in 2015 as part of our due diligence prior to the acquisition. We’ve found no evidence to support claims of malicious chips or hardware modifications.[6]

[4] “our records” — whose records and what kind? Identity needs clarification as well as the type of records.

[5] Who is the third-party security auditor? How and why were they engaged?

[6] What about evidence of bad or mismatched firmware and firmware updates?

The pre-acquisition audit described four issues with a web application (not hardware or chips)[7] that SuperMicro provides for management of their motherboards. All these findings were fully addressed before we acquired Elemental. The first two issues, which the auditor[8] deemed as critical, related to a vulnerability in versions prior to 3.15 of this web application (our audit covered prior versions of Elemental appliances as well), and these vulnerabilities had been publicly disclosed by SuperMicro on 12/13/2013.[9]

[7] “web application” — but not firmware?

[8] Is this still the unnamed third-party security auditor or an internal auditor employed by Amazon or a subsidiary?

[9] How was this “publicly disclosed by SuperMicro”? SMCI’s website does not currently have either a press release or an SEC filing matching this date (see screenshots at bottom of this page).

Because Elemental appliances are not designed to be exposed to the public internet, our customers are protected against the vulnerability by default.[10] Nevertheless, the Elemental team had taken the extra action on or about 1/9/2014 to communicate with customers and provide instructions to download a new version of the web application from SuperMicro (and after 1/9/2014, all appliances shipped by Elemental had updated versions of the web application).[11] So, the two “critical” issues that the auditor found, were actually fixed long before we acquired Elemental. The remaining two non-critical issues with the web application were determined to be fully mitigated by the auditors if customers used the appliances as intended, without exposing them to the public internet.[12]

[10] “exposed to the public internet” — did customer data run through Elemental’s Supermicro devices between 2013 and 2015?

[11] What about firmware?

[12] Did customer data still run through devices with the two non-critical issues? Are any machines with these non-critical issues still in production?

Additionally, in June 2018, researchers made public reports of vulnerabilities in SuperMicro firmware.[13] As part of our standard operating procedure, we notified affected customers promptly, and recommended they upgrade the firmware in their appliances.[14]

[13] Researchers at Eclypsium are reported to have told Supermicro of vulnerabilities in January 2018. When was Amazon, AWS, or other Amazon subsidiary notified of these vulnerabilties?

[14] Give the six-month gap between Eclypsium’s notification to Supermicro and the public’s notification, when were Amazon’s, AWS’, or other Amazon subsidiary’s customers notified of these vulnerabilties?

__________

Screenshots

Supermicro’s SEC filings – last of year 2013:

Supermicro’s press releases – last of year 2013:

Share this entry

Rattled: China’s Hardware Hack – Apple’s Response

/5 Comments/in , /by

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response received from Apple by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Apple’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses from Apple to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Apple

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple.[1] Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them.[2] We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.[3]

[1] Phrasing avoids who made the allegation(s).

[2] “rigorous internal investigations” doesn’t describe what they actually investigated; “each time” refers to investigations AFTER Bloomberg contacted Apple, AFTER 2016 when Apple had broken off relations with Supermicro.

[3] “refuting virtually aspect” does not mean “every and all.”

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.[4] Apple never had any contact with the FBI or any other agency about such an incident.[5] We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

[4] (a) What about problems with firmware updates, including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

(b) “purposely planted in any server” refers not to Supermicro’s motherboards but Elemental or other server assemblies.

[5] What about contact with any government agency regarding firmware? What about contact with a third-party entity regarding firmware problems, including security researchers?

[6] This phrasing focuses on law enforcement but not on other possibilities like intelligence entities or non-law enforcement functions like Commerce or Treasury Departments.

In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers;[7] Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips.[9]

[7] (a) What about earlier versions of Bloomberg’s narrative the public hasn’t seen?

(b) Did Siri and Topsy ever share a data farm facility?

[8] (a) Was Siri ever deployed on Elemental brand servers?

(b) Was Topsy ever deployed on Elemental brand servers?

[9] Did any of the servers on which Siri and Topsy were deployed experience firmware problems including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.[10]

[10] Is this a statement of current practices or practices during the period of time about which Bloomberg reported? Why did Apple end its relationship with Supermicro?

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs.[11] That one-time event was determined to be accidental and not a targeted attack against Apple.[12]

[11] Gaslighting about the journalists’ credibility. Have there ever been any servers from Elemental or other server manufacturer with “infected drivers,” including the “single Super Micro server in one of our labs”? Were any servers of any make with “infected drivers” in production environments, whether they faced customers or not?

[12] How is an “infected driver” an accident?

While there has been no claim that customer data was involved, we take these allegations seriously and we want users to know that we do everything possible to safeguard the personal information they entrust to us.[13] We also want them to know that what Bloomberg is reporting about Apple is inaccurate.[14]

[13] This is not the same as saying “customer data was not exposed.”

[14] “inaccurate” but not “wrong,” “erroneous,” “false,” or “untrue”?

Apple has always believed in being transparent about the ways we handle and protect data.[15] If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement.[16] Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.[17]

[15] Tell us about iPhone encryption.

[16] “an event” is not “events”. “Forthcoming” may not mean “public disclosure” or “reveal that we are under non-disclosure agreements.” “Would work closely with law enforcement” is not the same as “working with intelligence community,” or “working with Commerce/Treasury Departments.”

[17] No specific mention of nation-state actors.

Share this entry

Rattled: China’s Hardware Hack

/31 Comments/in , /by

[NB: Note the byline. Portions of my analysis may be speculative. / ~Rayne]

As I noted in my last Three Things post, information security folks are rattled by the October 4 Bloomberg Businessweek report that extremely tiny microchips may have been covertly embedded in motherboards used by U.S. businesses.

Their cognitive dissonance runs in two general directions — the feasibility of implanting a chip at scale, and the ability of such a chip to provide a viable backdoor to a device.

Hardware security researchers and professionals have been debating manufacturing feasibility and chip ability across Twitter. Joe Fitz’ recent tweet threads suggest implantation of a rogue chip is entirely doable on a mechanical basis though what happens once a chip has been embedded must be assessed from a software perspective. Fitz is not alone in his assessment; other professionals and academics believe it’s possible to insert a ‘malicious’ chip. Computer security academic Nicholas Weaver pointed to small devices which could do exactly what the Bloomberg report suggested if these tiny objects were embedded into motherboards during manufacturing.

The feasibility also requires the right opportunity — a confluence of personnel, manufacturing capability and capacity, timing and traceability. Let’s say a rogue or compromised employee manages to slip chips into a batch of motherboards; which ones? To whom will they ship? How could a rogue/compromised employee ensure the motherboards left the facility undetected?

The Bloomberg report paints the U.S.-based Supermicro plant as a perfect environment in which such hardware infiltration could happen easily. With employees divided by two very different languages — English-speakers far less likely to understand Mandarin-speakers — discussions between multiple rogue/compromised employees could be very easy as would be sharing of written instructions. Supermicro’s ISO certifications for standards 9001, 13485, 14001, and 27001 may shed some light on how the company expected to manage two different languages in the same workplace.

One could argue a bilingual workplace shouldn’t pose a challenge given how many companies already use English/Spanish, English/French, or English/German. Compare, however, these words:

English: hardware

German: either hardware or computerhardware

French: either hardware or le matériel

Spanish: either hardware or los equipos

Mandarin: 硬件 (yìng jiàn)

With enough exposure the average English-as-primary-language worker could readily understand the most common western language words for equipment they were manufacturing. It would take considerably more investment in education to recognize and understand a pictographic language making casual quality control difficult.

The environment is even more challenging for mixed language staff in manufacturing plants located in China.

~ | ~ | ~

Let’s look at a timeline of events leading up to the Bloomberg report this week. Note how often the word ‘firmware‘ is used in this timeline and in the responses from Apple and Amazon to the Bloomberg story:

1993 — Charles Liang launched Supermicro.

2007 — Social search analytics company Topsy founded.

2005 — Defence Science Board warned “trojan horse” chips bought overseas could negatively affective military systems.

2008 — BusinessWeek reported that fake Chinese-made microchips had entered the military’s supply chain causing system crashes.

2010 — Defence Department bought 59,000 chips, unaware they were counterfeit.

2Q2011 — China denied entry visas to senators Levin and McCain staff for congressional probe in Guangdong province.

October 2011 — Apple releases Siri.

December 2013 — Apple acquired  Topsy.

December 2013 — Supermicro publicly disclosed vulnerability/ies in a web application related to management of motherboards (Amazon response, email Oct 2018)

December 2013 — CBS’ 60 Minutes program aired a story about the NSA in which a plot involving a rogue BIOS had been identified.

First half 2014 (date TBD) — Intelligence officials tell White House that PRC’s military would infiltrate Supermicro’s motherboard production with microchips intended for the U.S. market.

January 2014 — Elemental communicated to existing customers that a new version of the web app was available for download; equipment shipped after this date had updated versions of the web app. (Amazon response, email Oct 2018)

Early 2015 — Amazon launched pre-acquistion evaluation of startup Elemental Technologies which used Supermicro motherboards in servers it made.

Late spring 2015 — Elemental sent several servers to Ontario CAN for testing by third-party security firm. It found non-spec chips on server motherboards. (Bloomberg report)

May 2015 — Apple detected unusual network activity and experienced firmware problems.

Summer 2015 — Apple found non-spec chips on Supermicro motherboards Apple bought from Supermicro. (Bloomberg report)

September 2015 — Amazon announced its acquisition of Elemental.

December 2015 — Apple shut down Topsy.

Mid-2016 — Apple broke off its relationship with Supermicro.

June 2018 — Researchers publicized vulnerabilties found in Supermicro firmware. AWS notified customers and recommended a firmware upgrade. (Amazon response, email Oct 2018)

October 2018 — Amazon, Apple, Supermicro, and PRC submitted responses denying Bloomberg’s report. (Published by Bloomberg)

~ | ~ | ~

Follow up reporting by other news outlets increase the layers of denial that cloud companies Amazon and Apple were affected by a possible breach of the hardware supply chain.

Some have asked if Bloomberg’s report is merely an attempt to undermine Amazon and Apple, which are the two most valuable companies in the U.S. and in Apple’s case, the world.

It is their value and their place in the stock market along with the customers they serve which may drive some of the denial.

Remember that Amazon’s AWS has provided hosting to U.S. government agencies. Government employees also use Apple iPhones and by extension, Apple’s cloud services. Is it at all possible that in providing services to government agencies these corporations and/or their subsidiaries have been read into programs obligating a degree of secrecy which includes denial of vulnerabilities and breaches which do not affect directly the average non-governmental user of Amazon and Apple products and services?

~ | ~ | ~

There are additional events which appear to have happened independently of the alleged hardware supply chain infiltration. They may be extremely important and highly relevant if looked at from an industry and intelligence perspective.

March 2014Freescale Semiconductor lost 20 employees in apparent crash of Malaysia Air flight MH370 en route to Beijing. The employees were supposed to begin work on a new chip manufacturing facility in China. While Freescale’s chips were not those one might ordinarily associate with server motherboards, it’s worth asking if Freescale at that time had any chips which might have served as server chips, or if they could work as illicit hardware hacks when embedded in a motherboard. Freescale has since been acquired by NXP.

Late 2010 — Beginning in late 2010, China identified and executed a network of U.S. agents within its borders over a two-year period, resulting in the deaths of at least 30 persons and the prosecution of former CIA agent Jerry Chung Shin Lee who worked as an informant for PRC. The exposure of these spies was blamed in part on a compromised communications system which had been previously used in the middle east. Due to compartmentalization of the project, it’s reported Lee could not have identified the agents, placing more emphasis on the communications system.

Mid-2011 — China refused visas to staff for senators Carl Levin and John McCain for the purposes of investigating electronic components manufacturing in city of Shenzhen in Guangdong province. The congressional probe sought the source of counterfeit parts which had entered the U.S. military’s supply chain; U.S. Commerce Department reported in January 2010 that 400 companies surveyed “overwhelmingly cited China” as the point of origin for counterfeit parts.

These events spawn more questions when looking at technology supply chain hacking and communications systems which rely on this supply chain.

Did Freescale’s plans to expand production in China pose a risk to the hardware supply chain hack? Or was it simply a fluke that a substantive portion of the company’s manufacturing engineers disappeared on that flight? Though Freescale originated in Austin, Texas, it had a presence in China since 1992 with at least eight design labs and manufacturing facilities in China as of 2014.

Was the communications system used by doomed U.S. assets in China affected not by tradecraft or betrayal, or even by counterfeit parts, but by the hardware supply chain hack — and at an even earlier date than the timeline of events shown above related to Supermicro’s compromised motherboard production?

Did China refuse admittance to Guangdong province in 2011 related not to counterfeit parts but to the possibility that supply chain hacks beyond counterfeiting alone might be revealed?

Is the supply chain hack reported by Bloomberg part of a much larger security threat which has been slowly revealed but not widely acknowledged because the threat has been viewed through narrow military, or intelligence, or tech industry lenses?

The tech industry may be rattled by allegations that the computer hardware supply chain has been hacked. But the possibility this hack has gone on much longer and with massive potential collateral damage may truly shake them up.

~ | ~ | ~

There is a third train of cognitive dissonance, not limited to information security professionals. Persons outside the tech industry have indulged in denialism, taking comfort in the aggressive pushback by Apple and Amazon which each claim in their own way that the Bloomberg report is inaccurate. (I have an analysis of the early responses by Apple and Amazon; I will also examine later expanded responses as well as Supermicro’s and PRC’s responses as soon as time permits.)

But there have been reports for years about counterfeit electronic components, obstruction of investigations into these components, system failures which could be attributed to hardware or software which do not meet specifications. Cognitive dissonance also resists Bloomberg’s report that as many as 30 U.S. companies were affected, not just Apple and Amazon which have offered up high-profile rebuttals.

And there have been reports in industries outside of cloud services and the military where off specification or counterfeit electronic components have made it into production. One such anecdote appears in a thread at Hacker News YCombinator, discussing credit card payment systems and development of screening systems requiring application of tests using angular momentum to determine if a board has been altered without breaking the board’s tamper-proof seal.

In addition to his early tweets assessing feasibility of malicious or covert off-spec chips added to motherboards, Nicholas Weaver wrote a post for Lawfare about the Bloomberg report.

The Bloomberg story also explains a previous mystery: in 2016, Apple quietly removed all SuperMicro servers from their products due to an unspecified “Security Incident.”  At the time the rumor was that SuperMicro provided a sabotaged BIOS—that is, the bootstrap program used to start the computer, another “god mode” target for compromise. Apple denied then that there was any security incident—just as they are denying one now.

This incident once again illustrates the “Coventry problem,” referring to Winston Churchill’s apocryphal decision not to prevent the bombing of Coventry in order to keep secret that British intelligence had decrypted the Enigma machine. Robertson and Riley describe a U.S. intelligence apparatus that knew of these ongoing attacks, but could not effectively notify the affected companies nor provide useful recommendations. If the intelligence community had warned these companies, it would probably have revealed to the Chinese that the U.S. was aware of these activities, as well as potentially compromise an ongoing FBI investigation described in the article.

Weaver called the suspect Supermicro firmware a ‘BIOS’ — the first use of this term across multiple reports covering the Bloomberg report and its aftermath. This change in nomenclature is critical, particularly so given the point he makes about the “Coventry problem.” The term ‘BIOS’ does not appear in the early responses from Apple, Amazon, or Supermicro.

In December 2013, CBS’ 60 Minutes aired a report about the NSA; it appeared at the time to puff up the agency after the publication of Edward Snowden’s leaked documents about the government’s domestic spying using  PRISM. Within the story was a claim about a thwarted cyberattack:

Debora Plunkett: One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability— to destroy computers.

John Miller: To destroy computers.

Debora Plunkett: To destroy computers. So the BIOS is a basic input, output system. It’s, like, the foundational component firmware of a computer. You start your computer up. The BIOS kicks in. It activates hardware. It activates the operating system. It turns on the computer.

This is the BIOS system which starts most computers. The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer.

John Miller: So, this basically would have gone into the system that starts up the computer, runs the systems, tells it what to do.

Debora Plunkett: That’s right.

John Miller: —and basically turned it into a cinderblock.

Debora Plunkett: A brick.

John Miller: And after that, there wouldn’t be much you could do with that computer.

The description sounds remarkably like the rogue firmware update in concert with a malicious/covert chip.

The manner in which this report was handled by the NSA, however, made it appear like disinformation. The assessment that such firmware would be used solely brick a device heightened the FUD around this report, deterring questions about applications other than bricking a device — like taking control of the computer, or collecting all its transaction and data. Was the FUD-enhanced release via 60 Minutes the intelligence community’s approach to the “Coventry problem”?

~ | ~ | ~

The problem Bloomberg’s Jordan Robertson and Michael Riley reported is probably much bigger than they described. It is bigger than Supermicro motherboards and firmware, and it’s not a problem of the near-term future but ongoing over the last decade.

At what point will U.S. industries organize a collective response to both counterfeit and off-specification manufacturing of electronic components overseas? They can’t count on a calm and rational response from the Trump administration given the unnecessary trade war it launched against China.
_____

Disclosure: I have positions in AAPL and AMZN in my investment portfolio.

Share this entry

Three Things: Russia and China Spying, Kavanope

/241 Comments/in , , , /by

[NB: Yes, it’s Rayne, not Marcy. Check the byline.]

Huge news earlier today related to spying. Really big. MASSIVE.

And a MASSIVE cover-up pawned off on the feeble-minded as a ‘complete investigation‘ into Dr. Ford’s and Deborah Ramirez’s accusations against Brett Kavanaugh.

~ 3 ~

Bloomberg published an epic piece of investigative journalism this morning about China’s spying on U.S. businesses by way of tiny chips embedded in server motherboards. The photos in the story are just as important as the must-read story itself as they crystallize a challenge for U.S. intelligence and tech communities. Like this pic:

That tiny pale obelisk to the right of the penny represents one of the malicious chips found in affected Supermicro brand motherboards shipped to the U.S. market — nearly as small as the numbers in the date on the coin. Imagine looking for something this puny before a machine is turned on and begins to launch its operating system. Imagine trying to find it when it is sandwiched inside the board itself, embedded in the fiberglass on top of which components are cemented.

The chip could undermine encryption and passwords, making any system open to those who know about its presence. According to Bloomberg reporters  Jordan Robertson and Michael Riley, the chips found their way into motherboards used by Apple and Amazon.

Information security folks are scrambling right now because this report rocks their assumptions about the supply chain and their overall infosec worldview. Quite a few doubt this Bloomberg report, their skepticism heightened by the carefully worded denials offered by affected and relevant parties Apple, Amazon, Supermicro, and China. Apple provided an itemization of what it believed Bloomberg Businessweek got wrong along with its denial.

I’ll have more on this in a future post. Yes, indeedy.

~ 2 ~

A cooperative, organized response by Britain, The Netherlands, U.S., and Canada today included the indictment of seven Russians by the U.S. for conspiracy, conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to launder money. The Russians have been identified as members of a GRU team organized out of a facility in Moscow, working on hacking and a disinformation influence campaign focused on anti-doping entities and non-Russian Olympic athletic competitors.

Note the underlined bit in this excerpt from the indictment (pdf) — the last indictment I copied with similar wording was that of Evgeny Buryakov and his two comrades, the three spies based in New York City who worked with “Male-1”, now known to be Carter Page. Who are the known and unknown? Persons who have flipped or co-conspirators yet to be named?

The UK released a statement as did the Canadians, and Netherlands issued a joint statement with the UK about the entirety of spying for which this GRU team is believed to be responsible, including an attempt to breach the Organisation for the Prohibition of Chemical Weapons’ (OPCW) facility analyzing the Novichok nerve agent used to poison the Skripals in the UK as well as chemicals used against Syrians.

Cryptocurrency news outlets report concerns that this indictment reveals the extent of USDOJ’s ability to trace cryptocurrency.

An interesting coincidence took place overnight as well — Russian Deputy Attorney General Saak Karapetyan died last night when an unauthorized helicopter flight crashed northeast of Moscow. Karapetyan had been linked this past January to Natalia Veselnitskaya and an attempt to recruit Switzerland’s top investigator as double-agents. But Karapetyan had also been involved in Russia’s response to the poisoning of Alexander Litvinenko and the aftermath of the Skripals’ poisoning in the UK.

What remarkable timing.

One might wonder if this accident had anything to do with the unusual release of GRU personnel details by the Dutch Military Intelligence and Security Service (MIVD) and the United Kingdom’s Ministry of Justice during their joint statement today.

By comparing the released identity documents, passports, automobile registrations and the address provided when cars were rented, the identities of a total 305 GRU agents may have been identified by bellingcat and The Insider including the four out of the seven men wanted by the U.S. for the anti-doping hackingas well as attempted breach of OPCW.

The identity of the four GRU agents accused of targeting the OPCW was cinched by a taxi receipt in one agent’s pocket from a location on the road next to the GRU’s facility in Russia. Four agents also had consecutive passport numbers.

What remarkably bad opsec.

~ 1 ~

As for the impending vote on Brett Kavanaugh:

– Senator Heidi Heitkamp is voting her conscience — NO on Kavanaugh.
– Senator Joe Manchin is now the lone Dem holdout; he says he’s still listening but hasn’t seen anything incriminating from Kavanaugh’s adulthood. (Gee, I wonder why.)
– Senator Bob Menendez didn’t mince words. He said “It’s a bullshit investigation.” (He should know what a thorough investigation looks like).

And the beer-loving former Yale frat boy had an op-ed published in the Wall Street Journal which pleads with us to lose all intelligence and believe that he is really very neutral. I am not even going to link to that POS which has re-enraged women all over the country.

GTFO.

Continue calling your senators to thank them for a NO vote on Kavanaugh so that they aren’t hearing right-wing demands alone. Congressional switchboard: (202) 224-3121

~ 0 ~

This is an open thread. Sic ’em.

Share this entry

Three Things: CRC—What? An Indictment, Plus Shut Downs Ahead

/50 Comments/in , , , /by

[NB: As always, check the byline. / ~Rayne]

Brett Kavanaugh’s nomination and confirmation process is an 800-pound gorilla in the media, as is the potential for the obstructive removal of Rod Rosenstein as Deputy Attorney General. They suck up enormous amounts of mental wattage, sitting wherever they want to sit.

Here are three things which are in some way related and worth more of our attention, whatever is left after the gorillas are done with it.

~ 3 ~

CRC: One degree from Manafort

Thomas Fine went prowling around FARA filings, landing this juicy find (pdf):

Yes, Creative Response Concepts, Inc., the same firm for which Ed Whelan has worked, registered in 2005 as a foreign agent for Viktor Yanukovych — the same Yanukovych for which Paul Manafort also worked as an illegal foreign agent. CRC was paid $10,000 by Potomac Communications Group, for which Aleksei Kiselev worked. Kiselev also worked for Paul Manafort to assist Yanukovych.

What a small, small world.

Should note CRC’s registration was after the fact — they were contracted for April-October 2003. Why so late?

(Thanks to @JamesFourM for the PCG-Kiselev-Manafort link.)

~ 2 ~

Indictment yesterday related to Trump Towers…in Azerbaijan

Didn’t see this until late last night: DOJ indicted Kemal “Kevin” Oksuz (pdf) on one count of hiding or falsifying material facts and four counts of making false statements to the U.S. House of Representatives Committee on Ethics. The filings were related to a Congressional trip to Azerbaijan ultimately paid for by State Oil Company of Azerbaijan Republic (SOCAR), the wholly state-owned national oil and gas company of Azerbaijan.

Oksuz is now a fugitive.

Ten members of Congress and 32 staffers traveled in 2013 to attend a U.S.-Azerbaijan convention in Baku after Azerbaijan had asked Congress for an exemption from sanctions on Iran for a $28 billion natural gas pipeline project. The members and staffers were later cleared as it appeared they believed the trip’s funding was provided by Oksuz’s nonprofit organization.

Personally, I think those members and staffers needed a rebuke. Nonprofits don’t print money; they rely on money from donors. Follow the money to the donors before accepting a trip and incidentals. It’s not rocket science.

Worth keeping in mind the Trump International Hotel & Tower built in Baku, overseen by Ivanka Trump, which burned in late April this year — an amazing two fires, same day. What are the odds?

~ 1 ~

Shutdowns Ahead: U.S.-Canada and U.S. Government?

Doesn’t look like negotiations between the U.S. and Canada are going to make this Saturday’s deadline. No idea what will happen after that. We all know the Trump administration has been at fault; how could anybody screw up a long-term peaceful relationship like U.S.-Canada, our second largest trading partner after China, without deliberate bad faith? Without the intent to screw over another NATO member’s economy?

And the U.S. government itself faces a budget deadline. If the “minibus” budget bill isn’t signed by midnight this coming Sunday we’re looking at a shutdown and it appears the bottleneck may be Trump. The jerks at Breitbart are fomenting to encourage a shutdown by insisting Trump refuse to sign the bill — they’re just plain malicious, thinking not at all about the impact on fellow Americans or the economy.

Putin must be laughing his ass off at how easily the GOP’s white nationalist base has subverted U.S. and NATO stability by giving up control to a mobbed-up, golf-addicted, attention-deficient wig.

~ 0 ~

Don’t miss Marcy’s interview on Democracy Now in which she talks about Rod Rosenstein’s status and the Kavanaugh confirmation process.

Treat this like an open thread — have at it.

p.s. A note on site operations: Please be sure to use the same username and email address each time you log into the site. It makes it easier for community members to get to know you. Deliberate sockpuppeting is not permitted.

Share this entry

Legal Ethics in Trumplandia

/27 Comments/in , /by

Warning: this post may be considered uncivil.

I was a public servant for 6 ½ years. I was an assistant in the Tennessee State Attorney General’s office beginning in mid-1977, and became Securities Commissioner in the Insurance Department in mid-1980. In that time I dealt with a number of interesting ethical issues, directly and indirectly. Where do we draw the line between defending the constitutionality of a questionable statute? Should we intervene in a specific case for public policy reasons? Should we defend a lawsuit against a state employee?

Particularly difficult questions arose when suits were filed alleging systematic violations of law or human rights. The Alcoholic Beverage Commission was being bribed into approving liquor licenses, for example. A worse case involved guards sexually assaulting juvenile detainees. I won’t discuss these cases even now, but I learned the importance of making decisions as a lawyer that kept my conscience clear.

It must be like this every half-hour nowadays for career Department of Justice lawyers. The ignorant policy decisions, the incompetent drafting, the table-pounding public statements on top of difficult questions of constitutional law and statutory interpretation must make for situations that are fascinating, difficult, and even funny in a bizarre way. I don’t have a problem with career lawyers defending the policies of this or any administration. I do question some of their arguments. For example, in the Muslim Ban cases they argued that public statements made as candidate and as President aren’t relevant, which seems ridiculous, but SCOTUS disagrees with me so I was wrong. Or something was wrong. But anyway, I know this must be exhilarating for those people, and I hope they are finding the pleasure that I can see from a distance in the kinds of issues they face.

That doesn’t apply to the Child Snatching Case. Or, as the normalizing media call it, the Child Separation Policy. The facts of the matter are not seriously disputed. As a matter of policy, every person deemed to have entered the US illegally is charged with a crime. That includes people lawfully seeking asylum. Their children are snatched from their arms and sent thousands of miles away. The parents are jailed. The kids are kept in cages before transfer, often to horrifying profit-making entities where care is minimal. Some of the kids are drugged without their consent or that of their parents. The government doesn’t know where the kids are or how to reunite them. Some of the parents were deported without their children. The policy of referring all immigrants for prosecution may have been dropped recently.

The policy was put into effect secretly, with no notice, in the Summer of 2017, and the government formally admitted it April 6, 2018. At least 2,000 thousand children were snatched. Here’s a short history from the New Yorker.

The ACLU filed suit February 26, 2018 on behalf of a Congolese woman who sought asylum for herself and her 7 year old daughter who were separated pursuant to the policy. DOJ lawyers entered an appearance March 23, and filed a motion to dismiss April 6. The ACLU filed an amended complaint, and then a request for a preliminary injunction. The DOJ lawyers objected. A hearing was held in June, and a preliminary injunction entered June 26. It became clear at that point that the Trump Administration couldn’t find kids, didn’t know which kid went with which parent, and didn’t have any way to find the parents who had been deported without their children.

Buzzfeed has done a good job reporting on this case. Here’s a report by Adolfo Flores on the July 7 hearing that clarified the sickening state of the records and the failure of the Trump Administration to protect the children. Here’s Zoe Tillman’s report on the status as of July 9. Apparently one family that was separated were US citizens.

This policy punishes parents, many of whom are innocent, without due process. All of the children are damaged, and they are all innocent of any wrong-doing. The punishment is cruel and unusual in the sense normal people use those words.

The policy, if this unplanned and undocumented perversion can be called a policy, was imposed by US Attorney General Jeff Sessions. He says it was designed to deter families from illegal entry, but that is an easily disproved lie. It couldn’t work if it wasn’t public. It couldn’t work if entry is legal, as in the case of those seeking asylum. And it could never work against the children. This people who designed and approved this policy are sadists. They’re just the latest version of US monsters, like the torturers, the liars who ginned up the Iraq War, and the armchair warriors who send out the bombers and cruise missiles as the mood or politics strikes them. We have no recourse against them. They are beyond the reach of law or conscience. They are beyond accountability.

The people who are carrying out this policy are the only people who could have ended it. They didn’t. They are complicit and each one bears a share of guilt.

That includes the lawyers who defended the case. Assuming a minimum degree of competence, I speculate that the DOJ lawyers in the ACLU case knew about the policy and had some idea of the scope of the damage by mid-March. They certainly knew about the policy and its purpose by the date of the public announcement, April 6, the day they filed the motion to dismiss. They then chose to continue to litigate rather than work to terminate of this inhuman policy and stop the damage, and failing that, to resign noisily, They had choices; hard choices to be sure because the policy was designed by their political boss, Jeff Sessions, but still choices.

The effect of their decision to continue litigating is that the life of the policy was prolonged for months and more children were snatched. Other workers were put in a position where they may have felt they had no choice but to enforce the policy. The government and its private contractors continued to abuse the parents and especially the children. The resources of charitable organizations and others working on this disaster were depleted. Surely the lawyers didn’t need the money or the job that badly.

They may still have a conscience. If so, I hope it eats at them all their lives. I hope they have to explain their actions to their children. I hope the memory of toddlers screaming for their moms and dads comes to them in the night and gives them sweats. It’s a fair price to pay for the damage they have done to thousands of children and their parents.

Share this entry

Putin Just Set Up Trump To Be Humiliated by the Most Loathed Man in the World

/36 Comments/in /by

Shot

“So what do you think I should do about North Korea?” he asked Putin in their November 2017 telephone call, according to U.S. officials. Some of those officials saw the request for advice as naive — a sign that Trump believes the two countries are partners in the effort to denuclearize the Korean Peninsula. Other officials described Trump’s query as a savvy effort to flatter and win over the Russian leader, whose country borders North Korea and has long been involved in diplomacy over its nuclear program.

Chaser

Share this entry

Angry Mom: Hey Attention Deficit Media, Catch a Clue!

/99 Comments/in , , , /by

I don’t even have a real post for this. I am so goddamned angry right now. Apparently the news media needs a recap on priorities.

There are thousands of children kidnapped by this administration, being trafficked under the guise of immigration control and border protection, shoved into all manner of care situations.

They don’t have anything to give them comfort; they are being permanently damaged at the cellular level by the stress they’ve been placed under by a heartless, thoughtless, incompetent bureaucracy.

There is no assurance so far that they are being tracked in any way.

There is no assurance they are not being abused.

Their parents are worried sick and equally damaged by these kidnappings, with no assurance they will ever be reunited with their children.

All for a misdemeanor offense of crossing a border in order to file for asylum.

The administration is making zero effort to address the root problems causing these refugees when they could be talking bilaterally with Mexico and Central American countries — they are simply not acting in good faith in any way.

The White House wants to rob Peter to pay Paul, expecting Defense Department to domestic policing.

We’re looking at executive-sanctioned kidnapping. Child abuse. Genocide by separation. Violation of Posse Comitatus Act. Possible human trafficking to unknown entities outside of government custody.

And the goddamned news media is chasing Trump’s human shield — the illegal immigrant who became legal by sleeping with a rich white dude — because of her idiotic attire. Be fucking best, indeed.

PAY ATTENTION, DAMN IT.

Where are the girls, the babies, all of the children? Where are the sick ones? And where are the dead ones?

Democratic elected officials have been trying to get answers, but they are denied access. A bipartisan group of mayors was refused access today in Texas. There’s too little coverage of this systematic denial preventing us from knowing what’s been done in our name with our tax dollars.

Do your damned jobs, media, and catch a clue. Quit chasing a deliberate distraction. There is nothing going on in or around that cheap women’s jacket which will solve the massive human-caused humanitarian disaster under way.

____

Use this as an open thread. Emphasis on media failures under the Trump administration, please.

Share this entry

Angry Mom: Hiding the Trumpian Genocide’s Records

/43 Comments/in , , , /by

When I think can’t get any angrier at this miserable excuse for governance, the Trump administration proves there isn’t a limit to how low they will go.

Sleazy, unlawful executive action without adequate oversight followed by a fog of obfuscation and prevarication is bad enough. The administration will now double down now to hide what it’s done and hope like hell nobody notices.

It doesn’t help that members of Congress, journalists, and the public still haven’t grasped the true nature of the crimes before them.

The Trump administration hasn’t merely ignored or broken existing U.S. laws on handling of asylum seekers. See 8 U.S. Code § 1158:

(a) Authority to apply for asylum
(1) In general
Any alien who is physically present in the United States or who arrives in the United States (whether or not at a designated port of arrival and including an alien who is brought to the United States after having been interdicted in international or United States waters), irrespective of such alien’s status, may apply for asylum in accordance with this section or, where applicable, section 1225(b) of this title.

(2) Exceptions
(A) Safe third country
Paragraph (1) shall not apply to an alien if the Attorney General determines that the alien may be removed, pursuant to a bilateral or multilateral agreement, to a country (other than the country of the alien’s nationality or, in the case of an alien having no nationality, the country of the alien’s last habitual residence) in which the alien’s life or freedom would not be threatened on account of race, religion, nationality, membership in a particular social group, or political opinion, and where the alien would have access to a full and fair procedure for determining a claim to asylum or equivalent temporary protection, unless the Attorney General finds that it is in the public interest for the alien to receive asylum in the United States.

(B) Time limit
Subject to subparagraph (D), paragraph (1) shall not apply to an alien unless the alien demonstrates by clear and convincing evidence that the application has been filed within 1 year after the date of the alien’s arrival in the United States.

There’s more but the key part in boldface above. The “zero tolerance” approach to border protection violated this code. Asylum seekers do not have to apply from outside the country; they can apply once inside the country. I’m not a lawyer but I don’t see anything here that indicates asylum seekers are suddenly not eligible to apply for asylum because they crossed the border.

And nothing in the entirety of 8 U.S. Code § 1158 indicates the government may take custody of asylum seekers’ minor children with or without force.

Note also where the asylum seekers may apply — they are NOT limited to designated ports.

DHS Secretary Nielsen’s claim that border crossers had not applied through ports of entry is a lie because it wasn’t required of them.

What happens to the children appears to fit the description of kidnapping (18 U.S. Code § 1201), including section (a)(3), an “act against the person is done within the special aircraft jurisdiction of the United States as defined in section 46501 of title 49” for those children who are flown by aircraft to other destinations in the U.S. out of their parents’ physical custody. It’s no wonder carriers like United Airlines and American Airlines wrote and published letters yesterday telling DHS to stop using their services for moving the children across the country.

The conditions in which many of the children have been placed also appear to be abusive; based on the children seen so far there are reports of not enough food, sedation, restraints, disruption to sleep habits, etc.

But that’s not the end of it. The entire separation of children from their families appears to be genocide under The Convention on the Prevention and Punishment of the Crime of Genocide which the U.S. has signed (1948) and ratified (1988):

Article 2
In the present Convention, genocide means any of the following acts committed
with intent to destroy, in whole or in part, a national, ethnical, racial or religious
group, as such:
(a) Killing members of the group;
(b) Causing serious bodily or mental harm to members of the group;
(c) Deliberately inflicting on the group conditions of life calculated to bring about
its physical destruction in whole or in part;
(d) Imposing measures intended to prevent births within the group;
(e) Forcibly transferring children of the group to another group.

We have not yet seen evidence of child deaths, but section (b) is likely and (e) of Article 2 is definite — the children are now in custody of the United States government and disbursed to others’ care.

Wednesday’s executive order does nothing to remedy the situation. It doesn’t even stop the separation of children from families due to its murky wording. It exacerbates the problem by foisting some of the responsibility on the military, placing the Defense Department at odds with the Posse Comitatus Act (18 U.S. Code § 1385) as the EO expects the military to perform a domestic function — DHS’ border patrol and immigration services — which is not in response to a natural disaster.

(Oh, this is definitely a disaster, but it is human made.)

Ordering the military to provide assistance also draws defense resources away from where they may be needed, potentially creating security risks.

And yet this is not enough insult. DHS’ Immigration and Customs Enforcement (ICE) asked the National Archives and Records Administration (NARA) last year if it could change its record retention practices, according to The Memory Hole:

Immigration and Customs Enforcement (ICE) has asked for permission to destroy all its documents about the deaths of detained immigrants in custody 20 years after a case is “closed.” (Deaths in ICE custody are almost always investigated by ICE itself. A minority are investigated by the Department of Homeland Security’s Inspector General. [report])

Similarly, ICE wants to destroy all its documents about sexual assaults of detained immigrants in custody. The time frame is 20 years after a case is “closed.” (Again, ICE almost always investigates itself in these cases. The Department of Homeland Security’s Inspector General investigates around 1% of complaints/reports. [article]) NARA argues that this information is “sensitive,” implying that documents containing the identities of victims and the accused should not be kept indefinitely. ICE itself did not offer this (or any) justification.

Thankfully The Memory Hole followed up and asked for status on ICE’s request, to which NARA replied:

No final action has been taken on this schedule. NARA appraisal staff have reviewed the comments received, and held several meetings with ICE records management and program staff regarding the records being scheduled.

Proposed changes to the schedule are being reviewed internally by NARA stakeholders for internal concurrence, after which NARA will inform ICE of the required changes. NARA will then publish a follow-up Federal Register notice responding to the public comments we received. This notice will be open for public comment for 15 days from the date of publication.

But it is not yet impossible that records related to the current human-made disaster affecting thousands of children may be destroyed prematurely, depriving them of justice.

There’s simply no way that ICE should be allowed to change its records retention given the scale of the separated families disaster. And yet I have a horrible, angry feeling the Trump administration will do whatever it can to hide its role in this genocidal activity along the U.S. southwest border.

EDIT — 5:45 P.M. EDT —

I meant to add one more thing to this post. It’s imperative I add this now that the White House has tried to change the subject by using FLOTUS as a human shield with a target literally painted on her back. Do not be derailed by their bullshit. Keep asking:

Where are the girls?

Where are the babies?

Where are ALL the bodies???

Share this entry