Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

/5 Comments/in , , /by

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Read more

The Masked US Marshals Who Nabbed Chapo Guzmán

/24 Comments/in , /by

In the middle of a story about a masked US Marshal who was injured in an operation against the cartels in Mexico in July, Devlin Barrett reveals what was obvious, but never confirmed, at the time. US Marshals (and other US personnel) were involved in the operation that nabbed Chapo Guzmán.

The Marshals Service operations in Mexico are carried out by a small group sent for short, specific missions. The goal is to help Mexico find and capture high-value cartel targets.

One operation yielded a great success: The capture of cartel boss Joaquin Guzman Loera, known as “ El Chapo, ” earlier this year. It is unclear whether U.S. Marshals personnel were disguised as Mexican military men on the day he was caught.

Sometimes the Marshals Service targets a person Mexico would like to apprehend but who isn’t wanted by U.S. authorities, the people familiar with the work said.

Marshals personnel on the ground dress in local military garb to avoid standing out and are given weapons to defend themselves.

The reason I was pretty certain at the time Americans were involved was because all of the “Mexican Marines” involved in the operation — at least the ones that showed up in pictures — were fully masked, so fully that they likely hid light hair as often as faces that might get people targeted by the cartels.

Barrett also makes clear that the toys the Marshals are using in the US under Pen Register authority are also being deployed when they work under cover in Mexico.

The Marshals Service works closely with the Mexican Marines because the U.S. agency has expertise at finding fugitives, in part through technology that detects cellphone signals and other digital signatures. That includes airplane flights operated by the agency carrying sophisticated devices that mimic cellphone towers, as reported last week by The Wall Street Journal. That technology works better with a ground presence.

[snip]

The people familiar with the matter described the Marshals Service as a police agency affected by mission creep. More than five years ago, the Service flew small planes along the border to detect cell signals and locate suspects inside Mexico. About four years ago the flights crossed deep into Mexican airspace, the people said.

They added that, more recently, some flights have been conducted in Guatemala.

I would bet that the tech deployed against Chapo was even niftier than what the Marshals use here. That would allow them to test nifty new technologies against the most hardened targets, and do so without any legal niceties required, before they start conniving judges to authorize the same technologies against easier targets here. So if we look closely at the Chapo operation, we might learned what exotic new technologies are only beginning to be used here in the US.

CIA to Stein: “Sorting Syrian Fighters is Hard!”

/4 Comments/in , /by

Jeff Stein has a fascinating read over at Newsweek. From the url, I’m guessing that Stein titled his piece “Moderate Rebels Please Raise Your Hands”, but his editors eventually went with “Inside the CIA’s Syrian Rebels Vetting Machine“. As Stein notes in his opening, the impossibility of finding “moderate” rebels in Syria who are willing to take up arms against the regime of Bashar al-Assad but who won’t eventually get into committing atrocities or push a radical Islamist view has led to much derision of the US plan. Stein notes efforts by Andy Borowitz and Jon Stewart in that arena, although I have played along too (here and here).

But Stein actually took the time to talk to people who have been involved in the effort. What he found is not encouraging at all:

Behind the jokes, however, is the deadly serious responsibility of the CIA and Defense Department to vet Syrians before they receive covert American training, aid and arms. But according to U.S. counterterrorism veterans, a system that worked pretty well during four decades of the Cold War has been no match for the linguistic, cultural, tribal and political complexities of the Middle East, especially now in Syria. “We’re completely out of our league,” one former CIA vetting expert declared on condition of anonymity, reflecting the consensus of intelligence professionals with firsthand knowledge of the Syrian situation. “To be really honest, very few people know how to vet well. It’s a very specialized skill. It’s extremely difficult to do well” in the best of circumstances, the former operative said. And in Syria it has proved impossible.

Daunted by the task of fielding a 5,000-strong force virtually overnight, the Defense Department and CIA field operatives, known as case officers, have largely fallen back on the system used in Afghanistan, first during the covert campaign to rout the Soviet Red Army in the 1980s and then again after the 2001 U.S. invasion to expel Al-Qaeda: Pick a tribal leader who in turn recruits a fighting force. But these warlords have had their own agendas, including drug-running, and shifting alliances, sometimes collaborating with terrorist enemies of the United States, sometimes not.

“Vetting is a word we throw a lot around a lot, but actually very few people know what it really means,” said the former CIA operative, who had several postings in the Middle East for a decade after the 9/11 attacks. “It’s not like you’ve got a booth set up at a camp somewhere. What normally happens is that a case officer will identify a source who is a leader in one of the Free Syrian Army groups. And he’ll say, ‘Hey…can you come up with 200 [guys] you can trust?’ And of course they say yes—they always say yes. So Ahmed brings you a list and the details you need to do the traces,” the CIA’s word for background checks. “So you’re taking that guy’s word on the people he’s recruited. So we rely on a source whom we’ve done traces on to do the recruiting. Does that make sense?”

There is, of course, a huge problem with this approach:

A particularly vivid example was provided recently by Peter Theo Curtis, an American held hostage in Syria for two years. A U.S.-backed Free Syrian Army (FSA) unit that briefly held him hostage casually revealed how it collaborated with Al-Qaeda’s al-Nusra Front, even after being “vetted” and trained by the CIA in Jordan, he wrote in The New York Times Magazine.

“About this business of fighting Jabhat al-Nusra?” Curtis said he asked his FSA captors.

“Oh, that,” one said. “We lied to the Americans about that.”

But it is even worse. Consider this bit about the details of how the “trace” is carried out:

American embassies around the world are open to just about anybody who wants to sign up for the FSA. “They fill out a form. You get their four-part name, their date of birth, and then their tribe and where they’re from and all that,” the former operative explained. “Their work history, if there is any. Then you take that and run your traces through all your databases—your HUMINT and SIGINT [agency acronyms for information from human spies and National Security Agency intercepts, called signals intelligence]. And then you take certain aspects of that information, and you sanitize it, and you send it by cable to your station in whatever country, and you ask for their traces on this individual, to see if anything comes up.

“The problem with that process,” the former operative continued, “is when you have a person sitting at a computer who doesn’t know how to standardize Arabic names.… They may translate it correctly, but the person typing it in may or may not know how to look for it with all the name variances that might already be in the system.”

That one is just jaw-dropping. I have a hot tip for those folks tasked with tracing. A super-secret piece of software known as Google seems perfectly able to handle searches of names of groups or people. Whenever I Google new names, I often get back hits on variant transliterations without having to feed them into the search separately.

At any rate, though, when I first saw this article flit by last night, I jokingly suggested on Twitter that the CIA needs the Hogwarts sorting hat:

One important point that the CIA is missing, though, is that it seems to me that anyone who is stepping forward to want weapons and other support for the Syrian war has already self-selected to a large extent. And they are much more likely to be Slytherin than Gryffindor.

DOJ’s Claims about the Adequacy of Shitty WiFi Rendered Inoperative

/9 Comments/in , /by

Over at Vice, I have a piece reviewed DOJ’s explanation for why they turned off some alleged Asian mobsters DSL so they could then go in as fake DSL repairmen and collected evidence.

The whole thing has a Keystone cops character, especially since the DSL contractor they had roped into working with them screwed up turning off the DSLs, which is why they now claim he was on a “private frolic” when he collected information on his own (that is a technical legal term meaning “freelancing,” but one doing far more than the evidence allows, in my opinion).

My favorite part, though, is how DOJ claims that turning off someone’s DSL would not create any kind of urgency which would eliminate the notion of consent, because after all they could have used the shitty hotel WiFi.

Perhaps the most disturbing claim, though, is that we all have to be satisfied with crummy hotel Wi-Fi. To dismiss the argument that by turning off the villas’ DSL, FBI had created an urgent need that obviated any kind of consent when the villa residents let in the FBI agents pretending to be DSL repairmen, the government claims that there is no legitimate need to seek better internet access than hotel Wi-Fi or personal cell phone tethers: “Defendants do not identify a single legitimate service or application that could not be adequately supported through the hotel’s WI-FI system, their personal hotspots, or personal cellphones, nor could they.”

The FBI is now claiming, the experience of travelers the world over notwithstanding, that nothing legal could require better Internet access than a hotel’s slow Wi-Fi connection. (Perhaps the Wi-Fi in high-roller villas is better than it is for average travelers, but DOJ’s brief doesn’t make that case by describing the internet speeds Caesars Palace makes available to privileged guests.) Moreover, the government admits that—as many travelers reliant on hotel Wi-Fi can attest—the Wi-Fi just wasn’t all that fast. “The DSL service was faster,” the brief reads.

I mean, I’m not a Malaysian gangster or anything, but I often find myself trying to do things in hotel rooms where neither the WiFi nor my cell phone’s tether provides remotely adequate speed. You know — simple things like posting on a blog. Apparently that’s illegitimate now.

And yes, I have called hotel technicians to help me get the hotel WiFi working and let them right into my room.

Even as I was working on that piece, Kaspersky Lab came out with a warning that hackers (possibly working out of South Korea) have been targeting businessmen through hotel WiFis for 7 years.

Business executives visiting luxury hotels in Asia have been infected with malware delivered over public Wi-Fi networks, Russian security firm Kaspersky Lab has discovered.

The so-called ‘Darkhotel’ hackers managed to tweak their code to ensure that only machines belonging to specific targets were infected, not all visitors’ PCs, and may have included state-sponsored hacking.

They also seemed to have advance knowledge of their victims’ whereabouts and which hotels they would be visiting, Kaspersky said.

CEOs, senior vice presidents, sales and marketing directors and top research and development staff were amongst those on the attackers’ hit list, though no specific names have been revealed.

As soon as they logged onto the hotel Wi-Fi, targets would be greeted with a pop-up asking them to download updates to popular software, such as GoogleToolbar, Adobe Flash and Windows Messenger. But giving permission to the download would only lead to infection and subsequent theft of data from their devices.

You think alleged Asian organized crime members might know that hotel wifi is totally insecure (even setting aside China’s habit of stealing it this way)? You think they may have heard of their peers getting hacked in luxury hotels?

Maybe that’s why they ordered up so many DSL lines.

In any case, DOJ’s argument that there’s no legitimate need for wired Internet access just went out the window.

What Drove Timing of NYTimes Publishing Risen-Apuzzo Disclosure of McHale Jundallah Contacts?

/10 Comments/in , /by

Saturday night, the New York Times published a blockbuster article by James Risen and Matt Apuzzo that was then carried on the front page of Sunday’s print edition. The article described the jaw-dropping revelation that somehow, a lowly Port Authority detective wound up as the primary contact for Jundallah, a Sunni extremist group on the Iran-Pakistan border that attacks Iran (and sometimes Pakistan) with an aim to unify the region that is home to the Baloch people. Further, it appears that through Thomas McHale’s contacts (and McHale’s membership in a Joint Terrorism Task Force), information on Jundallah attacks filtered into the CIA and FBI prior to their being carried out in Iran.

Iran has long accused the US and Israel of having associations with Jundallah, even going so far as to state that the CIA and/or Mossad equip them and help them to plan their attacks. With negotiations between the P5+1 group of countries and Iran now in the home stretch toward a November 24 deadline, Saturday’s disclosure could hardly have come at a worse time. In fact, John Kerry was in Oman, meeting with Iranian Foreign Minister Mohammad Zarif and Catherine Ashton from the EU over the weekend. Despite this disclosure coming out, Sunday’s negotiating session turned into two sessions and a further session was even added on Monday. Upbeat news is still flowing from that meeting, so on first blush the disclosure Saturday didn’t completely disrupt the talks.

My first thought on seeing the article was that it fit perfectly with the previous front page effort by the Times at disrupting the talks. David Sanger “mistakenly” claimed that a new wrinkle in the negotiations would allow Russia to take over enrichment for Iran. This would almost certainly give hardliners the room they need to kill the deal, since maintaining enrichment capacity is a redline issue for Iran.

The reality is that what is under discussion is that Iran would continue its enrichment activities, but ship low enriched uranium to Russia where it would be converted into fuel rods. Evidence that this pathway is making progress can be seen in this morning’s announcement that Iran and Russia have signed an agreement for Russia to build two more nuclear power plants in Iran. It seems that a new wrinkle on the arrangement might allow Russia to prepare the fuel rods inside Iran:

Russia, which is involved in those talks, will also cooperate with Teheran on developing more nuclear power units in Iran, and consider producing nuclear fuel components there, according to a memorandum signed by the heads of the state atomic bodies, Sergey Kirienko of Russia’s Rosatom and Ali Akbar Salehi of Iran’s Atomic Energy Organization (AEOI).

Just as hinting falsely that Iran was negotiating away its enrichment technology was a move by the Times that could have disastrous effects on the ongoing negotiations, I felt that providing this strange story on McHale would give ammunition to those in Iran who see the CIA behind Jundallah. However,there is another possibility. In a Twitter discussion with Arif Rafiq on the disclosure, Rafiq suggested that “the US is coming clean about something that has concerned Iranians for years. Could be a plus”. He later allowed that hardliners could see it as a smoking gun. A further interesting speculation from Laura Rozen on Twitter suggested that perhaps the US played both sides of Jundallah:

So let’s consider these nicer possibilities for a moment. Maybe we did give Rigi to the Iranians. Maybe we are admitting Jundallah contacts now as a way of making sure it ends. But if that is the case, Risen and Apuzzo are a very strange source for how this news came out. An admission of this sort is what I would expect to be routed through David Ignatius, Eli Lake or Josh Rogin. Risen would be especially difficult to see as cooperating with specific timing on a disclosure. Recall that the Times spiked his disclosure of Bush’s illegal wiretaps until after the 2004 elections and then only published when the book was about to drop. To believe that Risen is now somehow cooperating with the government is a huge stretch, but he does still appear to be at risk of being subpoenaed in the ongoing DOJ actions in response to the wiretapping disclosure.

Many issues surrounding US support for Jundallah (and MEK) are still quite unresolved in my view. Recall that we had the whole “false flag” controversy back in January of 2012, where it was “disclosed” that Mossad ran Jundallah while posing as CIA. Not too long after that, Sy Hersh disclosed that the US has trained operatives for the MEK (no mention of Jundallah at all in the article) for covert actions against Iran. What particularly raised my hackles in that report was that the training was held at the same site in Nevada where I suspect that the materials used in the 2001 anthrax attacks was produced.

Over at Moon of Alabama, b seems to feel that the US was indeed behind the running of Jundallah. For that to be the case, we are pretty much forced to believe that Risen and Apuzzo have been either duped or coerced. I find so much of what has come out to be conflicting that I doubt we’ll ever completely sort this out. I have no doubts that JSOC and CIA stand ready to see Iran’s enemies prosper, especially as we saw in the MEK training in Nevada. When it comes to involvement in actual operations, I just don’t know. But the possibility that we helped at some times and then handed over Rigi possibly to make up for it sounds so like what our rudderless intelligence services would do that I’m leaning that direction.

One Potential Civil Liberties Bright Spot from Yesterday’s Shellacking: Thad Cochran

/5 Comments/in /by

There has been a lot of belated attention to the impact that Mark Udall’s loss yesterday will have on the Senate Intelligence Committee. I’ve been pointing to the possibility of a Udall loss and a Richard Burr Chairmanship since March. I warned you all of this when there was still time to do something about it!

Yesterday’s election will have huge impact on intelligence matters. It’s crystal clear, for example, that Burr has zero intention of exercising any oversight into the intelligence community, as we know he has been uninterested in their law-breaking in the past. I actually think Burr may be more interested in their competence than Feinstein has been, but that may be just a pipe-dream.

Burr might even be the very very rare Gang of Four member who doesn’t use the position to leak what the intelligence community wants to make public to the press. I say that because Burr was a key player in requiring the White House to provide the committees a list of sanctioned leaks, which I actually think was a badly needed reform (though I have no idea whether the White House has complied).

There’s also the matter of the 3 or 4 new Republicans that will gain seats on the Intelligence Committee (adding at least one for the majority, along with replacing Saxby Chambliss and Tom Coburn, both of whom retired). It’d be nice to see a libertarian among these — perhaps someone like Mike Lee, given that Utah has a lot of intelligence equities. But I highly doubt Mitch McConnell would put anyone with an interest in civil liberties on the Committee.

But there is one area where yesterday’s shellacking might harbor good news for civil liberties: Thad Cochran.

With Republicans in the majority, Barb Mikulski (D-NSA) will lose her Chairmanship of the Appropriations Committee; Cochran is expected to get that Chair. Mikulski has always been — even more than Dianne Feinstein — the impediment to any real civil liberties change in the Senate, because she is far more powerful. Importantly, she served as a guarantee that smart policies put through on appropriations bills — like Alan Grayson’s elimination of a requirement that NIST consult with the NSA on encryption standards, and the Massie-Lofgren amendment to defund back door searches — would not make it into any final bill.

Losing the majority, even losing Mikulski on Appropriations on all other matters, is a huge loss, don’t get me wrong.

But it does mean that Thad Cochran might, just maybe, allow good things to move through the Senate on appropriations. With Barb Mikulski there was no chance in hell of doing something on an appropriations bill. Without her, there’s at least a possibility. (Remember that Ted Stevens permitted a Ron Wyden amendment defunding TIA to go through appropriations in 2003, so such things are not unheard of.)

There’s no reason to believe that Cochran, in general, is any friendlier to civil liberties than Mikulski. But he’s not the NSA’s own personal senator. And that may be a tiny bright spot.

The Flake Effect

/6 Comments/in /by

As you no doubt know, Democrats got shellacked yesterday. Not only did they lose the Senate in spectacular fashion, but Jim and I are stuck with our shitty Republican governors. Locally, the GOP succeeded in term-limiting our Mayor who wins with 80% of the vote.

Steve Vladeck has a post considering how this will affect national security politics. I agree with his ultimate conclusion:

Thus, the real question that I think yesterday’s results raise for national security policy in the 114th Congress is not what this “genuine debate about how best to preserve constitutional values while protecting the Nation from terrorism” will look like, but rather whether the absence of such a debate (which seems increasingly likely) will indeed provoke courts to play the more aggressive role to which Justice Kennedy alluded.

But along the way, Vladeck makes a grave category error by suggesting that Ted Cruz is a libertarian.

Although the realignment thesis requires decent support from the wings of both parties, the consequences of yesterday’s results are to put the focus squarely on how libertarian Republicans approach national security policy–since theirs is the party in power in both chambers. With that in mind, consider Senator Ted Cruz’s fairly remarkable unwillingness to openly endorse Senator Mitch McConnell as majority leader. Whatever that portends with respect to the leadership race, it suggests at the very least that, on some issues, the more libertarian wing of the Republican party may not exactly fall into lockstep with the party’s more moderate elements. And while that was an intriguing enough phenomenon when Republicans only controlled the House, how that plays out when Republicans control both sides of the Capitol will be very interesting to watch.

Ted Cruz is a dangerous narcissistic authoritarian piggybacking on Tea Party popularity and amorphousness to advance his own career. He is not a libertarian.

There are, to be sure, some libertarian senators. Along with Mike Lee and Dean Heller, who get little notice, Rand Paul has learned how better to use Senate procedure to advance libertarian aims. (One piece of evidence that Cruz is not a libertarian is that both he and Paul appear to be running for President, making it clear they don’t have the same agenda.)

That said, one of the most interesting aspects of this election is that Paul did some real campaigning for authoritarian hack Pat Roberts, lending him his Tea Party cred.

Ted Cruz, however, was not out campaigning. Update: According to this, Cruz also campaigned for Roberts.

But the question of how having Cory Gardner and Joni Ernst in the Senate has little to do with their politics, in my opinion.

They have a lot more to do with the difference between Mitch McConnell and John Boehner.

John Boehner is an ineffective leader whose attempt to discipline his party ended up creating leaders who had little to lose.

Mitch McConnell is not an ineffective leader. He has long been able to demand discipline.

Perhaps the best indicator of that is what happened when Jeff Flake, who was superb on civil liberties in the House, moved to the Senate. He’s terrible on those issues now. Pretty much runs and hides in a corner, whimpering, when such issues come up. I’m not sure how Mitch did it, but he managed to neutralize someone who challenged GOP authoritarianism. Completely. I expect the same of Cory Gardner (though will be happy to be proven wrong).

In any case, I would be shocked if Mitch made the error of putting someone like Gardner (or Paul) in one of the at least 3 new Republican slots that will open up on the Intelligence Committee.

The story of the next two years will be about what Mitch — and his heavy discipline — wants to accomplish in the Senate, not about what a few libertarians or pseudo-libertarians want.

JPMorgan’s Form 8-K to Investors: We’ve Been Hack-Mapped!

/18 Comments/in , /by

EW-blog_JPM-5DayChart_03OCT2014JPMorgan’s Form 8-K filed on Thursday with the Securities and Exchange Commission advises:

On October 2, 2014, JPMorgan Chase & Co. (“JPMorgan Chase” or the “Firm”) updated information for its customers, on its Chase.com and JPMorganOnline websites and on the Chase and J.P. Morgan mobile applications, about the previously disclosed cyberattack against the Firm. The Firm disclosed that:

• User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.

• The compromised data impacts approximately 76 million households and 7 million small businesses.

• However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.

• As of such date, the Firm continues not to have seen any unusual customer fraud related to this incident.

• JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the Firm to.

The Firm continues to vigilantly monitor the situation and is continuing to investigate the matter. In addition, the Firm is fully cooperating with government agencies in connection with their investigations.

According to ZDNet, a forensic security firm suggests the bank’s users’ accounts are now at greater risk of compromise and that password changes and two-factor authentication should be implemented to address the risk.

However, the 8-K’s wording indicates a different security risk altogether as the users’ passwords and Social Security numbers are not compromised.

The disclosure of information compromised combined with earlier reporting about the breach more closely matches a description of that collected by National Security Agency’s TREASURE MAP intelligence collection program. TREASURE MAP gathered information about networks including nodes, but not data created by users at the end nodes of the network. The application delineated the path to the ends. and physical ends, not merely virtual ends of the network. Read more

Law Enforcement’s Apple Security Hysteria: About Border Searches?

/5 Comments/in , /by

Border Zone MapAs I noted the other day, Apple just rolled out — and Google plans to match with its next Android release — passcode protected encryption for its cell phone handsets.

Last night WSJ had a story quoting some fairly hysterical law enforcement types complaining mightily not just that Apple is offering its customers security, but that it is a marketing feature.

Last week’s announcements surprised senior federal law-enforcement officials, some of whom described it as the most alarming consequence to date of the frayed relationship between the federal government and the tech industry since the Snowden revelations prompted companies to address customers’ concerns that the firms were letting—or helping—the government snoop on their private information.

Senior U.S. law-enforcement officials are still weighing how forcefully to respond, according to several people involved in the discussions, and debating how directly they want to challenge Apple and Google.

One Justice Department official said that if the new systems work as advertised, they will make it harder, if not impossible, to solve some cases. Another said the companies have promised customers “the equivalent of a house that can’t be searched, or a car trunk that could never be opened.”

Andrew Weissmann, a former Federal Bureau of Investigation general counsel, called Apple’s announcement outrageous, because even a judge’s decision that there is probable cause to suspect a crime has been committed won’t get Apple to help retrieve potential evidence. Apple is “announcing to criminals, ‘use this,’ ” he said. “You could have people who are defrauded, threatened, or even at the extreme, terrorists using it.”

I think the outrage about the stated case — that law enforcement will not longer be able to have Apple unlock a phone with a warrant — is overblown. As Micah Lee points out, the same data will likely be available on Apple’s Cloud.

But despite these nods to privacy-conscious consumers, Apple still strongly encourages all its users to sign up for and use iCloud, the internet syncing and storage service where Apple has the capability to unlock key data like backups, documents, contacts, and calendar information in response to a government demand. iCloud is also used to sync photos, as a slew of celebrities learned in recent weeks when hackers reaped nude photos from the Apple service. (Celebrity iCloud accounts were compromised when hackers answered security questions correctly or tricked victims into giving up their credentials via “phishing” links, Cook has said.)

And the stuff that won’t be on Apple’s Cloud will largely be available from a user’s phone provider — AT&T and Verizon will have call records and texts, for example. So one effect of this will be to put warrant decisions into a review process more likely to be scrutinized (though not in the case of AT&T, which has consistently proven all to happy to share data with the Feds).

Which is why I think the hysteria is either overblown or is about something else.

It may be that this prevents NSA from getting into handsets via some means we don’t understand. Matthew Green lays out how this change will bring real security improvement to your phone from all matter of hackers.

But the most immediate impact of this, I suspect, will be seen at borders — or rather, the government’s expansive 100 mile “border zone,” which incorporates roughly two-thirds of the country’s population. At “borders” law enforcement works under a warrant exception that permits them to search devices — including cell phones — without a warrant, or even any articulable suspicion.

And while it is the case that really aggressive security wonks can and do encrypt their phones now, it is not the default. Which means most people who cross an international border — or get stopped by some authority in that border zone — have their phone contents readily available to those authorities to search. Authorities routinely use their expanded border authority to obtain precisely the kinds of things at issue here, without any suspicion. The terrorist watchlist guidelines (see page 68), for example, note that border encounters may provide evidence from “electronic media/devices observed or copied,” including cell phones.

In 2011, DHS whipped out similarly hysterical language about what horribles actually requiring suspicion before searching a device might bring about.

[A]dding a heightened [suspicion-based] threshold requirement could be operationally harmful without concomitant civil rights/civil liberties benefit. First, commonplace decisions to search electronic devices might be opened to litigation challenging the reasons for the search. In addition to interfering with a carefully constructed border security system, the litigation could directly undermine national security by requiring the government to produce sensitive investigative and national security information to justify some of the most critical searches. Even a policy change entirely unenforceable by courts might be problematic; we have been presented with some noteworthy CBP and ICE success stories based on hard-to-articulate intuitions or hunches based on officer experience and judgment. Under a reasonable suspicion requirement, officers might hesitate to search an individual’s device without the presence of articulable factors capable of being formally defended, despite having an intuition or hunch based on experience that justified a search.

That is, DHS thinks it should be able to continue to search your phone at the border, because if it had to provide a rationale — say, to get a warrant — it might have to disclose the dodgy watchlisting policies that it uses to pick whose devices to search without any cause.

In other words, I’m arguing that the most immediate impact of this will be to lessen the availability of data increasingly obtained without a warrant, and given that the alternate means — administrative orders and warrants — require actual legal process, may mean these things will not be available at all.

If I’m right, though, that’s not a technical impediment. It’s a legal one, one which probably should be in place.

Update: Argh! This is even worse fear-mongering. A former FBI guy says he used intercepted communications to find kidnappers.

Once we identified potential conspirators, we quickly requested and secured the legal authority to intercept phone calls and text messages on multiple devices.

Then claims losing an entirely unrelated ability to search — for data stored on, and only on, handsets — would have prevented them from finding that kidnap victim.

Last week, Apple and Android announced that their new operating systemswill be encrypted by default. That means the companies won’t be able to unlock phones and iPads to reveal the photos, e-mails and recordings stored within.

It also means law enforcement officials won’t be able to look at the range of data stored on the device, even with a court-approved warrant. Had this technology been used by the conspirators in our case, our victim would be dead.

Instead of proving this guy would be dead, the story instead proves that this is not the most pressing information.

Obama Starts Syrian Bombing using Cover of Khorasan Claims

/11 Comments/in /by

Last night, President Obama said the word “imminent” and started bombing Syria.

It appears the legal logic behind the attack (besides the fact that Congress hurriedly approved funding for war through December so it could get back to the campaign trail) is that in addition to striking ISIS in Syria (an attack we don’t have any reasonable  legal justification for) we are also attacking a group that James “Too Cute by Half” Clapper just rolled out, “Khorasan,” which unlike ISIS has not been kicked out of Al Qaeda and therefore might be targetable under the 2001 AUMF.

In spite of the fact that DOD allegedly had these Khorasan plans already in place, sources apparently felt like it’d be a good idea to alert them by telling Ken Dilanian they were the hot new thing just 10 days ago.

While the Islamic State group is getting the most attention now, another band of extremists in Syria — a mix of hardened jihadis from Afghanistan, Yemen, Syria and Europe — poses a more direct and imminent threat to the United States, working with Yemeni bomb-makers to target U.S. aviation, American officials say.

At the center is a cell known as the Khorasan group, a cadre of veteran al-Qaida fighters from Afghanistan and Pakistan who traveled to Syria to link up with the al-Qaida affiliate there, the Nusra Front.

Today’s continuation of that narrative appears in CNN (and ABC, which I won’t link to because of their infernal auto-play ads), which doesn’t ask how the US hoped to surprise Khorasan if they had just rolled them out as the big new boogeymen.

Among the targets of U.S. strikes across Syria early Tuesday was a collection of buildings to the west of Aleppo, some distance from ISIS strongholds.

While the United States worked with Arab partners to attack ISIS targets, the U.S. military alone took aim at the Khorasan Group, an organization formed by senior al Qaeda members based in Pakistan who traveled to Syria, CNN national security analyst Peter Bergenhas reported.

“Khorasan” is an ancient term for an Islamic empire.

The sites the United States struck overnight included “training camps, an explosives and munitions production facility, a communication building and command and control facilities,” the military said in a statement.

The group was actively plotting against a U.S. homeland target and Western targets, a senior U.S. official told CNN on Tuesday. The United States hoped to surprise the group by mixing strikes against it with strikes against ISIS targets.

The official said the group posed an “imminent” threat. But another U.S. official later said the threat was not imminent in the sense that there were no known targets or attacks expected in the next few weeks.

The plots were believed to be in an advanced stage, the second U.S. official said. There were indications that the militants had obtained materials and were working on new improvised explosive devices that would be hard to detect, including common hand-held electronic devices and airplane carry-on items such as toiletries.

The threat of Ibrahim al-Asiri –who with one bomb that could not have worked and several more claimed attacks identified by double agents in Saudi employ not only created the excuse for millions of dollars in TSA scanner profits, but also the ability to label Yemen an “imminent” threat and therefore bomb it — has moved to Syria.

Label the country an “imminent” threat. Then bomb.

In Obama’s statement, he emphasized the Khorasan tie.

Some questions smart people have been asking:

Micah Zenko: If Khorasan group was truly an imminent threat, why would the US delay bombing them just so they could bomb ISIS simultaneously?

Gregory Johnsen: Are people asking why a group calling itself “khurasan” is basing itself in Syria? Or is this just a USG name for a cell?

Spencer Ackerman: Why did a senior official say, just yesterday, that Khorasan was not an imminent threat.

Also:  Why was Asiri claimed to be helping ISIS back in July?

The sources on which this latest justification relies seem to be people — James Clapper and Mike Rogers are two — who have a somewhat strained relationship with the truth and a very cozy relationship with disinformation. Moreover, Congress still hasn’t been briefed on the covert ops (which both Clapper and Rogers do know about) that the CIA has been working, with their Saudi partner, in Syria.

But we’ve got some claim to “imminent” now, so it’s all good.