- Spitfire List - https://spitfirelist.com -

FTR #1081 Surveillance Valley, Part 7: Yasha Levine Gets the Jim Garrison/Gary Webb Treatment

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained HERE [1]. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by the fall of 2017. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more.)

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE [2].

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE [3].

You can sub­scribe to RSS feed from Spitfirelist.com HERE [3].

Please con­sid­er sup­port­ing THE WORK DAVE EMORY DOES [4].

This broad­cast was record­ed in one, 60-minute seg­ment [5].

[6]Intro­duc­tion: We begin this con­clud­ing pro­gram in the series with review of the con­clu­sion of the book, with Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty.”

The key points of dis­cus­sion and analy­sis of Levine’s book (as a whole) include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

” . . . . For many Inter­net com­pa­nies, includ­ing Google and Face­book, sur­veil­lance is the busi­ness mod­el. It is the base on which their cor­po­rate and eco­nom­ic pow­er rests. Dis­en­tan­gle sur­veil­lance and prof­it, and these com­pa­nies would col­lapse. Lim­it data col­lec­tion, and the com­pa­nies would see investors flee and their stock prices plum­met. 

“Sil­i­con Val­ley fears a polit­i­cal solu­tion to pri­va­cy. Inter­net Free­dom and cryp­to offer an accept­able alter­na­tive. Tools like Sig­nal and Tor pro­vide a false solu­tion to the pri­va­cy prob­lem, focus­ing people’s atten­tion on gov­ern­ment sur­veil­lance and dis­tract­ing them from the pri­vate spy­ing car­ried out by the Inter­net com­pa­nies they use every day. All the while, cryp­to tools give peo­ple a [false] sense that they’re doing some­thing to pro­tect them­selves, a feel­ing of per­son­al empow­er­ment and con­trol. And all those cryp­to rad­i­cals? Well, they just enhance the illu­sion, height­en­ing the impres­sion of risk and dan­ger. With Sig­nal or Tor installed, using an iPhone or Android sud­den­ly becomes edgy and rad­i­cal. So instead of push­ing for polit­i­cal and demo­c­ra­t­ic solu­tions to sur­veil­lance, we out­source our pri­va­cy pol­i­tics to cryp­to apps–software made by the very same pow­er­ful enti­ties that these apps are sup­posed to pro­tect us from.

“In that sense, Edward Snow­den is like the brand­ed face of an Inter­net con­sumerism-as-rebel­lion lifestyle cam­paign, like the old Apple ad about shat­ter­ing Big Broth­er or the Nike spot set to the Bea­t­les’ ‘Rev­o­lu­tion.’ While Inter­net bil­lion­aires like Lar­ry Page, Sergey Brin, and Mark Zucker­berg slam gov­ern­ment sur­veil­lance, talk up free­dom, and embrace Snow­den and cryp­to pri­va­cy cul­ture, their com­pa­nies still cut deals with the Pen­ta­gon, work with the NSA and CIA, [and com­pa­nies like Cam­bridge Analytica–D.E.] and con­tin­ue to track and pro­file peo­ple for prof­it. . . .”

Next, we present the treat­ment afford­ed Yasha Levine. As might be expect­ed, Levine received the Jim Garrison/Gary Webb treat­ment. The ret­ri­bu­tion direct­ed at Yasha Levine epit­o­mizes why Mr. Emory refers to the so-called pro­gres­sive sec­tor as “so-called.”

” . . . . The threats and attacks had begun some­time overnight while I slept. By morn­ing, they had reached a vicious and mur­der­ous pitch. There were calls for my death—by fire, by suf­fo­ca­tion, by hav­ing my throat slit by razor blades. Peo­ple I had nev­er met called me a rapist, and alleged that I took delight in beat­ing women and forc­ing peo­ple to have sex with me. I was accused of homo­pho­bia. Anony­mous peo­ple filed bogus claims with my edi­tor. Alle­ga­tions that I was a CIA agent poured in, as did claims that I worked with British intel­li­gence. The fact that I had been born in the Sovi­et Union did­n’t do me any favors; nat­u­ral­ly, I was accused of being an FSB spy and of work­ing for Rus­si­a’s suc­ces­sor to the KGB. I was informed that my name was added to a dark net assas­si­na­tion list—a site where peo­ple could place anony­mous bids for my mur­der. The roam­ing eye of the Inter­net hate machine had sud­den­ly fixed on me. . . .”

In addi­tion to online bul­ly­ing, slan­der and veiled and direct threats, the so-called “pri­va­cy activists” joined in pil­lo­ry­ing Yasha Levine: ” . . . . Mic­ah Lee, the for­mer EFF tech­nol­o­gist who helped Edward Snow­den com­mu­ni­cate secure­ly with jour­nal­ists and who now works at The Inter­cept, attacked me as a con­spir­a­cy the­o­rist and accused me and my col­leagues at Pan­do of being sex­ist bul­lies, he claimed that my report­ing was moti­vat­ed not by a desire to get at the truth but by a mali­cious impulse to harass a female Tor devel­op­er. Although Lee con­ced­ed that my infor­ma­tion about Tor’s gov­ern­ment fund­ing was cor­rect, he counter intu­itive­ly argued that it did­n’t mat­ter. . . .

” . . . . Jour­nal­ists, experts, and tech­nol­o­gists from groups like the ACLU, the EFF, Free­dom of the Press Foun­da­tion and The Inter­cept and employ­ees of the Tor Project joined in to attack my report­ing. Unlike Lee, most did not attempt to engage my report­ing but employed a range of famil­iar PR smear tactics—tactics you usu­al­ly see used by cor­po­rate flacks, not prin­ci­pled pri­va­cy activists. They took to social media, telling any­one who showed inter­est in my arti­cles that they should ignore them instead. Then, when that did­n’t work, they tried to dis­cred­it my report­ing with ridicule, mis­di­rec­tion, and crude insults. . . .

” . . . . A respect­ed ACLU pri­va­cy expert, who now works as a con­gres­sion­al staffer, called me “a con­spir­a­cy the­o­rist  who sees black heli­copters every­where” and com­pared my report­ing about Tor to the Pro­to­cols of the Elders of Zion. As some­one who escaped state-spon­sored anti-Semi­tism in the Sovi­et Union, I found the com­par­i­son extreme­ly offen­sive, espe­cial­ly com­ing from the ACLU. The Pro­to­cols were an anti-Semit­ic forgery dis­sem­i­nat­ed by the Russ­ian Tsar’s secret police that unleashed waves of dead­ly pogroms against Jews across the Russ­ian Empire in the ear­ly twen­ti­eth cen­tu­ry. Tor employ­ees put forth a tor­rent of child­ish insults, call­ing me a ‘dumb Stal­in­ist state-felch­er’ and a ‘fuck­tard’s fuck­tard.’ They accused me of being fund­ed by spies to under­mine faith in cryp­tog­ra­phy. One of them claimed that I was a rapist, and hurled homo­pho­bic insults about the var­i­ous ways in which I had sup­pos­ed­ly per­formed sex­u­al favors for a male col­league.

 “In the way that these Inter­net haz­ing ses­sions, go, the cam­paign evolved and spread. Strange peo­ple began threat­en­ing me and my col­leagues on social media. Some accused me of hav­ing blood on my hands and of rack­ing up an “activist body count”–that peo­ple were actu­al­ly dying because of my report­ing under­mined trust in Tor.The attacks widened to include reg­u­lar read­ers and social media users, any­one who had the nerve to ask ques­tions about Tor’s fund­ing sources. An employ­ee of the Tor Project went so far as to dox an anony­mous Twit­ter user, expos­ing his real iden­ti­ty and con­tact­ing his employ­er in the hopes of get­ting him fired from his job as a junior phar­ma­cist.

It was bizarre. I watched all this unfold in real time but had no idea how to respond. Even more dis­con­cert­ing was that the attacks soon expand­ed to include libelous sto­ries placed in rep­utable media out­lets. The Guardian pub­lished a sto­ry by a free­lancer accus­ing me of run­ning an online sex­u­al harass­ment and bul­ly­ing cam­paign. The Los Ange­les Review of Books, gen­er­al­ly a good jour­nal of arts and cul­ture, ran an essay by a free­lancer alleg­ing that my report­ing was fund­ed by the CIA. Paul Carr, my edi­tor at Pan­do, lodged offi­cial com­plaints and demand­ed to know how these reporters came to their con­clu­sions. Both pub­li­ca­tions ulti­mate­ly retract­ed their state­ments and print­ed cor­rec­tions. An edi­tor at the Guardian apol­o­gized and described the arti­cle as a ‘fuck up.’ But the online attacks con­tin­ued. . . .”

Pro­gram High­lights Include:

  1. The role of Eddie Snow­den in mis­at­tribut­ing [7] the Shad­ow Bro­kers non-hack [8] to Rus­sia.
  2. Snow­den’s fore­shad­ow­ing [7] of the alleged Russ­ian “hack” of the Macron cam­paign”: ” . . . . ‘That could have sig­nif­i­cant for­eign pol­i­cy con­se­quences,’ Snow­den wrote [9] on Twit­ter. ‘Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed US allies. Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed elec­tions.’ . . .”
  3. James Bam­ford’s analy­sis [10] of WikiLeaker/Tor promoter/BBG asso­ciate Jacob Apel­baum as the most like­ly source of the Shad­ow Bro­kers non-hack. 
  4. The ludi­crous nature [11] of the “Rus­sia-did it” hypoth­e­sis con­cern­ing the Macron hacks: ” . . . . The hacked doc­u­ments in the ‘Macron hack’ not only con­tained Cyril­lic text in the meta­da­ta, but also con­tained the name of the last per­son to mod­i­fy the doc­u­ments. That name, ‘Rosh­ka Georgiy Petro­vichan’, is an employ­ee at Evri­ka, a large IT com­pa­ny that does work for the Russ­ian gov­ern­ment, includ­ing the FSB (Russ­ian intel­li­gence.) Also found in the meta­da­ta is the email of the per­son who uploaded the files to ‘archive.org’, and that email address, frankmacher1@gmx.de [12], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 phish­ing attacks against the CDU in Ger­many that have been attrib­uted to APT28. It would appear that the ‘Russ­ian hack­ers’ not only left clues sug­gest­ing it was Russ­ian hack­ers behind the hack, but they decid­ed to name names this time–their own names. . . .”
  5. Neo-Nazi and Glenn Green­wald and Lau­ra Poitras asso­ciate Andrew Aueren­heimer’s [13] role in mod­i­fy­ing the doc­u­ments in the Macron hack:  ” . . . . Short­ly after an anony­mous user of the 4chan.org dis­cus­sion forum post­ed fake doc­u­ments pur­port­ing to show Mr. Macron had set up an undis­closed shell com­pa­ny in the Caribbean, the user direct­ed peo­ple to vis­it nouveaumartel.com for updates on the French elec­tion. That web­site, accord­ing to research by web-secu­ri­ty provider Virtualroad.org [14], is reg­is­tered by ‘Wee­v­los,’ a known online alias of Andrew Auern­heimer, an Amer­i­can hack­er who gained noto­ri­ety three years ago when a U.S. appeals court vacat­ed his con­vic­tion for com­put­er fraud. The site also is host­ed by a serv­er in Latvia that hosts the Dai­ly Stormer, a neo-Nazi news site that iden­ti­fies its admin­is­tra­tor as ‘Weev,’ anoth­er online alias of Mr. Aeurn­heimer, Virtualroad.org says. ‘We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,’ said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org. . . .”
  6. French cyber­se­cu­ri­ty chief Guil­laume Poupard negat­ed [15] the asser­tion that Rus­sia hacked the Macron cam­paign: ” . . . . The head of the French government’s cyber secu­ri­ty agency, which inves­ti­gat­ed leaks from Pres­i­dent Emmanuel Macron’s elec­tion cam­paign, says they found no trace of a noto­ri­ous Russ­ian hack­ing group behind the attack. . . . ”

1. We review the con­clu­sion of the main part of the book, with Levine’s sum­ma­tion of the inex­tri­ca­ble nature and sym­bio­sis between the Inter­net, the tech firms and the so-called “pri­va­cy com­mu­ni­ty.”

The key points of dis­cus­sion and analy­sis of Levine’s book (as a whole) include:

  1. The Inter­net is a weapon, devel­oped for counter-insur­gency pur­pos­es.
  2. Big Tech firms net­work with the very intel­li­gence ser­vices they pub­licly decry.
  3. Big Tech firms that data mine their cus­tomers on a near­ly unimag­in­able scale do so as a direct, oper­a­tional exten­sion of the very sur­veil­lance func­tion upon which  the Inter­net is pred­i­cat­ed.
  4. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Apple­baum were devel­oped by the very intel­li­gence ser­vices they are sup­posed to deflect.
  5. The tech­nolo­gies tout­ed by the so-called “Pri­va­cy Activists” such as Edward Snow­den and Jacob Applebaum–such as the Tor Inter­net func­tion and the Sig­nal mobile phone app– are read­i­ly acces­si­ble to the very intel­li­gence ser­vices they are sup­posed to deflect.
  6. The orga­ni­za­tions that pro­mote the alleged virtues of Snow­den, Apple­baum, Tor, Sig­nal et al are linked to the very intel­li­gence ser­vices they would have us believe they oppose.
  7. Big Tech firms embrace “Inter­net Free­dom” as a dis­trac­tion from their own will­ful and all-embrac­ing data min­ing and their ongo­ing con­scious col­lab­o­ra­tion with the very intel­li­gence ser­vices they pub­licly decry.

” . . . . For many Inter­net com­pa­nies, includ­ing Google and Face­book, sur­veil­lance is the busi­ness mod­el. It is the base on which their cor­po­rate and eco­nom­ic pow­er rests. Dis­en­tan­gle sur­veil­lance and prof­it, and these com­pa­nies would col­lapse. Lim­it data col­lec­tion, and the com­pa­nies would see investors flee and their stock prices plum­met. 

“Sil­i­con Val­ley fears a polit­i­cal solu­tion to pri­va­cy. Inter­net Free­dom and cryp­to offer an accept­able alter­na­tive. Tools like Sig­nal and Tor pro­vide a false solu­tion to the pri­va­cy prob­lem, focus­ing people’s atten­tion on gov­ern­ment sur­veil­lance and dis­tract­ing them from the pri­vate spy­ing car­ried out by the Inter­net com­pa­nies they use every day. All the while, cryp­to tools give peo­ple a [false] sense that they’re doing some­thing to pro­tect them­selves, a feel­ing of per­son­al empow­er­ment and con­trol. And all those cryp­to rad­i­cals? Well, they just enhance the illu­sion, height­en­ing the impres­sion of risk and dan­ger. With Sig­nal or Tor installed, using an iPhone or Android sud­den­ly becomes edgy and rad­i­cal. So instead of push­ing for polit­i­cal and demo­c­ra­t­ic solu­tions to sur­veil­lance, we out­source our pri­va­cy pol­i­tics to cryp­to apps–software made by the very same pow­er­ful enti­ties that these apps are sup­posed to pro­tect us from.

“In that sense, Edward Snow­den is like the brand­ed face of an Inter­net con­sumerism-as-rebel­lion lifestyle cam­paign, like the old Apple ad about shat­ter­ing Big Broth­er or the Nike spot set to the Bea­t­les’ ‘Rev­o­lu­tion.’ While Inter­net bil­lion­aires like Lar­ry Page, Sergey Brin, and Mark Zucker­berg slam gov­ern­ment sur­veil­lance, talk up free­dom, and embrace Snow­den and cryp­to pri­va­cy cul­ture, their com­pa­nies still cut deals with the Pen­ta­gon, work with the NSA and CIA, [and com­pa­nies like Cam­bridge Analytica–D.E.] and con­tin­ue to track and pro­file peo­ple for prof­it. . . .”

NB: Mr. Levine does not go into the fascis­tic char­ac­ter of Snow­den, Assange, Green­wald et al. Some of those shows: Green­wald–FTR #888 [16], Snow­den–FTR #‘s 756 [17], 831 [18], Assange and Wik­iLeaks–FTR #‘s 732 [19], 745 [20], 755 [21], 917 [22].

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 266–269. [23]

. . . . Then there was the fact that Sig­nal ran on Ama­zon’s servers, which meant that all its data were avail­able to a part­ner in the NSA’s PRISM sur­veil­lance pro­gram. Equal­ly prob­lem­at­ic, Sig­nal need­ed Apple and Google to install and run the app on peo­ple’s mobile phones. Both com­pa­nies were, and as far as we know still are, part­ners in PRISM as well. “Google usu­al­ly has root access to the phone, there’s the issue of integri­ty,” writes Sander Ven­e­ma, a respect­ed devel­op­er and secure—technology train­er, in a blog post explain­ing why he no longer rec­om­mends peo­ple use Sig­nal for encrypt­ed chat. “Google is still coop­er­at­ing with the NSA and oth­er intel­li­gence agen­cies. PRISM is also still a thing. I’m pret­ty sure that Google could serve a spe­cial­ly mod­i­fied update or ver­sion of Sig­nal to a spe­cif­ic tar­get for sur­veil­lance, and they would be none the wis­er that they installed mal­ware on their phones.”

Equal­ly weird was the way the app was designed to make it easy for any­one mon­i­tor­ing Inter­net traf­fic to flag peo­ple using Sig­nal to com­mu­ni­cate. All that the FBI or, say, Egypt­ian or Russ­ian secu­ri­ty ser­vices had  to do was watch for the mobile phones that pinged a par­tic­u­lar Ama­zon serv­er used by Sig­nal, and it was triv­ial to iso­late activists from the gen­er­al smart­phone pop­u­la­tion. So, although the app encrypt­ed the con­tent of peo­ple’s mes­sages, it also marked them with a flash­ing red sign: “Fol­low Me, I Have Some­thing to Hide.” (Indeed, activists protest­ing at the Demo­c­ra­t­ic Nation­al Con­ven­tion in Philadel­phia in 2016 told me that they were bewil­dered by the fact that police seemed to know and antic­i­pate their every move despite their hav­ing used Sig­nal to orga­nize.

Debate about Sig­nal’s tech­ni­cal design was moot any­way. Snow­den’s leaks showed that the NSA had devel­oped tools that could grab every­thing peo­ple did on their smart­phones, which pre­sum­ably includ­ed text and received by Sig­nal. In ear­ly March, 2017, Wik­iLeaks pub­lished a cache of CIA hack­ing tools that con­firmed the inevitable. The agency worked with the NSA as well as oth­er “cyber arms con­trac­tors” to devel­op hack­ing tools that tar­get­ed smart­phones, allow­ing it to bypass the encryp­tion of Sig­nal and any oth­er encrypt­ed chat apps, includ­ing Face­book’s What­sApp. “The CIA’s Mobile Devices Branch (MDB) devel­oped numer­ous attacks to remote­ly hack and con­trol pop­u­lar smart phones. Infect­ed phones can be instruct­ed to send the CIA the user’s geolo­ca­tion, audio and text com­mu­ni­ca­tions as well as covert­ly acti­vate the phone’s cam­era and micro­phone,” explained a Wik­iLeaks press release. “These tech­niques per­mit the CIA to bypass the encryp­tion of What­sApp, Sig­nal, Telegram, Wiebo, Con­fide and Cloack­man by hack­ing the ‘smart’ phones that they run on and col­lect­ing audio and mes­sage traf­fic before encryp­tion is applied.”

Dis­clo­sure of these hack­ing tools showed that, in the end, Sig­nal’s encryp­tion did­n’t real­ly mat­ter, not when the CIA and NSA owned the under­ly­ing oper­at­ing sys­tem and could grab what­ev­er they want­ed before encryp­tion or obfus­ca­tion algo­rithms were applied. The flaw went beyond Sig­nal and applied to every type of encryp­tion tech­nol­o­gy on every type of con­sumer com­put­er sys­tem. . . .

. . . . Con­vo­lut­ed as the sto­ry may be, US gov­ern­ment sup­port for Inter­net Free­dom and its under­writ­ing of cryp­to cul­ture makes per­fect sense. The Inter­net came out of a 1960s mil­i­tary project to devel­op an infor­ma­tion weapon. It was born out of a need to quick­ly com­mu­ni­cate, process data, and con­trol a chaot­ic world. Today, the net­work is more than a weapon; it is also a field of bat­tle, a place where vital mil­i­tary and intel­li­gence oper­a­tions take place. Geopo­lit­i­cal strug­gle has moved online, and Inter­net Free­dom is a weapon in that fight.

If you take a big-pic­ture view, Sil­i­con Valley’s sup­port for Inter­net Free­dom makes sense as well. Com­pa­nies like Google and Face­book first sup­port­ed it as a part of a geopo­lit­i­cal busi­ness strat­e­gy, a way of sub­tly pres­sur­ing coun­tries that closed their net­works and mar­kets to West­ern tech­nol­o­gy com­pa­nies. But after Edward Snowden’s rev­e­la­tions exposed the industry’s ram­pant pri­vate sur­veil­lance prac­tices to the pub­lic, Inter­net Free­dom offered anoth­er pow­er­ful ben­e­fit.

For years, pub­lic opin­ion has been stacked firm­ly against Sil­i­con Valley’s under­ly­ing busi­ness mod­el. In poll, after poll, a major­i­ty of Amer­i­cans have voiced their oppo­si­tion to cor­po­rate sur­veil­lance and have sig­naled sup­port for increased reg­u­la­tion of the indus­try. This has always been a deal break­er for Sil­i­con Val­ley. For many Inter­net com­pa­nies, includ­ing Google and Face­book, sur­veil­lance is the busi­ness mod­el. It is the base on which their cor­po­rate and eco­nom­ic pow­er rests. Dis­en­tan­gle sur­veil­lance and prof­it, and these com­pa­nies would col­lapse. Lim­it data col­lec­tion, and the com­pa­nies would see investors flee and their stock prices plum­met. [Ital­ics are mine–D.E.]

Sil­i­con Val­ley fears a polit­i­cal solu­tion to pri­va­cy. Inter­net Free­dom and cryp­to offer an accept­able alter­na­tive. Tools like Sig­nal and Tor pro­vide a false solu­tion to the pri­va­cy prob­lem, focus­ing people’s atten­tion on gov­ern­ment sur­veil­lance and dis­tract­ing them from the pri­vate spy­ing car­ried out by the Inter­net com­pa­nies they use every day. All the while, cryp­to tools give peo­ple a [false] sense that they’re doing some­thing to pro­tect them­selves, a feel­ing of per­son­al empow­er­ment and con­trol. And all those cryp­to rad­i­cals? Well, they just enhance the illu­sion, height­en­ing the impres­sion of risk and dan­ger. With Sig­nal or Tor installed, using an iPhone or Android sud­den­ly becomes edgy and rad­i­cal. So instead of push­ing for polit­i­cal and demo­c­ra­t­ic solu­tions to sur­veil­lance, we out­source our pri­va­cy pol­i­tics to cryp­to apps–software made by the very same pow­er­ful enti­ties that these apps are sup­posed to pro­tect us from.

In that sense, Edward Snow­den is like the brand­ed face of an Inter­net con­sumerism-as-rebel­lion lifestyle cam­paign, like the old Apple ad about shat­ter­ing Big Broth­er or the Nike spot set to the Bea­t­les’ “Rev­o­lu­tion.” While Inter­net bil­lion­aires like Lar­ry Page, Sergey Brin, and Mark Zucker­berg slam gov­ern­ment sur­veil­lance, talk up free­dom, and embrace Snow­den and cryp­to pri­va­cy cul­ture, their com­pa­nies still cut deals with the Pen­ta­gon, work with the NSA and CIA, [and com­pa­nies like Cam­bridge Analytica–D.E.] and con­tin­ue to track and pro­file peo­ple for prof­it. It is the same old split-screen mar­ket­ing trick: the pub­lic brand­ing and the behind-the-scenes real­i­ty.

Inter­net Free­dom is a win-win for every­one involved–everyone except reg­u­lar users, who trust their pri­va­cy to dou­ble-deal­ing mil­i­tary con­trac­tors, while pow­er­ful Sur­veil­lance Val­ley cor­po­ra­tions con­tin­ue to build out the old mil­i­tary cyber­net­ic dream of a world where every­one is watched, pre­dict­ed, and con­trolled. . . .

2. Next, we present the treat­ment afford­ed Yasha Levine. As might be expect­ed, Levine received the Jim Garrison/Gary Webb treat­ment. The ret­ri­bu­tion direct­ed at Yasha Levine epit­o­mizes why Mr. Emory refers to the so-called pro­gres­sive sec­tor as “so-called.”

” . . . . The threats and attacks had begun some­time overnight while I slept. By morn­ing, they had reached a vicious and mur­der­ous pitch. There were calls for my death—by fire, by suf­fo­ca­tion, by hav­ing my throat slit by razor blades. Peo­ple I had nev­er met called me a rapist, and alleged that I took delight in beat­ing women and forc­ing peo­ple to have sex with me. I was accused of homo­pho­bia. Anony­mous peo­ple filed bogus claims with my edi­tor. Alle­ga­tions that I was a CIA agent poured in, as did claims that I worked with British intel­li­gence. The fact that I had been born in the Sovi­et Union did­n’t do me any favors; nat­u­ral­ly, I was accused of being an FSB spy and of work­ing for Rus­si­a’s suc­ces­sor to the KGB. I was informed that my name was added to a dark net assas­si­na­tion list—a site where peo­ple could place anony­mous bids for my mur­der. The roam­ing eye of the Inter­net hate machine had sud­den­ly fixed on me. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 211–212. [23]

 . . . . The threats and attacks had begun some­time overnight while I slept. By morn­ing, they had reached a vicious and mur­der­ous pitch. There were calls for my death—by fire, by suf­fo­ca­tion, by hav­ing my throat slit by razor blades. Peo­ple I had nev­er met called me a rapist, and alleged that I took delight in beat­ing women and forc­ing peo­ple to have sex with me. I was accused of homo­pho­bia. Anony­mous peo­ple filed bogus claims with my edi­tor. Alle­ga­tions that I was a CIA agent poured in, as did claims that I worked with British intel­li­gence. The fact that I had been born in the Sovi­et Union did­n’t do me any favors; nat­u­ral­ly, I was accused of being an FSB spy and of work­ing for Rus­si­a’s suc­ces­sor to the KGB. I was informed that my name was added to a dark net assas­si­na­tion list—a site where peo­ple could place anony­mous bids for my mur­der. The roam­ing eye of the Inter­net hate machine had sud­den­ly fixed on me.

Things got even weird­er when the Anony­mous move­ment joined the fray. The col­lec­tive issued a fat­wa against me and my col­leagues, vow­ing not to stop until I was dead. “May an infini­tude of enor­mous insects dwell in the fas­cist Yasha Levine’s intestines,” pro­claimed the Anony­mous Twit­ter account with 1.6 mil­lion fol­low­ers. It was a bizarre turn. Anony­mous was a decen­tral­ized hack­er and script kid­die move­ment best known for going after the Church of Sci­en­tol­ogy. Now they were going after me—painting a giant tar­get on my back.

I paced my liv­ing room, ner­vous­ly scan­ning the street out­side my win­dow. Reflex­ive­ly, I low­ered the blinds, won­der­ing just how far this was going to go. For the first time, I began to fear for my fam­i­ly’s safe­ty. Peo­ple knew where I lived. The apart­ment my wife, Evge­nia, and I shared at the time was on the first floor, open to the street, with expan­sive win­dows on all sides, like a fish­bowl. We con­tem­plat­ed stay­ing at a friend’s house on the oth­er side of town for a few days until things cooled down.

I had been on the receiv­ing end of vicious Inter­net harass­ment cam­paigns before; it comes with the ter­ri­to­ry of being an inves­tiga­tive jour­nal­ist. But this one was dif­fer­ent. It went beyond any­thing I had ever expe­ri­enced. Not just the inten­si­ty and vicious­ness scared me but also the rea­son why it was hap­pen­ing. . . .

3. In addi­tion to online bul­ly­ing, slan­der and veiled and direct threats, the so-called “pri­va­cy activists” joined in pil­lo­ry­ing Yasha Levine: ” . . . . Mic­ah Lee, the for­mer EFF tech­nol­o­gist who helped Edward Snow­den com­mu­ni­cate secure­ly with jour­nal­ists and who now works at The Inter­cept, attacked me as a con­spir­a­cy the­o­rist and accused me and my col­leagues at Pan­do of being sex­ist bul­lies, he claimed that my report­ing was moti­vat­ed not by a desire to get at the truth but by a mali­cious impulse to harass a female Tor devel­op­er. Although Lee con­ced­ed that my infor­ma­tion about Tor’s gov­ern­ment fund­ing was cor­rect, he counter intu­itive­ly argued that it did­n’t mat­ter. . . .

” . . . . Jour­nal­ists, experts, and tech­nol­o­gists from groups like the ACLU, the EFF, Free­dom of the Press Foun­da­tion and The Inter­cept and employ­ees of the Tor Project joined in to attack my report­ing. Unlike Lee, most did not attempt to engage my report­ing but employed a range of famil­iar PR smear tactics—tactics you usu­al­ly see used by cor­po­rate flacks, not prin­ci­pled pri­va­cy activists. They took to social media, telling any­one who showed inter­est in my arti­cles that they should ignore them instead. Then, when that did­n’t work, they tried to dis­cred­it my report­ing with ridicule, mis­di­rec­tion, and crude insults. . . .

” . . . . A respect­ed ACLU pri­va­cy expert, who now works as a con­gres­sion­al staffer, called me “a con­spir­a­cy the­o­rist  who sees black heli­copters every­where” and com­pared my report­ing about Tor to the Pro­to­cols of the Elders of Zion. As some­one who escaped state-spon­sored anti-Semi­tism in the Sovi­et Union, I found the com­par­i­son extreme­ly offen­sive, espe­cial­ly com­ing from the ACLU. The Pro­to­cols were an anti-Semit­ic forgery dis­sem­i­nat­ed by the Russ­ian Tsar’s secret police that unleashed waves of dead­ly pogroms against Jews across the Russ­ian Empire in the ear­ly twen­ti­eth cen­tu­ry. Tor employ­ees put forth a tor­rent of child­ish insults, call­ing me a ‘dumb Stal­in­ist state-felch­er’ and a ‘fuck­tard’s fuck­tard.’ They accused me of being fund­ed by spies to under­mine faith in cryp­tog­ra­phy. One of them claimed that I was a rapist, and hurled homo­pho­bic insults about the var­i­ous ways in which I had sup­pos­ed­ly per­formed sex­u­al favors for a male col­league.

” In the way that these Inter­net haz­ing ses­sions, go, the cam­paign evolved and spread. Strange peo­ple began threat­en­ing me and my col­leagues on social media. Some accused me of hav­ing blood on my hands and of rack­ing up an “activist body count”–that peo­ple were actu­al­ly dying because of my report­ing under­mined trust in Tor.

The attacks widened to include reg­u­lar read­ers and social media users, any­one who had the nerve to ask ques­tions about Tor’s fund­ing sources. An employ­ee of the Tor Project went so far as to dox an anony­mous Twit­ter user, expos­ing his real iden­ti­ty and con­tact­ing his employ­er in the hopes of get­ting him fired from his job as a junior phar­ma­cist.

It was bizarre. I watched all this unfold in real time but had no idea how to respond. Even more dis­con­cert­ing was that the attacks soon expand­ed to include libelous sto­ries placed in rep­utable media out­lets. The Guardian pub­lished a sto­ry by a free­lancer accus­ing me of run­ning an online sex­u­al harass­ment and bul­ly­ing cam­paign. The Los Ange­les Review of Books, gen­er­al­ly a good jour­nal of arts and cul­ture, ran an essay by a free­lancer alleg­ing that my report­ing was fund­ed by the CIA. Paul Carr, my edi­tor at Pan­do, lodged offi­cial com­plaints and demand­ed to know how these reporters came to their con­clu­sions. Both pub­li­ca­tions ulti­mate­ly retract­ed their state­ments and print­ed cor­rec­tions. An edi­tor at the Guardian apol­o­gized and described the arti­cle as a ‘fuck up.’ But the online attacks con­tin­ued. . . .”

Sur­veil­lance Val­ley by Yasha Levine; Pub­lic Affairs Books [HC]; Copy­right 2018 by Yasha Levine; ISBN 978–1‑61039–802‑2; pp. 214–218. [23]

. . . . Instead of wel­com­ing my report­ing on Tor’s puz­zling gov­ern­ment sup­port, the lead­ing lights of the pri­va­cy com­mu­ni­ty answered it with attacks.

Mic­ah Lee, the for­mer EFF tech­nol­o­gist who helped Edward Snow­den com­mu­ni­cate secure­ly with jour­nal­ists and who now works at The Inter­cept, attacked me as a con­spir­a­cy the­o­rist and accused me and my col­leagues at Pan­do of being sex­ist bul­lies, he claimed that my report­ing was moti­vat­ed not by a desire to get at the truth but by a mali­cious impulse to harass a female Tor devel­op­er. Although Lee con­ced­ed that my infor­ma­tion about Tor’s gov­ern­ment fund­ing was cor­rect, he counter intu­itive­ly argued that it did­n’t mat­ter. Why? Because Tor was open source and pow­ered by math, which he claimed made it infal­li­ble. “[Of] course fun­ders might try to influ­ence the direc­tion of the project and the research. In Tor’s case this is mit­i­gat­ed by the fact that 100% of the sci­en­tif­ic research and source code that Tor releas­es is open, that the cryp­to math is peer-reviewed and backed up by the laws of physics,” he wrote. What Lee was say­ing, and what many oth­ers in the pri­va­cy com­mu­ni­ty believed as well, was that it did not mat­ter that Tor employ­ees depend­ed on the Pen­ta­gon for their pay­checks. They were imper­vi­ous to influ­ence, careers, mort­gages, car pay­ments, per­son­al rela­tion­ships, food, and all the oth­er “squishy aspects of human exis­tence that silent­ly dri­ve and affect peo­ple’s choic­es. The rea­son was that Tor, like all encryp­tion algo­rithms, was based on math and physics—which made it imper­vi­ous to coer­cion.

It was a baf­fling argu­ment. Tor was not “a law of physics” but com­put­er code writ­ten by a small group of human beings. It was soft­ware like any oth­er, with holes and vul­ner­a­bil­i­ties that were con­stant­ly being dis­cov­ered and patched. Encryp­tion algo­rithms and com­put­er sys­tems might be based on abstract math­e­mat­i­cal con­cepts, but trans­lat­ed into the real phys­i­cal realm they become imper­fect tools, con­strained by human error and the com­put­er plat­forms and net­works they run on. After all, even the most sophis­ti­cat­ed encryp­tion sys­tems are even­tu­al­ly cracked and bro­ken. And nei­ther Lee, nor any­one else could answer the big­ger ques­tion raised by my report­ing: If Tor was such a dan­ger to the US gov­ern­ment, why would the same gov­ern­ment con­tin­ue to spend mil­lions of dol­lars on the pro­jec­t’s devel­op­ment, renew­ing the fund­ing year after year? Imag­ine, if dur­ing World War II, the Allies fund­ed the devel­op­ment of Nazi Ger­many’s Enig­ma machine instead of mount­ing a mas­sive effort to crack the code.

I nev­er got a good answer from the pri­va­cy com­mu­ni­ty, but what I did get was a lot of smears and threats.

Jour­nal­ists, experts, and tech­nol­o­gists from groups like the ACLU, the EFF, Free­dom of the Press Foun­da­tion and The Inter­cept and employ­ees of the Tor Project joined in to attack my report­ing. Unlike Lee, most did not attempt to engage my report­ing but employed a range of famil­iar PR smear tactics—tactics you usu­al­ly see used by cor­po­rate flacks, not prin­ci­pled pri­va­cy activists. They took to social media, telling any­one who showed inter­est in my arti­cles that they should ignore them instead. Then, when that did­n’t work, they tried to dis­cred­it my report­ing with ridicule, mis­di­rec­tion, and crude insults.

A respect­ed ACLU pri­va­cy expert, who now works as a con­gres­sion­al staffer, called me “a con­spir­a­cy the­o­rist  who sees black heli­copters every­where” and com­pared my report­ing about Tor to the Pro­to­cols of the Elders of Zion. As some­one who escaped state-spon­sored anti-Semi­tism in the Sovi­et Union, I found the com­par­i­son extreme­ly offen­sive, espe­cial­ly com­ing from the ACLU. The Pro­to­cols were an anti-Semit­ic forgery dis­sem­i­nat­ed by the Russ­ian Tsar’s secret police that unleashed waves of dead­ly pogroms against Jews across the Russ­ian Empire in the ear­ly twen­ti­eth cen­tu­ry. Tor employ­ees put forth a tor­rent of child­ish insults, call­ing me a “dumb Stal­in­ist state-felch­er” and a “fuck­tard’s fuck­tard.” They accused me of being fund­ed by spies to under­mine faith in cryp­tog­ra­phy. One of them claimed that I was a rapist, and hurled homo­pho­bic insults about the var­i­ous ways in which I had sup­pos­ed­ly per­formed sex­u­al favors for a male col­league.

In the way that these Inter­net haz­ing ses­sions, go, the cam­paign evolved and spread. Strange peo­ple began threat­en­ing me and my col­leagues on social media. Some accused me of hav­ing blood on my hands and of rack­ing up an “activist body count”–that peo­ple were actu­al­ly dying because of my report­ing under­mined trust in Tor.

The attacks widened to include reg­u­lar read­ers and social media users, any­one who had the nerve to ask ques­tions about Tor’s fund­ing sources. An employ­ee of the Tor Project went so far as to dox an anony­mous Twit­ter user, expos­ing his real iden­ti­ty and con­tact­ing his employ­er in the hopes of get­ting him fired from his job as a junior phar­ma­cist.

It was bizarre. I watched all this unfold in real time but had no idea how to respond. Even more dis­con­cert­ing was that the attacks soon expand­ed to include libelous sto­ries placed in rep­utable media out­lets. The Guardian pub­lished a sto­ry by a free­lancer accus­ing me of run­ning an online sex­u­al harass­ment and bul­ly­ing cam­paign. The Los Ange­les Review of Books, gen­er­al­ly a good jour­nal of arts and cul­ture, ran an essay by a free­lancer alleg­ing that my report­ing was fund­ed by the CIA. Paul Carr, my edi­tor at Pan­do, lodged offi­cial com­plaints and demand­ed to know how these reporters came to their con­clu­sions. Both pub­li­ca­tions ulti­mate­ly retract­ed their state­ments and print­ed cor­rec­tions. An edi­tor at the Guardian apol­o­gized and described the arti­cle as a “fuck up.” But the online attacks con­tin­ued.

I was no stranger to intim­i­da­tion and threats. But I knew that this cam­paign was­n’t just meant to shut me up but was designed to shut down debate around the offi­cial Tor sto­ry. After the ini­tial out­break, I laid low and tried to under­stand why my report­ing elicit­ed such a vicious and weird reac­tion from the pri­va­cy com­mu­ni­ty.

Mil­i­tary con­trac­tors hailed as pri­va­cy heroes? Edward Snow­den pro­mot­ing a Pen­ta­gon-fund­ed tool as a solu­tion to NSA sur­veil­lance? Google and Face­book back­ing pri­va­cy tech­nol­o­gy? And why were pri­va­cy activists so hos­tile to infor­ma­tion that their most trust­ed app was fund­ed by the mil­i­tary? It was a bizarro world. None of it quite made sense.

When the smears first start­ed, I had thought they might have been dri­ven by a pet­ty defen­sive reflex. Many of those who attacked me either worked for Tor or were vocal reporters, rec­om­mend­ing the tool to oth­ers as pro­tec­tion from gov­ern­ment sur­veil­lance. They were sup­posed to be experts in the field; maybe my report­ing on Tor’s ongo­ing ties to the Pen­ta­gon caught them off-guard or made them feel stu­pid. After all, no one likes being made to look like a suck­er.

Turns out, it was­n’t that sim­ple. As I pieced the sto­ry togeth­er, bit by bit, I real­ized there was some­thing much deep­er behind the attacks, some­thing so spooky and star­tling that at first, I did­n’t believe it. . . .

4. Next, we review the Shad­ow Bro­kers and Macron hacks, high­light­ing the roles in these events of: Jacob Appel­baum, Edward Snow­den, Wik­iLeaks and Andre Aueren­heimer.

“Com­men­tary: Evi­dence Points to Anoth­er Snow­den at the NSA” by James Bam­ford; Reuters; 8/24/2016. [10]

In the sum­mer of 1972, state-of-the-art cam­paign spy­ing con­sist­ed of ama­teur bur­glars, armed with duct tape and micro­phones, pen­e­trat­ing the head­quar­ters of the Demo­c­ra­t­ic Nation­al Com­mit­tee [28]. Today, ama­teur bur­glars have been replaced by cyber­spies, who pen­e­trat­ed the DNC armed with com­put­ers and sophis­ti­cat­ed hack­ing tools.

Where the Water­gate bur­glars came away emp­ty-hand­ed and in hand­cuffs, the mod­ern- day cyber thieves walked away with tens of thou­sands of sen­si­tive polit­i­cal doc­u­ments and are still uniden­ti­fied.

Now, in the lat­est twist, hack­ing tools them­selves, like­ly stolen from the Nation­al Secu­ri­ty Agency, are on the dig­i­tal auc­tion block. Once again, the usu­al sus­pects start with Rus­sia – though there seems lit­tle evi­dence back­ing up the accu­sa­tion.

In addi­tion, if Rus­sia [29] had stolen the hack­ing tools, it would be sense­less to pub­li­cize the theft, let alone put them up for sale. It would be like a safe­crack­er steal­ing the com­bi­na­tion to a bank vault and putting it on Face­book. Once revealed, com­pa­nies and gov­ern­ments would patch their fire­walls, just as the bank would change its com­bi­na­tion.

A more log­i­cal expla­na­tion could also be insid­er theft. If that’s the case, it’s one more rea­son to ques­tion the use­ful­ness of an agency that secret­ly col­lects pri­vate infor­ma­tion on mil­lions of Amer­i­cans but can’t keep its most valu­able data from being stolen, or as it appears in this case, being used against us.

In what appeared more like a Sat­ur­day Night Live skit than an act of cyber­crime, a group call­ing itself the Shad­ow Bro­kers put up for bid on the Inter­net what it called a “full state-spon­sored toolset” of “cyber­weapons.” “!!! Atten­tion gov­ern­ment spon­sors of cyber­war­fare and those who prof­it from it !!!! How much would you pay for ene­mies cyber­weapons?” said the announce­ment.

The group said it was releas­ing some NSA files for “free” and promised “bet­ter” ones to the high­est bid­der. How­ev­er, those with loos­ing bids “Lose Lose,” it said, because they would not receive their mon­ey back. And should the total sum of the bids, in bit­coins, reach the equiv­a­lent of half a bil­lion dol­lars, the group would make the whole lot pub­lic.

While the “auc­tion” seemed tongue in cheek, more like hack­tivists than Russ­ian high com­mand, the sam­ple doc­u­ments were almost cer­tain­ly real. The draft of a top-secret NSA man­u­al for implant­i­ng offen­sive mal­ware, released by Edward Snow­den, con­tains code for a pro­gram code­named SECONDDATE. That same 16-char­ac­ter string of num­bers and char­ac­ters is in the code released by the Shad­ow Bro­kers. The details from the man­u­al [30] were first released by The Inter­cept last Fri­day.

The authen­tic­i­ty of the NSA hack­ing tools were also con­firmed by sev­er­al ex-NSA offi­cials who spoke to the media, includ­ing for­mer mem­bers of the agency’s Tai­lored Access Oper­a­tions (TAO) unit, the home of hack­ing spe­cial­ists.

“With­out a doubt, they’re the keys to the king­dom [31],” one for­mer TAO employ­ee told the Wash­ing­ton Post. “The stuff you’re talk­ing about would under­mine the secu­ri­ty of a lot of major gov­ern­ment and cor­po­rate net­works both here and abroad.” Anoth­er added, “From what I saw, there was no doubt in my mind that it was legit­i­mate.”

Like a bank robber’s tool kit for break­ing into a vault, cyber exploita­tion tools, with code­names like EPICBANANA and BUZZDIRECTION, are designed to break into com­put­er sys­tems and net­works. Just as the bank rob­ber hopes to find a crack in the vault that has nev­er been dis­cov­ered, hack­ers search for dig­i­tal cracks, or “exploits,” in com­put­er pro­grams like Win­dows.

The most valu­able are “zero day” exploits, mean­ing there have been zero days since Win­dows has dis­cov­ered the “crack” in their pro­grams. Through this crack, the hack­er would be able to get into a sys­tem and exploit it, by steal­ing infor­ma­tion, until the breach is even­tu­al­ly dis­cov­ered and patched. Accord­ing to the for­mer NSA offi­cials who viewed the Shad­ow Bro­ker files, they con­tained a num­ber of exploits, includ­ing zero-day exploits that the NSA often pays thou­sands of dol­lars for to pri­vate hack­ing groups.

The rea­sons giv­en for lay­ing the blame on Rus­sia appear less con­vinc­ing, how­ev­er. “This is prob­a­bly some Russ­ian mind game [32], down to the bogus accent,” James A. Lewis, a com­put­er expert at the Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies, a Wash­ing­ton think tank, told the New York Times. Why the Rus­sians would engage in such a mind game, he nev­er explained.

Rather than the NSA hack­ing tools being snatched as a result of a sophis­ti­cat­ed cyber oper­a­tion by Rus­sia or some oth­er nation, it seems more like­ly that an employ­ee stole them.Experts who have ana­lyzed the files sus­pect that they date to Octo­ber 2013, five months after Edward Snow­den left his con­trac­tor posi­tion with the NSA and fled to Hong Kong car­ry­ing flash dri­ves con­tain­ing hun­dreds of thou­sands of pages of NSA doc­u­ments.

So, if Snow­den could not have stolen the hack­ing tools, there are indi­ca­tions that after he depart­ed in May 2013, some­one else did, pos­si­bly some­one assigned to the agency’s high­ly sen­si­tive Tai­lored Access Oper­a­tions.

In Decem­ber 2013, anoth­er high­ly secret NSA doc­u­ment qui­et­ly became pub­lic. It was a top secret TAO cat­a­log of NSA hack­ing tools. Known as the Advanced Net­work Tech­nol­o­gy (ANT) cat­a­log, it con­sist­ed of 50 pages of exten­sive pic­tures, dia­grams and descrip­tions of tools for every kind of hack, most­ly tar­get­ed at devices man­u­fac­tured by U.S. com­pa­nies, includ­ing Apple, Cis­co, Dell and many oth­ers.

Like the hack­ing tools, the cat­a­log used sim­i­lar code­names. Among the tools tar­get­ing Apple was one code­named DROPOUTJEEP [33], which gives NSA total con­trol of iPhones. “A soft­ware implant for the Apple iPhone,” says the ANT cat­a­log, “includes the abil­i­ty to remote­ly push/pull files from the device. SMS retrieval, con­tact-list retrieval, voice­mail, geolo­ca­tion, hot mic, cam­era cap­ture, cell-tow­er loca­tion, etc.”

Anoth­er, code­named IRATEMONK [33], is, “Tech­nol­o­gy that can infil­trate the firmware of hard dri­ves man­u­fac­tured by Max­tor, Sam­sung, Sea­gate and West­ern Dig­i­tal.”

In 2014, I spent three days in Moscow with Snow­den for a mag­a­zine assign­ment and a PBS doc­u­men­tary. Dur­ing our on-the-record con­ver­sa­tions, he would not talk about the ANT cat­a­log, per­haps not want­i­ng to bring atten­tion to anoth­er pos­si­ble NSA whistle­blow­er.

I was, how­ev­er, giv­en unre­strict­ed access to his cache of doc­u­ments. These includ­ed both the entire British, or GCHQ, files and the entire NSA files.

But going through this archive using a sophis­ti­cat­ed dig­i­tal search tool, I could not find a sin­gle ref­er­ence to the ANT cat­a­log. This con­firmed for me that it had like­ly been released by a sec­ond leak­er. And if that per­son could have down­loaded and removed the cat­a­log of hack­ing tools, it’s also like­ly he or she could have also down­loaded and removed the dig­i­tal tools now being leaked.

In fact, a num­ber of the same hack­ing implants and tools released by the Shad­ow Bro­kers are also in the ANT cat­a­log, includ­ing those with code­names BANANAGLEE and JETPLOW. These can be used to cre­ate “a per­sis­tent back-door capa­bil­i­ty” into wide­ly used Cis­co fire­walls, says the cat­a­log.

Con­sist­ing of about 300 megabytes of code, the tools could eas­i­ly and quick­ly be trans­ferred to a flash dri­ve. But unlike the cat­a­log, the tools them­selves – thou­sands of ones and zeros – would have been use­less if leaked to a pub­li­ca­tion. This could be one rea­son why they have not emerged until now.

Enter Wik­iLeaks. Just two days after the first Shad­ow Bro­kers mes­sage, Julian Assange, the founder of Wik­iLeaks, sent out a Twit­ter mes­sage. “We had already obtained the archive of NSA cyber­weapons released ear­li­er today,” Assange wrote, “and will release our own pris­tine copy in due course.”

The month before, Assange was respon­si­ble for releas­ing the tens of thou­sands of hacked DNC emails that led to the res­ig­na­tion of the four top com­mit­tee offi­cials.

There also seems to be a link between Assange and the leak­er who stole the ANT cat­a­log, and the pos­si­ble hack­ing tools. Among Assange’s close asso­ciates is Jacob Appel­baum, a cel­e­brat­ed hack­tivist and the only pub­licly known Wik­iLeaks staffer in the Unit­ed States – until he moved to Berlin in 2013 in what he called a “polit­i­cal exile” because of what he said was repeat­ed harass­ment by U.S. law enforce­ment per­son­nel. In 2010, a Rolling Stone mag­a­zine pro­file labeled him “the most dan­ger­ous man in cyber­space.”

In Decem­ber 2013, Appel­baum was the first per­son to reveal the exis­tence of the ANT cat­a­log, at a con­fer­ence in Berlin, with­out iden­ti­fy­ing the source. That same month he said he sus­pect­ed the U.S. gov­ern­ment of break­ing into his Berlin apart­ment. He also co-wrote an arti­cle about the cat­a­log in Der Spiegel. But again, he nev­er named a source, which led many to assume, mis­tak­en­ly, that it was Snow­den.

In addi­tion to Wik­iLeaks, for years Appel­baum worked for Tor, an orga­ni­za­tion focused on pro­vid­ing its cus­tomers anonymi­ty on the Inter­net [34]. But last May, he stepped down as a result of “seri­ous, pub­lic alle­ga­tions of sex­u­al mis­treat­ment [35]” made by unnamed vic­tims, accord­ing to a state­ment put out by Tor. Appel­baum has denied the charges.

Short­ly there­after, he turned his atten­tion to Hillary Clin­ton. At a screen­ing of a doc­u­men­tary about Assange in Cannes, France, Appel­baum accused her of hav­ing a grudge against him and Assange, and that if she were elect­ed pres­i­dent, she would make their lives dif­fi­cult. “It’s a sit­u­a­tion that will pos­si­bly get worse” if she is elect­ed to the White House, he said, accord­ing to Yahoo News.

It was only a few months lat­er that Assange released the 20,000 DNC emails. Intel­li­gence agen­cies have again point­ed the fin­ger at Rus­sia [36] for hack­ing into these emails.

Yet there has been no expla­na­tion as to how Assange obtained them. He told NBC News, “There is no proof what­so­ev­er [37]” that he obtained the emails from Russ­ian intel­li­gence. Moscow has also denied involve­ment.

There are, of course, many sophis­ti­cat­ed hack­ers in Rus­sia, some with close gov­ern­ment ties and some with­out. And plant­i­ng false and mis­lead­ing indi­ca­tors in mes­sages is an old trick. Now Assange has promised to release many more emails before the elec­tion, while appar­ent­ly ignor­ing email involv­ing Trump. (Trump oppo­si­tion research was also stolen [38].)

In hack­tivist style, and in what appears to be pho­ny bro­ken Eng­lish, this new release of cyber­weapons also seems to be tar­get­ing Clin­ton. It ends with a long and angry “final mes­sage” against “Wealthy Elites . . . break­ing laws” but “Elites top friends announce, no law bro­ken, no crime commit[ed]. . . Then Elites run for pres­i­dent. Why run for pres­i­dent when already con­trol coun­try like dic­ta­tor­ship?”

Then after what they call the “fun Cyber Weapons Auc­tion” comes the real mes­sage, a seri­ous threat. “We want make sure Wealthy Elite rec­og­nizes the dan­ger [of] cyber­weapons. Let us spell out for Elites. Your wealth and con­trol depends on elec­tron­ic data.” Now, they warned, they have con­trol of the NSA’s cyber hack­ing tools that can take that wealth away. “You see attacks on banks and SWIFT [a world­wide net­work for finan­cial ser­vices] in news. If elec­tron­ic data go bye-bye where leave Wealthy Elites? Maybe with dumb cat­tle?” . . . 

There also seems to be a link between Assange and the leak­er who stole the ANT cat­a­log, and the pos­si­ble hack­ing tools. Among Assange’s close asso­ciates is Jacob Appel­baum, a cel­e­brat­ed hack­tivist and the only pub­licly known Wik­iLeaks staffer in the Unit­ed States – until he moved to Berlin in 2013 in what he called a “polit­i­cal exile” because of what he said was repeat­ed harass­ment by U.S. law enforce­ment per­son­nel. In 2010, a Rolling Stone mag­a­zine pro­file labeled him “the most dan­ger­ous man in cyber­space.”

In Decem­ber 2013, Appel­baum was the first per­son to reveal the exis­tence of the ANT cat­a­log, at a con­fer­ence in Berlin, with­out iden­ti­fy­ing the source. That same month he said he sus­pect­ed the U.S. gov­ern­ment of break­ing into his Berlin apart­ment. He also co-wrote an arti­cle about the cat­a­log in Der Spiegel. But again, he nev­er named a source, which led many to assume, mis­tak­en­ly, that it was Snow­den.

In addi­tion to Wik­iLeaks, for years Appel­baum worked for Tor, an orga­ni­za­tion focused on pro­vid­ing its cus­tomers anonymi­ty on the Inter­net [34]. But last May, he stepped down as a result of “seri­ous, pub­lic alle­ga­tions of sex­u­al mis­treat­ment [35]” made by unnamed vic­tims, accord­ing to a state­ment put out by Tor. Appel­baum has denied the charges.

Short­ly there­after, he turned his atten­tion to Hillary Clin­ton. At a screen­ing of a doc­u­men­tary about Assange in Cannes, France, Appel­baum accused her of hav­ing a grudge against him and Assange, and that if she were elect­ed pres­i­dent, she would make their lives dif­fi­cult. “It’s a sit­u­a­tion that will pos­si­bly get worse” if she is elect­ed to the White House, he said, accord­ing to Yahoo News.

5. Those “Russ­ian gov­ern­ment hack­ers”  [11]real­ly need an OPSEC refresh­er course. The hacked doc­u­ments in the “Macron hack” not only con­tained Cyril­lic text in the meta­da­ta, but also con­tained the name of the last per­son to mod­i­fy the doc­u­ments. That name, “Rosh­ka Georgiy Petro­vichan”, is an employ­ee at Evri­ka, a large IT com­pa­ny that does work for the Russ­ian gov­ern­ment, includ­ing the FSB (Russ­ian intel­li­gence.)

Also found in the meta­da­ta is the email of the per­son who uploaded the files to “archive.org”, and that email address, frankmacher1@gmx.de [12], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 phish­ing attacks against the CDU in Ger­many that have been attrib­uted to APT28. It would appear that the “Russ­ian hack­ers” not only left clues sug­gest­ing it was Russ­ian hack­ers behind the hack, but they decid­ed to name names this time–their own names.

Not sur­pris­ing­ly, giv­en the fas­cist nature of Wik­iLeaks, they con­clud­ed that Rus­sia was behind the hacks. (For more on the fas­cist nature of Wik­iLeaks, see FTR #‘s 724 [39], 725 [40], 732 [19], 745 [20], 755 [21], 917 [22].)

“Evi­dence Sug­gests Rus­sia Behind Hack of French Pres­i­dent-Elect” by Sean Gal­lagher; Ars Tech­ni­ca; 5/8/2017. [11]

Russ­ian secu­ri­ty firms’ meta­da­ta found in files, accord­ing to Wik­iLeaks and oth­ers.

Late on May 5 as the two final can­di­dates for the French pres­i­den­cy were about to enter a press black­out in advance of the May 7 elec­tion, nine giga­bytes of data alleged­ly from the cam­paign of Emmanuel Macron were post­ed on the Inter­net in tor­rents and archives. The files, which were ini­tial­ly dis­trib­uted via links post­ed on 4Chan and then by Wik­iLeaks, had foren­sic meta­da­ta sug­gest­ing that Rus­sians were behind the breach—and that a Russ­ian gov­ern­ment con­tract employ­ee may have fal­si­fied some of the dumped doc­u­ments.

Even Wik­iLeaks, which ini­tial­ly pub­li­cized the breach and defend­ed its integri­ty on the organization’s Twit­ter account, has since acknowl­edged that some of the meta­da­ta point­ed direct­ly to a Russ­ian com­pa­ny with ties to the gov­ern­ment:

#Macron­Leaks [41]: name of employ­ee for Russ­ian govt secu­ri­ty con­trac­tor Evri­ka appears 9 times in meta­da­ta for “xls_cendric.rar” leak archive pic.twitter.com/jyhlmldlbL [42]— Wik­iLeaks (@wikileaks) May 6, 2017 [43]

Evri­ka (“Eure­ka”) ZAO [44] is a large infor­ma­tion tech­nol­o­gy com­pa­ny in St. Peters­burg that does some work for the Russ­ian gov­ern­ment, and the group includes the Fed­er­al Secu­ri­ty Ser­vice of the Russ­ian Fed­er­a­tion (FSB) among its acknowl­edged cus­tomers (as not­ed in this job list­ing [45]). The com­pa­ny is a sys­tems inte­gra­tor, and it builds its own com­put­er equip­ment and pro­vides “inte­grat­ed infor­ma­tion secu­ri­ty sys­tems.” The meta­da­ta in some Microsoft Office files shows the last per­son to have edit­ed the files to be “Rosh­ka Georgiy Petro­vich,” a cur­rent or for­mer Evri­ka ZAO employ­ee.

Accord­ing to a Trend Micro report on April 25 [46], the Macron cam­paign was tar­get­ed by the Pawn Storm threat group (also known as “Fan­cy Bear” or APT28) in a March 15 “phish­ing” cam­paign using the domain onedrive-en-marche.fr. The domain was reg­is­tered by a “Johny Pinch” using a Mail.com web­mail address. The same threat group’s infra­struc­ture and mal­ware was found to be used in the breach of the Demo­c­ra­t­ic Nation­al Com­mit­tee in 2016, in the phish­ing attack tar­get­ing mem­bers of the pres­i­den­tial cam­paign of for­mer Sec­re­tary of State Hillary Clin­ton, and in a num­ber of oth­er cam­paigns against polit­i­cal tar­gets in the US and Ger­many over the past year.

The meta­da­ta attached to the upload of the Macron files also includes some iden­ti­fy­ing data with an e‑mail address for the per­son upload­ing the con­tent to archive.org:

Well this is fun pic.twitter.com/oXsH83snCS [47]— Pwn All The Things (@pwnallthethings) May 6, 2017 [48]

The e‑mail address of the uploader, frankmacher1@gmx.de [12], is reg­is­tered with a Ger­man free web­mail provider used pre­vi­ous­ly in 2016 Pawn Storm / APT28 phish­ing attacks against the Chris­t­ian Demo­c­ra­t­ic Union [49], Ger­man Chan­cel­lor Angela Merkel’s polit­i­cal par­ty.

The involve­ment of APT28, the edit­ing of some doc­u­ments leaked by some­one using a Russ­ian ver­sion of Microsoft Office, and the attempt to spread the data through ampli­fi­ca­tion in social media chan­nels such as 4Chan, Twit­ter, and Facebook—where a num­ber of new accounts post­ed links to the data—are all char­ac­ter­is­tics of the infor­ma­tion oper­a­tions seen dur­ing the 2016 US pres­i­den­tial cam­paign.

Andrew Auerenheimer: Guest at Glenn Greenwald's party [50]

Andrew Aueren­heimer aka “Weev”: Guest at Glenn Green­wald’s par­ty

6. In relat­ed news, a group of cyber­se­cu­ri­ty researchers study­ing the Macron hack has con­clud­ed that the mod­i­fied doc­u­ments were doc­tored by some­one asso­ci­at­ed with The Dai­ly Stormer neo-Nazi web­site and Andrew “the weev” Auern­heimer.

Aueren­heimer was a guest [51] at Glenn Green­wald and Lau­ra Poitras’s par­ty cel­e­brat­ing their receipt of the Polk award.

“ ‘We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,” said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org.’ . . .”

Who is in con­trol of the Dai­ly Stormer? Well, its pub­lic face and pub­lish­er is Andrew Anglin. But look who the site is reg­is­tered to: Andrew Auern­heimer, who appar­ent­ly resided in Ukraine as of the start of this year:

The analy­sis from the web-secu­ri­ty firm Virtualroad.org. indi­cates that some­one asso­ci­at­ed with the Dai­ly Stormer mod­i­fied those faked doc­u­ments. Like, per­haps a high­ly skilled neo-Nazi hack­er like “the weev”.

Based on an analy­sis of how the doc­u­ment dump unfold­ed it’s look­ing like the inex­plic­a­bly self-incrim­i­nat­ing ‘Russ­ian hack­ers’ may have been a bunch of Amer­i­can neo-Nazis. Imag­ine that. [52]

“U.S. Hack­er Linked to Fake Macron Doc­u­ments, Says Cyber­se­cu­ri­ty Firm” by David Gau­thi­er-Vil­lars; The Wall Street Jour­nal; 5/16/2017. [13]

Ties between an American’s neo-Nazi web­site and an inter­net cam­paign to smear Macron before French elec­tion are found

A group of cyber­se­cu­ri­ty experts has unearthed ties between an Amer­i­can hack­er who main­tains a neo-Nazi web­site and an inter­net cam­paign to smear Emmanuel Macron days before he was elect­ed pres­i­dent of France.

Short­ly after an anony­mous user of the 4chan.org dis­cus­sion forum post­ed fake doc­u­ments pur­port­ing to show Mr. Macron had set up an undis­closed shell com­pa­ny in the Caribbean, the user direct­ed peo­ple to vis­it nouveaumartel.com for updates on the French elec­tion.

That web­site, accord­ing to research by web-secu­ri­ty provider Virtualroad.org [14], is reg­is­tered by “Wee­v­los,” a known online alias of Andrew Auern­heimer, an Amer­i­can hack­er who gained noto­ri­ety three years ago when a U.S. appeals court vacat­ed his con­vic­tion for com­put­er fraud. The site also is host­ed by a serv­er in Latvia that hosts the Dai­ly Stormer, a neo-Nazi news site that iden­ti­fies its admin­is­tra­tor as “Weev,” anoth­er online alias of Mr. Aeurn­heimer, Virtualroad.org says.

“We strong­ly believe that the fake off­shore doc­u­ments were cre­at­ed by some­one with con­trol of the Dai­ly Stormer serv­er,” said Tord Lund­ström, a com­put­er foren­sics inves­ti­ga­tor at Virtualroad.org.

Through Tor Eke­land, the lawyer who rep­re­sent­ed him in the com­put­er-fraud case in the U.S., Mr. Auern­heimer said he “doesn’t have any­thing to say.”

A French secu­ri­ty offi­cial said a probe into the fake doc­u­ments was look­ing into the role of far-right and neo-Nazi groups but declined to com­ment on the alleged role of Mr. Auern­heimer.

In the run-up to the French elec­tion, cyber­se­cu­ri­ty agen­cies warned Mr. Macron’s aides that Russ­ian hack­ers were tar­get­ing his pres­i­den­tial cam­paign, accord­ing to peo­ple famil­iar with the mat­ter. On May 5, nine giga­bytes of cam­paign doc­u­ments and emails [53] were dumped on the inter­net. The Macron cam­paign and French author­i­ties have stopped short of pin­ning blame for the hack on the Krem­lin.

Intel­li­gence and cyber­se­cu­ri­ty inves­ti­ga­tors exam­in­ing the flur­ry of social-media activ­i­ty lead­ing up to the hack fol­lowed a trail of com­put­er code they say leads back to the Amer­i­can far-right.

Con­tact­ed by email over the week­end, the pub­lish­er of the Dai­ly Stormer, Andrew Anglin, said he and Mr. Auern­heimer had used their news site to write about the fake doc­u­ments because “We fol­low 4chan close­ly and have a more mod­ern edi­to­r­i­al process than most sites.”

When asked if he or Mr. Auern­heimer were behind the fake doc­u­ments, Mr. Anglin stopped reply­ing.

Mr. Auern­heimer was sen­tenced to 41 months in prison by a U.S. court in late 2012 for obtain­ing the per­son­al data of thou­sands of iPad users through an AT&T web­site. In April 2014, an appeals court vacat­ed his con­vic­tion [54] on the grounds that the venue of the tri­al, in New Jer­sey, was improp­er.

Asked if Mr. Auern­heimer resided in Ukraine, as a Jan­u­ary post on a per­son­al blog indi­cates, his lawyer said: “I think this is about right.” . . . .

7. French cyber­se­cu­ri­ty chief Guil­laume Poupard denied the NSA/U.S. asser­tion that APT28 aka “Cozy Bear/Fancy Bear/Russia” hacked the French elec­tion.

“French Cyber Secu­ri­ty Leader: No Trace of Russ­ian Hack­ing Group in Emmanuel Macron Cam­paign Leaks”; Asso­ci­at­ed Press; 06/01/2017 [15]

The head of the French government’s cyber secu­ri­ty agency, which inves­ti­gat­ed leaks from Pres­i­dent Emmanuel Macron’s elec­tion cam­paign, says they found no trace of a noto­ri­ous Russ­ian hack­ing group behind the attack.

In an inter­view in his office Thurs­day with The Asso­ci­at­ed Press, Guil­laume Poupard said the Macron cam­paign hack “was so gener­ic and sim­ple that it could have been prac­ti­cal­ly any­one.”

He said they found no trace that the Russ­ian hack­ing group known as APT28, blamed for oth­er attacks includ­ing on the U.S. pres­i­den­tial cam­paign, was respon­si­ble.

Poupard is direc­tor gen­er­al of the gov­ern­ment cyber-defense agency known in France by its acronym, ANSSI. Its experts were imme­di­ate­ly dis­patched when doc­u­ments stolen from the Macron cam­paign leaked online on May 5 in the clos­ing hours of the pres­i­den­tial race.

Poupard says the attack’s sim­plic­i­ty “means that we can imag­ine that it was a per­son who did this alone. They could be in any coun­try.”