Posts

The Suspected Assasination of Gareth Williams and Shadow Brokers’ Focus on SWIFT

If you haven’t seen it, BuzzFeed has been doing a superb series on the UK deaths that US spooks included in a secret report on suspected Russian assassinations. Yesterday they published the story I knew had to be coming, confirming that GCHQ spy Gareth Williams is among those deaths suspected to be Russian assassinations.

Police declared the death of Gareth Williams “probably an accident” – but British intelligence agencies have been secretly communicating with their American counterparts about suspicions that the spy was executed by Russian assassins, four US intelligence officials told BuzzFeed News.

An ongoing BuzzFeed News investigation has revealed that British and American spy agencies have intelligence connecting a string of suspected assassinations in the UK to Russian state agents or organised criminals – who sometimes cooperate. One high-ranking US intelligence source said: “The Kremlin has aggressively stepped up its efforts to eliminate and silence its enemies abroad over the past couple of years – particularly in Britain.” A second serving official said the circumstances of Williams’ death and 13 others “suggest Russian involvement” and demand “more investigation from the UK”. In all 14 cases, police ruled out foul play while intelligence agencies secretly compiled information connecting the deaths to Russia.

Williams, a 31-year-old codebreaker for Britain’s Government Communication Headquarters (GCHQ), had been assigned to MI6, and in the months before his death, sources said, he was working with the US National Security Agency. Two senior British police sources with direct knowledge of the case said some of his work was focused on Russia – and one confirmed reports that he had been helping the NSA trace international money-laundering routes that are used by organised crime groups including Moscow-based mafia cells.

While the report revisits and expands on all the suspicious details of Williams death and the thwarted British investigation into it, that spooks suspected it had ties to Russian mobsters is not new (though that theory does solidly explain why Williams would be among those targeted in this apparent assassination wave). The Daily Mail reported that theory back in 2011.

At the time, I noted that Williams’ impact on the Russian mob was described as a knock-on effect of a generally improved ability to track money laundering, something I tied closely to NSA’s ability to track SWIFT messaging.

[M]oney laundering is money laundering. Terrorists do it. Organized crime does it. Spy services do it. Corporations do it (often legally). And banksters do it, among others.

And there doesn’t appear to be anything about this description to suggest the Russian mafia would be specifically targeted by the technology. Indeed, the description of their exposure as a “knock-on effect” suggests everything would be targeted (which sort of makes sense; you can’t track money laundering unless you track the “legitimate” part of finance that makes it clean).

Which is why I find this latest narrative–with its complete lack of attention on the technology, instead focusing exclusively on the Russian mob–so interesting. Because finding a way to track money laundering, of any sort, would just be a new way to do what US intelligence has already been doing with SWIFT.

The following year, I noted that Gauss, a variant of StuxNet, sounded like the kind of money laundering tracking that might piss off the Russian mob.

That feels so long ago now: before the time we learned, in 2013, that the NSA was double-dipping at SWIFT, accessing SWIFT data directly at targeted customers in addition to its legal access via Europol, and before the time in April when Shadow Brokers not only dumped details of how the NSA hacked SWIFT but also (particularly ominously given the reminder of Williams’ death) doxed the NSA hackers who had carried that out.

Remember: Shadow Brokers has promised more details on “compromised network data from more SWIFT providers and Central banks” as part of its monthly tools of the month club.

There’s a lot that’s going on here. But a big part of it appears to be striking at US asymmetric visibility into the world’s financial system (I don’t say transparency because the US is increasingly the haven of last resort).

In the Middle of Spying Scandal, Scotland Yard Gives Up on Another One

I’ll be honest. I’ve been thinking about Gareth Williams — the GCHQ spy found dead in a duffle bag in his safe house — since the Snowden leaks started. With each new disclosure, especially about GCHQ (though remember that Williams also worked with NSA closely on busting the liquids plot), I’ve wondered, “Is this the new spying effort that got Williams expertly killed?”

Which is why I find it so interesting that Scotland Yard chose today to announce — to much incredulity on both sides of the Atlantic — that he killed himself by accident.

His spy background and the fact that expensive, unworn women’s clothes were found at his flat provoked a wide range of “weird and wonderful” theories, London Police Deputy Assistant Commissioner Martin Hewitt said, but further investigations now suggested it was more likely he had not been murdered.

“Most probably, it was an accident,” Hewitt told reporters. “I’m convinced that Gareth’s death was in no way linked to his work.”

[snip]

Hewitt denied suggestions Britain’s spies had simply staged an elaborate cover-up.

“I do not believe I have had the wool pulled over my eyes.”

Just as an example, would any of the OPEC countries NSA and GCHQ hacked have reason to be particularly sensitive about it? There were past allegations Russian organized crime did him in — and I pointed out that those claims resembled an application of Gauss which reported tracked Lebanese bank data. Did some other financial institution catch him stealing their data? Did he catch someone stealing other data?

In any case, Williams’ death is a reminder that it wasn’t so outlandish when Snowden suggested he might be murdered for having leaked intelligence.

Latest StuxNet Incarnation Resembles Alleged Project of Murdered GCHQ Officer

Kaspersky Labs has found a new incarnation of StuxNet malware, which they’ve called Gauss. As Wired summarizes, the malware is focused geographically on Lebanon and has targeted banks.

A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers.

The malware, which steals system information but also has a mysterious payload that could be destructive against critical infrastructure, has been found infecting at least 2,500 machines, most of them in Lebanon, according to Russia-based security firm Kaspersky Lab, which discovered the malware in June and published an extensive analysis of it on Thursday.

The spyware, dubbed Gauss after a name found in one of its main files, also has a module that targets bank accounts in order to capture login credentials. The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

I find that interesting for a number of reasons. First, every time banks have squawked about our government’s access of SWIFT to track terrorist financing, the spooks have said if they don’t use SWIFT they’ll access the information via other means; it appears this malware may be just that. And the focus on Lebanon fits, too, given the increasing US claims about Hezbollah money laundering in the time since Gauss was launched. I’m even struck by the coincidence of Gauss’ creation last summer around the same time that John Ashcroft was going through the Lebanese Canadian Bank to find any evidence of money laundering rather than–as happens with US and European banks–crafting a settlement. I would imagine how that kind of access to a bank would give you some hints about how to build malware.

But the other thing the malware made me think of, almost immediately, was the (I thought) bogus excuse some British spooks offered last summer to explain the murder of Gareth Williams, the GCHQ officer–who had worked closely with NSA–who was found dead in a gym bag in his flat in August 2010. Williams was murdered, the Daily Mail claimed, because he was working on a way to track the money laundering of the Russian mob.

The MI6 agent found dead in a holdall at his London flat was working on secret technology to target Russian criminal gangs who launder stolen money through Britain.

[snip]

But now security sources say Williams, who was on secondment to MI6 from the Government’s eavesdropping centre GCHQ, was working on equipment that tracked the flow of money from Russia to Europe.

The technology enabled MI6 agents to follow the money trails from bank accounts in Russia to criminal European gangs via  internet and wire transfers, said the source.

‘He was involved in a very sensitive project with the highest security clearance. He was not an agent doing surveillance, but was very much part of the team, working on the technology side, devising stuff like software,’ said the source.

He added: ‘A knock-on effect of this technology would be that a number of criminal groups in  Russia would be disrupted.

‘Some of these powerful criminal networks have links with, and employ, former KGB agents who can track down people like  Williams.’

Frankly, I always thought that explanation was bogus–I suggested that the Brits could just partner with the US to access such data via SWIFT. And whatever it means, I haven’t seen such an explanation since.

But I do find it rather interesting that one of the most prominent unsolved murders of a spook was blamed–at around the time the StuxNet people were working on Gauss–on a plan to track money laundering.

Gareth Williams Inquest to be Secret Tribunal

I’ve been blogging about British efforts to expands the use of closed material proceedings so it won’t reveal embarrassing details about its cooperation in American torture in the future.

Which makes it interesting that Britain’s Foreign Secretary, William Hague, has ordered that the inquest into the death of GCHQ scientist Gareth Williams will be secret. Williams is the GCHQ-on-loan-to-MI6 sometimes-on-loan-to-NSA scientist whose body was found in a gym duffel in his flat a few years ago.

All sorts of cover stories have been leaked about his death: that it was some sort of gay bondage gone bad, that the Russian mafia took him out.

I’ve been most intrigued by the detail that Williams was working with NSA at the time when the US blew up the British planes investigation.

Whatever the reason, we’re not likely to find out, at least not immediately, because of the secrecy surrounding the inquest.

I’m not surprised the Brits don’t want their spy stories told in public, mind you.

Is Obama Threatening the “Special Relationship” to Hide Torture?

I noted, when David Cameron was in town, that his Justice Secretary, Kenneth Clarke, was pushing to expand “closed material proceedings” as a way to better protect secret information. The effort was a response, Clarke claimed, to courts forcing the government to release information about Binyam Mohamed’s torture, which ended up revealing the US was using some torture techniques before the Bybee Memo purportedly approved torture.

Now, Cameron’s government is ratcheting up the fear-mongering, claiming that the US withheld information about a terrorist threat 18 months ago because of the the Mohamed release.

The CIA warned MI6 that al-Qaeda was planning an attack 18 months ago, but withheld detailed information because of concerns it would be released by British courts.

British intelligence agencies were subsequently forced to carry out their own investigations, according to Whitehall sources.

Several potential terrorists were identified with links to a wider European plot, but it is still not known whether the British authorities have uncovered the full extent of the threat.

I flew through London 18 months ago during what I suspect was this terror threat. It was the kind of threat where one airline–American–had rolled out the full heightened security theater, but another–Delta–had nothing special, both on the same day.

That kind of terrorist threat.

If it is true the CIA is withholding such information (I’m not saying I buy that the US withheld information from a serious threat), then consider what this means. Back in August 2006, the US (specifically, Dick Cheney and Jose Rodriguez) betrayed the “Special Relationship” by asking the Pakistanis to arrest one of the plotters in the liquid planes plot, which in turn forced the Brits to roll up their own investigation before they had solidified the case against the plotters. Several of the plotters had to be tried two times to get a conviction. The Bush Administration did all this as an election stunt.

And yet we’re the ones purportedly complaining about information sharing?

Read more

“SWIFT” Boating the Russian Mafia

Remember that GCHQ/MI6 agent, Gareth Williams, who was found dead in a duffel bag last year?

At first, the narrative around his death centered on rumors he had been killed in a weird gay sex game. Amid such sensational reporting, other articles revealed Williams worked closely with the NSA on wiretapping Rashid Rauf, one of the men involved in the 2006 plot to bring down planes with small bottles of liquid. Williams’ work with NSA is all the more interesting when you consider American manipulation of that investigation and their subsequent squeamishness about sharing the intercepts.

But now there’s a new theory out now (from the Daily Mail, which was early to the now discredited sex crime theory): that Williams was killed by the Russian mafia because he was working on a way to track money laundering.

But now security sources say Williams, who was on secondment to MI6 from the Government’s eavesdropping centre GCHQ, was working on equipment that tracked the flow of money from Russia to Europe.

The technology enabled MI6 agents to follow the money trails from bank accounts in Russia to criminal European gangs via internet and wire transfers, said the source.

‘He was involved in a very sensitive project with the highest security clearance. He was not an agent doing surveillance, but was very much part of the team, working on the technology side, devising stuff like software,’ said the source.

He added: ‘A knock-on effect of this technology would be that a number of criminal groups in  Russia would be disrupted.

‘Some of these powerful criminal networks have links with, and employ, former KGB agents who can track down people like  Williams.’

The rest of the Daily Mail article on this hypes how scary and omnipresent the Russian mafia are.

But money laundering is money laundering. Terrorists do it. Organized crime does it. Spy services do it. Corporations do it (often legally). And banksters do it, among others.

And there doesn’t appear to be anything about this description to suggest the Russian mafia would be specifically targeted by the technology. Indeed, the description of their exposure as a “knock-on effect” suggests everything would be targeted (which sort of makes sense; you can’t track money laundering unless you track the “legitimate” part of finance that makes it clean).

Which is why I find this latest narrative–with its complete lack of attention on the technology, instead focusing exclusively on the Russian mob–so interesting. Because finding a way to track money laundering, of any sort, would just be a new way to do what US intelligence has already been doing with SWIFT.

You’ll recall that SWIFT is the messaging system that tracks international money transfers; our use of it to track terrorist finance was first exposed by James Risen and Eric Lichtblau in 2006. In 2009, the US and EU got in a big squabble over whether the US would continue to have access when the servers moved to Europe. They ultimately signed a deal on access. But in March it became clear we were cheating on that deal–among other things by making all specific search requests orally, thereby bypassing the audit provisions demanded by the Europeans.

I increasingly suspect the furor around the SWIFT disclosures has to do with a concern over maintaining the perceived sanctity of tax havens even as it becomes clear our government has routinely been accessing money transfer information using nothing more than administrative subpoenas.  And I increasingly suspect the ongoing squabble between Europe and the US over SWIFT access has to do with America’s asymmetrical access to what has been described as the Rosetta stone of money transfers.

I’ve become convinced, the response to NYT’s reporting on SWIFT was (and remains) so much more intense than even their exposure of the illegal wiretap program. The shell game of international finance only works so long as we sustain the myth that money moves in secret; but of course there has to be one place, like SWIFT, where those secrets are revealed. And so, in revealing that the US was using SWIFT to track terror financing, the NYT was also making it clear that there is such a window of transparency on a purportedly secret system.And the CIA has, alone among the world’s intelligence services, access to it.

There are hints in Lichtblau’s book that back my suspicion that revealing SWIFT was so problematic because it reveals monetary transfers aren’t as secret as the banksters would like you to think they are. One reason people grew uncomfortable with the program was because “some foreign officials feared that the United States could turn the giant database against them.” (234) Others worried that the US might be “delving into corporate trade secrets of overseas companies.” (248) And when Alan Greenspan helped persuade SWIFT to continue offering US access to the database, he admitted how dangerous it was.

If the world’s financiers were to find out how their sensitive internal data was being used, he acknowledged, it could hurt the stability of the global banking systems. (246)

Now, Lichtblau doesn’t describe explicitly what these risks entail, but this all seems to be about letting the CIA see, unfettered, the most valuable secrets in the world, financial secrets. The world’s globalized elite has to trust in the secrecy of their banking system, but in fact the CIA (of all entities!) has violated that trust.

It turns out (the LAT reported this contemporaneously with the NYT reporting; I’ve just now read this in the context of Risen’s affidavit to quash his Sterling subpoena) that the CIA once developed a clandestine way to access SWIFT but were persuaded not to use it because doing so would “compromis[e] the integrity of international banking.”

CIA operatives trying to track Osama bin Laden’s money in the late 1990s figured out clandestine ways to access the SWIFT network. But a former CIA official said Treasury officials blocked the effort because they did not want to anger the banking community.

Historically, “there was always a line of contention” inside the government, said Paul Pillar, former deputy director of the CIA’s counterterrorism center. “The Treasury position was placing a high priority on the integrity of the banking system. There was considerable concern from that side about anything that could be seen as compromising the integrity of international banking.”

Ah, for the halcyon days when people believed international banking had any integrity to compromise!

My point, though, is that the US has had the potential capability to track Russian mobsters since SWIFT let us access the databases after 9/11, particularly now that we’re making all our specific requests orally. So far as I know, no one has ended up dead in a duffel bag over that access.

Moreover, there would be a great deal of people who would like to prevent the UK from getting their own back door into the global finance system, if that’s really the reason Williams was killed. (Note, Williams was also reportedly about to join the UK’s cybersecurity team, which might offer other reasons to want him dead.) Sure, the Russian mafia are among that group, but so would be many others with the means to murder a spook.

Now, it may be that this entire new narrative is just as sketchy as the sex crime one was. Or it may be that this is a preemptive attempt to suggest only Russian mobsters have anything to hide.

But I do find this latest narrative mighty intriguing.