Posts

Pompeo Likens Wikileaks’ Release of CIA’s Hacking Tools to Philip Agee

/9 Comments/in , , /by

In a speech designed to generate headlines, CIA Director Mike Pompeo just attacked WikiLeaks as a “a non-state hostile intelligence service often abetted by state actors like Russia.” The speech was explicitly a response to an op-ed Julian Assange had in the WaPo a few days ago.

Now, for those of you who read the editorial page of the Washington Post—and I have a feeling that many of you in this room do—yesterday you would have seen a piece of sophistry penned by Mr. Assange. You would have read a convoluted mass of words wherein Assange compared himself to Thomas Jefferson, Dwight Eisenhower, and the Pulitzer Prize-winning work of legitimate news organizations such as the New York Times and the Washington Post. One can only imagine the absurd comparisons that the original draft contained.

But the speech deserves closer analysis for several reasons.

CIA Directors hoping to build trust should fact and hypocrisy check better

First, it had the predictable CIA Director errors. As an example, it pretends to be rebutting “false narratives” purportedly spread by WikiLeaks, but uses as an example “the fanciful nation that they spy on their fellow citizens via microwave ovens,” a suggestion first spread by KellyAnne Conway, not WikiLeaks (though WikiLeaks responded by pointing to ways to spy with microwaves, though not ovens). It suggests Assange “directed Chelsea Manning in her theft of specific secret information;” had Assange’s direction been that clear cut, he would have been indicted. Perhaps most hilariously, a guy who — nine months ago — was applauding a WikiLeaks release today had this to say:

First, it is high time we called out those who grant a platform to these leakers and so-called transparency activists. We know the danger that Assange and his not-so-merry band of brothers pose to democracies around the world. Ignorance or misplaced idealism is no longer an acceptable excuse for lionizing these demons.

Yes. By all means, we should call out those who grant a platform to WikiLeaks. Like Mike Pompeo.

The never-ending defense of all spying overseas

The speech is also worth reviewing because of something that has become tiresome in recent years.

To rebut that false narrative Pompeo rebuts a claim that’s beside the point to WikiLeaks’ presentation of the CIA Vault 7 files (though it is one WikiLeaks has suggested on Twitter): that CIA spies on Americans.

[W]e are an intelligence organization that engages in foreign espionage. We steal secrets from foreign adversaries, hostile entities, and terrorist organizations. We analyze this intelligence so that our government can better understand the adversaries we face in a challenging and dangerous world.

[snip]

So I’d now like to make clear what CIA doesn’t do. We are a foreign intelligence agency. We focus on collecting information about foreign governments, foreign terrorist organizations, and the like—not Americans. A number of specific rules keep us centered on that mission and protect the privacy of our fellow Americans. To take just one important example, CIA is legally prohibited from spying on people through electronic surveillance in the United States. We’re not tapping anyone’s phone in Wichita.

Assange has focused primarily not on domestic spying, but on how incompetent CIA was for losing its hacking tools and for the proliferation risk it poses. Here’s what Assange said in his op-ed.

Our most recent disclosures describe the CIA’s multibillion-dollar cyberwarfare program, in which the agency created dangerous cyberweapons, targeted private companies’ consumer products and then lost control of its cyber-arsenal. Our source(s) said they hoped to initiate a principled public debate about the “security, creation, use, proliferation and democratic control of cyberweapons.”

Pompeo admits aggressive use of tools, and promises better security

That’s not a point that Pompeo really debates, though he does say,

CIA is aggressive in our pursuit of the information we need to help safeguard our country. We utilize the whole toolkit at our disposal, fully employing the authorities and capabilities that Congress,

As for losing the cyber toolkit (Pompeo does not, of course, confirm that that is what WikiLeaks has been releasing), Pompeo does promise these changes to improve CIA’s own security.

Second, there are steps that we have to take at home—in fact, this is a process we’ve already started. We’ve got to strengthen our own systems; we’ve got to improve internal mechanisms that help us in our counterintelligence mission. All of us in the Intelligence Community had a wake-up call after Snowden’s treachery. Unfortunately, the threat has not abated.

I can’t go into great detail, but the steps we take can’t be static. Our approach to security has to be constantly evolving. We need to be as clever and innovative as the enemies we face. They won’t relent, and neither will we.

We can never truly eliminate the threat but we can mitigate and manage it. This relies on agility and on dynamic “defense in depth.” It depends on a fundamental change in how we address digital problems, understanding that best practices have to evolve in real time. It is a long-term project but the strides we have taken—particularly the rapid and tireless response of our Directorate of Digital Innovation—give us grounds for optimism.

If these changes go beyond finally ensuring all devices require multi-factor authentication (something a Mike Pompeo overseen CIA did not have this time last year), then it will be a good thing.

The Philip Agee comparison

But I’m perhaps most interested in the implicit comparison Pompeo makes to start his speech. He suggests a comparison between Philip Agee (and the murder of Chief of Station Richard Welch after being outed by Agee) and WikiLeaks (or perhaps Assange personally).

That man was Philip Agee, one of the founding members of the magazine Counterspy, which in its first issue in 1973 called for the exposure of CIA undercover operatives overseas. In its September 1974 issue, Counterspy publicly identified Richard Welch as the CIA Chief of Station in Athens. Later, Richard’s home address and phone number were outed in the press in Greece.

In December 1975, Richard and his wife were returning home from a Christmas party in Athens. When he got out of his car to open the gate in front of his house, Richard Welch was assassinated by a Greek terrorist cell. At the time of his death, Richard was the highest-ranking CIA officer killed in the line of duty.

That’s a pretty remarkable way to introduce this speech. Perhaps to defend it, in the section of the speech dedicated to painting WikiLeaks as a hostile actor, Pompeo notes AQAP thanked WikiLeaks for tipping it off to a way to fight the US it hadn’t thought of.

Following a recent WikiLeaks disclosure, an al Qa’ida in the Arabian Peninsula member posted a comment online thanking WikiLeaks for providing a means to fight America in a way that AQAP had not previously envisioned.

That’s still a long way from posting CIA officers’ identities.

Security firms begin to expose CIA’s roles

All that said, I can’t help but wonder whether this spat between former WikiLeaks booster Mike Pompeo and WikiLeaks stems from a development that I’ve been anticipating: when security firms start treating US intelligence hackers like they do Russian or Chinese ones.

In the wake of WikiLeaks’ Vault 7 documents, both Symantec and Kaspersky wrote reports on Vault 7 hacks they had seen working with clients. Symantec provided a very convincing table correlating the compilation time of what they’ve seen with the evidence WikiLeaks presented.

Symantec also described the victims generally (including describing what sounds like CIA detasking as soon as they realized they had accidentally attacked a US target).

Longhorn has infiltrated governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors. All of the organizations targeted would be of interest to a nation-state attacker.

Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally.

Kaspersky offered no such public detail.

Nevertheless, these reports are just one of several developments of late (which I hope to return to) that exhibit the US’ hackers being treated like Russian or Chinese hackers are — as general adversaries outside of their country. If, as seems likely given Symantec’s description of European victims, some of the victims are nominal US allies, that’ll grow worse.

If I’m right, it’s a significant development. It may not equate to a CIA officer being outed. But it may case far more problems.

Update: As a number of people have made clear, Agee was not responsible for Welch’s death. So I’ve deleted those words.

Why Susan Rice May Be a Shiny Object

/30 Comments/in , , /by

A bunch of Republican propagandists are outraged that the press isn’t showing more interest in PizzaGate Mike Cernovich’s “scoop” that the woman in charge of ensuring our national security under President Obama, then National Security Advisor Susan Rice, sought to fully understand the national security intercepts she was being shown.

There are two bases for their poutrage, which might have merit — but coming from such hacks, may not.

The first is the suggestion, based off Devin Nunes’ claim (and refuted by Adam Schiff) that Rice unmasked things she shouldn’t have. Thus far, the (probably illegally) leaked details — such as that family members, perhaps like Jared Kushner (who met with an FSB officer turned head of a sanctioned Russian bank used as cover for other spying operations), Sean Hannity (who met with an already-targeted Julian Assange at a time he was suspected of coordinating with Russians), and Erik Prince (who has literally built armies for foreign powers) got spied on — do nothing but undermine Nunes’ claims. All the claimed outrageous unmaskings actually seem quite justifiable, given the accepted purpose for FISA intercepts.

The other suggestion — and thus far, it is a suggestion, probably because (as I’ll show) it’s thus far logically devoid of evidence — is that because Rice asked to have the names of people unmasked, she must be the person who leaked the contents of the intercepts of Sergey Kislyak discussing sanctions with Mike Flynn. (Somehow, the propagandists always throw Ben Rhodes’ name in, though it’s not clear on what basis.)

Let me start by saying this. Let’s assume those intercepts remained classified when they were leaked. That’s almost certain, but Obama certainly did have the authority to declassify them, just as either George Bush or Dick Cheney allegedly used that authority to declassify Valerie Plame’s ID (as some of these same propagandists applauded back in the day). But assuming the intercepts did remain classified, I agree that it is a problem that they were leaked by nine different sources to the WaPo.

But just because Rice asked to unmask the identities of various Trump (and right wing media) figures doesn’t mean she and Ben Rhodes are the nine sources for the WaPo.

That’s because the information on Flynn may have existed in a number of other places.

Obviously, Rice could not have been the first person to read the Flynn-Kislyak intercepts. That’s because some analyst(s) would have had to read them and put them into a finished report (most, but not all, of Nunes’ blathering comments about these reports suggest they were finished intelligence). Assuming those analysts were at NSA (which is not at all certain) someone would have had to have approved the unmasking of Flynn’s name before Rice saw it.

In addition, it is possible — likely even, at least by January 2017, when we know people were asking why Russia didn’t respond more strongly to Obama’s hacking sanctions — that there were two other sets of people who had access to the raw intelligence on Flynn’s conversations with Kislyak: the CIA and, especially, the FBI, which would have been involved in any FISA-related collection. Both CIA and FBI can get raw data on topics they’re working on. Likely, in this case, the multi-agency task force was getting raw collection related to their Russian investigation.

And as I’ve explained, as soon as FBI developed a suspicion that either Kislyak was at the center of discussions on sanctions or that Flynn was an unregistered agent of multiple foreign powers, the Special Agents doing that investigation would routinely pull up everything in their databases on those people by name, which would result in raw Title I and 702 FISA collection (post January 3, it probably began to include raw EO 12333 data as well).

So already you’re up to about 15 to 20 people who would have access to the raw intercepts, and that’s before they brief their bosses, Congress (though the Devin Nunes and Adam Schiff briefing, at least, was delayed a bit), and DOJ, all the way up to Sally Yates, who wanted to warn the White House. Jim Comey has suggested it is likely that the nine sources behind the WaPo story were among these people briefed secondarily on the intercepts. And it’s worth noting that David Ignatius, who first broke the story of Flynn’s chats with Kislyak but was not credited on the nine source story, has known source relationships in other parts of the government than the National Security Advisor, though he also has ties to Rice.

All of which is to say that the question of who leaked the contents of Mike Flynn’s conversations with Sergey Kislyak is a very different question from whether Susan Rice’s requests to unmask Trump associates’ names were proper or not. It is possible that Rice leaked the intercepts without declassifying them first. But it’s also possible that any of tens of other people did, most of whom would have a completely independent channel for that information.

And the big vulnerability is not — no matter what Eli Lake wants to pretend — the unmasking of individual names by the National Security Advisor. Rather, it’s that groups of investigators can access the same intelligence in raw form without a warrant tied to the American person in question.

National Enquirer’s Serial Spy Novel: Featuring Hillary, Flynn, Assange, Pence, and Ryan

/14 Comments/in , /by

The claim that “Trump catches Russia’s White House spy” — clearly an attempt to smear Mike Flynn — actually got me to drop the $4.99 for a copy of the National Enquirer to read the hit job. And it’s actually more than a contrived effort to claim Flynn is a Russian spy: it’s a four-page spread, implicating Hillary and Mike Pence, too.

The story about Flynn is, instead, mostly a story about Jack Barsky, the former Russian spy who has gotten a lot of press of late tied to the release of his book. Just Thursday, CNN published an interview with him claiming, “What is clear is that email accounts of Democrat operatives were hacked and those hacks originated in Russia. Anything beyond that is pure speculation.” But amid a two-page story of Barsky’s life (as if the details of his life — and Barsky himself — were newly discovered), NE includes two quotes. A “national security intelligence source” warns of other Russian spies:

Jack Barsky is a Russian spy that was caught. But what is really frightening is that there are others out there like him embedded deep into Washington D.C. … Barsky being tracked down will greatly help the president smoke out other rats in his ranks.

And amid a four paragraph discussion of Mike Flynn, NE quotes an “administration source.”

The revelations [about Barsky] come as still-unfolding details continue to worm their way into the public eye about Trump’s own White House “turncoat” — now-ousted national security adviser and retired Lt. Gen. Michael T. Flynn.

Flynn was booted from Trump’s cabinet after intercepted phone calls exposed how he had colluded with Russian officials — and then had the chutzpah to lie about it when questioned by Vice President Mike Pence.

“He was, in essence, the Russian spy in Trump’s midst,” said an administration source who spoke to The ENQUIRER on the condition of anonymity. “Trump was lucky to root him out when he did.”

The unfolding Russian spy drama will overshadow the House of Representatives Intelligence Committee hearing investigating alleged ties between Trump’s campaign and Putin, source said.

Of course, Trump transition official Devin Nunes has already canceled the next hearing into ties between Trump’s campaign and Putin, but perhaps Trump plans on magnifying this hit job in upcoming days, replete with spooky language — “embedded,” “smoke out other rats,” “worm their way,” “turncoat,” “root him out,” — to shift the focus on disloyalty within the Trump Administration.

Which brings us to the other main story in this four-page spread.

It describes how “Trump crushe[d] Clinton coup” designed to install Mike Pence, purportedly revealed by Julian Assange in these two tweets (and some follow-up):

It treats Assange’s claims about his arch enemy as credible because, as a “Beltway insider sniffed … Assange is plugged in and has deep connections to Russian intelligence, along with similar networks around the world.”

The story cites a “White House insider” describing Trump giving Pence a loyalty oath.

President Trump called Pence into the Oval Office and forced him to take a lie detecter test to prove his loyalty. Pence swore he had nothing to do with Hillary and was being moved around like a chess piece in evil Hillary’s game!

After alleging Baywatch’s Pamela Anderson might be a cut-out and/or love interest for Assange, the story then turns on Paul Ryan, citing a quote first published in October, the audio of which was released by Breitbart the same day as the Assange tweets, March 14. The NE claimed that Hillary leaked the call to sow dissent before the health care vote.

The timing of the leak is not a coincidence. The call took place in October and leaked now — just as Ryan and Trump are working to muster support for the health care bill to replace Obamacare. Hillary’s people leaked it to drive a wedge between Trump and Ryan, undermine their efforts to reform health care and destroy the president!

In short, the second article is even more fevered than the one implicating Flynn.

Finally, in addition to a short piece attacking Chris Matthews, the spread includes a non-denial denial of Christopher Steele’s dossier, claiming it showed “Trump orgies” and “graphic sex involving hookers,” which is not precisely what pee gate claimed. It then dismisses the claims because “Trump neither drinks nor uses drugs,” as if that would rule out orgies.

Undoubtedly, all this was placed with the cooperation of the White House, if not direct quotes from Trump (which is something he has a history of doing). While the Flynn story has been viewed — particularly alongside unsubstantiated claims that Flynn is cooperating with the FBI — as an attempt to damage him for snitching, it almost certainly dates to earlier than more recent attacks on Flynn, and in conjunction with stories of loyalty oaths from Pence appears tame by comparison.

Trump wants to justify a witch hunt among the National Enquirer set. And at least thus far, Flynn and warnings of replacement by Pence are no more than the excuse for launching it.

On Wikileaks and Chelsea Manning’s Commutation

/34 Comments/in , /by

Today, President Obama commuted Chelsea Manning’s sentence, effective May 17. May she have the fortitude to withstand five more months of prison.

Among the many responses to the commutation, many people are pointing to a tweet Julian Assange wrote in September, promising to agree to US prison if Manning got clemency.

Assange made a very similar comment more recently, on January 12.

To Assange’s credit, he has long called for clemency for Manning; and whatever you think of Assange, his anger against Hillary was in significant part motivated by Clinton’s response to the Manning leaks. Manning might have been able to cooperate against Assange for a lesser sentence, but there was nothing Assange did that was not, also, what the NYT has done.

Indeed, the oddity of Assange’s original tweet is that, as far as has been made public, he has never been charged, not even for aiding Edward Snowden as a fugitive.

Nevertheless, since the comments, Assange’s European lawyer said he stands by his earlier comment (though she points out the US has not asked for extradition).

But I’d like to point to a third tweet, which might explain why Assange would be so willing to be extradited now.

The day after Assange repeated his promise to undergo extradition, just as the uproar over the Trump dossier led Christopher Steele to go into hiding has been roiling, Assange also tweeted a comment at least pretending he thought he might be murdered.

Sure, Assange is paranoid. But while Assange has been hiding behind purportedly American IDed cutouts, claiming plausible deniability that he got the DNC emails from the Russians, he surely knows, now, those people were cut-outs. The Russians, Trump, and any American cutouts that Assange could ID would badly like him to sustain that plausible deniability.

And the Russians have a way of silencing people like that, even in fairly protected places in London.

So while Assange could just be blowing smoke, Assange may well be considering his options, coming to the US on a plea deal versus dealing with Putin’s goons.

All of which might make such deals more attractive.

Update: Here’s Assange’s latest on this.

The Trump Dossier Alleges DNC Insiders Were Involved in Anti-Clinton Operation

/54 Comments/in , /by

I still have questions about the provenance of the Trump dossier, particularly with respect to how we’ve received it. While this article has been touted as answering a lot of questions, it actually creates new ones (plus, it would seem to violate the D Notice that formally prohibits talking about Christopher Steele and his role).

But I did want to point to a passage in the dossier that seems critically important, if it can be deemed true. (Note, Cannonfire has an OCRed version of the dossier here.) According to a July report from Steele, there were DNC insiders involved in the operation.

Agreed exchange of information established in both directions. team using moles within DNC and hackers in the US as well as outside in Russia. PUTIN motivated by fear and hatred of Hillary CLINTON. Russians receiving intel from team on Russian oligarchs and their families in US

[snip]

2. Inter alia, Source E, acknowledged that the Russian regime had been behind the recent leak of embarrassing e-mail messages, emanating from the Democratic National Committee (DNC), to the WikiLeaks platform. The reason for using WikiLeaks was “plausible deniability” and the operation had been conducted with the full knowledge and support of TRUMP and senior members of his campaign team. In return the TRUMP team had agreed to sideline Russian intervention in Ukraine as a campaign issue and to raise defence commitments in the Baltics and Eastern Europe to deflect attention away from Ukraine, a priority for PUTIN who needed to cauterise the subject.

3. In the wider context campaign/Kremlin co-operation, Source E claimed that the intelligence network being used against CLINTON comprised three elements. Firstly there were agents/facilitators within the Democratic Party structure itself; secondly Russian emigre and associated offensive cyber operators based in the US [note: corrected OCE error] and thirdly, state-sponsored cyber operatives working in Russia. All three elements had played an important role to date. On the mechanism for rewarding relevant assets based in the US, and effecting a two-way flow of intelligence and other useful information, Source E claimed that Russian diplomatic staff in key cities such as New York, Washington DC and Miami were using the emigre ‘pension’ distribution system as cover. The operation therefore depended on key people in the US Russian emigre community for its success. Tens of thousands of dollars were involved. [my emphasis]

The claim there were “moles” within the DNC would be perfectly consistent with something Julian Assange has long claimed: that he got the documents from a disgruntled DNC insider.

Craig Murray’s Description of WikiLeaks’ Sources

/26 Comments/in /by

One of the weaknesses of my post on the evidence needed to prove the Russian DNC hack (one I’ll fix when I move it into a page) is that I didn’t include a step where the intelligence community had to dismiss alternative theories. It is not enough to prove that tools associated with Russian intelligence hacked the DNC (whether or not you’re convinced they necessarily are used exclusively by GRU), but you also have to prove that no one else either hacked the known sources of leaked documents or otherwise obtained them. That was particularly important given early reports that FBI wasn’t sure that the documents stolen by hackers presumed to be GRU were the same documents dealt to WikiLeaks.

One alternative theory I know some researchers tested, for example, is whether hackers could have gotten into the accounts of DNC staffers by testing passwords made available by past hacks (of LinkedIn and MySpace, in particular) for reuse. For a while, that definitely seemed like a plausible alternative theory, but ultimately I don’t think it could explain the known evidence.

The most important alternative theory, however, comes from Julian Assange, who has been first intimating and more recently asserting directly that Russians were not his source (even while showing immediate concern that Obama’s hacking review targeted Wikileaks directly). Former UK Ambassador to Uzbekistan Craig Murray has also made such a claim, first in a series of posts on his blog, and at more length in an interview with Scott Horton.

Murray’s interview is well worth the listen, as he has nowhere near the same personal stakes in this story as Assange and — as he makes clear in the interview — because he seems to have had a role in handing over the second batch of emails. Ultimately, his description is unconvincing. But it is an important indication of what he claims to believe (which must reflect what Assange has told him, whether Assange believes it or not). Importantly, Murray admits that “It’s perfectly possible that WikiLeaks themselves don’t know what is going on,” which admits one possibility I’ve always suspected: that whoever dealt the documents did so in a way that credibly obscured their source.

Murray explained that the two sets of documents handed over to Wikileaks came via two different American sources, both of whom had legal access to them.

He describes a lot more about the Podesta emails, of which he said he had “first hand knowledge,” because of something he did or learned on a trip to DC in September. In this interview, he says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary. That means the intermediary may have made false claims about the provenance.

And even the claims about the provenance don’t make sense. Murray claimed the documents came from someone in the national security establishment, and implied they had come from legal monitoring of John Podesta because he (meaning John) is a lobbyist for Saudi Arabia.

Again, the key point to remember, in answering that question, is that the DNC leak and the Podesta leak are two different things and the answer is very probably not going to be the same in both cases. I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As a threshold matter, no national security agency is going to monitor an American registered to work as an agent for the Saudis. That’s all the more true if the agent has the last name Podesta.

But that brings us to another problem. John Podesta isn’t the lobbyist here. His brother Tony is. So even assuming the FBI was collecting all the emails of registered agent for the Saudis, Tony Podesta, even assuming someone in national security wanted to blow that collection by revealing it via Wikileaks, they would pick up just a tiny fraction of John Podesta’s emails. So this doesn’t explain the source of the emails at all.

But if we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

Horton and Murray go on to discuss how WikiLeaks got the first batch of emails, the ones from DNC. That’s specifically the context where Murray talks about the possibility Assange doesn’t actually know. Though he suggests the leaker is a DNC insider angry about Bernie Sanders’ treatment.

There’s a section on the murdered DNC staffer, which I’m not going to focus on because I find it distasteful. But Murray explains that Assange offered a reward pertaining to his murder because he thought the staffer might be mistaken for the real source, but was not the real source. Which suggests Assange implied to Murray that the documents were directly leaked by someone in a similar position. Again, someone who could pose as a DNC staffer.

Here, Murray states clearly that “Guccifer is not the source for WikiLeaks.” He explains that claim based primarily off the assumption that the Russians would never employ such as buffoon as Guccifer, not direct knowledge. Remember Guccifer stated publicly he had given the documents to WikiLeaks, with no rebuttal from Assange I know of.

In other words, that doesn’t seem to make sense either. And with Assange you are by necessity dealing with documents passed through at least one and in the Podesta email case, perhaps two or more intermediaries. So even assuming the best effort to vet people on Assange’s side, he does have limited resources to do so himself.

One more comment. Murray ends with a description of the reception of the emails that doesn’t make sense at all. He suggests the “mainstream media” ignored concerns about the Clinton foundation (he doesn’t even mention that this coverage might come from the legally FOIAed emails). He says they ignored other details, such as that Donna Brazile gave Hillary a debate question and that the DNC conspired against Bernie. He claims members of the media “colluded” with the Hillary campaign.

I know some people believe these topics should have gotten more attention. Even if you believe these things, though, believing the traditional media didn’t cover them requires a blind spot about the massive Trump corruption they might have been covering instead.

All that neither proves or disproves that Murray believes he got documents from someone in the national security establishment that were legally obtained. It just might explain why he’d believe something that, in this case, makes no sense.

Update: Now Assange is saying his source wasn’t Guccifer. He also snipes about Murray’s comments.

“Craig Murray is not authorized to talk on behalf of WikiLeaks,” Assange said sternly.

 

In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

/5 Comments/in , , , , /by

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

A Busy Day for the Bears

/18 Comments/in , /by

Yesterday, there were three arguably big events associated with stolen records alleged to have ties to Russia’s GRU.

Simon Biles treats her ADHD

The first is the leak, by a group explicitly calling itself Fancy Bear (though the hack was once tied to Polish Anonymous), of anti-doping agency records showing the Williams sisters and Simone Biles all got approval for and took drugs on a list of otherwise banned substances. While there are no allegations of impropriety — indeed, Biles explained that in her case the exception involved treating ADHD — the story got covered by the major international press, including the Beeb, NBC, and NYT.

Colin Powell rants

The second alleged-Bear event is the release of Colin Powell emails, obtained by DC Leaks, to The Intercept, BuzzFeed, and Politico. The emails include quite recent ones, including one from August 26. Powell now uses GMail, suggesting his emails should be harder to hack than (for example) his State emails on AOL or emails run on a private server. Whether you worry about Russian influence or not, this hack is quite newsworthy.

There are embarrassing emails with Powell asserting that “Everything HRC touches she kind of screws up with hubris,” as well as emails with Powell complaining about Trump’s racism and the press’ stoking of it.

The emails are not limited to election-related ones, either. They also include correspondence between Powell and Jack Straw and how the Chilcot report got buried in all the Brexit news.

Guccifer 2 goes mainstream

dncarchitecture_mc

Finally, there was the “appearance” at a security conference by Guccifer 2.0, the guy who has released the DNC emails that gave the Democrats an excuse to force Debbie Wasserman Schultz’s to resign, though they had been looking for an excuse for some time.

In point of fact, Guccifer 2.0 didn’t appear in person at the conference. Rather, he sent a speech which got read at the conference, with the transcript released to journalists. The speech focused on the negligence of software companies in security. Guccifer went on for several paragraphs about the power and sloppiness of tech companies, arguing they were to blame for hacks.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It’s well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.

They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn’t mean they will produce better software. That means they will get even more money in return.

Then he returned to a claim he has made on two earlier occasions: that he hacked DNC via a vulnerability in VAN.

So, what’s the right question we should ask about cyber crime?

Who hacked a system?

Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?

How I hacked the DNC???

Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.

Their software is full of holes. And you knew about it even before I came on stage.

You may remember Josh Uretsky, the national data director for Sander’s presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.

However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN’s raw software which had holes and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah?

This scheme shows how NGP VAN is incorporated in the DNC infrastructure.

One of two schemes released with the speech appears above.

Now, Guccifer’s allegation — tying vulnerabilities in the VAN software to his own hack — could be newsworthy. Recall, after all, that one excuse the Bernie staffer gave for nosing around Hillary’s side of VAN was that Sanders’ own data had been compromised earlier that year. Importantly, Guccifer’s persistent focus on VAN, which was a signature moment in Sanders’ voters disillusionment with the DNC conduct in the election, would provide an alternative motive for this hack rather than just a Putinesque plot to tamper with Hillary’s election.

Thing is, there’s nothing in the materials released on VAN that indicates any particular vulnerability (though the dump does include some dated information on DNC’s computer security): effectively Guccifer makes an allegation but — at least from what I’ve seen and heard from a few people who know security better — doesn’t deliver the goods.

Indeed, while there are documents acknowledging the kind of pay-to-play appointments for big donors that both parties practice, and some other financial data that I suspect may prove more interesting with further scrutiny, there’s nothing really newsworthy in this dump. It seems to be interesting primarily to Bernie diehards, not the press generally, which is rightly more interested by the Powell emails.

Which, again, emphasizes how much Guccifer has been feeding Bernie diehards, either out of his own motivation or his handler’s. It is worth noting that while Guccifer claims to oppose Trump’s policies, he did say this about Sanders: “I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!”

Why stomp on the Bears other big blasts?

Which has me wondering about yesterday generally. If someone is orchestrating all these leaks, why have Guccifer “give a speech” on the same day as two highly managed releases, especially given that Guccifer failed to deliver the goods? Indeed, why invite Guccifer to, or have him accept an invitation from, a pretty staid security conference at all?

And what is the role of Darren Martyn, a LulzSec Irish hacker who was indicted along with Jeremy Hammond but apparently never extradited. He’s apparently the one who read Guccifer’s speech. Which raises all sorts of questions about Guccifer’s ties to the Anon group of hackers, or maybe also to what Martyn has been doing since he was indicted in the US.

Let me just close with an observation.

The Democrats have, rightly, been worried about what Guccifer will release closer to the election; I’ve heard specific concerns from connected Dems that he will release far more damning financial documents. The FBI, too, appears uncertain whether the set of documents Guccifer has is the same that the GRU-related hackers are believed to have spied on at the DNC. Thus, both the DNC and FBI would love to do something to make Guccifer show more of his hand.

Before this hack, we were all just waiting to see what Julian Assange, who is clearly maximizing damage to Hillary, will drop next.

And instead, by inviting Guccifer to appear at a conference, someone got Guccifer to drop an additional 700 MB of files while everyone is busy looking at the Powell emails.

 

Did Wikileaks Do US Intelligence Bidding in Publishing the Syria Files?

/34 Comments/in , /by

Consider this nutty data point: between CNN’s Reliable Sources and NBC’s Meet the Press, Julian Assange was on more Sunday shows today than John McCain, with two TV appearances earlier this week.

Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.

Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:

CHUCK TODD:

All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?

JULIAN ASSANGE:

Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–

[snip]

CHUCK TODD:

Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?

JULIAN ASSANGE:

Well, it’s an interesting speculative question that’s for the press and others to perhaps–

CHUCK TODD:

That doesn’t bother you? That is not part of the WikiLeaks credo?

JULIAN ASSANGE:

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]

Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.

But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.

An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

[snip]

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

/15 Comments/in , /by

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.