Posts

Argument: The DNC Hack Attribution Was A Response to Brick and Mortar Events

/22 Comments/in , /by

Last week, ODNI and DHS released a statement widely viewed as attributing the hack and leak of DNC and other Democratic materials to Russia. The statement was actually a bit more nuanced than that:

Assertion 1: Russia compromised DNC and other political organizations

The statement starts with a comment that is spook speak for “we’ve proven this.”

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.

Mind you, this is the bit the IC has been confident of all along: they found hackers at the DNC and the hackers have all the attributes of two different Russian hacking groups.

Assertion 2: The leaking is consistent with stuff Russia has done elsewhere

The next move is the most interesting, in my opinion. The IC strongly suggests the leaking of those hacked files is Russia, but doesn’t use the same spook speak confidence language.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Here, the IC is not saying “we are confident Russia then handed all these files to WikiLeaks, as well as created two cover identities through which to leak them.” Instead, they are saying Russia has done similar things before and has the motivation to do so here. As they have for months, the spooks still appear not to have the same level of proof tying the hacking to the leaking that would allow them to say “we are confident” for this assertion, at least not that they’re willing to admit, which I find incredibly interesting.

Assertion 3: Russia is trying to interfere with the election

Having stated very confidently Russia did the hack and less confidently that it did the leak, the statement brings the nugget language: basically accusing Putin of masterminding the whole thing.

These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

For my purposes here, I’m not interested in testing the truth of this statement — though I am a bit interested in how “influencing public opinion” is deemed to be “interfering with the US election,” because it’s something many people don’t seem to have thought through (nor have they thought through how it differs from the US’ own information operations or PR involvement of other foreign powers in our elections).

Especially given this bit:

Assertion 4: Hackers operating through a Russian server hacked some state election websites, but that may not be the Russian state

The statement goes out of its way to note that the Russian-attributed activity most directly connected to the election, the voter rolls, may not actually be the Russian state, but instead just servers operated by a Russian company.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

Remember, identity thieves have in the past stolen far more voter registration records for identity theft. It’s certainly possible that’s what went on here. More importantly, the IC appears to have nothing from collection on Russia they’re willing to share to claim that this hacking is part of Putin’s mastermind plot.

The rest of the statement goes on to talk about the ways (which I’ve talked about as well) that our localized system of elections makes it really hard to hack an election (though that also makes it really easy to botch an election or even to tamper with elections by disenfranchising select voters, which is what people should be far more concerned about, given that we know such efforts are effective and ongoing).

The IC has long known this but chose to release this statement now

The reason I’ve broken this out into four parts — 1) we know Russia hacked the DNC, 2) the leaks of hacked material is consistent with stuff Russia has done in the past, 3) Putin is in charge, 4) Russia may not have hacked the state websites — is to call attention to the fact that the IC has been leaking assertions 1, 2, and 4 for months. The stated (leaked) reason to hold off on a formal attribution was the uncertain status of assertion 2: the IC doesn’t yet know how the files got from the DNC hackers into Julian Assange’s hands.

But the IC chose to release this statement without growing any more certain about assertion 2 and without solving assertion 4.

In my opinion, that means the IC released this statement to get to assertion 3. Putin is trying to “interfere” in our election by “influencing public opinion.”

The release timing is more about kinetic events elsewhere than it is about IC certainty

So why release this statement now, when the IC doesn’t seem to have gotten any more certain about assertion 2 or 4?

At the end of what I think is an overly pessimistic piece on America’s inability to deter hacking, Jack Goldsmith considers the possibility that undeterred cyberattacks may be a response to brick and mortar conflict.

Without robust defenses or effective deterrence, the United States can expect many more, and more harmful, cyber intrusions by adversaries who are asymmetrically empowered by the rise of digital networks.  There is no end to the ways that they might spy in, steal from, or disrupt U.S. networks, public and private.  That sounds bad, buts the implications are worse.  Asymmetric offensive cyber operations by our adversaries can be an effective response to every element of U.S. foreign and military power.  For all we know the Russian DNC hack is a response to sanctions for Ukraine and an attempt to win leverage in Syria.  Imagine the United States wanted to do more—via sanctions, or through military operations, or in cyber—to slow Russian operations in Eastern Europe or Syria.  The Russians could easily respond via cyber, where it appears to have an asymmetrical advantage.  Indeed, the relatively tepid USG response to Russian aggression in Eastern Europe and Syria may be a result of USG worries about the implications of the DNC hack.  In other words, the Russians may already be using cyber to deter the United States from seemingly unrelated foreign policy actions it might otherwise take.

Aside from his totally inappropriate use of “asymmetric” here — there’s no lack of potential symmetry between the cyber capabilities of the US and Russia, just an emphasis of one tool over another — I agree with this passage. Indeed, I’ve been saying for a long time that the most obvious explanation for why Putin would do all this so blatantly is because in his view the US carried out a coup in Ukraine and is attempting regime change in Syria to choke Russia strategically.

And as Goldsmith argues, the US’ weak spot is its vulnerability to cyber attacks, absolutely. That weakness is made worse, too, by continued  US insistence on retaining access to all potential offensive tools, even if they can be most dangerous against US targets if they ever, say, show up on an online sale (Goldsmith was curiously silent about the Shadow Brokers release here).

I suspect China, in particular, has done the same kind of mapping we have with Treasure Map, with a focus on having cyberattacks ready to launch that would neutralize us if we ever got into a hot war.

But Goldsmith doesn’t consider the possibility that things may also work in the reverse way.

The US released this statement at a time when it was also making a big diplomatic push against Russia — proposing a ceasefire at the UN it knew Russia would veto, after having failed to negotiate a ceasefire with Russia directly because it asked for things (a no fly zone, basically) that Russia has neither the interest nor the legal necessity to agree to, because Russia is in Syria at the behest of the still-recognized government of the state, we’re not. As it happens, the US is ratcheting up this effort at a time when our Saudi allies’ activities in Yemen make it hard to make a principled stance against Russia, because we’re implicated in Yemen in the same way Russia is in Syria.

More importantly, things are getting very very hot, with Russia moving missiles to Kaliningrad and threatening retaliation for any strikes on Syrian controlled territory.

So I would suggest the timing of this announcement — basically confirming the same certainty and uncertainty the IC has had for months, then using it to accuse Putin of trying to intervene directly in our country — is actually our response to more concrete events elsewhere, not the reverse (though there admittedly may be some chicken-and-egg stuff here, in that we may have held off on attribution in hope we could negotiate directly with Russia).

That is, both sides seem intent on ratcheting up the conflict between Russia and the US, and blaming Putin for interfering in our elections is one tool to do that.

If I’m right, the statement may have nothing to do with deterrence. Rather, it may have everything to do with escalation of other conflicts, providing a reason to pitch Russia’s strategic moves elsewhere as a direct threat to the US. I’m not saying Russia isn’t a dangerous adversary. I’m saying that the release of this statement will do nothing to prevent more hacks, but it will provide cause to claim the increasingly hot conflict with Russia directly threatens the US.

The Two Intelligence Agency Theory of Handing Trump the Election

/17 Comments/in /by

There has been a lot written about Russian intelligence agencies allegedly hacking the DNC server and — by leaking it — attempting to influence the election. Some observers have, based on that assumption, called the hack an act of war.

I’m agnostic on whether Russian intelligence did one or both of the hacks, in part for reasons I’m still working through. I’m even more skeptical of some of the claims made about Russia’s motivations in launching this attack to put Trump in the presidency (which is not to say Trump wouldn’t be horrible for a whole slew of other reasons); on that topic, see this Josh Marshall piece and a fact-checking of it. And I’m frankly amused that, after using several other outlets for publicity and to release documents, the hacker(s’) cooperation with WikiLeaks (which irresponsibly released credit card and social security information on Democratic donors, but which almost certainly had its donors investigated by DOJ with the heavy involvement of Clinton after Wikileaks published the State cables) itself is a sign of Russian involvement. Does Russia also run The Hill, the last outlet used by DNC hacker(s)?

In short, there are a whole bunch of claims being made, all serving a narrative that Putin is playing in our elections, with little scrutiny of how you get from one level (what have been described as two separate hacks) to another (to Guccifer 2, to help Putin) to another (with the help of Wikileaks). It’s like the Rosetta stone of Cold War 2.0 paranoia. All may be true, but the case is thus far still fragile.

This post, from Thomas Rid, is the most sober analysis of the claim that Russian hackers hacked the DNC. Even still, there are some logical problems with the analysis (that are sadly typical of the underlying cybersecurity consultants). Take these two passages, for example.

The DNC knew that this wild claim would have to be backed up by solid evidence. APost story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.

[snip]

The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.

They argue (based in part on CrowdStrike’s claims of expertise) both that the hacker(s) were really sophisticated and that they deliberately adopted a Russian name but accidentally left Russian metadata in the files. Particularly with regards to the Russian metadata, you don’t both adopt a notable Russian spook’s ID while engaging in a false flag but then “accidentally” leave metadata in the files, although the second paragraph here pertains to Guccifer 2 and not the Crowdstrike IDed hackers.

If Guccifer were a true false flag, he might well be pretending to be Russian to hide his real identity.

Add to that this post (from June), which notes some confirmation bias in the way that FireEye first attributed APT 28 (which CrowdStrike believes to be GRU, Russia’s military intelligence).

I chose to look at Fancy Bear (APT28 in FireEye’s ecosystem). The most comprehensive report on that threat actor was written by FireEye and released last October, 2014 so I started with that. To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:

“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.” (emphasis added)

That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.

And even if you took the underlying report as definitive, APT 28 was primarily focused on military targets, which by itself ought to raise questions about why they’d go after the DNC.

Screen Shot 2016-07-25 at 12.42.18 PM

To make the argument based on targets that APT 28 is GRU you need to do even more adjusting of motivation (though more recent APT 28 attributed attacks are more similar to this one).

But one reason I find the Rid piece sober and useful is it emphasizes something that has been ignored by much of the inflamed reporting. First, even CrowdStrike claims that DNC was hacked twice, by two different Russian entities, which did not appear to be coordinating during the hack. From the CrowdStrike report:

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

And, as Rid points out, the proof that Guccifer is tied to Russia (it would be to GRU or APT 28 if the tie were real, so the less persistent of the two apparently unrelated hacks) is even less clear, though there still is a lot of circumstantial evidence.

The evidence linking the Guccifer 2.0 account to the same Russian operators is not as solid, yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authoritiessuspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far. The technical details are as remarkable as its strategic context.

[snip]

Other features are also suspicious. One is timing, as ThreatConnect, another security company, has pointed out in a useful analysis: various timestamps indicate that the Guccifer-branded leaking operation was prompted by the DNC’s initial publicity, with preparation starting around 24 hours after CrowdStrike’s report came out. Both APT 28 and Guccifer were using French infrastructure for communications. ThreatConnect then pointed out that both the self-proclaimed hacker’s technical statements on the use of 0-day exploits as well as the alleged timeline of the DNC breach are most likely false. Another odd circumstantial finding: sock-puppet social media accounts may have been created specifically to amplify and extend Guccifer’s reach, as UK intelligence startup Ripjar told me.

Perhaps most curiously, the Guccifer 2.0 account, from the beginning, was not simply claiming to have breached the DNC network—but claiming that two Russian actors actually were not on the DNC network at the same time. It is common to find multiple intruders in tempting yet badly defended networks. Nevertheless the Guccifer 2.0 account claimed confidently, and with no supporting evidence, that the breach was simply a “lone hacker”—a phrasing that seems designed to deflect blame from Russia. Guccifer 2.0’s availability to the journalists was also surprising, and something new altogether.

The combative yet error-prone handling of the Guccifer account is in line with the GRU’s aggressive and risk-taking organizational culture and a wartime mindset prevalent in the Russian intelligence community. Russia’s agencies see themselves as instruments of direct action, working in support of a fragile Russia under siege by the West, especially the United States.

Now, again, I’m not saying the Russians didn’t do this hack, nor am I dismissing the idea that they’d prefer Trump to Hillary. By far the most interesting piece of this is the way those with the documents — both the hackers and Wikileaks — held documents until a really awkward time for some awkward disclosures, with what may be worse to come.

But discussions that want to make the case should explain several things: Which of the two agencies alleged to have hacked DNC are behind the operation — or are they both, even though they weren’t, at least according to the report that everyone is relying on without question, apparently cooperating? How certain can they be that the GRU is Guccifer, and if Guccifer is supposed to be a false flag why was it so incompetently done? What explains Guccifer’s sort of bizarre strategy along the way, encompassing both Wikileaks (an obvious one) and The Hill?

Again, I absolutely don’t put this kind of thing beyond Putin. Russia has used hacking to influence outcomes of elections and authority in various countries in the past and the only thing new here is that 1) we wouldn’t already be playing the other side and 2) we’re big and can fight back. But the story, thus far, is more complex than being laid out.

Update: Here’s an amusing debunking of a lot of the metadata analyses.

Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович)  Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!

Dr._Strangelove

NAILED IT!

You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…

  • Much of the data was stamped out in saving from format to format
  • Emails of users though were still embedded in the excel files
  • The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
  • The image files have no metadata.. none.. niente clean.
  • Grizzli777 is just someone who pirates

Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.

*squint.. takes drag of cigarette*

So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!

If US Won’t Share Intelligence with Those Hosting Snowden, Why Are We Engaged with Russia on ISIL?

/8 Comments/in /by

Glenn Greenwald reports that, when he asked German Vice Chancellor Sigmar Gabriel why he doesn’t offer asylum to Edward Snowden, Gabriel revealed the US had threatened to cut Germany off from intelligence sharing if they did.

German Vice Chancellor Sigmar Gabriel (above) said this week in Homburg that the U.S. Government threatened to cease sharing intelligence with Germany if Berlin offered asylum to NSA whistleblower Edward Snowden or otherwise arranged for him to travel to that country. “They told us they would stop notifying us of plots and other intelligence matters,” Gabriel said.

The Vice Chancellor delivered a speech in which he praised the journalists who worked on the Snowden archive, and then lamented the fact that Snowden was forced to seek refuge in “Vladimir Putin’s autocratic Russia” because no other nation was willing and able to protect him from threats of imprisonment by the U.S. Government (I was present at the event to receive an award). That prompted an audience member to interrupt his speech and yell out: “why don’t you bring him to Germany, then?”

[snip]

Afterward, however, when I pressed the Vice Chancellor (who is also head of the Social Democratic Party, as well as the country’s Economy and Energy Minister) as to why the German government could not and would not offer Snowden asylum – which, under international law, negates the asylee’s status as a fugitive – he told me that the U.S. Government had aggressively threatened the Germans that if they did so, they would be “cut off” from all intelligence sharing. That would mean, if the threat were carried out, that the Americans would literally allow the German population to remain vulnerable to a brewing attack discovered by the Americans by withholding that information from their government.

Which is odd, because CIA Director John Brennan just implied — in a speech that was largely about information sharing — that the US continues to engage with Russia on terrorism issues, even though it hosts Snowden.

QUESTION: James Sitrick, Baker & McKenzie. You spent a considerable amount of your opening remarks talking about the importance of liaison relationships. Charlie alluded to this in one of his references to you, on the adage—the old adage has it that the enemy of your enemy is your friend. Are we in any way quietly, diplomatically, indirectly, liaisoning with Mr. Soleimani and his group and his people in Iraq?

BRENNAN: I am not engaging with Mr. Qasem Soleimani, who is the head of the Quds Force of Iran. So no, I am not.

I am engaged, though, with a lot of different partners, some of close, allied countries as well as some that would be considered adversaries, engaged with the Russians on issues related to terrorism.

We did a great job working with the Russians on Sochi. They were very supportive on Boston Marathon. We’re also looking at the threat that ISIL poses both to the United States as well as to Russia.

So I try to take advantage of all the different partners that are out there, because there is a strong alignment on some issues—on proliferation as well as on terrorism and others as well.

Admittedly, the timing on Snowden’s asylum in Russia is pretty remarkable, coming as it did after Sochi and two months after the Marathon attack, launched by brothers with ties to Chechnya. In fact, in Dzhokhar’s trial, we just learned that Tamerlan sent $900 back to Chechnya in the weeks before the attack. Thus, at the time Putin granted Snowden his first year of asylum, the US needed Russian cooperation more urgently than Russia needed America’s (and Putin was carefully managing that relationship).

Still, by tying cooperation with Russia to ISIL, Brennan implied it is ongoing (not least because the government was not as engaged against ISIL as it might have been until a year after Snowden arrived in Russia).

At least if we’re to believe Gabriel, the US threatened to cut off a close ally if it hosted Snowden, but it continues to share intelligence with one of our major adversaries on matters of common interest.

Is JP Morgan Crying Cyberwolf about Russia? Or Is Mike Rogers?

/11 Comments/in /by

There was a weird spate of reporting on the cyberthreat to banks last week. Normally, security firms (and occasionally really good tech journalists) report under their own name on such attacks — after all, they have businesses to run! But not the story — first reported by Bloomberg Wednesday evening — that Russia had attacked JP Morgan. At first, these reports appeared to be coming from FBI — given that the FBI investigation served as the lede of the story.

Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. (JPM) and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions, according to two people familiar with the probe.

The attack resulted in the loss of gigabytes of sensitive data, said the people, who asked not to be identified because the probe is still preliminary.

But over the course of the story — and two more sources introduced with no description beyond that they had been briefed on the probe — the FBI officially gave no comment.

The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

[snip]

J. Peter Donald, an FBI spokesman in New York, declined to comment.

[snip]

In at least one of the attacks, the hackers grabbed sensitive data from the files of bank employees, including executives, according to a fourth person briefed on the probe, who, like the other individuals with knowledge of the matter, declined to divulge the name of victims other than JPMorgan. Some data related to customers may also have been accessed, the person said.

The NYT’s version of the story, published later on Wednesday, also cited a bunch of people described only as “briefed on the continuing investigation.”

A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes.

The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack.

The motivation and origin of the attacks are not yet clear, according to investigators. The F.B.I. is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.

[snip]

According to two other people briefed on the matter, hackers infiltrated the computer networks of some banks and stole checking and savings account information from clients.

Read more

Kerry Castigates Putin For Using US Strategy of Training, Arming Rebels

/62 Comments/in , /by
So far, I have suffered no ill effects from this outdated beer.

So far, I have suffered no ill effects from this outdated beer.

Aside from the fact that the only craft beer served at the National Security Caucus session at Netroots Nation 2014 was an outdated California beer rather than a local Michigan beer, it was a session marked by interesting discussion. I received quite a bit of support during that discussion for noting that the US response to any crisis anywhere, for far too long, has been simply to ask “Which group should we arm?”. Further, I noted, as we had heard in the “Iran: Diplomacy or War?” session, there is reason for optimism among those of us who favor diplomacy over violence in the successful removal and ongoing destruction of Syria’s chemical weapons rather than the missile strikes the US had been planning and in the remaining strong possibility of a diplomatic solution to the Iran nuclear technology issue instead of a war to destroy the technology. I illustrated that point by mentioning the tragic downing of MH17 and how that demonstrated the folly of training and arming rebel groups that often veer into extremist actions that result in atrocities. That point ties to the mad push to arm Syria’s rebels with the shorter range MANPAD antiaircraft missiles even though they are less powerful than the Buk missile that took down MH17. As I noted, will Syrian “moderates” promise us never to take the MANPADS to a site where civilian aircraft are within range, and would there be any reason to believe such a promise?

In executing his Full Ginsburg yesterday, US Secretary of State John Kerry reached new heights of hypocrisy, as he went from Sunday morning talk show to talk show, proclaiming the evils of Russian actions in Ukraine. The evils for which Kerry is castigating Putin are precisely the evils that the US has been unleashing on the world in places like Iraq, Afghanistan, Yemen, Syria and beyond. From today’s New York Times:

 In presenting the most detailed case yet alleging Russia’s involvement in the Ukraine crisis, Secretary of State John Kerry said on Sunday that Russia had funneled large quantities of heavy weapons to Ukrainian separatists and trained them how to operate SA-11 antiaircraft missiles, the type of system that is believed to have been used to shoot down the Malaysian airliner over eastern Ukraine.

“We know for certain that the separatists have a proficiency that they’ve gained by training from Russians as to how to use these sophisticated SA-11 systems,” Mr. Kerry said on the CNN program “State of the Union.”

Just as when CIA Director John Brennan got his panties in a wad over al Qaeda training death squads in Syria after we had trained our own death squads to send there, Kerry is now saying that Russia choosing a group to arm and train is a horrible thing even though he has been instrumental in helping the Obama administration to do the exact same thing in other areas.

And just as the US now faces problems in its upcoming training of Iraqi troops because of the previous failures in training Iraqi troops, there is reason to believe that the atrocity of MH17 may be due in part to failed training by the Russians. From today’s Washington Post:

Meanwhile, in Kiev, the U.S. Embassy said American intelligence analysts had confirmed the authenticity of recorded conversations in which rebel leaders bragged about shooting down what they thought was a Ukrainian military transport plane moments after the Malaysian jetliner was blown apart.

So even though the separatists are good at using the missiles to blow aircraft out of the sky (the Times article notes they have downed “almost a dozen Ukrainian transport planes, reconnaissance aircraft and helicopters”), it would appear that they haven’t quite worked out that whole target verification thing and that this tragedy may not have been an intentional targeting of civilians as much as it is a training failure. But yes, the Russians own a large portion of this tragedy, as the evidence seems strong that they provided the weapon along with instructions on firing it (if not the full lesson on target verification). And their tactics in doing do were taken directly from the US playbook, all the way down to the training being an abject failure.

Why Challenge the Washington Consensus Now?

/10 Comments/in , /by

A number of outlets are reporting on the BRICS move to establish a competitor to the World Bank.

The so-called BRICS countries agreed to form an international development bank with aspirations to challenge the dominance of the World Bank and the International Monetary Fund.

Leaders of Brazil, Russia, India, China and South Africa said Tuesday that the New Development Bank will start with $50 billion in capital and $100 billion as a currency reserve fund for liquidity crises. Operating details still need to be resolved.

Still, the BRICS bank, which could add more member nations, represents a bid to expand the influence of the BRICS emerging markets and act as a counterbalance to institutions run by the U.S. and other developed nations, experts said.

“This is about the consolidation of BRICS 2.0,” said Marcos Troyjo, professor of international and public affairs at Columbia University and co-director of the BRICLab Center. “If BRICS 1.0 was about capturing investor attention to the scale of their economic relevance, BRICS 2.0 is about embarking on institution building.”

I absolutely understand the reason for the move. These large countries have been demanding more influence over the World Bank for years, to no avail. And US policies like Quantitative Easing have been really damaging to some of the countries, particularly Brazil. Though, this move may well come too late for Brazil and certainly for Dilma Roussef.

“I don’t think that if Brazil was now to be thinking about these plans from the drawing board, it would really be thinking about a Brics development bank,” says James Lockhart-Smith, a Latin America risk analyst at Maplecroft in New York. “It would be more focused on restarting growth in the country.”

But at a time of slow growth, Brazil probably needs these economies on side more than ever. Add to that, trade with economically troubled Argentina – traditionally one of its biggest trading partners – has become more difficult in recent years.

So while I understand the move, I wonder why now — aside from the fact that the World Cup provided a handy excuse for a meeting in Rio de Janeiro. It may be too late for Dilma, and India’s new neoliberal Prime Minister Narenda Modi seems like an odd fit for the group.

Meanwhile, consider this. While Russia won’t get any of the big perks in the new bank (it will be headquartered in Shanghai, India will pick the first President, Brazil will pick the first Chairman, and the bank will be denominated in — really! — dollars), Putin was also making other interesting moves in the hemisphere, at least according to RT (definitely click through for Putin’s expression, which surely is staged to be that stern).

Moscow and Havana have reportedly reached an agreement on reopening the SIGINT facility in Lourdes, Cuba – once Russia’s largest foreign base of this kind – which was shut down in 2001 due to financial problems and under US pressure.

[snip]

Russia considered reopening the Lourdes base since 2004 and has sealed a deal with Cuba last week during the visit of the Russian President Vladimir Putin to the island nation, reports Kommersant business daily citing multiple sources.

Russia shut down the base to more easily reschedule debt held by the US. Along with reopening the base, Russia will forgive a bunch of outstanding Cuban debt to Russia.

The timing of this — a year after Snowden’s disclosures, but more importantly, as the US continues to try increasingly unilateral sanctions against Russia’s involvement in Ukraine — makes a ton of sense. The US refuses to believe it can’t impose its will in Ukraine, in spite of increasing reluctance from our European partners, especially Germany, to ratchet up the pressure. Reopening a front in America’s back yard as the US bunkers down on Ukraine makes perfect sense.

For some reason, the US appears to have believed it could simply impose its will indefinitely on the rest of the world. They appear not to have considered that, at some point, such behavior would provide the rest of the world cause to fight back.

With Over Half of Chemical Weapons-Related Stockpile Removed, Russia Says Syrian CW Potential Near Zero

/9 Comments/in /by

Yesterday, in describing how Russia has played the US media regarding “threats” to the P5+1 negotiations on Iran’s nuclear technology, I mentioned that continued progress on Syria’s removal of its chemical weapons-related materials was further evidence that Russia intends to cooperate on the Iranian and Syrian nonproliferation issues separately from disputes over the Crimea annexation. Today, with news out that removal of the CW-related materials from Syria has crossed the 50% level, Russia has praised that accomplishment while pointing out that Syria now has virtually no capability of using chemical arms. Oh, and if we need any further confirmation that Russia is ready for the recriminations over Crimea to end, Putin himself has now said that there is no further need for retaliation against US sanctions (although I’m guessing that Dana Rohrabacher is in mourning that he wasn’t included in the list of ten US figures sanctioned by Russia since he even played dress-up and “fought” against the Soviets in Afghanistan).

A press release put out by the Organization for the Prohibition of Chemical Weapons yesterday put the removal of materials from Syria at just under 50%:

The OPCW-UN Joint Mission has verified the delivery of another consignment of Priority 1 chemicals today to Latakia and their removal from the port on a cargo ship, raising the amount of Syrian chemicals that are now out of the country to nearly half of the total stockpile.

The confirmation came on the heels of an announcement late yesterday by the Joint Mission of two other consignments of chemicals that were delivered to Latakia and removed during the past week. A total of 11 consignments of chemicals have now been transported out of Syria for destruction outside the country. The updated cumulative figures are as follow:

Priority 1 chemicals removed:             34.8 %*
Priority 2 chemicals removed:             82.6 %
Total chemicals removed:                   49.3 %

/snip/

* Includes all sulfur mustard, the only unitary chemical warfare agent in Syria’s arsenal

But the UN has slightly different figures, putting the removal over 50%:

More than half of Syria’s declared chemical weapons arsenal has been shipped out or destroyed within the country, the head of the international team overseeing the disarmament process said on Thursday.

Sigrid Kaag, head of the joint mission of the United Nations and Organisation for the Prohibition of Chemical Weapons (OPCW), said 54 percent of the toxins had been removed or eliminated.

The process, which President Bashar al-Assad’s government agreed to after a chemical attack killed hundreds of people around Damascus last year, is months behind schedule but Kaag said the new momentum “would allow for timely completion”.

“The joint mission welcomes the momentum attained and encourages the Syrian Arab Republic to sustain the current pace,” Kaag said in a statement.

Russia welcomed this news and added that Syria now has almost no capability of carrying out an attack with chemical weapons:

The Syrian government has reduced its chemical weapons potential close to zero, state-run RIA news agency quoted an unnamed official at the Russian Foreign Ministry as saying on Friday.

“Chemical weapons production facilities, equipment for mixing (chemicals) and operating (the weapons), as well as the means of their delivery have been destroyed,” the official said, adding that the only gas that had been ready for use in weaponry had been completely removed from the country.

“At the moment, Damascus has de facto reduced its military chemical weapons potential to almost zero.”

Sadly, those who relish a restart of the Cold War are unlikely to stop now, so we are left to wonder what Putin will do in response if the US (especially Congressional meddlers) takes further steps claimed to be in response to the annexation of Crimea. Putin’s statement today that he sees no need for further retaliation can be viewed as reining back in the “threat” delivered by Ryobkov after the P5+1 negotiations ended Wednesday. Further action by the US, though, could end Russian cooperation in both the P5+1 process and the Syrian CW situation, seriously hurting current nonproliferation efforts.

It is my hope that Cold War fans will restrict their threats against Russia to the realm of what would happen should Putin try to grab more territory beyond Crimea.

US Pouts Over Potential Crimea Spillover While Russia Enters P5+1 Talks With Optimism

/4 Comments/in /by

Alissa Rubin today has two separate articles in the New York Times that parrot US misgivings ahead of today’s round of talks between the P5+1 group of countries and Iran. In the article that went up first, Rubin offers anonymity to a “senior American official” to do some hand-wringing over how Russia’s move toward full annexation of Crimea could disrupt US-Russian relations to the point that the P5+1 negotiations could be thrown off track:

Tensions between the West and Russia over events in Ukraine have cast a shadow over the second round of talks set to begin on Tuesday in Vienna on a permanent nuclear agreement with Iran.

/snip/

A senior American official, speaking before the Iran talks and just before the secession vote in Crimea on Sunday that overwhelmingly approved reunification with Russia, indicated concern about possible consequences from the friction over Ukraine. Since western nations consider that vote illegal and have warned President Vladimir V. Putin of Russia not to annex Crimea, the situation for the Iran talks would now seem more worrisome.

“I think that we all hope that the incredibly difficult situation in Ukraine will not create issues for this negotiation,” said the official, speaking on the condition of anonymity because of the sensitivity of the talks.

“We hope that whatever happens in the days ahead, whatever actions we and the international community take, depending upon the decisions and the choices that Russia makes, that any actions that Russia subsequently takes will not put these negotiations at risk,” the official said.

Rubin allows this “official” to frame the situation as only dire while completely ignoring that significant and rapid progress was made on the negotiations for Syria to abandon its chemical weapon stockpile while the US and Russia were on completely opposite sides of the Syrian conflict. In the current case, while Russia is more closely aligned to Iran than the rest of the P5+1, their differences with the group on general issues of nuclear proliferation are much smaller than the differences between the US and Russia in the Syrian conflict. So why is Crimea a barrier to talks with Iran when being on opposite sides of the Syrian conflict wasn’t a barrier to an agreement on chemical weapon destruction?

Even when Rubin moves on to her article relating Iran’s interest in seeing the talks progress, she can’t resist opening with a repeat of the concerns of a spillover of Crimean tensions:

As talks on a permanent nuclear agreement with Iran resumed in Vienna on Tuesday, under the shadow of tensions between the West and Russia, Iran said the onus to ensure progress was on the world powers with which it is negotiating.

“Important and tough discussions ahead today,” Iran’s foreign minister, Mohammad Javad Zarif, said on Twitter. “We have held our end of the bargain. Time for our counterparts to keep theirs.”

The article then goes on to repeat many of the same paragraphs from the original, including the senior American official quotes, although it does mention in passing that EU negotiator Catherine Ashton and Zarif held a brief meeting prior to the main negotiations opening this morning.

Contrast that with the reporting in the Iranian press. PressTV reports that Russia is in fact optimistic about the talks: Read more

On America’s Spent Moral Standing

/43 Comments/in /by

You’ll be hearing these two assertions repeated, made by someone who voted for the Iraq War in the 21st Century, a lot in coming days (see after 0:50).

You just don’t, in the 21st Century, behave in 19th Century fashion by invading another country on completely trumped up pretext so it is a very serious moment.

[snip]

That’s not the act of somebody who is strong. That’s the act of somebody who is acting out of weakness, who is acting out of a certain kind of desperation.

I guess someone in the Obama White House believed that if we call Vladimir Putin weak after he’s just called our bluff, it will get him to back down, even as Putin knows we have no great options against him.

But it all shows one of the downsides of having so badly spent our moral standing already this century. Whatever the objective of these statements, whether in other circumstances they might have worked, they just come off as a joke. Especially coming from Kerry.

The FBI’s Improving Cooperation with FSB

/4 Comments/in /by

There were a number of questions about security threats to the Sochi Olympics at the Global Threat hearing the other day. One of them provided Jim Comey the opportunity to say this:

National Counterterrorism Center Director Matthew Olsen: So we’re very focused on the problem of terrorism in the run-up to the Olympics. I would add that I traveled to Sochi last December and met with Russian security officials. They understand the threat; they are very focused on this and devoting substantial resources. The biggest issue, from my perspective, is not the games themselves, the venues themselves; there is extensive security at those locations — the sites of the events. The greater threat is to softer targets in the greater Sochi area and in the outskirts, beyond Sochi, where there is a substantial potential for a terrorist attack.

Dianne Feinstein: Thank you very much. Mr. Comey, would you tell us what you can about cooperation between Russia and your organization?

FBI Director Jim Comey: Certainly, Senator. The cooperation between the FSB and the FBI in particular has been steadily improving over the last year. We’ve had exchanges at all levels, particularly in connection with Sochi, including me directly to my counterpart at FSB, and I think that we have a good level of cooperation there. It can always improve; we’re looking for ways to improve it, as are they, but this, as Director Olsen said, remains a big focus of the FBI. [my emphasis]

In the middle of a hearing at which James Clapper railed against Edward Snowden, claiming that counterintelligence threats — by which he largely meant Snowden — presented the second biggest threat to the country, the FBI Director stated that cooperation between his agency and the Russian spy agency has been improving for the last year (I’m guessing he means it has been improving since the Boston attack, because relations were quite chilly before that).

Snowden’s the second biggest threat to this country, and yet our relations with Russia, and specifically with Russia’s spy agency, have been steadily improving over the entire period Snowden has had asylum in Russia.

I don’t pretend to know precisely what that means.

At a minimum, it poses real questions about the unsubstantiated and whispered claims that Snowden has provided Russia great intelligence on NSA’s activities. After all, if Russia was busy exploiting Snowden’s secrets, it presumably would present challenges for this budding new cooperation between the FSB and those investigating Snowden’s leaks.

(The Global Threats report actually raises the case of Jeffrey Paul Delisle, a Canadian intelligence officer who gave Russia Five Eyes secrets for five years, as proof the Russians are soliciting more spies as part of its cyberwar efforts.)

There is, of course, another (remote) possibility: that we worked out a deal with Russia, whereby they’d give Snowden asylum and report back what he had taken. I have no reason to believe Snowden has shared secrets (though don’t doubt Putin will take whatever he can get his hands on), and the thought that Russia would agree to tell us what Snowden got is far-fetched. Still, Putin’s enough of a statist he might do it (and might misinform us along the way). While far-fetched, if that were the case, though, it’d give the US several things: the security in knowing Snowden was in the hands of security forces who would prevent any non-state or weaker states from getting to him, who were also limiting what Snowden could say publicly. Some clue about what Snowden had taken. And a political situation which would help US efforts to propagndize against Snowden.

Alternately, one of the things the FBI has learned as it has worked more closely with the FSB is that Snowden hasn’t shared any secrets with Russia (perhaps, as many have suggested, Russia got enough from Delisle that they would rather use Snowden solely to discomfit us).

I don’t know what it means. But I do find it rather implausible that the FBI would continue to expand cooperation with the FSB even as it extracted NSA’s family jewels from Snowden. Yet that’s the story Snowden’s biggest detractors would like you to believe.