Trump Should Get No FBI Director Pick

/37 Comments/in , /by

Yesterday, Mike Lee trolled Democrats by suggesting that Merrick Garland, who has a lifetime seat on the DC Circuit, should vacate that and lead the FBI. In a piece explaining how utterly moronic the many Democrats who took his bait are, Dave Weigel explains this is “Why Liberals Lose” — not just because they never press for advantage effectively, but because they so often fall prey when Republicans do.

We live in a golden age of political stupidity, but I’m not being hyperbolic when I say this: The idea of pulling Judge Merrick Garland off the D.C. Circuit federal appeals court and into the FBI is one of the silliest ideas I’ve seen anyone in Washington fall for. It’s like Wile E. Coyote putting down a nest made of dynamite and writing “NOT A TRAP” on a whiteboard next to it. It’s also an incredibly telling chapter in the book that’s been written since the Republican National Convention — the story of how Republicans who are uncomfortable with the Trump presidency gritting their teeth as they use it to lock in control of the courts.

You should definitely read all of Weigel’s piece, which is spot on.

But there are other aspects that the success of Lee’s ploy explain about Why Liberals Lose. First and foremost, it shows how mindlessly Democrats adopt the playing field that Republicans deal them.

I mean, even as Democrats have been pushing for months to use the Russian scandal to impeach Trump, and even at the moment where that actually seems feasible (down the road), most Democrats simply accepted the necessity of replacing Jim Comey and have shifted instead to fighting the worst names being floated, people like Trey Gowdy (an initial trial balloon) and Alice Fisher and Michael Garcia, who’re reportedly being formally considered.

Why are Democrats even accepting that Trump should get to replace Comey?

According to CNBC’s count from mid-April, Trump had filled just 24 of the 554 Senate confirmed positions in government.

Sure, Trump has filled a handful more in the interim month, but Trump is otherwise not in a rush to staff the government. Yet he has immediately turned to replacing Comey.

There is nothing more illegitimate than for Trump to be able to give someone a ten year term as FBI Director because he fired Jim Comey.

Trump is no longer hiding the fact that he fired Comey to try to undercut the Russian investigation. And the timeline is clear: the dinner to which Trump called Comey to twice demand his loyalty took place on January 27.

As they ate, the president and Mr. Comey made small talk about the election and the crowd sizes at Mr. Trump’s rallies. The president then turned the conversation to whether Mr. Comey would pledge his loyalty to him.

Mr. Comey declined to make that pledge. Instead, Mr. Comey has recounted to others, he told Mr. Trump that he would always be honest with him, but that he was not “reliable” in the conventional political sense.

[snip]

By Mr. Comey’s account, his answer to Mr. Trump’s initial question apparently did not satisfy the president, the associates said. Later in the dinner, Mr. Trump again said to Mr. Comey that he needed his loyalty.

Mr. Comey again replied that he would give him “honesty” and did not pledge his loyalty, according to the account of the conversation.

That means it took place the same day of Sally Yates’ second conversation with Don McGahn about FBI’s investigation into Mike Flynn (and by association, I always point out, Jared Kushner).

It was always a pipe dream for Democrats to think they could stave off Neil Gorsuch’s confirmation, in part because you really do need a full panel at SCOTUS.

But for the moment, the FBI will continue to run the same way the rest of government is running: with the acting officials who’re filling in until Trump gets around to filling the spot. Moreover, Andrew McCabe, the Acting FBI Director, is a Comey loyalist who will ensure his initiatives will continue for whatever portion of Comey’s remaining 6 years he gets to serve.

This is important not just for the Russian investigation — it’s important to the future of our democracy. Alice Fisher, for example, would be an even more insanely pro-corporate FBI Director than Comey (former Board Member of HSBC, remember) or Mueller.

Democrats should be out there, loudly and in unison, decrying how inappropriate it would be for Trump to get to replace Comey when everyone watching knows the firing was one of the most corrupt things a President has done in a century.

Instead, they’re falling prey to Mike Lee’s obvious ploys.

The Last USA: Dana Boente Is the Best Short Term Solution

/22 Comments/in , , /by

In the wake of the Comey firing, particularly given the way Deputy Attorney General Rod Rosenstein let himself serve as a pawn, many people have renewed their call for “a special prosecutor.” In the short term, however, I believe Dana Boente — that is, the status quo — is a better solution.

As a reminder, Dana Boente is the US Attorney of Eastern District of VA. With Rosenstein’s confirmation as DAG, Boente is the last remaining confirmed US Attorney in the United States. Boente’s office is overseeing at least two parts of the Russian investigation: the generalized investigation into Wikileaks, and the investigation into Trump’s campaign. The latter investigation recently issued subpoenas to Mike Flynn associates. There are reportedly parts of the investigation in three other places: some work being done in Main Justice, as well a a team investigating Guccifer 2.0/Shadow Brokers in San Francisco, and a team investigating the Russian hackers in Pittsburgh.

But the bulk of what people think of as “the Russian investigation” — the investigation into Trump’s cronies — is happening in EDVA, overseen by The Last USA.

In addition to reporting up to Rosenstein as DAG and Rosenstein as Acting AG for the Russian investigation, Boente just took over as Acting Assistant Attorney General for National Security Division — the office that reviews things like FISA orders. That means Boente — for better and worse — has more authority, on several levels, than a “Special Counsel” would have.

First, note I use the term “Special Counsel,” not “Special Prosecutor.” Ken Starr was a Special Prosecutor, but in the wake of his fiasco and given persistent questions about the constitutionality of having someone who was totally independent from the structure of DOJ prosecuting people, Congress got rid of the provision supporting Special Prosecutors.

So if Rod Rosenstein wanted to appoint someone “independent” to oversee the Russian investigation, he’d have to use the Special Counsel provision.

While I think it is permissible to hire someone from outside of DOJ to do that job (so it is possible he could call up corporate lawyer Pat Fitzgerald for his third ride on the Special Counsel merry-go-round to, in dramatic fashion, save the investigation undercut by the firing of his good friend Jim Comey), in practice the recent Special Counsel appointments (the UndieBomb 2.0 leak investigation, the StuxNet leak investigation, the John Kiriakou prosecution, the Torture investigation, and the Plame investigation) have all been DOJ prosecutors, either US Attorneys (in all but one case) or an Assistant USA Attorney, in the case of John Durham’s whitewash of torture. Plus, while Fitz is still well-loved at DOJ and FBI as far as I know, if Rosenstein appointed him, I bet Trump would fire him within minutes because he’s sure as hell not going to be “loyal.” And because of Fitz’ past gunning hard for Cheney and Bush, many Republicans might not put up much of a stink there.

If Rosenstein were to adhere to the practice of naming existing DOJ prosecutors, though, it’d mean he’d be choosing between Boente, The Last USA, or an AUSA (perhaps one of the ones who recently reported to him in MD). In both cases, the Special Counsel would report to Rosenstein for AG approvals (as Pat Fitz reported to Jim Comey for the Plame case).

You can see quickly why Boente is the preferable option. First, there’s no reason to believe he isn’t pursuing the investigation (both investigations, into Wikileaks and Trump’s associates) with real vigor. He is a hard ass prosecutor and if that’s what you want that’s what you’d get. His grand jury pool is likely to be full of people with national security backgrounds or at least a predisposition to be hawks.

But — for better and worse — Boente actually has more power than a Special Counsel would have (and more power than Fitz had for the Plame investigation), because he is also in charge of NSD, doing things like approving FISA orders on suspected Russian agents. I think there are problems with that, particularly in the case of a possible Wikileaks prosecution. But if you want concentrated power, Boente is a better option than any AUSA. With the added benefit that he’s The Last USA, which commands some real respect.

Sure. If next week Trump calls Boente to dinner and demands his loyalty on threat of firing, this may change. But the same logic that people are using with a Special Counsel (that if Trump fired that person, maybe then Republicans in Congress would want something more independent) holds for Boente. Firing The Last USA ought to be as incendiary as firing an AUSA, assuming anything will be.

Macron’s False Documents

/4 Comments/in /by

In this post, I laid out claims based on Emmanuel Macron’s campaign manager’s claims about having included fakes in the email targeted by hackers. Yesterday, the NYT had a story that explains (and in some small ways, possibly conflicts with) the earlier report on this. In it, Macron’s head of tech Mounir Mahjoubi explained that the campaign had done far more than provide false metadata; they had created entire false accounts with false documents.

“We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t think we prevented them. We just slowed them down,” he said. “Even if it made them lose one minute, we’re happy,” he said.

Mr. Mahjoubi refused to reveal the nature of the false documents that were created, or to say whether, in the Friday document dump that was the result of the hacking campaign, there were false documents created by the Macron campaign.

But he did note that in the mishmash that constituted the Friday dump, there were some authentic documents, some phony documents of the hackers’ own manufacture, some stolen documents from various companies, and some false emails created by the campaign.

“During all their attacks we put in phony documents. And that forced them to waste time,” he said. “By the quantity of the documents we put in,” he added, “and documents that might interest them.”

Mahjoubi has said there were five authentic accounts hacked, which might help to put a scope on the fakes (though he has seemed to say different things about what got faked before, and he had claimed that the Russians had definitively not succeeded, which must now be regarded as affirmative — and understandable — disinformation).

Remarkably, creating a great deal of fake documents sounds like a lot of work, but the NYT also notes Mahjoubi’s department was only 18 people.

With only 18 people in the digital team, many of them occupied in producing campaign materials like videos, Mr. Mahjoubi hardly had the resources to track down the hackers. “We didn’t have time to try to catch them,” he said.

Which, particularly given earlier reports that France’s security services had contacted the Macron campaign, may suggest that DGSE (possibly with the help of NSA, which was providing intelligence in real time) put together the fake documents.

If true, that may suggest the most important part of any fake documents is one Mahjoubi didn’t mention. If I were loading up hackers with a bunch of fake documents, I’d include beacons, to provide a way to track both the hackers and the process by which the hackers distributed documents.

If Macron (or DGSE or some other intelligence agency) did this, I suspect we’ll find real answers to the topics covered in the rest of the story, which claim certain things were fakes due to Russian sloppiness, but given Mahjoubi’s justifiable unwillingness to say what was fake and not may yet prove. As I noted here, I have yet to see convincing evidence that Russian metadata in the documents was accidental, and given the Guccifer precedent, we should in no way assume it is.

In other words, if Macron is tracking these documents, we may find out a lot more shortly (though the French are also better at keeping secrets than American spooks have been of late).

As to the question of my underlying post — whether Macron had fooled Wikileaks, as distinct from a bunch of right wing propagandists who’ve never been remotely bound by facts — the verdict is still out. Given Wikileaks’ ostentatious show of vetting the documents, if Macron can prove fakes that Wikileaks has not itself proven, it will discredit Wikileaks’ ability to claim the ability to vet (and probably give Wikileaks pause in the future).

Still, particularly given the way Wikileaks succeeded in debunking fakes boosted by Democratically aligned sources in October by releasing real versions the day after the fakes, it’s worth noting that deliberate fakes have been released twice, and neither time have they had the full effect they might have had to discredit Wikileaks (in this case, in that Wikileaks never did “publish” as opposed to “link to” the documents). That in and of itself is worth notice. If Macron was more successful (and especially if we come to learn Macron seeded the fake documents with some kind of trackers) this operation may still serve as a deterrent in the future, which would be the best effect possible.

But Macron’s confirmation they faked content may also undercut claims of attribution to Russians.

James Clapper: Unmasking And/Or Jeff Sessions?

/8 Comments/in /by

I’m traveling so I’ll have to lay out my thoughts about the Comey firing later.

But for the moment I want to point to a detail in Monday’s hearing that deserves more attention now.

Early in the hearing, Chuck Grassley asked both Sally Yates and James Clapper if they have ever unmasked a Trump associate or member of Congress. Yates said no, but Clapper revealed he had unmasked someone, but couldn’t say more.

GRASSLEY: OK. I want to discuss unmasking.

Mr. Clapper and Ms. Yates, did either of you ever request the unmasking of Mr. Trump, his associates or any member of Congress?

CLAPPER: Yes, in one case I did that I can specifically recall, but I can’t discuss it any further than that.

GRASSLEY: You can’t, so if I ask you for details, you said you can’t discuss that, is that what you said?

CLAPPER: Not — not here.

Grassley returned to the issue for clarification later on. Clapper said he had asked to have the identity of both a member of Congress and a Trump associate unmasked. But then he said he had only asked on one occasion.

GRASSLEY: Mr. Clapper, you said yes when I asked you if you ever unmasked a Trump associate or a member of Congress. But I forgot to ask, which was it? Was it a Trump associate, a member of Congress, or both?

CLAPPER: Over my time as DNI, I think the answer was on rare occasion, both. And, again, Senator, just to make the point here, my focus was on the foreign target and at the foreign target’s behavior in relation to the U.S. person.

GRASSLEY: OK. How many instances were there, or was there just one?

CLAPPER: I can only recall one.

Finally, Lindsey Graham returned to the issue at the close of the hearing. Clapper confirmed he had made a request to unmask a Trump associate and a member of Congress.

You made a request for unmasking on a Trump associate and maybe a member of Congress? Is that right, Mr. Clapper?

CLAPPER: Yes.

Obviously, there’s plenty of room for confusion in these exchanges, and Clapper has a history of sowing confusion in Congressional testimony.

But if it is true that he has only unmasked one person but that he has unmasked both a Trump associate and a member of Congress, it would suggest he unmasked the identity of a member of Congress who is a Trump associate.

If that’s right, there are several possibilities for who it could be: transition official Devin Nunes, national security advisor Richard Burr, and national security official Jeff Sessions.

But the most likely is Sessions, because we know he was talking to Sergey Kislyak and the intelligence community has pulled their collection on Kislyak.

Even if that’s the case, it’s unsurprising Sessions’ communications with Kislyak have been reviewed and unmasked.

Still, it is a data point from Monday’s hearing that makes Sessions’ role in the firing of Jim Comey worth noting.

The Tuesday Night Massacre

/82 Comments/in , , , , , , , , , , /by

As you may have heard, President Trump has just fired FBI Director James Comey.

This is truly Nixonian Saturday Night Massacre level action.

Trump previously ran on, indeed got elected on, and likely only on, the scurrilous rogue comments of Jim Comey starting with the rogue July 5, 2016 press conference where Comey went off all rails on DOJ and PIN protocols. Here is the New York Times original report:

Mr. Comey’s dismissal was a stunning development for a president that benefited from the F.B.I. investigation of the Democratic nominee during the 2016 campaign. Separately, the F.B.I. also is investigating whether members of the Trump campaign colluded with Russia to influence the election.

The abrupt firing raised questions over whether Mr. Trump was trying to influence the Russia investigation. But he said he was following recommendations from the Justice Department, which criticized how Mr. Comey concluded the investigation into Mrs. Clinton.

Trump actually saluted Comey for this at one point. What a micro-moment self serving, not to mention narcissistic jerk.

If anybody in the world thought that that Trump is not as craven and against the Constitutional form of government we all were born and raised on, let that no longer be a question.

And if the media cannot get their heads out of their asses and realize the danger is NOT just to their First Amendment rights, but to the core of our republic and democracy, then they too should go the way of the dodo bird.

The foundations of this cowardly play were always there if you followed the ever changing voice and words of Donald Trump regarding the Clinton email issue and how the Department of Justice handled it.

If you thought this point, and/or Comey was the one only voice that could not be fired or silenced, you are sadly mistaken.

This blog has never, and I am being kind across my writings, Marcy’s and those of our departed friend Mary, been a friend of Jim Comey. He has long, and more presently, been an uneven and self serving voice mostly interested in preservation and enhancement of his own voice and position. Comey has been preternaturally successful at this.

That said, tonight I will be in Comey’s camp. I await what my friends at Lawfare and some others may have to say regarding the Tuesday Night Massacre.

Because this is a day that should live bright for a very long time.

People glibly talk about the “Resistance”. How naive. The battle is now, and has been joined in full by a cabal that makes Nixon look like a piker. The place is here. The time is now.

The temporal fact that it is Comey that tipped a scale of justice is immaterial. It has happened.

Why Accuracy about Wikileaks Matters

/21 Comments/in , , /by

Let me preface this post by saying that I’m perfectly willing to accept that Julian Assange is a narcissist, accused rapist, destructive hypocrite serving as a willful tool of Russia. I’m also happy to concede that his role in publishing the DNC and Podesta emails may have played a significant part in getting Donald Trump elected (though I think it’s down the list behind Comey and Hillary’s own (in)actions). Please loathe Julian Assange–that is your right.

But please, also, try to be accurate about him and Wikileaks.

There have been two funny claims about Wikileaks since the leak of hacked emails from Emmanuel Macron associates was announced on 4Chan on Friday. First, analysis of how the hashtag #MacronLeaks spread emphasized that Wikileaks got more pickup than right wing propagandist Jack Posobiec or the other right wing promoters of it.

The most important surge came when WikiLeaks began tweeting the hashtag. The tweet itself was cautious, pointing out that the leak “could be a 4chan practical joke,” but it was retweeted over 2,000 times, compared with over 600 times for Posobiec.

Yet people have taken that to suggest that everyone who shared Wikileaks’ links to the materials were themselves promoting the emails positively. That is, they ignored the extent to which people share Wikileaks tweets critically, which itself added to the buzz about the dump. The surge in attention, in other words, was in part critical attention to what Wikileaks was doing with respect to the leak.

More troubling, still, outlets including NPR claimed that Wikileaks posted the documents (it has since issued a correction).

Finally, there are absurd pieces like this which, after babbling that, “Macron, by contrast, is favored by those who want … a France looking to the future rather than clinging to the fearful and fictional nostalgia promulgated by Le Pen,” states,

Literally at the 11th hour, before the blackout would silence it, the Macron campaign issued a statement saying it had been hacked and many of the documents that were dumped on the American 4Chan site and re-posted by Wikileaks were fakes.

On top of being poorly edited — Macron’s statement said nothing at all about who dumped the documents — the claims as to both 4Chan and Wikileaks are not technically correct. The documents weren’t dumped on 4Chan, a post on 4Chan included a link to a Pastebin with them. More importantly, Wikileaks didn’t “re-post” them, though it did post magnet links to them.

The importance of the distinction becomes evident just two paragraphs later when the article notes that some of the tweets in which Wikileaks linked to the documents described the vetting process it was undertaking.

Meanwhile, Wikileaks jumped on the document dump, but didn’t seem to be familiar with the material in it. Responding to the Macron statement that some of the items were bogus, Wikileaks tweeted, “We have not yet discovered fakes in #MacronLeaks & we are very skeptical that the Macron campaign is faster than us.”

Curiously, the article doesn’t link to WL’s first tweet, posted less than an hour after the 4Chan post, which said it could be a 4Chan practical joke.

In any case, contrary to what some idiotic readings of this article claim — that Macron succeeded in fooling Wikileaks — in fact, Macron has not succeeded, at least not yet, because Wikileaks has not posted the documents on its own site (Wikileaks could yet claim it had determined the documents to be real only to have Macron present proof they weren’t). Indeed, while Wikileaks expressed skepticism from the start, one thing that really raised questions for Wikileaks was that Macron so quickly claimed to have determined some were fake.

Plus, it’s not actually clear that Macron did fool the hackers who passed them onto the 4Chan source. Here’s the full description from Mounir Mahjoubi, the head of Macron’s digital team, on what their counteroffensive looked like.

“We also do counteroffensive against them,” says Mahjoubi.

[snip]

“We believe that they didn’t break through. We are sure of it,” said Mahjoubi. “But the only way to be ready is to train the people. Because what happened during the Hillary Clinton campaign is that one man, the most powerful, [campaign chairman] John Podesta, logged on to his [fake] page.”

To keep the entire Macron campaign aware of such dangers, Mahjoubi said, “Every week we send to the team screen captures of all the phishing addresses we have found during the week.” But that’s just the first phase of the response. Then the Macron team starts filling in the forms on the fake sites: “You can flood these addresses with multiple passwords and log-ins, true ones, false ones, so the people behind them use up a lot of time trying to figure them out.”

If Mahjoubi was being honest about his certainty the hackers didn’t succeed, then the campaign would have no reason or means to feed disinformation. And the details offered here appear to be about disinformation in response to phishing probes — that is, disinformation about metadata — not disinformation about content.

But now, between the Daily Beast’s gloating and the sharing of it with even less factual gloating, coupled with Macron’s quick declaration that the dump included fake documents, raises real (but potentially unjustified!) questions about whether the campaign added the Cyrillic metadata that got so much attention. Not only has Wikileaks’ vetting process not (yet) been exposed as a fraud, but the reporting may create even more distrust and uncertainty than there was. [Note, I posted a tweet to that effect that I have deleted now that I’m convinced there’s no evidence Macron faked any documents.]

Moreover, even if it is the case that GRU hacked Macron and Wikileaks would have happily published the emails if they passed its vetting process (which are both likely true), Wikileaks didn’t get and post the documents, which itself is worth noting and understanding.

In other words, some inaccuracies — and the rush to gloat against Wikileaks — may actually have been counterproductive to the truth and even the ability to understand what happened.

And this is not the only time. The other most celebrated case where inaccurate accusations against Wikileaks may have been counterproductive was last summer when something akin to what happened with the Macron leak did. Wikileaks posted a link to Michael Best’s archived copy of the AKP Turkish emails that doxed a bunch of Turkish women. A number of people — principally Zeynep Tufekci — blamed Wikileaks, not Best, for making the emails available, and in so doing (and like the Macron dump) brought attention to precisely what she was rightly furious about — the exposure of people to privacy violations and worse. Best argues that had Tufekci spoken to him directly rather than writing a piece drawing attention to the problem, some of the harm might have been avoided.

But I also think the stink surrounding Wikileaks distracted focus from the story behind the curious provenance of that leak. Here’s how Motherboard described it.

Here’s what happened:

First, Phineas Fisher, the hacker notorious for breaching surveillance companies Hacking Team and FinFisher, penetrated a network of the AKP, Turkey’s ruling party, according to their own statement. The hacker was sharing data with others in Rojava and Bakur, Turkey; there was apparently a bit of miscommunication, and someone sent a large file containing around half of akparti.org.tr’s emails to WikiLeaks.

WikiLeaks then published these emails on July 19, and as some pointed out, the emails didn’t actually seem to contain much public interest material.

Then Phineas Fisher dumped more files themselves. Thomas White, a UK-based activist also known as The Cthulhu, also dumped a mirror of the data, including the contentious databases of personal info. This is where Best, who uploaded a copy to the Internet Archive, comes in.

Best said he didn’t check the contents of the data beforehand in part because the files had already been released.

“I was archiving public information,” he said. “Given the volume, the source, the language barrier and the fact that it was being publicly circulated already, I basically took it on faith and archived a copy of it.”

Without laying out all the details here, I think there are some interesting issues about this hack-and-leak that might have gotten more scrutiny if the focus weren’t Wikileaks. But instead, the focus was entirely on what Wikileaks did (or actually, on blaming Wikileaks for what Best did), rather than how the hack-and-leak really happened.

I get that people have the need, emotionally, to attack Assange, and I have no problem with that. But when emotion disrupts any effort to understand what is really going on, it may make it more difficult to combat the larger problem (or, as lefties embrace coverage of the Bradley Foundation based on hacked documents and more mass hack-and-leak reporting gets journalism awards, to set norms for what might be legitimate and illegitimate hack-and-leaks).

If you hate Assange, your best approach may be to ignore him. But barring that, there really is a case for aspiring to factual accuracy even for Wikileaks.

Update: Fixed description of what WL actually linked to — h/t ErrataRob.

Update: This article provides more detail on the hack and Macron’s attempts to counter the hackers.

“Il y a des dossiers qui ont été ajoutés à ces archives. Des dossiers dont on ne sait pas à quoi ils correspondent. Qui ne sont pas des dossiers d’emails, par exemple. Ensuite, il y a des faux emails qui ont été ajoutés, qui ont été complétés. Il y a aussi des informations que nous-même on avait envoyées en contre-représailles des tentatives de phishing !”, a expliqué Mounir Mahjoubi.

So some of the added documents (which, incidentally, are the ones that show Cyrillic metadata) are from someplace unknown, not the five hacked email boxes. There are fake emails, described has “having been completed,” which may mean (this is a guess) the hackers sent emails that were sitting in draft; if so there might be fake emails that nevertheless come with authenticating DKIM codes. The description of what the campaign did — counter-attacks to phishing attempts — is still not clear as to whether it is metadata (faked emails) or content, but still seems most likely to be metadata.

The Macron Hack: Sometimes the Metadata Is (Part of) the Message

/15 Comments/in /by

After he claimed he hadn’t been hacked, 4Chan released documents from some of Emmanuel Macron’s associates (along with a whole lot of crap) last night, just minutes before by French law the candidates and press have to stop talking about the election. Given that the hacking group believed to be associated with Russia’s military intelligence GRU had been trying to phish Macron’s campaign, it is widely assumed that these files came from GRU. That’s a safe starting assumption but it has not been proven.

Here’s one review of what we know about the documents so far. Here’s advice for France on how to avoid having this become the centerpiece of the next few days.

Thus far, the most remarked aspect of individual documents from the dump (which I haven’t started reading yet) is the metadata. For example, a good number of the Microsoft documents have Russian names or metadata in them. In addition, some people are claiming that metadata associated with forgeries in the dump point to specific equipment.

As a result, a number of people have uncritically said that this makes the dump just like the DNC dump, which is further proof that the same sloppy Russians did it.

Except in doing so, most reveal untested assumptions from that DNC dump.

Back when the DNC documents came out, a number of (these very same) people noted that there was Russian metadata in those documents, as well as the name Felix Drzezhinsky, the founder of the Soviet secret police. This was described, persistently, as an accident.

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.

I noted, even at the time, the claim that someone who deliberately adopted the name of Iron Felix just accidentally saved the document with cyrillic characters made zero sense.

Particularly with regards to the Russian metadata, you don’t both adopt a notable Russian spook’s ID while engaging in a false flag but then “accidentally” leave metadata in the files, although the second paragraph here pertains to Guccifer 2 and not the Crowdstrike IDed hackers.

Moreover, Guccifer 2 himself pointed out what Sam Biddle had already reported: the identity metadata was not limited to Iron Felix, but included Che Guevara and (I’ve been informed) Zhu De.

Since then, some folks have looked closer and compellingly argued that the Russian metadata “accidentally” left in the documents was actually made at significant effort by opening a word document, putting some settings onto Russian language, and then copying one after another document into that document.

That said, that doesn’t mean — as some of the same folks suspect — that a Hillary staffer made the documents. This post provides five alternative possibilities.

And one thing that those arguing the Guccifer figure was created to obfuscate Russia’s role didn’t connect that claim that — as I’ve heard and Jim Comey recently confirmed — this second DNC hacker was obnoxiously loud in the DNC servers.

COMEY: The only thing I’d add is they were unusually loud in their intervention. It’s almost as if they didn’t care that we knew what they were doing or that they wanted us to see what they were doing. It was very noisy, their intrusions in different institutions.

Effectively, then, the second DNC hacker (usually attributed to GRU) was leaving graffiti inside the DNC servers and Guccifer 2 effectively left graffiti on the documents he released.

In any case, the same rush to interpret the metadata is happening now on the Macron hack as it did with the DNC hack, with repeated claims the hackers — whom people assume are the same as the ones that targeted DNC — are sloppily leaving metadata again.

If they are the same hackers (which has not yet been proven) then we sure as hell ought not assume that the metadata is there accidentally. Again, that doesn’t mean this isn’t GRU. But it does mean the last time people made such assumptions they ended up arguing ridiculously that someone trying to obscure his ties to Russia was at the same time paying tribute to them.

Sometimes, it turns out, the metadata is the message.

The Implications of the Competing Flynn-Billingslea Stories

/4 Comments/in /by

In advance of Sally Yates’ testimony Monday, the WaPo and AP have released stories on concerns about Mike Flynn’s ties with Russia during the transition period.

The stories themselves are interesting enough. But that and how they differ make them all the more interesting.

The WaPo story makes the Trump White House — and very specifically Marshall Billingslea, whom Trump recently nominated to be Treasury’s terrorist finance Assistant Secretary — look the hero of a story about warnings Trump’s people gave Mike Flynn about Russia. In this version, after growing concerned that Flynn had showed more interest in meeting Sergey Kislyak than any of the other ambassadors who were pestering him for meetings, Billingslea intervened to obtain CIA’s profile of Kislyak in time for a November 28 meeting Flynn and (though this receives far less emphasis) Jared Kushner attended.

Billingslea warned Flynn that Kislyak was likely a target of U.S. surveillance and that his communications — whether with U.S. persons or superiors in Moscow — were undoubtedly being monitored by the FBI and National Security Agency, according to officials familiar with the exchange. Flynn, a retired Army lieutenant general who led the Defense Intelligence Agency, would presumably have been aware of such surveillance.

Billingslea then said that he would obtain a copy of the profile of Kislyak, officials said, a document that Billingslea urged Flynn to read if he were going to communicate with the Russian envoy. Flynn’s reaction was noncommittal, officials said, neither objecting to the feedback nor signaling agreement.

Shortly thereafter, during the week of Nov. 28, Billingslea and other transition officials met with lower-level Obama administration officials in the Situation Room at the White House.

At the end of the meeting, which covered a range of subjects, Billingslea asked for the CIA profile. “Can we get material on Kislyak?” one recalled Billingslea asking.

Days later, Flynn took part in a meeting with Kislyak at Trump Tower. White House spokeswoman Hope Hicks has confirmed that both Flynn and Jared Kushner, Trump’s adviser and son-in-law, took part in that session, which was not publicly disclosed at the time.

In that story of the Trump Administration’s effort to warn off someone who (unlike the barely mentioned Kushner) had spent a lifetime working with spies of spying, the CIA dossier, which reportedly doesn’t say Kislyak is a spy (though other outlets have claimed he is this year) gets placed in the transition SCIF.

The CIA bio on Kislyak was placed in a room in the Trump transition offices set up to handle classified material. Officials familiar with the document said that even if Flynn had read it, there was little in it that would have triggered alarms.

The file spanned three or four pages, describing Kislyak’s diplomatic career, extensive involvement in arms negotiations, and reputation as a determined proponent of Russian interests. It noted that he routinely reported information back to Moscow and that any information he gathered would be shared with Russia’s intelligence services. But the file did not say Kislyak was a spy.

Compare that key detail to something that appears in the AP version, which is told from the perspective of Obama officials. That story reveals that documents (they’re not described as the CIA dossier) were copied and removed from the SCIF.

After learning that highly sensitive documents from a secure room at the transition’s Washington headquarters were being copied and removed from the facility, Obama’s national security team decided to only allow the transition officials to view some information at the White House, including documents on the government’s contingency plans for crises.

In the AP story, Billingslea’s request was seen as a warning sign about Flynn’s preparation (who, again, had a lifetime of working with spies) to deal with America’s adversarial relationship with Russia.

In late November, a member of Donald Trump’s transition team approached national security officials in the Obama White House with a curious request: Could the incoming team get a copy of the classified CIA profile on Sergey Kislyak, Russia’s ambassador to the United States?

Marshall Billingslea, a former Pentagon and NATO official, wanted the information for his boss, Michael Flynn, who had been tapped by Trump to serve as White House national security adviser. Billingslea knew Flynn would be speaking to Kislyak, according to two former Obama administration officials, and seemed concerned Flynn did not fully understand he was dealing with a man rumored to have ties to Russian intelligence agencies.

To the Obama White House, Billingslea’s concerns were startling: a member of Trump’s own team suggesting the incoming Trump administration might be in over its head in dealing with an adversary.

But later in the AP story, it describes the Obama’s team’s concern that the Kislyak dossier was the only one requested.

Leading up to the revelation that Trump officials copied classified documents from the SCIF (which is how it ends), the AP first warns that some of this story will come out in Sally Yates’ testimony next Monday. It also reveals that the Obama Administration withheld information from Trump’s team, worried they’d share it with Russia.

In late December, as the White House prepared to levy sanctions and oust Russians living in the in the U.S. in retaliation for the hacks, Obama officials did not brief the Trump team on the decision until shortly before it was announced publicly. The timing was chosen in part because they feared the transition team might give Moscow lead time to clear information out of two compounds the U.S. was shuttering, one official said.

While it’s not inappropriate for someone in Flynn’s position to have contact with a diplomat, Obama officials said the frequency of his discussions raised enough red flags that aides discussed the possibility Trump was trying to establish a one-to-one line of communication — a so-called back channel — with Russian President Vladimir Putin. Obama aides say they never determined why Flynn was in close contact with the ambassador.

Viewed in comparison, the stories seem like competing efforts to get ahead of what both sides know will come out on Monday. The Trump team, knowing some of what Yates will say (in testimony they tried to prevent), is now making the remaining White House officials look good, and providing a somewhat plausible explanation for obtaining just the Kislyak dossier. But AP’s revelation that Trump’s people were copying documents from the SCIF that held the dossier raise questions about whether the reason it was obtained was to share the dossier. Neither story mentions what Adam Schiff has, which is that one really interesting detail will be the delay in ousting Flynn after Yates first told the White House of her concerns.

Both the stories leave out a detail the NYT previously reported that seems important, however: that Kislyak meeting, which the spook-savvy Flynn and the young Kushner attended, led to a second and a third, ultimately leading Kushner to meet the FSB-trained head of a sanctioned bank.

Until now, the White House had acknowledged only an early December meeting between Mr. Kislyak and Mr. Kushner, which occurred at Trump Tower and was also attended by Michael T. Flynn, who would briefly serve as the national security adviser.

Later that month, though, Mr. Kislyak requested a second meeting, which Mr. Kushner asked a deputy to attend in his stead, officials said. At Mr. Kislyak’s request, Mr. Kushner later met with Sergey N. Gorkov, the chief of Vnesheconombank, which drew sanctions from the Obama administration after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine.

The subtext of taking the two Billingslea stories and the Sergey Gorkov one together is that Flynn — or even the President’s son-in-law — may have provided intelligence to the Russians, in events that led up to the closest thing we’ve seen to a possible quid pro quo.

In any case, the dossier seems either better suited to warning Kushner, not Flynn, of the dangers he was navigating, or a document that, if copied and handed to its subject, would be interesting though not devastating intelligence to share.

One final point: this story helps to explain why both the December 28 sanctions and the early January hack report were so awful; remember, too, when first announced, the press had the wrong location of the Long Island compound in question. At the time, I thought both were designed to be a document, any document, ones that didn’t reveal what the intelligence community actually knew (aside from the identities of the 35 expelled diplomats), particularly regarding who actually conducted the DNC hack. The AP story reveals Obama’s team was particularly worried Trump’s team would warn the Russians in time to dismantle some of the communications equipment at the two compounds. The crummy documents, plus the delay in informing Congress of the scope of the investigation until Flynn had been ousted, are both best explained by a concern that the National Security Advisor would share the information directly with Russia.

So will we learn that Flynn — or Kushner — did share such information?

One Takeaway from the Five Takeaways from the Comey Hearing: Election 2016 Continues to Suffocate Oversight

/1 Comment/in , , , /by

The Senate Judiciary Committee had an oversight hearing with Jim Comey yesterday, which I live-tweeted in great depth. As you can imagine, most of the questions pertained either to Comey’s handing of the Hillary investigation and/or to the investigation into Russian interference in the election. So much so that The Hill, in its “Five Takeaways from Comey’s testimony,” described only things that had to do with the election:

  • Comey isn’t sorry (but he was “mildly nauseous” that his conduct may have affected the outcome)
  • Emotions over the election are still raw
  • Comey explains DOJ dynamic: “I hope someday you’ll understand”
  • The FBI may be investigating internal leaks
  • Trump, Clinton investigations are dominating FBI oversight

The Hill’s description of that third bullet doesn’t even include the “news” from Comey’s statement: that there is some still-classified detail, in addition to Loretta Lynch’s tarmac meeting with Bill Clinton and the intercepted Hillary aide email saying Lynch would make sure nothing happened with the investigation, that led Comey to believe he had to take the lead on the non-indictment in July.

I struggled as we got closer to the end of it with the — a number things had gone on, some of which I can’t talk about yet, that made me worry that the department leadership could not credibly complete the investigation and declined prosecution without grievous damage to the American people’s confidence in the — in the justice system.

As I said, it is true that most questions pertained to Hillary’s emails or Russia. Still, reports like this, read primarily by people on the Hill, has the effect of self-fulfilling prophecy by obscuring what little real oversight happened. So here’s my list of five pieces of actual oversight that happened.

Neither Grassley nor Feinstein understand how FISA back door searches work

While they primarily focused on the import of reauthorizing Section 702 (and pretended that there were no interim options between clean reauthorization and a lapse), SJC Chair Chuck Grassley and SJC Ranking Member Dianne Feinstein both said things that made it clear they didn’t understand how FISA back door searches work.

At one point, in a discussion of the leaks about Mike Flynn’s conversation with Sergey Kislyak, Grassley tried to suggest that only a few people at FBI would have access to the unmasked identity in those intercepts.

There are several senior FBI officials who would’ve had access to the classified information that was leaked, including yourself and the deputy director.

He appeared unaware that as soon as the FBI started focusing on either Kislyak or Flynn, a back door search on the FISA content would return those conversations in unmasked form, which would mean a significant number of FBI Agents (and anyone else on that task force) would have access to the information that was leaked.

Likewise, at one point Feinstein was leading Comey through a discussion of why they needed to have easy back door access to communication content collected without a warrant (so we don’t stovepipe anything, Comey said), she said, “so you are not unmasking the data,” as if data obtained through a back door search would be masked, which genuinely (and rightly) confused Comey.

FEINSTEIN: So you are not masking the data — unmasking the data?

COMEY: I’m not sure what that means in this context.

It’s raw data. It would not be masked. That Feinstein, who has been a chief overseer of this program for the entire time back door searches were permitted doesn’t know this, that she repeatedly led the effort to defeat efforts to close the back door loophole, and that she doesn’t know what it means that this is raw data is unbelievably damning.

Incidentally, as part of the exchange wit Feinstein, Comey said the FISA data sits in a cloud type environment.

Comey claims the government doesn’t need the foreign government certificate except to target spies

Several hours into the hearing, Mike Lee asked some questions about surveillance. In particular, he asked if the targeting certificates for 702 ever targeted someone abroad for purposes unrelated to national security. Comey seemingly listed off the certificates we do have — foreign government, counterterrorism, and counterproliferation, noting that cyber gets worked into other ones.

LEE: Yes. Let’s talk about Section 702, for a minute. Section 702 of the Foreign Intelligence Surveillance Amendments Act authorizes the surveillance, the use of U.S. signals surveillance equipment to obtain foreign intelligence information.

The definition includes information that is directly related to national security, but it also includes quote, “information that is relevant to the foreign affairs of the United States,” close quote, regardless of whether that foreign affairs related information is relevant to a national security threat. To your knowledge, has the attorney general or has the DNI ever used Section 702 to target individuals abroad in a situation unrelated to a national security threat?

COMEY: Not that I’m aware of. I think — I could be wrong, but I don’t think so, I think it’s confined to counterterrorism to espionage, to counter proliferation. And — those — those are the buckets. I was going to say cyber but cyber is fits within…

He said they don’t need any FG information except that which targets diplomats and spies.

LEE: Right. So if Section 702 were narrowed to exclude such information, to exclude information that is relevant to foreign affairs, but not relevant to a national security threat, would that mean that the government would be able to obtain the information it needs in order to protect national security?

COMEY: Would seem so logically. I mean to me, the value of 702 is — is exactly that, where the rubber hits the road in the national security context, especially counterterrorism, counter proliferation.

I assume that Comey said this because the FBI doesn’t get all the other FG-collected stuff in raw form and so isn’t as aware that it exists. I assume that CIA and NSA, which presumably use this raw data far more than FBI, will find a way to push back on this claim.

But for now, we have the FBI Director stating that we could limit 702 collection to national security functions, a limitation that was defeated in 2008.

Comey says FBI only needs top level URLs for ECTR searches

In another exchange, Lee asked Comey about the FBI’s continued push to be able to get Electronic Communication Transaction Records. Specifically, he noted that being able to get URLs means being able to find out what someone was reading.

In response, Comey said he thought they could only get the top-level URL.

After some confusion that revealed Comey’s lie about the exclusion of ECTRs from NSLs being just a typo, Comey said FBI did not need any more than the top domain, and Lee answered that the current bill would permit more than that.

LEE: Yes. Based on the legislation that I’ve reviewed, it’s not my recollection that that is the case. Now, what — what I’ve been told is that — it would not necessarily be the policy of the government to use it, to go to that level of granularity. But that the language itself would allow it, is that inconsistent with your understanding?

COMEY: It is and my understanding is we — we’re not looking for that authority.

LEE: You don’t want that authority…

(CROSSTALK)

COMEY: That’s my understanding. What — what we’d like is, the functional equivalent of the dialing information, where you — the address you e-mailed to or the — or the webpage you went to, not where you went within it.

This exchange should be useful for limiting any ECTR provision gets rushed through to what FBI claims it needs.

The publication of (US) intelligence information counts as intelligence porn and therefore not journalism

Ben Sasse asked Comey about the discussion of indicting Wikileaks. Comey’s first refusal to answer whether DOJ would indict Wikileaks led me to believe they already had.

I don’t want to confirm whether or not there are charges pending. He hasn’t been apprehended because he’s inside the Ecuadorian embassy in London.

But as part of that discussion, Comey explained that Wikileaks’ publication of loads of classified materials amounted to intelligence porn, which therefore (particularly since Wikileaks didn’t call the IC for comment first, even though they have in the past) meant they weren’t journalism.

COMEY: Yes and again, I want to be careful that I don’t prejudice any future proceeding. It’s an important question, because all of us care deeply about the First Amendment and the ability of a free press, to get information about our work and — and publish it.

To my mind, it crosses a line when it moves from being about trying to educate a public and instead just becomes about intelligence porn, frankly. Just pushing out information about sources and methods without regard to interest, without regard to the First Amendment values that normally underlie press reporting.

[snip]

[I]n my view, a huge portion of WikiLeaks’s activities has nothing to do with legitimate newsgathering, informing the public, commenting on important public controversies, but is simply about releasing classified information to damage the United States of America. And — and — and people sometimes get cynical about journalists.

American journalists do not do that. They will almost always call us before they publish classified information and say, is there anything about this that’s going to put lives in danger, that’s going to jeopardize government people, military people or — or innocent civilians anywhere in the world.

I’ll write about this more at length.

Relatedly (though technically a Russian investigation detail), Comey revealed that the investigation into Trump ties to Russia is being done at Main Justice and EDVA.

COMEY: Yes, well — two sets of prosecutors, the Main Justice the National Security Division and the Eastern District of Virginia U.S. Attorney’s Office.

That makes Dana Boente’s role, first as Acting Attorney General for the Russian investigation and now the Acting Assistant Attorney General for National Security, all the more interesting, as it means he is the person who can make key approvals related to the investigation.

I don’t have any problem with him being chosen for these acting roles. But I think it supremely unwise to effectively eliminate levels of oversight on these sensitive cases (Russia and Wikileaks) by making the US Attorney already overseeing them also the guys who oversees his own oversight of them.

The US is on its way to becoming the last haven of shell corporations

Okay, technically these were Sheldon Whitehouse and Amy Klobuchar comments about Russia. But as part of a (typically prosecutorial) line of questioning about things related to the Russian investigation, Whitehouse got Comey to acknowledge that as the EU tries to crack down on shell companies, that increasingly leaves the US as the remaining haven for shell companies that can hide who is paying for things like election hacks.

WHITEHOUSE: And lastly, the European Union is moving towards requiring transparency of incorporations so that shell corporations are harder to create. That risks leaving the United States as the last big haven for shell corporations. Is it true that shell corporations are often used as a device for criminal money laundering?

COMEY: Yes.

[snip]

WHITEHOUSE: What do you think the hazards are for the United States with respect to election interference of continuing to maintain a system in which shell corporations — that you never know who’s really behind them are common place?

COMEY: I suppose one risk is it makes it easier for illicit money to make its way into a political environment.

WHITEHOUSE: And that’s not a good thing.

COMEY: I don’t think it is.

And Klobuchar addressed the point specifically as it relates to high end real estate (not mentioning that both Trump and Paul Manafort have been alleged to be involved in such transactions).

There have been recent concerns that organized criminals, including Russians, are using the luxury real estate market to launder money. The Treasury Department has noted a significant rise in the use of shell companies in real estate transactions, because foreign buyers use them as a way to hide their identity and find a safe haven for their money in the U.S. In fact, nearly half of all homes in the U.S. worth at least $5 million are purchased using shell companies.

Does the anonymity associated with the use of shell companies to buy real estate hurt the FBI’s ability to trace the flow of illicit money and fight organized crime? And do you support efforts by the Treasury Department to use its existing authority to require more transparency in these transactions?

COMEY: Yes and yes.

It’s a real problem, and not just because of the way it facilitates election hacks, and it’d be nice if Congress would fix it.

The Curious Silence about the Mostly Unremarked Russian BGP Hijack

/4 Comments/in , /by

These days, it seems that NYT-approved columnists and self-appointed THREADsters can start a conspiracy theory about anything just by slapping the label “Russia” on it. Which is why I find it so curious that the BGP hijack last week of a bunch of finance companies (and some other interesting targets) by Russian telecom Rostelecom has gone generally unnoticed, except by Ars’ Dan Goodin.

Here’s a great description of what the Border Gateway Protocol is — and why it’s ripe for hijacking.

Such is the story of the “three-napkins protocol,” more formally known as Border Gateway Protocol, or BGP.

At its most basic level, BGP helps routers decide how to send giant flows of data across the vast mesh of connections that make up the Internet. With infinite numbers of possible paths — some slow and meandering, others quick and direct — BGP gives routers the information they need to pick one, even though there is no overall map of the Internet and no authority charged with directing its traffic.

The creation of BGP, which relies on individual networks continuously sharing information about available data links, helped the Internet continue its growth into a worldwide network. But BGP also allows huge swaths of data to be “hijacked” by almost anyone with the necessary skills and access.

The main reason is that BGP, like many key systems on the Internet, is built to automatically trust users — something that may work on smaller networks but leaves a global one ripe for attack.

As BGPstream first noted, the data streams for 37 entities were rerouted by Rostelecom manually last Wednesday for a 6 minute period.

Starting at April 26 22:36 UTC till approximately 22:43 UTC AS12389 (PJSC Rostelecom) started to originate 50 prefixes for numerous other Autonomous systems. The 50 hijacked prefixes included 37 unique autonomous systems

The victims include Visa, Mastercard, Verisign, and Symantec.

Oh — and according to BGPmon, the victims also include Alfa bank — the bank that got mentioned in Christopher Steele’s dossier, that had some weird behavior involving a Trump marketing server last summer, and one of two banks for which the FBI allegedly got a FISA order as part of the investigation into Russia’s interference in the US election.

BGPmon provides one possible innocent explanation (which is, in fact, the analogue of the innocent explanation offered for the Alfa-Trump traffic): it could be BGP advertising gone wrong.

It’s also worth noting that at the same time as the hijacks we did see many (78) new advertisements originated by 12389 for prefixes by ‘other’ Rostelecom telecom ASns (29456,21378,13056,13118,8570). So something probably went wrong internally causing Rostelecom to start originating these new prefixes.

Never attribute to malice that which is adequately explained by… well let’s say an innocent misconfiguration. If this was in-fact an attempt to on purpose redirect traffic for some of these financial institutions, it was done in a very visible and large scale manner, so from that perspective perhaps not too likely. Then again, given the number of high value prefixes of all the same category (financial institutions and credit card processors) it seems a bit more than an innocent accidental hijack, especially considering the fact that new more specific prefixes were introduced.

But Goodin provides some reasons why the hijack should be treated with suspicion. First, Rostelcom — the company that hijacked this traffic — is considered an official Russian government entity.

According to shareholder information provided by Rostelecom, the Russian government owns 49 percent of the telecom’s ordinary shares. The US Department of Commerce lists Rostelecom as a state-owned enterprise and reports that one or more senior government officials have seats on Rostelecom’s board of directors. Rostelecom officials didn’t respond to e-mail seeking comment for this post.

He  cites Dyn’s Doug Madory explaining why the targeted nature of this hijack should rouse suspicion.

“I would classify this as quite suspicious,” Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. “Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks.”

As Goodin notes, and as I have before, one reason an entity (especially a government) might want to hijack traffic is to make it cross a router where it has the ability to collect it for spying purposes. That process was described in some presentations from an NSA hacker that the Intercept published last year.

As Goodin notes, given that the victims here should be presumed to be using the best encryption, it would take some work for Rostelecom to obtain the financial and other data in the traffic it hijacked.

Such interception or manipulation would be most easily done to data that wasn’t encrypted, but even in cases when it was encrypted, traffic might still be decrypted using attacks with names such as Logjam and DROWN, which work against outdated transport layer security implementations that some organizations still use.

Madory said that even if data couldn’t be decrypted, attackers could potentially use the diverted traffic to enumerate what parties were initiating connections to MasterCard and the other affected companies. The attacker could then target those parties, which may have weaker defenses.

But there’s at least one other reason someone might hijack traffic. If you were able to pull traffic off of switches you knew to be accessible to an adversary that was spying on you, you might succeed in detasking that spying, even if only for 6 minutes.

One of my all-time favorite Snowden disclosures revealed that the NSA was forced to detask from some IRGC Yahoo accounts because they were being spammed and the data was flooding NSA’s systems. That happened at precisely the moment that the FBI was trying to catch some IRGC figures in trying to assassinate then Saudi Ambassador to the US (and current Foreign Secretary) Adel al-Jubeir, which I find to be a mighty interesting coinkydink.

This hypothetically could be something similar: a very well-timed effort to thwart surveillance by making it inaccessible to the switches from which the NSA was collecting it (though honestly, it would take some doing to pull traffic off all collection points accessible to the NSA, and I’m not even sure that would be possible for transatlantic traffic).

Don’t get me wrong. Accidental or not, this was a foot-stomping event. I’m sure the competent and responsible authorities at both the victim companies and the NSA have taken notice of this event, and are working to understand why it happened and if anything was compromised by it.

But I find it striking that the thousands of people spending all their time fervently creating conspiracies where none exist have not even noticed this event which, whatever it explains it, was a real event, and one involving the bank that has been at the center of so many real and imagined conspiracies.