Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #924 Technocratic Fascism, the High-Profile Hacks and The Obverse Oswald: Update on the Adventures of Eddie the Friendly Spook

Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by early winter of 2016. The new drive (available for a tax-deductible contribution of $65.00 or more.) (The previous flash drive was current through the end of May of 2012.)

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

Lee Harvey Oswald: Ersatz Communist

Lee Harvey Oswald: Ersatz Communist

borisandnatashaiIntroduction: On November 22, 1963, President Kennedy’s assassination fundamentally altered the American political landscape, neutralizing JFK’s peace initiatives in Europe, Southeast Asia and Cuba. Furthermore, LBJ was manipulated into pursuing the open-ended Vietnam commitment JFK had studiously avoided.

With the high-profile hacks and the clumsy (though well-accepted) disinformation fingering Russia as the author of the crimes, we are witnessing “Team Snowden” manifesting what we have termed “Technocratic Fascism.” The support for Donald Trump coming from Julian Assange/WikiLeaks/Snowden/Applebaum exemplifies what David Golumbia analyzed in a seminal post: “. . . . Such tech­no­cratic beliefs are wide­spread in our world today, espe­cially in the enclaves of dig­i­tal enthu­si­asts, whether or not they are part of the giant corporate-digital leviathanHack­ers (“civic,” “eth­i­cal,” “white” and “black” hat alike), hack­tivists, Wik­iLeaks fans [and Julian Assange et al–D. E.], Anony­mous “mem­bers,” even Edward Snow­den him­self walk hand-in-hand with Face­book and Google in telling us that coders don’t just have good things to con­tribute to the polit­i­cal world, but that the polit­i­cal world is theirs to do with what they want, and the rest of us should stay out of it: the polit­i­cal world is bro­ken, they appear to think (rightly, at least in part), and the solu­tion to that, they think (wrongly, at least for the most part), is for pro­gram­mers to take polit­i­cal mat­ters into their own hands. . .”

In past discussion of “Eddie the Friendly Spook,” we have characterized him as “the Obverse Oswald.” With their exercise of “Technocratic Fascism,” “Team Snowden” is destroying American democracy as definitively and effectively as the bullets in Dealy Plaza did on 11/22/1963.

Supplementing and summing up the exhaustive “Eddie the Friendly Spook” series, this program sets forth the Snowden “psy-op” and the high-profile hacks against the background of Lee Harvey Oswald, the U.S. spy infiltrated into the Soviet Union and then into leftist organizations in the United States. Oswald was framed for JFK’s assassination and then killed before he could defend himself.

borisandnatashaii

Snowden: Is this the face that launched a thousand ships?

Snowden: Is this the face that launched a thousand ships?

Whereas Oswald was portrayed as a villain, Eddie the Friendly Spook’s operation is the obverse, with Snowden portrayed as a hero, while decamping first to China and then to Russia. Snowden is not only a spy but a fascist, who advocates the elimination of Social Security and the return to the gold standard.

Snowden’s Russian sojourn appears to have been arranged by WikiLeaks, which also appears to have arranged his flight to China from Hawaii. (Snowden’s journey to Hawaii appears to have been facilitated by Jacob Applebaum, who may be behind the “Shadow Brokers” alleged hack of NSA cyberweapons.) It was Snowden’s journey to Moscow that threw Obama’s “reboot” with Russia under the bus.

In that context, we again point to “The Obverse Oswald.”  We strongly suspect that “Team Snowden” may have had something to do with this. Snowden in Russia and working for a computer firm. The (frankly lame) framing of Russia for the DNC hack and the “Shadow Brokers” non-hack of the NSA reminds us of the process of “painting Oswald Red.”

The program begins with analysis of some enigmatic tweets that Snowden issued, shortly before the “Shadow Brokers” leaked the ANT and TAO cyberweapons. The mysterious tweets may well have signaled the release of the “Shadow Brokers” files. ” . . . . In any case, since the posting Snowden’s own Twitter presence has been eerily muted. . . . [Barton] Gellman, who is currently writing a book about the Edward Snowden leaks, was previously embroiled in another recent post that sparked controversy after the former NSA contractor mysteriously tweeted: ‘It’s time.’ . . . .

Next, we review information indicating that Russia has been framed for the “Shadow Brokers” alleged hack of the NSA, much as it appears to have been framed for the DNC hack. Indeed, with both the DNC hack and the “Shadow Brokers” non-hack of the NSA, the evidence points increasingly toward “Team Snowden” and Eddie the Friendly Spook himself.

Points of information reviewed include:

  • Evidence suggesting that Russia was NOT behind the DNC hacks. ” . . . . None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence. . . . Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better?. . . .”
  • Information indicating that the NSA “hack” may well not have been a hack at all, but the work of an insider downloading the information onto a USB drive. “. . . Their claim to have ‘hacked’ a server belonging to the NSA is fishy. According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick. . . . When hackers gain access to a server, they keep quiet about it so they can stay there. . . .One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them. . . . . . . If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find. . . People sell exploits all the time, but they hardly ever talk about it. . . . Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market. So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange. . . .”
  • Eddie the Friendly Spook endorsed the cover story of the Shadow Brokers’ NSA “hack”–that the event was a hack (despite indicators to the contrary) and that Russia did it.  . . . If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.‘That could have significant foreign policy consequences,’ Snowden wrote on Twitter. ‘Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections. . . .” 
  • The code in the files was from 2013, when Snowden undertook his “op.”  “. . . . The code released by the Shadow Brokers dates most recently to 2013, the same year Edward Snowden leaked classified information about the NSA’s surveillance programs.. . . Snowden also noted that the released files end in 2013. ‘When I came forward, NSA would have migrated offensive operations to new servers as a precaution,’ he suggested — a move that would have cut off the hackers’ access to the server. . . . “
  • Author James Bamford highlighted circumstantial evidence that WikiLeaker Jacob Applebaum–who appears to have facilitated Snowden’s journey from Hawaii to Hong Kong–may have been behind the Shadow Brokers non-hack. “. . . . There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .”
  • Applebaum was anti-Clinton, sentiments expressed in the clumsy Boris and Natasha-like broken English that accompanied announcement of the Shadow Brokers’ gambit. . . . . Shortly thereafter, he [Applebaum] turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. ‘It’s a situation that will possibly get worse’ if she is elected to the White House, he said, according to Yahoo News. . . .. . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message” against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . .” 
  • The e-mail account used by the Shadow Brokers is in Germany and is resistant to attempts at disclosing users’ information. Applebaum, Laura Poitras, Sarah Harrison and Peter Sunde are in Germany.  “. . . He said Tutanota had only ever been forced to hand over encrypted data of its users a few times and it has a transparency report where it discloses those cases. ‘However, we release data only in very, very few cases … And when we have to provide the data due to a court order, it is still encrypted,’ Pfau added, going on to explain the company’s stance on surveillance. . . .”
  • Recall that, in FTR #’s 891 and 895, we noted that Snowden was working for the CIA in the summer of 2009 when he decided to infiltrate NSA and leak its information. NSA “non-hack” suspect Applebaum and much of the so-called “privacy” advocates have received funding from CIA-derived organizations such as the Broadcasting Board of Governors, Radio Free Asia and the Open Technology Fund. What role is the CIA playing in this? “. . . Jacob Appelbaum’s will­ing­ness to work directly for an old CIA cutout like Radio Free Asia in a nation long tar­geted for regime-change is cer­tainly odd, to say the least. Par­tic­u­larly since Appel­baum made a big pub­lic show recently claim­ing that, though it pains him that Tor takes so much money from the US mil­i­tary, he would never take money from some­thing as evil as the CIA. . . .. . . Appelbaum’s finan­cial rela­tion­ships with var­i­ous CIA spin­offs like Radio Free Asia and the BBG go fur­ther. From 2012 through 2013, Radio Free Asia trans­ferred about $1.1 mil­lion to Tor in the form of grants and con­tracts. This mil­lion dol­lars comes on top of another $3.4 mil­lion Tor received from Radio Free Asia’s par­ent agency, the BBG, start­ing from 2007. . . . . . . . Though many of the apps and tech backed by Radio Free Asia’s OTF are unknown to the gen­eral pub­lic, they are highly respected and extremely pop­u­lar among the anti-surveillance Inter­net activist crowd. OTF-funded apps have been rec­om­mended by Edward Snow­den, cov­ered favor­ably by ProP­ub­lica and The New York Times’ tech­nol­ogy reporters, and repeat­edly pro­moted by the Elec­tronic Fron­tier Foun­da­tion. Every­one seems to agree that OTF-funded pri­vacy apps offer some of the best pro­tec­tion from gov­ern­ment sur­veil­lance you can getIn fact, just about all the fea­tured open-source apps on EFF’s recent “Secure Mes­sag­ing Score­card” were funded by OTF. . . .. . . . You’d think that anti-surveillance activists like Chris Soghoian, Jacob Appel­baum, Cory Doc­torow and Jil­lian York would be staunchly against out­fits like BBG and Radio Free Asia, and the role they have played — and con­tinue to play — in work­ing with defense and cor­po­rate inter­ests to project and impose U.S. power abroad. Instead, these rad­i­cal activists have know­ingly joined the club, and in doing so, have become will­ing pitch­men for a wing of the very same U.S. National Secu­rity State they so adamantly oppose. . . .”

The program concludes with an examination of Donald Trump Jr. Many young people have come to see Assange and Snowden as heroes. With “Team Snowden” working for Trump, those young people may find themselves seduced by the younger Donald.

Program Highlights Include:

1.  The program opens with discussion of some cryptic, mysterious tweets that Snowden issued, shortly before the so-called “Shadow Brokers” released their supposedly “hacked” NSA cyberweapons.

Although none of the tweets was the “dead man’s switch” some feared, the possibility that the tweets (or one of them) may have been a signal to release the ANT and TAO files in the “Shadow Brokers” “hack.”

Consider the possibility the leaked NSA hacking tools really were part of the Snowden doomsday cache (a cache to which Bamford presumably never had full access). Note that since Edward Snowden sent out a cryptic tweet one week before the leak that could very easily be interpreted as a metaphorical push of the Dead Man’s Switch.

“Gellman, who is currently writing a book about the Edward Snowden leaks, was previously embroiled in another recent post that sparked controversy after the former NSA contractor mysteriously tweeted: “It’s time.”

Taking stock: Snowden first cryptically tweets on August 3, “Did you work with me? Have we talked since 2013? Please recontact me securely, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ

Snowden then tweets a very long cryptographic key of some sort. He then goes silent for a couple days and some start assuming he’s dead. And then a week later we get the Shadow Broker leak of NSA TAO hacking tools.

We have circumstantial evidence suggesting that the Shadow Brokers leak may be a consequence of Snowden issuing his cryptic tweets, along with circumstantial evidence that Appelbaum already had his hands on the kinds of NSA hacking tools that actually got leaked but those tools probably didn’t come from Snowden but a different, still unidentified, NSA leaker. Curiouser and curiouser…

Recall that, in FTR #’s 891 and 895, we noted that Snowden was working for the CIA in the summer of 2009 when he decided to infiltrate NSA and leak its information. As will be reviewed below, Applebaum and much of the so-called “privacy” advocates have received funding from CIA-derived organizations such as the Broadcasting Board of Governors, Radio Free Asia and the Open Technology Fund.

“Is Edward Snowden Dead? Conspiracy Theory Claims Whistleblower Killed After Cryptic Tweet” by Jason Murdock; International Business Times; 8/8/2016.

Rumours of his demise have been denied by confidante Glenn Greenwald.

Exiled NSA whistleblower Edward Snowden sparked intrigue on 5 August after tweeting a 64-digit code to his two million-strong Twitter following, which conspiracy theorists quickly assumed meant he had met his untimely demise. The fears were sparked by a Russian news website called Sputnik, which reported the now-deleted tweet could have been a “dead man’s switch” – an insurance code set up to aid the release of another trove of documentation “if he did not check in to the computer at a certain time.”

However, the rumours of his death or kidnapping have been denied by Snowden’s close confidante Glenn Greenwald, who replied to one concerned tweet with: “He’s fine.”

In any case, since the posting Snowden’s own Twitter presence has been eerily muted.

Previously, Snowden has indicated he has such an insurance tactic in place should something happen to him while he is living under asylum in Russia.

In one report by Wired, published in 2013 after the initial NSA disclosures hit the headlines, Greenwald described the system in place. “It’s really just a way to protect himself against extremely rogue behaviour on the part of the United States, by which I mean violent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incentivised to do that,” he said.

In response to the code, which appears on the surface to be a form of hash, journalist Barton Gellman also took to social media to note the tweet had a “private meaning” and was not intended for the general audience. “Everyone requesting proof of life for me and @Snowden, take a deep breath. Some tweets have private meaning,” he wrote on 6 August.

Based on this, it is likely the long code is a form of verification used to prove to a contact of Snowden that he is the legitimate sender or recipient of a communication. Using a direct mail to message, for example, would leave metadata, and therefore a record of the conversation taking place.

Gellman, who is currently writing a book about the Edward Snowden leaks, was previously embroiled in another recent post that sparked controversy after the former NSA contractor mysteriously tweeted: “It’s time.”

In light of this, the use of a so-called dead man’s switch was used to protect his wellbeing. Additionally, whistleblowing outfit WikiLeaks, which has released sensitive files from the US government, also uses the technique. Most recently, the group’s founder, Julian Assange, uploaded a fresh 88GB file to the internet – just prior to the leaks from the Democratic National Committee (DNC).

2. Understanding the process of “painting Oswald red” gives us perspective on the crude deception involved with the “Shadow Brokers” non-hack, as well as giving us an understanding of the DNC hack. Reviewing why Russia is an unlikely culprit in the DNC hack:

“Blaming Russia For the DNC Hack Is Almost Too Easy” by Dr. Sandro Gaycken; Council on Foreign Relations Blog; 8/01/2016.

 . . . A critical look exposes the significant flaws in the attribution. First, all of the technical evidence can be spoofed. Although some argue that spoofing the mound of uncovered evidence is too much work, it can easily be done by a small team of good attackers in three or four days. Second, the tools used by Cozy Bear appeared on the black market when they were first discovered years ago and have been recycled and used against many other targets, including against German industry. The reuse and fine-tuning of existing malware happens all the time. Third, the language, location settings, and compilation metadata can easily be altered by changing basic settings on the attacker’s computer in five minutes without the need of special knowledge. None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.

The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence. . . . Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better?. . . 

3. The apparent “non-hack” of the NSA by “The Shadow Brokers” also makes no sense. Note also, the clumsy, Boris and Natasha-like broken English used to try and portray this as a “Russian” operation. In addition, as we will see, this doesn’t appear to be a “hack” at all. A skilled hacker would not signal his or her activities in the manner that the “Shadow Brokers” did, nor would they be likely to put the information obtained through their “exploits” up for auction.

“Here’s Why the Supposed NSA ‘Hack’ Is Unlike Anything We’ve Ever Seen Before” by Paul Szoldra; Business Insider Nordic; 8/16/2016.

. . . Their claim to have ‘hacked’ a server belonging to the NSA is fishy. According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick. . . . When hackers gain access to a server, they keep quiet about it so they can stay there. . . .One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them. . . .

 . . . If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find. . . . Instead, the group wrote on Pastebin, a website where you can store text, that “we follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons,” which immediately signals to this alleged NSA hacker group that they have a big problem. [Note the remarkable broken English used in the post, reminiscent of Boris and Natasha–D.E.] . . . People sell exploits all the time, but they hardly ever talk about it. . . . Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market. So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange. . . .

4. Notice, however, that Edward Snowden not only opined that this was, indeed, a hack, whereas the evidence points in a different direction, but that “Russia was behind the hack.” Do not fail to take stock of the fact that Snowden is foreshadowing a possible controversy over the hacking of voting machines, echoing the pronouncements of Donald Trump, the successor to Eddie the Friendly Spook’s Presidential candidate of choice, Ron Paul.

“Here’s Why the Supposed NSA ‘Hack’ Is Unlike Anything We’ve Ever Seen Before” by Paul Szoldra; Business Insider Nordic; 8/16/2016.

 . . . If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.

“That could have significant foreign policy consequences,” Snowden wrote on Twitter. “Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections.” . . . .

5. The dating of the code used in connection with the cyberweapons dates to 2013, when Snowden downloaded NSA files onto USB sticks and went to Hong Kong from Hawaii. Note, again, that Snowden points to hacking, rather than the much more likely scenario of someone downloading information onto USB sticks, as Snowden did.

There is an important legal principle that is worth considering, the concept of “consciousness of guilt.” If someone can be proved to have taken steps to cover up the commission of a crime, that is considered sufficient evidence to indict the person for the original crime. Here, we have Snowden saying “Yup, Russia did it” in spite of indications that such was not the case and “Yup, it was a hack” whereas that appears unlikely.

Evidence points in the direction of “Team Snowden,” the WikiLeaks/Snowden/Greenwald milieu we have been researching for years.

“‘Shadow Brokers’ Claim To Have Hacked The NSA’s Hackers”; National Public Radio ; 8/17/2016.

 . . . . The code released by the Shadow Brokers dates most recently to 2013, the same year Edward Snowden leaked classified information about the NSA’s surveillance programs.. . . Snowden also noted that the released files end in 2013. ‘When I came forward, NSA would have migrated offensive operations to new servers as a precaution,’ he suggested — a move that would have cut off the hackers’ access to the server. . . . 

6. Perhaps no other author/investigator has done as much writing about NSA as James Bamford. In his observations about “The Shadow Brokers” non-hack, he highlights the actions of Jacob Applebaum, the WikiLeaker who appears to have been deeply involved with getting Snowden from Hawaii to Hong Kong. Applebaum is also a fierce opponent of Hillary Clinton. Of particular significance is the fact that WikiLeaks already had a copy of the ANT and TAO cyberweapons.

The “Shadow Brokers” also went after Hillary Clinton in the Boris and Natasha-like broken English:

“Commentary: Evidence Points to Another Snowden at the NSA” by James Bamford; Reuters; 8/24/2016.

 . . . . Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. . . .

. . . . Enter WikiLeaks. Just two days after the first Shadow Brokers message, Julian Assange, the founder of WikiLeaks, sent out a Twitter message. “We had already obtained the archive of NSA cyberweapons released earlier today,” Assange wrote, “and will release our own pristine copy in due course.”

The month before, Assange was responsible for releasing the tens of thousands of hacked DNC emails that led to the resignation of the four top committee officials.

There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”

In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .

. . . . Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It’s a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News. . . .

. . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message” against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . . .

7. Another piece of circumstantial evidence pointing in the direction of “Team Snowden” concerns the fact that the “Shadow Brokers” used a German e-mail provider.

Since Appelbaum is currently living in Berlin it’s worth noting that the email address that appears to be used by the Shadow Brokers is a German email provider with a policy of cooperating with legal authorities as little as possible and only handing over encrypted data when given a court order.

In addition to Applebaum (who appears to have assisted Snowden in getting from Hawaii to Hong Kong), Laura Poitras (Glenn Greenwald’s associate), Sarah Harrison (Assange’s ex-girlfriend who assisted Snowden in his flight from Hong Kong to Moscow) and Peter Sunde (who founded the Pirate Bay website on which WikiLeaks held forth) are all resident in Germany at this time.

“Edward Snowden: Russia Is Chief Suspect In NSA Hack” by Thomas Fox-Brewster; Forbes ; 8/16/2016.

 . . . He said Tutanota had only ever been forced to hand over encrypted data of its users a few times and it has a transparency report where it discloses those cases. ‘However, we release data only in very, very few cases … And when we have to provide the data due to a court order, it is still encrypted,’ Pfau added, going on to explain the company’s stance on surveillance. . . .

 

8. Recall that, in FTR #’s 891 and 895, we noted that Snowden was working for the CIA in the summer of 2009 when he decided to infiltrate NSA and leak its information. NSA “non-hack” suspect Applebaum and much of the so-called “privacy” advocates have received funding from CIA-derived organizations such as the Broadcasting Board of Governors, Radio Free Asia and the Open Technology Fund.

“Inter­net Pri­vacy, Funded by Spooks: A Brief His­tory of the BBG” by Yasha Levine; Pando Daily; 3/01/2015. 

. . . Jacob Appelbaum’s will­ing­ness to work directly for an old CIA cutout like Radio Free Asia in a nation long tar­geted for regime-change is cer­tainly odd, to say the least. Par­tic­u­larly since Appel­baum made a big pub­lic show recently claim­ing that, though it pains him that Tor takes so much money from the US mil­i­tary, he would never take money from some­thing as evil as the CIA. . . .

. . . Appelbaum’s finan­cial rela­tion­ships with var­i­ous CIA spin­offs like Radio Free Asia and the BBG go fur­ther. From 2012 through 2013, Radio Free Asia trans­ferred about $1.1 mil­lion to Tor in the form of grants and con­tracts. This mil­lion dol­lars comes on top of another $3.4 mil­lion Tor received from Radio Free Asia’s par­ent agency, the BBG, start­ing from 2007. . . .

9. More about CIA-derived BBG, Radio Free Asia and Open Technology Fund and their financial backing for much of the so-called “privacy” advocates and the tools they recommend:

“Inter­net Pri­vacy, Funded by Spooks: A Brief His­tory of the BBG” by Yasha Levine; Pando Daily; 3/01/2015. 

. . . . Though many of the apps and tech backed by Radio Free Asia’s OTF are unknown to the gen­eral pub­lic, they are highly respected and extremely pop­u­lar among the anti-surveillance Inter­net activist crowd. OTF-funded apps have been rec­om­mended by Edward Snow­den, cov­ered favor­ably by ProP­ub­lica and The New York Times’ tech­nol­ogy reporters, and repeat­edly pro­moted by the Elec­tronic Fron­tier Foun­da­tion. Every­one seems to agree that OTF-funded pri­vacy apps offer some of the best pro­tec­tion from gov­ern­ment sur­veil­lance you can getIn fact, just about all the fea­tured open-source apps on EFF’s recent “Secure Mes­sag­ing Score­card” were funded by OTF. . . .

. . . . You’d think that anti-surveillance activists like Chris Soghoian, Jacob Appel­baum, Cory Doc­torow and Jil­lian York would be staunchly against out­fits like BBG and Radio Free Asia, and the role they have played — and con­tinue to play — in work­ing with defense and cor­po­rate inter­ests to project and impose U.S. power abroad. Instead, these rad­i­cal activists have know­ingly joined the club, and in doing so, have become will­ing pitch­men for a wing of the very same U.S. National Secu­rity State they so adamantly oppose. . . .

10. Quoting from a seminal article by David Golumbia, THIS is what Julian Assange, WikiLeaks and “Team Snowden” are doing!

“Tor, Technocracy, Democracy” by David Golumbia; Uncomputing.org; 4/23/2015.

. . . . Such tech­no­cratic beliefs are wide­spread in our world today, espe­cially in the enclaves of dig­i­tal enthu­si­asts, whether or not they are part of the giant corporate-digital leviathanHack­ers (“civic,” “eth­i­cal,” “white” and “black” hat alike), hack­tivists, Wik­iLeaks fans [and Julian Assange et al–D. E.], Anony­mous “mem­bers,” even Edward Snow­den him­self walk hand-in-hand with Face­book and Google in telling us that coders don’t just have good things to con­tribute to the polit­i­cal world, but that the polit­i­cal world is theirs to do with what they want, and the rest of us should stay out of it: the polit­i­cal world is bro­ken, they appear to think (rightly, at least in part), and the solu­tion to that, they think (wrongly, at least for the most part), is for pro­gram­mers to take polit­i­cal mat­ters into their own hands. . .

11. Both WikiLeaks and Snowden are heroes to many young people. As we have seen, the “Alt.right” forces embodied in Donald Trump are the same embodied in Julian Assange, WikiLeaks and Eddie the Friendly Spook.  We conclude the program with brief discussion of Donald Trump, Jr.’s role in tweeting and re-tweeting Nazi dog-whistles.

“Trump Jr’s ‘Skittles’ Tweet Is Based on Two Different White Supremacist Memes — and Nazi Propaganda” by Travis Gettys; Raw Story ; 9/20/2016.

Donald Trump Jr. drew widespread condemnationfor comparing Syrian refugees to poisoned candy — but his analogy isn’t a new one, and it’s based on two separate white supremacist memes with roots in Nazi propaganda.

Trump — the Republican presidential candidate’s eldest son and a top campaign surrogate — tweeted the image Monday evening in an apparent response to the dumpster bombing over the weekend in New York City, which his dad inaptly linked to the refugee crisis.

“This image says it all,” reads the text. “Let’s end the politically correct agenda that doesn’t put America first. #trump2016,” accompanied by the official Donald Trump/Mike Pence campaign logo and slogan. The analogy isn’t new, and has been used for years by white supremacists to overgeneralize about various minority groups. “It is often deployed as a way to prop up indefensible stereotypes by taking advantage of human ignorance about base rates, risk assessment and criminology,” wrote Emil Karlsson on the blog Debunking Denialism. “In the end, it tries to divert attention from the inherent bigotry in making flawed generalizations.” A spokeswoman for Wrigley Americas, which makes Skittles, whacked Trump’s dehumanizing comparison. “Skittles are candy. Refugees are people. We don’t feel it’s an appropriate analogy,” said Denise Young, vice president of corporate affairs. “We will respectfully refrain from further commentary as anything we say could be misinterpreted as marketing.”

Joe Walsh, a single-term congressman from Illinois and now a right-wing talk radio host who’s been booted from the airwaves for using racial slurs, bragged that Trump’s meme was nearly identical to one he had tweeted a month earlier.

The analogy, which has been used on message boards and shared as social media memes, originally used M&Ms as the candy in question — but that changed after George Zimmerman gunned down Trayvon Martin while the unarmed black teen was walking home from buying a drink and some Skittles.

A Google image search of “skittles trayvon meme”reveals a horrible bounty of captioned images mocking the slain teenager, whose killer was acquitted after claiming self-defense under Florida’s “stand your ground” law.

But the poisoned candy analogy goes back even further, to an anti-Semitic children’s book published by Julius Streicher, the publisher of the Nazi newspaper Der Stürmer who was executed in 1946 as a war criminal.

The book tells the tale of “the poisonous mushroom,” and was used to indoctrinate children in hate.

“Just as poisonous mushrooms spring up everywhere, so the Jew is found in every country in the world,” the story’s mother explains to her son. “Just as poisonous mushrooms often lead to the most dreadful calamity, so the Jew is the cause of misery and distress, illness and death.”

So Trump’s appalling analogy isn’t just unoriginal and demeaning — it’s actually racist in four different ways.

12. Roger Stone and Trump, Jr. were portrayed in an Alt.right tweet endorsed by the Trumpenkampfverbande. Do not lose sight of the fact that Stone is now networking with Julian Assange and WikiLeaks.

“Trump Ally, Son Share Meme Featuring Symbol Of White Nationalist Alt-Right” by Allegra Kirkland; Talking Points Memo Livewire; 9/12/2016.

Two members of Donald Trump’s inner circle shared memes on social media over the weekend featuring a symbol popular with the white nationalist alt-right.

Riffing off of Hillary Clinton’s remark that some of Trump’s supporters are racists, misogynists, and xenophobes who belong in a “basket of deplorables,” the meme shared by Donald Trump Jr. and Trump ally Roger Stone showed key Trump allies photoshopped onto a poster from the move “The Expendables.” In the edited poster for “The Deplorables,” those armed staffers and Trump boosters are shown alongside Pepe the Frog, a cartoon figure that first cropped up on the 4chan website and has since become associated with the white supremacist movement online.

Trump, Indiana Gov. Mike Pence (R), New Jersey Gov. Chris Christie (R), Ben Carson, conspiracy theorist Alex Jones, and alt-right figurehead Milo Yiannopoulos were among those in included in the image.

“Apparently I made the cut as one of the Deplorables,” Trump Jr. wrote on Instagram in a caption accompanying the meme, saying he was “honored” to be grouped among Trump’s supporters.

Informal Trump advisor Roger Stone shared the same image on Twitter, saying he was “so proud to be one of the Deplorables.”

Pepe the Frog has emerged as an unofficial mascotof the alt-right, a loosely defined group of white nationalists who congregate online to debate IQ differences between the races and joke about burning Jewish journalists in ovens.

Last fall, Trump himself shared a meme featuring himself as president Pepe. He has retweeted users with handles like @WhiteGenocideTM on multiple occasions.

@codyave: @drudgereport@BreitbartNews@Writeintrump “You Can’t Stump the Trump”https://t.co/0xITB7XeJVpic.twitter.com/iF6S05se2w“— Donald J. Trump (@realDonaldTrump) October 13, 2015

Trump has disavowed support from the alt-right and white supremacists like former KKK Grand Wizard David Duke, though he hired Steve Bannon, chairman of the alt-right promoting Breitbart News, as his campaign CEO in August.

13. Trump, Jr. has political aspirations. The gravitas that Snowden and WikiLeaks have with young Americans may bear very bitter fruit, indeed.

“A Chip off the Old Block” by Digby; Hullabaloo; 9/21/2016.

I wrote about Trump Jr for Salon this morning:In the beginning of the 2016 campaign the only one of Donald Trump’s five children with a high public profile was his daughter Ivanka who has her own celebrity brand just like her father’s. The two older sons were unknown to the general public but they made quite a good first impression when the whole family appeared on a CNN family special. They are all so attractive and glamorous that many people came to believe they were Donald Trump’s best feature. Indeed, it was said that the fact he’d raised such an admirable family spoke so well of him that it smoothed some of the rough edges of his own personality. Unfortunately, as people have gotten to know them better, they’ve revealed themselves to be as rough edged as dear old Dad, particularly his namesake, Donald Jr.

For most of the primaries Trump proudly evoke his two older sons when he talked about the 2nd amendment, touting their NRA membership and love of guns. It was a little bit shocking to see the ghastly pictures of their African big game kills including a horrific shot of Trump Jr holding a severed elephant tail, but they seemed to otherwise be pretty ordinary hard-working businessmen devoted to their family. For the most part they kept a low profile, serving as the usual family props in a political campaign.

When Donald Jr spoke to a white supremacist radio host in March it set off a few alarm bells simply because his father’s extreme immigration policies had been so ecstatically received by white nationalist groups. But most chalked it up to inexperience and let it go. Surely Junior wasn’t as crudely racist as the old man who was reported to keep a book of Hitler speeches next to the bed. But just a few days later he retweeted a racist science fiction writer named Theodore Beale who goes by the handle of “Vox Day” claiming that a famous picture of a Trump supporter giving a Nazi salute was actually a follower of Bernie Sanders. The apple didn’t fall far from the tree after all.

At the GOP convention in July, all four of the grown kids gave heartfelt speeches about their Dad, even as they made clear through their childhood anecdotes that the only time they ever spent with him was at the office and it seemed that Junior in particular had taken a more active role and was seen in a more serious light. people were talking about him as a moderating voice in the campaign.

Right after the convention, however, he let out a deafening dogwhistle that left no doubt as to his personal affiliation with the far right. He went to the Neshoba County Fair in Philadelphia Mississippi, best remembered as the place where three civil rights workers were murdered in 1964. But it has special political significance as the site of Ronald Reagan’s famous “states’ rights” speech in 1980 where he signaled his sympathy for white supremacy by delivering it at the scene of that horrendous racist crime. (The man who coined the term “welfare queen” was always a champion dogwhistler.) Trump Jr went there to represent and represent he did. When asked what he thought about the confederate flag he said, “I believe in tradition. I don’t see a lot of the nonsense that’s been created about that.”

Since then it’s been revealed that he follows a number of white nationalists on twitter and he’s retweeted several including a a psychologist who believes Jews manipulate society. And in the last couple of weeks Junior has let his alt-right freak flag fly. First he got excited about Hillary Clinton’s “deplorable” comment and proudly retweeted a picture with the title “The Deplorables” that had been making the rounds featuring Trump, Mike Pence, Rudy Giuliani, Chris Christie, Ben Carson, Eric Trump and Donald Jr along with conspiracy theorist Alex Jones, right wing hit man Roger Stone, alt-right leader Milo Yianopolis and white supremacist symbol Pepe the Frog. There’s no indication that any of them had a problem with that but a lot of other people found it to be revealing, to say the least.

A couple of days later Trump Jr stepped in it again, saying the media would be “warming up the gas chamber” for Republicans if they lied and cheated the way Hillary Clinton does. He claimed he was talking about capital punishment but his association with virulent anti-Semites makes that claim ring a little bit hollow.

And then there was the Skittles incident. Donald Jr tweeted out a deeply offensive image of a bowl of skittles with the words “If I had a bowl of Skittles and I told you three would kill you would you take a handful? That’s our Syrian refugee problem.” It’s a terrible metaphor, wrong in every way and Donald Jr took some heat for it. But it’s yet another window into his association with alt-right white nationalism. That bad metaphor has been around in various forms for a long time. In this country it was usually a bowl of M&Ms representing black people.. The people who traffic in this garbage fairly recently changed it to Skittles because that was the candy Trayvon Martin had bought on the night he was murdered by vigilante George Zimmerman. Yes, it’s that sick.

You hear pundits and commentators saying that Donald Trump is sui generis and his phenomenon won’t be recreated. They’re probably right. But perhaps they are not aware that his son also has political ambitions and he is simply a younger, better looking version of his father with much more hair. If alt-right white nationalism is going to be an ongoing feature of American political life, they have their leader. He is one of them.

14. More about Trump, Jr. and his political aspirations:

“Yikes! Now Donald Trump Jr. Says He Would “Love” to Run for Office ‘as a Patriot’ ” by Sophia Tesfaye; Salon; 7/20/2016.

After his questionable speech to the RNC, Trump Jr. said he “would consider” running once his kids finish school

Calling it “one of the most thrilling moments of my life,” Donald Trump Jr. brushed aside burgeoning controversy surrounding the second Trump family speech at the RNC in as many days while speaking with the Wall Street Journal Wednesday morning.

The oldest son of the Republican presidential nominee said that while he still has “a lot to do in my own career,” he would seriously consider following in his father’s footsteps out of real estate and into political life.

The 38-year-old New Yorker said that “maybe when the kids get out of school I would consider it.” The father of five explained that he’d “love to be able to do it, as a patriot.”

His seemingly premature flirtation with political office comes hours after he delivered a major address to the RNC Tuesday evening — a speech that has already been flagged as a potential second case of Trump family plagiarism.

https://twitter.com/TheDailyShow/status/755601024908300288

While Trump Jr. told Fox News’ Sean Hannity that “We [the Trump kids] all took a lot of pride. We all wrote the speeches ourselves,” American Conservative columnist told Vox News that the apparently lifted portions can’t be considered plagiarism because he wrote both the original column and the Trump’s speech.

So while he may not be a plagiarizer in the new conservative definition of the word (my college professors always warned against recycling my own work for new courses) it looks like we may have another Donald Trump popping up on the political landscape very soon.

 

Discussion

17 comments for “FTR #924 Technocratic Fascism, the High-Profile Hacks and The Obverse Oswald: Update on the Adventures of Eddie the Friendly Spook”

  1. Oh great, just what the world needs. Another Silicon Valley Alt-Right sugar daddy. Specifically, a Silicon Valley Alt-Right sugar daddy who created a 501(c)4 non-profit organization to finance the promotion of Alt-Right “shitposting” memes:

    The Daily Beast

    Palmer Luckey: The Facebook Near-Billionaire Secretly Funding Trump’s Meme Machine
    Palmer Luckey—founder of Oculus—is funding a Trump group that circulates dirty memes about Hillary Clinton.

    Gideon Resnick
    Ben Collins
    09.22.16 8:00 PM ET

    A Silicon Valley titan is putting money behind an unofficial Donald Trump group dedicated to “shitposting” and circulating internet memes maligning Hillary Clinton.

    Oculus founder Palmer Luckey financially backed a pro-Trump political organization called Nimble America, a self-described “social welfare 501(c)4 non-profit” in support of the Republican nominee.

    Luckey sold his virtual reality company Oculus to Facebook for $2 billion in 2014, and Forbes estimates his current net worth to be $700 million. The 24-year-old told The Daily Beast that he had used the pseudonym “NimbleRichMan” on Reddit with a password given to him by the organization’s founders.

    Nimble America says it’s dedicated to proving that “shitposting is powerful and meme magic is real,” according to the company’s introductory statement, and has taken credit for a billboard its founders say was posted outside of Pittsburgh with a cartoonishly large image of Clinton’s face alongside the words “Too Big to Jail.”

    “We conquered Reddit and drive narrative on social media, conquered the [mainstream media], now it’s time to get our most delicious memes in front of Americans whether they like it or not,” a representative for the group wrote in an introductory post on Reddit.

    Potential donors from Donald Trump’s biggest online community—Reddit’s r/The_Donald, where one of the rules is “no dissenters”—turned on the organization this weekend, refusing to believe “NimbleRichMan” was the anonymous “near-billionaire” he claimed to be and causing a rift on one of the alt-right’s most powerful organizational tools.

    Luckey insists he’s just the group’s money man—a wealthy booster who thought the meddlesome idea was funny. But he is also listed as the vice president of the group on its website.

    “It’s something that no campaign is going to run,” Luckey said of the proposed billboards for the project.

    “I’ve got plenty of money,” Luckey added. “Money is not my issue. I thought it sounded like a real jolly good time.”

    But in another post written under Luckey’s Reddit pseudonym, there are echoes of a similar tech billionaire, Peter Thiel, who used his deep pockets to secretly fund a campaign against Gawker.

    “The American Revolution was funded by wealthy individuals,” NimbleRichMan wrote on Saturday. Luckey confirmed to The Daily Beast he penned the posts under his Reddit pseudonym. “The same has been true of many movements for freedom in history. You can’t fight the American elite without serious firepower. They will outspend you and destroy you by any and all means.”

    Before becoming directly involved in the process, Luckey met the man who would serve as the liaison for the nascent political action group, and provide legitimacy to a Reddit audience for later donations without having to reveal Luckey’s identity: Breitbart tech editor and Trump booster Milo Yiannopoulos. The bleached-blonde political agitator is most notable for being permanently suspended from Twitter for harassment after a series of abusive messages to actress Leslie Jones.

    Luckey first met the alt-right provocateur in Los Angeles about a year and a half ago, before Yiannopoulos began working on a charity to send white men to college. The Daily Beast later reported that the scholarship fund had resulted in zero financial distribution of the donations that had been made directly to Yiannopoulos’s bank account.

    “I came into touch with them over Facebook,” Luckey said of the band of trolls behind the operation. “It went along the lines of ‘hey, I have a bunch of money. I would love to see more of this stuff.’ They wanted to build buzz and do fundraising.”

    And that’s when the trouble began.

    Along with Luckey, Nimble America was founded by two moderators of Reddit’s r/The_Donald, which helped popularize Trump-themed white supremacist and anti-Semitic memes along with 4Chan and 8Chan. A questionnaire to become a moderator at r/The_Donald posted in March had applicants answer the questions “Is there a difference between white nationalism and white supremacy?” and “Was 9/11 an inside job?”

    On Saturday, the organization held a fundraising drive on r/The_Donald, stating that all donations to Nimble America’s website or its boost.com fundraising site would be matched by Luckey within 48 hours. This sparked a heated exchange on the site as various users expressed concern about making financial contributions to something that wasn’t the official Trump campaign site. (Some even speculated that this was an undercover operation orchestrated by the Clinton campaign.)

    “Stop trying to monetize this community. Stop trying to make anything official. Stop trying to make this more than what it is. You’re becoming too self-important,” wrote IncomingTrump720 in the highest ranked reply to a post called “About what happened tonight.”

    Nimble America boosters swore that there was an anonymous “near-billionaire” backing the effort. Redditors immediately doubted the money man was real.

    “Anonymous ‘obscenely wealthy’ donors are shady as fu ck,” Trump720 added. The user then posted alleged transcripts of the community’s moderators that purport anyone questioning the legitimacy of the fundraising posts was immediately banned from the subreddit. (Moderators did not respond to requests to confirm the veracity of the transcripts from The Daily Beast at press time.)

    Despite vouching for the validity of the organization, not even Yiannopoulos’s word was taken at face value. Now Luckey, the money man behind this effort, is waiting to see what comes of his investment.

    “I’m not going to keep throwing money after something if I don’t see any results,” Luckey said after suggesting that the fundraising push was not a good idea. “I think these guys are pretty legit. The sums of money are so small, I don’t think they’re out to scam anybody. If they disappear with the money, I wouldn’t throw any more money at them.”

    No one within the group answered how much money the group currently has on hand. And without an official accounting with the Federal Election Commission, there’s no way for the public to know.

    “Prior to our launch, we raised over $11,000 in order to launch Nimble America,” Dustin Ward, a moderator at r/The_Donald and one of Nimble America’s founders, told The Daily Beast. He said that most of the money had gone toward securing the “services of our Nimble attorneys,” and that they have “in-kind pledges from our donors to be used on the ads and events we’re planning.”

    The group filled out paperwork for an Article of Incorporation for “Nimble America Inc” in Wisconsin and, according to the documents on their own website (PDF), only paid $60 for this service. The lawyer whose name is on the document, Mike B. Wittenwyler, confirmed that he had signed it, but did not answer further questions about payments.

    A financial statement document available on Nimble America’s accounts for $9,333 in spending for Facebook ads, billboards and “website ops.” The last transaction occurred on Aug. 21.

    Luckey said that the group had already put up a billboard, which according to their website was placed on a digital display near Pittsburgh. Other details about it are not entirely clear.

    Ward said “We’re purchasing billboard space near the site of the first debate, to run simultaneously and promote a candidate we feel represents our interests.”

    According to Paul Ryan, deputy executive director of the The Campaign Legal Center, Nimble America can still exist as a 501(c)(4) so long as it does other things besides supporting Trump.

    “Federal tax law prohibits 501(c)(3) organizations from spending any money to intervene in (i.e., influence) a candidate election,” Ryan said in an email to The Daily Beast. “By contrast, federal tax law permits 501(c)(4) organizations to spend money advocating the election or defeat of candidates, so long as such activity isn’t the 501(c)(4) organization’s ‘primary’ activity. And for any group that DOES have candidate advocacy as its primary activity, the appropriate tax exempt status is under Section 527 of the tax code.”

    So Nimble America is allowed to do what it’s doing up to a certain point.

    “The group knows that it can do some candidate election work, but that such work can’t be its primary activity—i.e., it has to spend more than half of its budget on non-candidate-election work,” Ryan told The Daily Beast when provided documentation about the organization.

    However, it’s not clear whether or not the budget would be used for such purposes.

    ““The American Revolution was funded by wealthy individuals,” NimbleRichMan wrote on Saturday. Luckey confirmed to The Daily Beast he penned the posts under his Reddit pseudonym. “The same has been true of many movements for freedom in history. You can’t fight the American elite without serious firepower. They will outspend you and destroy you by any and all means.””

    So near billionaires like Luckey and Peter Thiel apparent aren’t “American elite” but actually noble populist revolutionaries. Aha. So all the article about right-wing paid online trolling operations over the years have actually be stories of a modern American Revolution. And Luckey paying lead trolls at the white supremacist, antisemitic r/The_Donald Reddit subforum is just one part wealthy individual fighting that second revolution against “the American elite”. Now we know.

    What we still don’t know is what exactly Luckey’s 501(c)4 is going to do other than promote Donald Trump. But it legally has to do something in order to maintain its non-profit status. So what’s the other mission of “Nimble America” going to be? Just generic Alt-Right “shitposting”? A whole bunch of generically pro-bigotry billboards?

    Whatever that non-Trump oriented activity of Nimble America ends up being, it’s pretty obvious that it’s going to be awful. Especially if Trump wins and the US gets overwhelmed with far-right memes not just emanating for internet forums like Reddit but also the White House and Congress. The number of potential horrible ideas that are going to need promoting during a Trump presidency is basically endless . Why using nukes is a great idea? A Trump administration could really use memes like that. Letting poor people die from a lack of medical care? There’s going to be a big need for those memes. A campaign for abusing puppies? That definitely seems very possible. How about replacing the bald eagle with a racist frog as the national emblem? That one’s a given.

    As we can see, while Luckey’s Nimble America 501(c)4 might need to get a little more nimble and varied in its activities if it’s going to remain a legal far-right troll meme sugar daddy, it’s not like there’s a shortage of non-Trump-related far-right memes in dire need of trolling. It isn’t always easy to get a nation to commit national suicide in the form of some sort of Alt-Right revolution. Lots and lots of bad ideas are required.

    Posted by Pterrafractyl | September 23, 2016, 5:43 pm
  2. While the presidential debate last night undoubtedly helped Hillary Clinton given Donald Trump’s erratic and unhinged debate performance, one of the unfortunate questions we have to ask now is whether or not it would make a meaningful difference to his base of supporters. After all, ’tis the Season of Trump. If the Trumpian faction of the electorate cares about things like erratically unhinged leadership it’s not at all obvious at this point.

    Well, if the following article is accurately reflecting the response of one of key elements of Trump’s base, Alt Right online trolls, it does appear that Trump’s erratic performance left them a little rattled. And not only rattled but a little pissed too. Why pissed? Because, ironically, when Trump actually made a semi-valid point (one of just a handful for him during the debate) that it’s entirely possible the DNC hackers were some other foreign government other than Russia, or maybe “someone sitting on their bed that weighs 400 pounds”, he ended up insulting that key Trumpian base of 4Chan/8Chan online Alt Right trolls. A base known for its abundance of hackers.

    So hey, maybe Trump was right. Maybe the DNC hacks really were carried out by one or more hacker sitting in their beds. After all, there’s a troll army of Trumpian superfans who take the image of hackers in bed very seriously:

    The Daily Beast

    Donald Trump’s Online Trolls Turn on Their ‘God Emperor’
    The alt-right diehards of 4chan, who’ve helped power the GOP nominee’s campaign with racist memes, were none too thrilled about his ‘400-pound’ hacker comment at the first debate.

    Ben Collins
    09.27.16 12:30 AM ET

    One of Donald Trump’s most ardent fringe message boards appeared to turn on its candidate of choice during Monday night’s debate, saying he “got played” and that “this was not supposed to happen.”

    4chan, the alt-right forum that Trump and his campaign surrogates have mined for memes and image macros to repurpose on campaign Twitter accounts as recently as two weeks ago, devolved into arguments about whether the usually uniformly pro-Trump website had been overrun by “shills” or if the candidate had simply lost the debate.

    “I watched it with family mixed Democrat/Republican,” wrote one user. “Every single person on both sides thought Trump looked horrible.”

    Still, some users took time to attempt to game online polls soliciting opinions on who won the debate, imploring users to “abuse airplane mode toggling” to allow for more votes for Trump on websites like CNBC, Time, ABC News, and CNN.

    Trump then spent the night pointing his Twitter users to those same poll numbers, which had been brigaded by 4chan and Trump’s Reddit community r/The_Donald. “Great debate poll numbers – I will be on @foxandfriends at 7:00 to discuss,” he wrote. “Enjoy!”

    “OK guys, let’s cut the bullshit. Trump actually sucked tonight,” wrote post ID 3h7UYcU0. (All posts are anonymous on 4chan.) “Let’s talk about where we go from here. What does Trump need to do better next debate?”

    A few users appeared to have an answer to that question. They took issue with Trump’s decision during the debate to blame the Democratic National Committee hack, which U.S. officials believe was perpetrated by Russia, on “someone sitting on their bed that weighs 400 pounds.”

    “[Your face when] Trump calls you out for being a 400 pound hacker,” wrote one user, alongside an image titled fat-computer-guy.gif.

    “Which one of you 400lb ass holes hacked the DNC,” asked another.

    4chan—and its sister site 8chan, which was spawned because founder Frederick Brennan believed 4chan had become too “authoritarian”—has served as a breeding ground for some of the racist and anti-Semitic memes that have made their way onto Trump’s Twitter feed. Both sites have seen massive spikes in traffic since Trump locked up the nomination, with 4chan jumping to about 140 million August visitors from 110 million visitors in April 2016.

    Trump infamously tweeted of a Star of David next to Hillary Clinton’s face over a pile of money in a Photoshopped image that was widely distributed by 8chan back in July.

    But on Monday night, even 8chan’s users noticed that 4chan was reeling.

    “They’re actually complaining about him losing, and describing how they feel let down,” wrote one user. “Amid some chirps of Hillary Clinton super PAC Correct the Record.”

    4chan’s de facto white-nationalist mascot Pepe, a cartoon frog that has come to represent both pro-Trump and anti-Semitic users on the site over the last year, even had its hand Photoshopped onto a smiling Clinton. Another meme showed Pepe pointing a machine gun at the back of its head.

    A third showed the mascot drinking wine, along with the caption “Just for PredictItthe record I never actually supported Trump. I just did it for the memes.”

    4chan’s sentiment tended to coincide with anonymous money being gambled on the web.

    According to the website PredictIt, which allows American users to bet on who will win the election, Clinton at one point netted a 15-percentage point swing between the start and end of the debate.

    “4chan’s de facto white-nationalist mascot Pepe, a cartoon frog that has come to represent both pro-Trump and anti-Semitic users on the site over the last year, even had its hand Photoshopped onto a smiling Clinton. Another meme showed Pepe pointing a machine gun at the back of its head.”

    Wow. It turns out a den of white supremacist trolls can be rather fickle. Imagine that. Although not too fickle, since they still rigged all the online post-debate polls for Trump anyway:

    Vanity Fair

    Trump Accidentally Insults His Own Alt-Right Meme Army
    But they manipulated online poll results in his favor anyway.
    by

    Maya Kosoff

    September 27, 2016 3:57 pm

    Everyone has feelings, even the digital denizens of the Internet’s anarchic heart, and on Monday night, Donald Trump hit them where it hurts. The Republican nominee, who has found enthusiastic support among the many anonymous alt-right trolls, hackers, white supremacists, and other mischief-makers who inhabit the Web’s dark corners, was engaged in a rambling diatribe about “cyber” during the first presidential debate with Hillary Clinton when he accidentally crossed the line.

    “I don’t think anybody knows that it was Russia that broke into the D.N.C.,” Trump asserted, bristling at an accusation by Clinton that he “invited Putin” to hack the U.S. government by applauding the recent cyberattack on the Democratic National Committee this summer. “I don’t—maybe it was. I mean, it could be Russia, but it could also be China, it could also be lots of other people. It also could be somebody sitting on their bed who weighs 400 pounds, O.K.?” Trump said.

    The stereotype of an obese, possibly bedridden hacker did not go over well with some members of 4chan, the anything-goes online forum that has originated many of the white-supremacist memes that have suffused the Trump campaign. “OK guys, let’s cut the bullshit. Trump actually sucked tonight,” one user wrote, according to the Daily Beast. “Let’s talk about where we go from here. What does Trump need to do better next debate?” Another posted an image of a large man clutching a computer keyboard with the caption: “YFW [Your Feelings When] trump calls you out for being a 400 lb hacker.” The criticism continued. “Trump did terribly,” another user said. “There was so much gold to go after, like her emails, how she sold uranium to Russia, the DNC leaks, etc. and he said maybe 1 or 2 sentences about it while spending 20 minutes ranting and raving trying to defend himself over trivial things while Hillary just sat there looking pleased with herself. Goddamnit Donald, there was so much you could have hit her on. . . . I’m pissed as fu ck.”

    Despite disappointing, angering, and alienating a portion of his typically devout message-board fan base, 4chan and Reddit users still managed to find it in their hearts to mobilize online for Trump on Monday night. Users on the unofficial pro-Trump subreddit R/The_Donald and 4chan posted links to dozens of unscientific polls from news organizations, including Wired, The Telegraph, USA Today, NBC Nightly News, and CNBC, which were asking readers to vote on who they thought won the first debate. Trump supporters bombarded the easily manipulated polls, creating a false sense that Trump had outperformed his opponent. “Abuse Airplane Mode toggling,” one 4chan user wrote, explaining how Trump supporters could vote again and again in various online polls. And it was successful: Trump ended up winning in the unofficial polls, and then spent the evening tweeting out the poll results, which showed he had won. “Great debate poll numbers – I will be on @foxandfriends at 7:00 to discuss,” he wrote Tuesday morning. “Enjoy!” For Trump, it was the perfect result for a campaign not grounded in facts or reality.

    “Despite disappointing, angering, and alienating a portion of his typically devout message-board fan base, 4chan and Reddit users still managed to find it in their hearts to mobilize online for Trump on Monday night. Users on the unofficial pro-Trump subreddit R/The_Donald and 4chan posted links to dozens of unscientific polls from news organizations, including Wired, The Telegraph, USA Today, NBC Nightly News, and CNBC, which were asking readers to vote on who they thought won the first debate. Trump supporters bombarded the easily manipulated polls, creating a false sense that Trump had outperformed his opponent. “Abuse Airplane Mode toggling,” one 4chan user wrote, explaining how Trump supporters could vote again and again in various online polls. And it was successful: Trump ended up winning in the unofficial polls, and then spent the evening tweeting out the poll results, which showed he had won. “Great debate poll numbers – I will be on @foxandfriends at 7:00 to discuss,” he wrote Tuesday morning. “Enjoy!” For Trump, it was the perfect result for a campaign not grounded in facts or reality.”

    As we can see, when the Troll King trolls his den of trolls the trolls respond by trolling the rest of the world. It’s one reason why, whether or not the DNC hacker really was a Trump superfan, that doesn’t mean the next partisan hack won’t be Trump superfan. Heck, if anything it’s more likely now that’s the Troll King trolled his trolls. That seems to be how they operate.

    Troll world is weird.

    Posted by Pterrafractyl | September 27, 2016, 3:00 pm
  3. An article from Canada’s National Post Sept. 28 2016 by Tristin Hopper entitled “Hitler was on cocaine and his troops were on meth:
    Author reveals deep influence of drugs in Nazi Germany.”
    “Ohler’s book Blitzed will be released in Canada on October 6. Published in the original German as The Total Rush. it tells the story
    of how Nazi Germany fought a surprising amount of the Second World War in a drug-fueled haze.”
    During Monday’s televised presidential debate many viewers were left wondering if the Trumpenfuhrer was fighting Hilary Clinton
    through a similar drug-fueled haze. Trump’s typical Il Duce facial contortions were accompanied by a lot of deep sniffing.
    “I call it the Fuhrer-high; it makes you feel on top of the world even if the world is collapsing around” said German author Norman Ohler speaking to the National Post by phone.
    It should be noted Ohler was describing Hitler, not Trump, lest there be any confusion.

    Posted by Dennis | September 28, 2016, 12:05 pm
  4. Did the FBI arrest an NSA contractor responsible for the Shadow Brokers leak? That’s not clear at this point, but it sure looks like it:

    The New York Times

    N.S.A. Contractor Arrested in Possible New Theft of Secrets

    By JO BECKER, ADAM GOLDMAN, MICHAEL S. SCHMIDT and MATT APUZZO
    OCT. 5, 2016

    WASHINGTON — The F.B.I. secretly arrested a National Security Agency contractor in recent weeks and is investigating whether he stole and disclosed highly classified computer code developed to hack into the networks of foreign governments, according to several senior law enforcement and intelligence officials.

    The theft raises the embarrassing prospect that for the second time in three years, an insider has managed to steal highly damaging secret information from the N.S.A. In 2013, Edward J. Snowden, who was also a contractor for the agency, took a vast trove of documents that were later passed to journalists, exposing N.S.A. surveillance programs in the United States and abroad.

    The contractor was identified as Harold T. Martin III, 51, of Glen Burnie, Md., according to a criminal complaint filed in late August. He was charged with theft of government property, and unauthorized removal or retention of classified documents. During an F.B.I. raid of his house, agents seized documents and digital information stored on electronic devices. A large percentage of the materials found in his house and car contained highly classified information.

    At the time, F.B.I. agents interviewed Mr. Martin, and he initially denied having taken the documents and digital files. The agency later said he had stated that he knew he was not authorized to have the materials. According to the complaint, he told the agency that “he knew what he had done was wrong and that he should not have done it because he knew it was unauthorized.”

    In a brief statement issued on Wednesday, lawyers for Mr. Martin said: “We have not seen any evidence. But what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country.”

    The information believed stolen by Mr. Martin — who like Mr. Snowden worked for the consulting firm Booz Allen Hamilton, which is responsible for building and operating many of the agency’s most sensitive cyberoperations — appears to be different in nature from Mr. Snowden’s theft.

    Mr. Martin is suspected of taking the highly classified computer code developed by the agency to break into computer systems of adversaries like Russia, China, Iran and North Korea. Two officials said that some of the information the contractor is suspected of taking was dated.

    Officials said Mr. Martin did not fit any of the usual profiles of an “insider threat,” and it is unclear whether he had political motives, as Mr. Snowden did when he exposed programs that he said violated the privacy of American citizens.

    An administration official said the case had been handled secretively not in order “to keep this guy from becoming another N.S.A. martyr,” but because it was a continuing law enforcement case and the hope was that Mr. Martin would cooperate. The official said investigators suspected that Mr. Martin might have taken the material before Mr. Snowden’s actions became public.

    The official said that at the moment it did not look like an espionage case, but added the caveat that it is a continuing investigation. At the same time, the official said that investigators think Mr. Martin is not politically motivated — “not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that.”

    Motivation is one of many unanswered questions about the case. It is not clear when and how the authorities first learned the contractor’s identity, when they believe he began taking information, or whether he passed it to people outside the government. It is also not known whether he is believed to be responsible for a leak of classified N.S.A. code attributed to a group calling itself the Shadow Brokers, or whether he had any role in a series of leaks of N.S.A. intercepts involving Japan, Germany and other countries that WikiLeaks has published since last year.

    “We’re struggling to figure him out,” the official said, speaking on the condition of anonymity because no indictment has been publicly released.

    Mr. Martin was charged in United States District Court in Baltimore. The government is allowed to charge people and bring them before a court in secret. That happens most often when defendants are cooperating or negotiating plea deals, or out of fear for their safety. But the secrecy could also indicate that the Justice Department requested it while analyzing the evidence, and that defense lawyers agreed.

    For the N.S.A., which spent two years and hundreds of millions, if not billions, of dollars repairing the damage done by Mr. Snowden, a second insider leaking the agency’s information would be a devastating blow. The agency’s director, Adm. Michael Rogers, who previously ran the Navy’s Fleet Cyber Command, was brought in to restore the agency’s credibility, open it to more scrutiny and fix the problems that allowed Mr. Snowden to sweep up hundreds of thousands of documents.

    Officials said Mr. Martin did not fit any of the usual profiles of an “insider threat,” and it is unclear whether he had political motives, as Mr. Snowden did when he exposed programs that he said violated the privacy of American citizens.

    It is also a potential setback for the Obama administration, which has sustained a series of huge disclosures of classified information. Along with Mr. Snowden’s revelations, the antisecrecy group WikiLeaks in 2010 disclosed hundreds of thousands of State and Defense Department documents.

    In response to those leaks, the administration has said it will crack down on the disclosures of classified information and that it has pursued more leak cases than all previous administrations combined.

    The administration has prosecuted eight people for disclosing classified information to the news media, compared with three under all previous administrations. But the crackdown has sometimes backfired. Mr. Snowden, for example, has said he was inspired by the example of two previous leakers, Thomas Drake and Chelsea Manning, who claimed to have made disclosures to reveal government wrongdoing. The latest leak suggests again that the unprecedented string of prosecutions has not deterred all leaks.

    Two former agency officials said that even as the Media Leaks Task Force, as the Snowden cleanup operation was called, was underway, there were rumors that a second insider was harvesting the agency’s most secret data. But many inside the agency thought the leaks were leftovers from the Snowden episode. Some C.I.A. officials, meanwhile, quietly speculated that the N.S.A. had a “mole,” which many inside the N.S.A. doubted.

    It is also potentially devastating for Booz Allen, which has built much of its business on providing highly technical services to the N.S.A. and other intelligence agencies.

    A spokesman for Booz Allen declined to comment on Wednesday.

    As investigators look into Mr. Martin’s case, it is almost certain that they will focus on whether the contractor was behind a leak in August that exposed a collection of electronic tools used by the N.S.A. to break into networks around the world. That material, released by a group calling itself the Shadow Brokers, was thought by outside experts to have been obtained by hacking rather than from an insider. Now, in light of the arrest, that assumption may have to be revised. The code released by the Shadow Brokers was dated from 2013, meaning that it almost certainly has been overtaken by more recent code.

    At the time of the Shadow Brokers release, many experts speculated that an N.S.A. operator had accidentally left some of the code on a computer server in a foreign nation — such servers are often used to hide the connection to the agency and to facilitate network break-ins — and that the code had been obtained by Russia.

    Mr. Snowden, in exile in Russia, wrote on Twitter that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publishing the code. He interpreted it as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee.

    At the time, the agency would not even return phone calls inquiring about the leak of the code, and froze out former employees with deep contacts in the agency. But in recent days officials said it was not clear that Russia was involved.

    Bruce Schneier, an author on information security and fellow at Harvard’s Kennedy School, has tracked post-Snowden leaks from the N.S.A. and speculated about their possible source. But he had not heard that the government had identified any leaker.

    Mr. Schneier noted that the agency has aggressively recruited in recent years at gatherings of young, tech-savvy programmers, including those who specialize in hacking. But officials have worried that the innovative free spirits they need to penetrate foreign computer systems may also include at least a few who are motivated by Mr. Snowden’s example. The current suspect, however, does not appear to fit that profile.

    “I wouldn’t call it an epidemic,” Mr. Schneier said. “But there’s a handful of leaks that clearly did not come from Snowden.” He said events in recent years might both encourage and intimidate would-be leakers.

    “On one side, there’s the inspiration of Snowden,” he said. “On the other, there’s the counterbalancing force of an agency coming down on you like a ton of bricks. Snowden is in exile. Manning is in prison.”

    While the agency previously saw a few memos made public — in 2003, a linguist with its British equivalent was arrested after leaking to the news media a single N.S.A. memo calling for a “surge” of intercepts at the United Nations — it had not experienced a mass leak until Mr. Snowden’s disclosures. He used an inexpensive bit of software to sweep up data in the agency’s Hawaii networks, undetected. At the time, officials said that would not have been possible at Fort Meade, where data is far more protected. That claim will now come under far more scrutiny.

    “As investigators look into Mr. Martin’s case, it is almost certain that they will focus on whether the contractor was behind a leak in August that exposed a collection of electronic tools used by the N.S.A. to break into networks around the world. That material, released by a group calling itself the Shadow Brokers, was thought by outside experts to have been obtained by hacking rather than from an insider. Now, in light of the arrest, that assumption may have to be revised. The code released by the Shadow Brokers was dated from 2013, meaning that it almost certainly has been overtaken by more recent code.”

    Well, assuming Harold T. Martin III was the guy behind the Shadow Brokers leak that would indicate the Shadow Brokers leak probably wasn’t part of the original Snowden “Dead Man’s switch” cache of documents and wasn’t some sort of Russian hack. Still, if that ends up being the case it does add a layer of intrigue to Edward Snowden’s mystery tweets in early August shortly before the Shadow Broker leak. After all, the files stolen by Martin reportedly come from before the Snowden leak, or at least might have according to the report:

    Officials said Mr. Martin did not fit any of the usual profiles of an “insider threat,” and it is unclear whether he had political motives, as Mr. Snowden did when he exposed programs that he said violated the privacy of American citizens.

    An administration official said the case had been handled secretively not in order “to keep this guy from becoming another N.S.A. martyr,” but because it was a continuing law enforcement case and the hope was that Mr. Martin would cooperate. The official said investigators suspected that Mr. Martin might have taken the material before Mr. Snowden’s actions became public.

    The official said that at the moment it did not look like an espionage case, but added the caveat that it is a continuing investigation. At the same time, the official said that investigators think Mr. Martin is not politically motivated — “not like a Snowden or someone who believes that what we were doing was illegal and wanted to publicize that.”

    So if these files were taken before Snowden went public, we can reasonably assume that Martin worked for Snowden’s old contractor, Booz Allen, probably during the same time Snowden was there. That doesn’t mean Snowden wouldn’t have actually met this person, but it’s still worth noting that Snowden’s mystery tweet in early August explicitly referenced someone he used to work with:

    Business Insider

    ‘It’s time’: Edward Snowden just issued a call to his former colleagues on Twitter

    Michelle Mark

    Aug. 3, 2016, 2:21 PM

    Edward Snowden, the former National Security Agency contractor turned whistleblower, issued a mysterious call for former colleagues to reconnect with him on Wednesday, tweeting “It’s time” to his more than 2 million followers:

    Did you work with me? Have we talked since 2013? Please recontact me securely, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ
    — Edward Snowden (@Snowden) August 3, 2016

    Snowden also quoted a tweet by journalist and author Barton Gellman, who said that he is seeking information on Snowden’s work in the intelligence community so he can write Snowden’s biography, and “tell it truthfully.” Gellman elaborated in an encrypted message:

    I’m writing a book for Penguin Press called DARK MIRROR: Edward Snowden and the American Surveillance State. I want to hear from anyone who has first-hand information on either. It need not be some deep dark secret. I’m interested in your observations about Snowden’s work and work habits at CIA, Dell, NSA and Booz; or his time in the Army; or in computer training courses; or the surveillance programs and practices he described. Agree with him or not, I’d like to hear from you.

    “Did you work with me? Have we talked since 2013? Please recontact me securely, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ

    Now, it’s certainly possible that Snowden was simply trying to get in contact with one of his old co-workers to be a kind of character witness. Maybe related to Oliver Stone’s movie Snowden that premiered in September or something. Still, the timing sure is interesting.

    You also have to wonder how the Kremlin will respond if it turns out Shadow Broker leak not only wasn’t a Russian hack but actually one of Snowden’s old co-workers considering Snowden’s public suggestions that Russia was behind the hack. 2017 could be a surprisingly eventful year for the Snowden Affair.

    Posted by Pterrafractyl | October 5, 2016, 3:11 pm
  5. @Pterrafractyl–

    In evaluating Harold Martin, we want to recall two things that appear to point in a different direction:

    Jacob Applebaum’s public disclosure–the first–of the ANT catalogue in December of 2013.

    Also the anti-Hillary broken English of the “Shadow Brokers.”

    This doesn’t appear to me to fit in to the Martin situation, at least on the basis of what has surfaced so far.

    From FTR #924: Author James Bamford highlighted circumstantial evidence that WikiLeaker Jacob Applebaum–who appears to have facilitated Snowden’s journey from Hawaii to Hong Kong–may have been behind the Shadow Brokers non-hack. “. . . . There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him ‘the most dangerous man in cyberspace.’In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .”
    Applebaum was anti-Clinton, sentiments expressed in the clumsy Boris and Natasha-like broken English that accompanied announcement of the Shadow Brokers’ gambit. “. . . . Shortly thereafter, he [Applebaum] turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. ‘It’s a situation that will possibly get worse’ if she is elected to the White House, he said, according to Yahoo News. . . .. . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message” against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . .”

    IF Applebaum, Martin and–perhaps–Snowden and WikiLeaks (which also had the cyberweapons in question) are linked, it suggests a network and probably a broad one at work here.

    Best,

    Dave

    Posted by Dave Emory | October 5, 2016, 5:43 pm
  6. @Dave: The Daily Beast has a report on Harold ‘Hal’ Martin’s background that would appear to provide an explanation that has nothing to do with Edward Snowden or Jacob Appelbaum: Martin took the code to help him with his PhD thesis. And given the guy’s thesis work and background, it’s not inconceivable since he was working with the NSA’s elite hacker squad and his thesis was on “new methods for remote analysis of heterogeneous & cloud computing architectures.” The article also notes the the NSA elite hacking team Martin worked with was the “Tailored Access Operations” team that was initially exposed by Appelbaum and leaked by the “Shadow Brokers”.

    So whwile Martin was indeed working closely with the kinds of tools that the “Shadow Brokers” released and could have conceivably passed some code along to whoever did the actual Shadow Broker leak (with the broken-Russian language and all), there’s nothing else that we’ve seen thus far that’s suggestive that this guy would have had the same ideological motivations that Snowden and Appelbaum have to leak the data and a plausible explanation for the theft that has nothing to do with the Snowden Affair. And he hasn’t actually been charged with leaking, but instead the “mishandling of classified information”.

    If he was part of a larger Snowden-affiliated network and passing (or passed in the past) TAO information along that network, investigators either haven’t found evidence of it or aren’t revealing that yet. It’s the kind of situation that’s a reminder that circumstantial ambiguity is an effective form of motivational encryption:

    The Daily Beast

    NSA Thief Worked With Elite Hacker Squad
    He was billed as a ‘Second Snowden’ and worked with the NSA’s most skilled hackers. But Hal Martin may have taken classified information just to help him get through school.

    Shane Harris
    Katie Zavadski
    Nancy A. Youssef
    10.05.16 4:25 PM ET

    The retired Navy officer arrested for allegedly removing highly classified information from the National Security Agency worked with the organization’s elite computer hackers, who specialize in using computer code to penetrate the systems of foreign nations, according to a former colleague and the man’s online resume.

    Harold Thomas Martin, III, who goes by Hal, was also enrolled in a PhD program at the University of Maryland Baltimore County. The university has a partnership with the NSA, in which the agency helps develop curriculum for the school and agency employees can take classes there.

    Martin worked with NSA’s Tailored Access Operations unit, sources with knowledge of his background told The Daily Beast. In his LinkedIn resume, Martin says he worked as a “cyber engineering advisor” supporting “various cyber related initiatives” in the Defense Department and intelligence community.

    Allen was employed by NSA contractor Booz Allen Hamilton. “When Booz Allen learned of the arrest of one of its employees by the FBI, we immediately reached out to the authorities to offer our total cooperation in their investigation, and we fired the employee,” Craig Veith, a vice president with the company, said in a statement. “We continue to cooperate fully with the government on its investigation into this serious matter.”

    Martin was charged with two counts of mishandling classified information and theft of government property. According to the New York Times, which first reported his arrest, the FBI is investigating whether Martin stole classified computer codes that the NSA uses to break into foreign networks. The FBI discovered the material at Martin’s home in Maryland.

    Martin’s case immediately drew comparisons to that of Edward Snowden, who was also working as a contractor for Booz Allen Hamilton when he stole classified documents that he gave to journalists. The NSA put in place so-called insider-threat detection programs after Snowden’s leaks to catch future unauthorized disclosures. But it wasn’t immediately clear whether those systems failed to spot Martin or if he removed the classified material before they were put in place.

    Martin’s lawyer told the Wall Street Journal “There is no evidence that Hal Martin intended to betray his country.” He has also not been charged yet with espionage or attempting to provide the classified information to a third party or a foreign government.

    Former intelligence officials, who said they aren’t familiar with Martin’s case, suggested he may have brought the material home to use as research for his PhD studies. “It’s conceivable given what he was working on that he might have used the [classified] material for research,” a former official said, speaking on condition of anonymity.

    The university’s director of communications, Dinah Winnick, confirmed to The Daily Beast that Martin, 51, is a PhD student in the Information Systems program but said the school had no further comment.

    It’s not known whether Martin’s PhD work related to his work at NSA, which focused on offensive cyber operations. But his description at the school’s Interactive Systems Research Center said Martin was looking at “new methods for remote analysis of heterogeneous & cloud computing architectures.” He presented a paper on the topic with his dissertation committee chair at a conference in Seattle in 2014.

    His dissertation, currently in its fourth draft, according to a file on his personal homepage, is not publicly available. Members of Martin’s dissertation committee did not return The Daily Beast’s requests for comment.

    According to Navy records, Martin served for twelve years — four of them in the active component and the rest as a reservist. The highlight of his career appears to be his service on the USS Seattle, from April 1989 to July 1992. The Seattle, a fast combat support ship, was one of the first ships to arrive after Iraqi leader Saddam Hussein’s forces invaded Kuwait in 1990.

    Wilbur Trafton, the commander of the Seattle during the war to liberate Kuwait, told The Daily Beast that he doesn’t remember the then-Lt. Martin. A second shipmate also said he couldn’t recall Martin.

    Martin’s ex-wife, Marina, declined to discuss her former husband.

    Martin worked with NSA’s Tailored Access Operations unit, sources with knowledge of his background told The Daily Beast. In his LinkedIn resume, Martin says he worked as a “cyber engineering advisor” supporting “various cyber related initiatives” in the Defense Department and intelligence community.”

    This will be a story to watch, if only for eventual resolution on what was possibly one of the worst-timed instances of workplace theft in the history. Imagine being someone who stole coveted NSA code for relatively innocent reason right around the time of Snowden’s grand heist. This had to be a long three years for Hal Martin if he had nothing to do with Snowden.

    On the plus side for Martin, his thesis probably kicked extra ass with all that TAO code. That said, if he has just waited about three years for the Shadow Broker leak he might not have needed to lift the code at all. Ouch. Which raises the question: since Martin was apparently tempted enough to steal top secret TAO code to write his PhD thesis – a thesis that isn’t available for public consumption presumably due ot the sensitive nature of its contents – you can bet PhD theses in areas related to hacking are going to include some pretty advanced hacking techniques carefully described in detail in publicly available thesis for the next few years until that code becomes too outdated to be useful.

    So if you’re running an IT system involving something like, say, a cloud computing, it might be a good idea to keep an eye out for reports on theses involving things like “new methods for remote analysis of heterogeneous & cloud computing architectures”. For example.

    Posted by Pterrafractyl | October 5, 2016, 8:24 pm
  7. So the NYT is reporting “Some CIA officials, meanwhile, quietly speculated that the
    NSA had a mole…” Might that be because Snowden always was and perhaps still is
    CIA?
    New Scientist reported on August 24 2016, in connection to determining the identity
    of Shadow Brokers, “Certain naming conventions in the files point to scripts only
    accessible on a machine physically isolated from the network and therefore
    inaccessible to anyone not physically present in the NSA building”.
    American Military News reported that Harold Martin served as a “Surface Warfare
    Officer on the USS Seattle during the early ’90s”.
    Daily Beast acknowledges Martin “the retired Navy officer…worked with NSA’s Tailored
    Access Operations unit..” This would be the TAO that James Bamford said was behind
    the ANT catalog of hacking tools.
    Martin could be a patsy, a Snowden stand-in offered up as a consolation prize by a
    subrosa division of CIA that operates on behalf of the Underground Reich, thereby
    leaving other assets like Jakob Applebaum free to operate for Team Snowden.

    Posted by Dennis | October 6, 2016, 11:29 am
  8. Here’s an interesting mystery related to the big Yahoo 2014 hack that was recently disclose: How on earth did InfoArmor, the cybersecurity firm hired to investigate the hack, have two reports about its conclusions get reported on the same day that arrived at opposite conclusions regarding whether or not the hack was state-sponsored. Yep, that happened. It’s kind of mysterious.

    So, here’s the first part of the mystery: An interview with InfoArmor’s chief intelligence officer Andrew Koramov, about how the Yahoo hack didn’t appear to be state-sponsored at all:

    The Wall Street Journal

    Yahoo Hackers Were Criminals Rather Than State-Sponsored, Security Firm Says
    InfoArmor says the hackers sold Yahoo database at least three times, including once to a state-sponsored actor

    By Robert McMillan
    Sept. 28, 2016 12:44 p.m. ET

    An information-security firm says the hackers who stole at least 500 million records from Yahoo Inc. two years ago are criminals who are selling access to the database, and not a state-sponsored group as Yahoo contends.

    The firm, InfoArmor Inc., appears to have access to portions of the Yahoo database. It successfully decrypted the passwords for eight Yahoo accounts provided by The Wall Street Journal, and provided the date of birth, phone number and ZIP Code information associated with the accounts.

    InfoArmor said the hackers, whom it calls “Group E,” have sold the entire Yahoo database at least three times, including one sale to a state-sponsored actor. But the hackers are engaged in a moneymaking enterprise and have “a significant criminal track record,” selling data to other criminals for spam or to affiliate marketers who aren’t acting on behalf of any government, said Andrew Komarov, chief intelligence officer with InfoArmor Inc.

    That is not the profile of a state-sponsored hacker, Mr. Komarov said. “We don’t see any reason to say that it’s state sponsored,” he said. “Their clients are state sponsored, but not the actual hackers.”

    Mr. Komarov’s assessment conflicts with Yahoo’s statement last week that its users’ account information was stolen by “what it believes is a state-sponsored actor.”

    Yahoo didn’t immediately respond to requests for comment.

    Mr. Komarov said InfoArmor has been tracking Group E for three years. It believes the hackers are Eastern European, but declined to specify why. InfoArmor has linked the group to hacks that stole more than two billion records from about a dozen websites, including LinkedIn Corp. , Dropbox Inc. and Myspace.

    In a report published Wednesday, InfoArmor offered some new details on the Yahoo breach and Group E. The analysis still leaves many questions unanswered, including how InfoArmor obtained access to the database and why Yahoo didn’t uncover the magnitude of the breach for nearly two years. InfoArmor declined to say whether it has a copy of the database or accessed it through a third party.

    Yahoo has said it began its investigation in July, around the time the company was finalizing plans to sell its core assets to Verizon Communications Inc. for $4.8 billion. In a Sept. 9 securities filing, Yahoo said it wasn’t aware of any “security breaches” or “loss, theft, unauthorized access or acquisition” of user data.

    The Wall Street Journal reported last week that Yahoo in fall 2014 detected what it believed was a small breach involving 30 to 40 accounts, carried out by hackers working on behalf of the Russian government. Yahoo reported the incident to the Federal Bureau of Investigation in late 2014 and notified affected users.

    InfoArmor began tracking Group E in 2013, not long after hackers broke into servers at LinkedIn and stole more than 100 million records.

    After selling the Yahoo database three times, starting in early 2015, the hackers have shifted tactics, Mr. Komarov said. He said the hackers are no longer offering to sell the full database, but are seeking “to extract something from the dump for significant amounts of money.” Prices vary based on the value of the target, Mr. Komarov said.

    Yahoo has said that the stolen data include cryptographically protected passwords. After The Wall Street Journal provided InfoArmor with 10 Yahoo account names, the company was able to crack the cryptographic password protection on eight of them within a day and produce the passwords and other user information for these accounts. The two account passwords that it couldn’t read likely had complex passwords, meaning they would take more time to crack, Mr. Komarov said. Based on the passwords recovered by InfoArmor, the database was taken from Yahoo sometime before Dec. 4, 2014.

    According to InfoArmor’s investigation, Group E was the source of some databases sold by two other hackers, named Tessa88 and Peace of Mind. They offered a smorgasbord of data dumps—some of them legitimate data, others not, but ultimately parted ways with Group E, InfoArmor said.

    Earlier this year, both Tessa88 and Peace of Mind offered for sale what they said were Yahoo account credentials. Those offers prompted Yahoo’s investigation. But neither Peace of Mind nor Tessa88 ever produced data that was taken from Yahoo.

    “InfoArmor said the hackers, whom it calls “Group E,” have sold the entire Yahoo database at least three times, including one sale to a state-sponsored actor. But the hackers are engaged in a moneymaking enterprise and have “a significant criminal track record,” selling data to other criminals for spam or to affiliate marketers who aren’t acting on behalf of any government, said Andrew Komarov, chief intelligence officer with InfoArmor Inc.”

    As we can see, InforArmor’s chief intelligence officer, Andrew Koramov, concluded that the hackers may have sold the hacked database to a state-sponsored actor, but it wasn’t exclusively sold to that state and the hacker themselves have the kind of track record that points towards them just be criminal actors. Maybe one of the clients of the hack was a state, but the hack itself appears to be primary criminally motivated in nature:


    That is not the profile of a state-sponsored hacker, Mr. Komarov said. “We don’t see any reason to say that it’s state sponsored,” he said. “Their clients are state sponsored, but not the actual hackers.”

    That was one of the interviews of Mr. Koramov published September 28. And then there was this report based on an interview of Koramov conducted a week earlier, but published on the same day as the above report, where Koramov asserts that the hack was conducted by criminal hackers and commissioned by an unknown state, possibly Russia (because the hackers-for-hire were Eastern European and Russia likes to hire Eastern European hackers):

    NBC News

    Were the Russians Behind the Massive Yahoo Email Hack?

    by Chris Francescani
    Sep 28 2016, 11:58 am ET

    The hack of more than a half billion Yahoo email accounts was motivated by espionage, not profit, according to an independent cybersecurity firm report released Wednesday, which contends that an Eastern European state-sponsored actor appears to have ordered the massive hack as part of a coordinated effort to infiltrate the email accounts of U.S. military, diplomatic and political figures.

    The findings by the cyber security firm InfoArmor are consistent with Yahoo officials’ claim last week that a state-sponsored actor was behind one of the largest corporate breaches in U.S. history.

    Yet InfoArmor’s version of events, if accurate, provides significant new details about how and why the company was hacked. Minor league hackers who were peddling Yahoo users’ personal information for cash in “dark web” marketplaces were also part of a foreign government espionage campaign dating back to 2014. And the findings also suggest that hacks of LinkedIn, Dropbox, MySpace and other firms — breaches affecting billions of customers worldwide — might’ve been part of the same state-sponsored effort.

    In an interview with NBC News prior to the release of his firm’s findings, InfoArmor’s chief intelligence officer Andrew Komarov described the Yahoo breach as part of a larger, ongoing campaign to break in to the email accounts of prominent officials from the U.S. and across the globe.

    He said that his analysts have uncovered a previously unidentified collective of elite black hat hackers-for-hire from Eastern Europe — a group that InfoArmor analysts now contend was also responsible for hacks of the other social media companies.

    Komarov said that a state-sponsored actor from Eastern Europe commissioned and later paid the hacker collective $300,000 for the Yahoo data trove. He said he didn’t know if the hacks of the other social media companies were also commissioned by a state-sponsored actor, but believed it was likely. He also said he didn’t know if the state that directed the hacks was Russia, or if the state-sponsored actor that paid the hackers was a Russian intelligence agency or some other arm of the Russian government, but that Eastern European hackers often have links to the Russian government.

    Eastern European operatives tied to Russia’s intelligence agencies have been widely suspected by cybersecurity researchers of multiple efforts to hack U.S. government officials’ email accounts and the accounts of Democratic party operatives.

    Komarov said that InfoArmor’s conclusions that the hackers who attacked Linkedin and other companies were also responsible for the Yahoo breach are based on an extensive intelligence analysis, underground contacts and information gleaned from multiple sources surrounding the Yahoo hack. His firm went into dark web chatrooms and made contact with hackers advertising Yahoo addresses for sale who said they were involved in the breach, and accessed and validated what Komarov described as a “large sample” of the stolen Yahoo data.

    Yahoo’s confirmation last week of the massive breach has placed the tech giant at the center of a storm of controversy and unanswered questions, and could jeopardize the company’s imminent $4.8 billion sale of its core business to the telecom giant Verizon.

    It remains unclear how long and how much Yahoo officials knew about the breach before publicly acknowledging it. Company officials have said that Yahoo became aware of the breach in August, and began to investigate. Experts have said that it’s not uncommon for a company of Yahoo’s size to withhold disclosure of a suspected breach until an internal forensic investigation has been complete.

    Last week, Yahoo’s chief information security officer, Bob Lord, said that an internal probe had determined that usernames, email addresses, telephone numbers, dates of birth, security questions and answers, and in some cases passwords were harvested from more than 500 million compromised Yahoo accounts.

    Lord said in a blog post that the company does not believe that banking or payment information was stolen, and has found no evidence to indicate that the hackers remain inside Yahoo’s systems.

    Yahoo declined to comment.

    “Island-Hopping” To Reach U.S. Officials

    Komarov said that the apparently state-sponsored actor involved in the heist was using an indirect but increasingly common strategy known as “island-hopping” or “leap-frogging” to reach its ultimate targets. Rather than going after U.S. and other government officials directly, the aggressors used the data from the hired black-hat hackers to breach the Yahoo accounts of friends, family and associates of their ultimate targets.

    Once inside compromised Yahoo accounts, hackers can email or respond to their targets directly with seemingly legitimate Yahoo emails that are virtually indistinguishable from real ones.

    “The target will receive the exact same email from the Yahoo user and, for him, it will look legitimate,” Komarov said.

    He said that while it’s extremely difficult to directly infiltrate a Google Gmail account, for instance, all you really need to get into it is a compromised account of a Yahoo email user who corresponds with the Gmail user.

    “Then you simply hack the Yahoo account’s contacts, and then analyze the [emails] sent from the real object of interest. At some point you replace [a legitimate Yahoo email sent to a target] and fill it with malware,” he said. Once the end target clicks on a link or an attachment in the infected Yahoo email, hackers can get inside the target’s account.

    From Foreign Espionage to Dark Web Marketplaces

    Komarov said that the state-sponsored actor appears to have been working with the black hat hacker collective — which the InfoArmor team has dubbed “Group E” — for at least several years.

    He said that his analysts have determined that Group E was also responsible for earlier, high-profile hacks of LinkedIn, MySpace, Dropbox, the music-streaming service Last.fm, the microblogging site Tumblr and others — likely for the same purpose of identifying trusted third parties surrounding their real targets. Tumblr was purchased by Yahoo in 2013.

    “If you calculate all the victims for all these hacks by the same group, it will be several billion victims,” Komarov said.

    InfoArmor has determined that at least some of the hacks of the other tech firms “were requested of Group E…so we assume that the Yahoo breach was one of the tools used for successful attacks against U.S. government officials.”

    Komarov said that in recent years the state sponsored actor approached Group E and asked them to hack millions of Yahoo email users’ accounts. They provided Group E with specific email addresses they were seeking, and when they were turned over and verified, the foreign agent agreed to purchase the entire trove, he said.

    The agent had initially sought exclusive access to the stolen Yahoo data set, but balked at Group E’s $500,000 price. Instead, Group E brought the price for the Yahoo trove down to $300,000, and retained the right to peddle the hacked emails elsewhere.

    Komarov told NBC News that the Yahoo trove was later sold off to two well-known spammers, who exploited it for profit.

    After it had been sold off and mined for months, Group E appears to have provided a low-level but well-known hacker named Tessa88 with mostly useless leftovers from the Yahoo trove to further distance the foreign agent from the Yahoo hack, Komarov said.

    Tessa88 began advertising Yahoo data for sale on a Russian-speaking dark web marketplace, and appears to have partnered with a hacker who goes by the handle “Peace,” or “Peace of Mind,” to do the same in an English-speaking online marketplace called The Real Deal, according to InfoArmor.

    It was only when Peace began advertising the Yahoo trove for sale that the company apparently became aware that they had been breached.

    InfoArmor’s report describes the entire enterprise as “carefully orchestrated in order to mask the actual sources of the hacks.”

    Komarov said that a state-sponsored actor from Eastern Europe commissioned and later paid the hacker collective $300,000 for the Yahoo data trove. He said he didn’t know if the hacks of the other social media companies were also commissioned by a state-sponsored actor, but believed it was likely. He also said he didn’t know if the state that directed the hacks was Russia, or if the state-sponsored actor that paid the hackers was a Russian intelligence agency or some other arm of the Russian government, but that Eastern European hackers often have links to the Russian government.

    Wow, ok, it would appear that Mr. Koramov’s conclusions changed rather dramatically in the week between his interview with NBC and the publication of InfoArmor’s report. There’s nothing wrong with changing conclusions but it’s still a pretty notable coincidence that both versions of Koramov’s report were published on the same day.

    So is there an explanation for this odd juxtaposition? Sort of. There’s still no explanation for what caused the dramatic change in conclusions in just a week, but according to the report below it sounds like InfoArmor disputes the NBC interview and is standing by its assertion that the hack was not state-sponsored:

    Business Insider

    A cybersecurity firm is telling two very different stories of the Yahoo hack to news organizations

    Paul Szoldra

    Sep. 29, 2016, 3:31 PM

    A cybersecurity firm that analyzed the Yahoo data breach affecting at least 500 million user accounts has told competing news organizations two very different stories of who actually carried out the hack.

    In an analysis posted on its website, InfoArmor says “tessa88” — an anonymous but prominent figure in underground forums who sells stolen databases — was the first to mention Yahoo credentials for sale in Feb. 2016. The firm said that tessa88 and another dark web broker called “Peace of Mind” were not the hackers, but acted as proxies for those who carried out the attack.

    The hacker group “used these two guys to broker that data out,” Bryon Rashed, senior director of marketing at InfoArmor, said in a phone interview.

    The post itself did not actually say much about the hacker group behind the theft, except to say they were “professional blackhats who were hired to compromise” different organizations, to include Yahoo.

    InfoArmor Chief Intelligence Officer Andrew Komarov told NBC News “that a state-sponsored actor from Eastern Europe commissioned and later paid the hacker collective $300,000 for the Yahoo data trove. He said he didn’t know if the hacks of the other social media companies were also commissioned by a state-sponsored actor, but believed it was likely,” according to an article published Wednesday morning. (An InfoArmor rep later disputed NBC’s account to Business Insider, and said that InfoArmor does not think the attackers were state sponsored. NBC has not updated its story.).

    Then, just a few hours later, Komarov was quoted in the Wall Street Journal seemingly disputing that assertion:

    “We don’t see any reason to say that it’s state sponsored. Their clients are state sponsored, but not the actual hackers.”

    The competing narratives add to the confusion surrounding the Yahoo hack, which resulted in the theft of at least 500 million user accounts by what the company said was a “state-sponsored” actor.

    A person familiar with the matter told Business Insider that “Yahoo stands 100% behind its assertion” of a state-sponsored actor, but declined to offer further evidence in support of that claim.

    “InfoArmor Chief Intelligence Officer Andrew Komarov told NBC News “that a state-sponsored actor from Eastern Europe commissioned and later paid the hacker collective $300,000 for the Yahoo data trove. He said he didn’t know if the hacks of the other social media companies were also commissioned by a state-sponsored actor, but believed it was likely,” according to an article published Wednesday morning. (An InfoArmor rep later disputed NBC’s account to Business Insider, and said that InfoArmor does not think the attackers were state sponsored. NBC has not updated its story.)”

    Well, at least we have a conclusive answer from InfoArmor: they really do not think “Group E” was state-sponsored. They do believe a state purchased the hacked material, but they don’t think it was done on behalf of a state actor and they don’t claim to know which state purchased the material and while Koramov believes that the hackers were Eastern European that’s about as far as InfoArmor’s conclusions go.

    It’s a relatively inconclusive set of conclusions and based on InfoArmor’s analysis that’s the most that could reasonably be concluded. What can we conclude from all this? Probably that we shouldn’t be concluding that all the conclusions in reports about these mega hacks are actually conclusions and not inferences designed to fit a narrative. For topics as nebulous as elite hacking in the middle of highly polarized political environment, it’s not so much that ‘less is more’ but that ‘less is less inaccurate and/or misleading’.

    We can also conclude that you should probably change your passwords.

    Posted by Pterrafractyl | October 6, 2016, 9:17 pm
  9. @Pterrafractyl–

    “Tessa88”? That has an eerie, disturbingly familiar feel to it.

    Might Darling Tessa be Nazi?

    Best,

    Dave

    Posted by Dave Emory | October 7, 2016, 9:43 am
  10. @Dave: It’s also noting that, according to the report below, Tessa88 is presumed by analysts who have communicated with Tessa88 to actually be two people and only one of them is a native Russian speaker. The interview was done following their sale of the LinkedIn and MySpace hacks back in June. So Tessa88 appears to be at least two people who are intentionally putting up a “I’m Russian” public face as they go about grabbing the world’s attention:

    Vice Motherboard

    This Is The Hacker Allegedly Behind The LinkedIn and MySpace Megabreaches

    Written by Lorenzo Franceschi-Bicchierai
    June 17, 2016 // 12:37 PM EST

    In the last few weeks, more than half a billion passwords stolen from some of the biggest social media websites in the world have been traded and sold in the internet’s underground.

    The data, taken years ago from sites such as LinkedIn, MySpace, Tumblr, and others, has already led to countless account takeovers, hitting regular people as well as celebrities and big names such as Mark Zuckerberg, Katy Perry, Lana Del Rey, and Twitter cofounder Biz Stone.

    For weeks, no one knew who was behind these hacks and leaked data. The only name that surfaced was that of Peace, or Peace of Mind, a cybercriminal who was selling the hacked data on a dark web market. But when a website that serves as a repository of hacked credentials announced the MySpace hack, another name came out: Tessa88.

    Until now, Tessa88 has acted mostly in the shadows, talking briefly with a few reporters. No one really knows for sure who they are, or what their role is in all these megabreaches. But now, thanks to an interview with Tessa88, as well as interviews with multiple sources who have been tracking them, Motherboard has been able to piece together a rough sketch.

    “I am a very old inhabitant of the network :)),” Tessa88 told us in a chat conducted in Russian, when asked who they are. They added that their real name isn’t Tessa, because that’s just the name of “a whore from Australia.”

    The handle Tessa88, however, apparently first surfaced in the web’s darkest corners only around April 2016, perhaps a few weeks earlier, when the cybercriminal started selling hacked databases on Russian cybercrime forums.

    Since then, Tessa88 has made between $50,000 and $60,000 worth of bitcoin, according to Andrei Barysevich, the director of Eastern European research and analysis for the security firm Flashpoint Intel, who claimed to have found Tessa88’s bitcoin address.

    Barysevich said “it’s very likely” that behind the alias Tessa88 there are actually two people, perhaps a female and a male, and only one who’s a native Russian speaker, judging from how they portray themselves and how they speak. (Our interpreter, who translated our chat with Tessa88, also said she thought we were talking to two different people.)

    Tessa88 isn’t just selling the data. They might also be the one (or one of a group) who stole it a few years ago from the companies’ servers.

    Several people who’ve been studying Tessa88 and lurking in hacking forums confirmed that the hacker was likely part of the original team of cybercriminals, most likely Russian or Eastern European, who hacked LinkedIn, MySpace, and the other companies.

    What happened between that time and now is a little unclear. But some speculate that the hackers used the credentials for years without ever publicizing the hack.

    “The intention was not to have the information released or sold online but to used by the group,” said Mark Arena, the CEO of Intel 471, a security firm that monitors the dark web.

    The idea, Barysevich said, was to see if the passwords and username combinations from LinkedIn or MySpace would also work on other services, especially those where the criminals could steal money, such as PayPal, for example. Criminals have created automated tools that can take hundreds if not thousands of credentials and test them on a target site of choice, according to Barysevich.

    After doing this for a few years, Tessa88 and the others had no more use for the data, and decided to try to make “the final dollar,” as Barysevich put it, by selling the databases on the open market.

    Tessa88 said that they started selling the data now because they are “severely” ill, and need money “to recover,” although the hacker declined to specify the exact ailment.

    This is where the story gets a bit muddy. A couple of months after Tessa88 started selling databases in Russian underground forums, the data surfaced also on the data breach notification site LeakedSource, as well on The Real Deal, a dark web market that specializes not only in drugs and other illicit physical goods, but also hacking tools and stolen data.

    But it wasn’t Tessa88 selling data on The Real Deal. It was another hacker, this one identifying himself as male and using the pseudonym Peace Of Mind. The two hackers apparently have some sort of rivalry going on, as ZDnet explained in a recent article.

    “Peace_of_mind [is] a fagot who takes undue credit,” Tessa88 told Motherboard, adding that Peace was not part of the team that originally hacked the companies. “I shared a dump for analysis! And he started selling it.”

    Peace said something similar about Tessa88.

    “He stole [the hacked databases] from an old buddy,” Peace said in an online chat. “Long ago. And he started to sell them.”

    The two don’t appear to be done. For a couple of weeks, there have been rumors of an impending dump of hundreds of millions of Facebook accounts. Earlier this week, in their chat status, Tessa88 was advertising 500 million Facebook accounts for 5 bitcoin, or around $3700 at the time of writing. But in a chat, the hacker said they actually have more than 800 million accounts.

    Despite promises to share a sample, however, neither Tessa88 nor Peace have produced any data yet. Whether the Facebook data is legitimate or not, there’s a good chance there’s more to come.

    “The whole world will get to see some good stuff soon. :-),” Tessa88 said, before vanishing for days. “I’m just warming up the audience:-) I’m good at it, am I not?”

    “Barysevich said “it’s very likely” that behind the alias Tessa88 there are actually two people, perhaps a female and a male, and only one who’s a native Russian speaker, judging from how they portray themselves and how they speak. (Our interpreter, who translated our chat with Tessa88, also said she thought we were talking to two different people.)”

    So it sounds like Tessa88 is at least two people, only one of which is a native Russian speaker. While it’s not really surprising that multiple people would be operating under the same handle for something like this, it’s still pretty notable given that Tessa88’s activity appeared to be as much about gaining publicity and creating a sensation as it was about making money. As Tessa88 put it:

    “The whole world will get to see some good stuff soon. :-),” Tessa88 said, before vanishing for days. “I’m just warming up the audience:-) I’m good at it, am I not?”

    It’s also worth noting that “Peace of Mind”, also gave an interview following the where he said he was Russian. And when asked where he got the data, he said a ‘team’ did it. A team of Russians. He also suggests that Tessa88 was part of this team. So both Tessa88 and Peace of Mind REALLY want the world to assume they are Russian hackers:

    Wired

    An Interview With the Hacker Probably Selling Your Password Right Now

    Andy Greenberg

    Date of Publication: 06.09.16.
    Time of Publication: 6:01 pm.

    For the last two weeks, the tech world’s security teams have been practically under siege. On an almost daily basis, new collections of data from hundreds of millions of stolen accounts have appeared on the dark web, ripped from major web firms and sold for as little as a few hundred dollars each worth of bitcoins. And behind each of those clearance sales has been one pseudonym: “Peace_of_mind.”

    “Peace_of_mind,” or “Peace,” sells data on the dark web black market TheRealDeal. His or her “store” page has a 100-percent satisfaction rating and feedback like “A+++,” and “follows up with your questions and delivers promptly.” And Peace’s growing selection of merchandise includes 167 million user accounts from LinkedIn, 360 million from MySpace, 68 million from Tumblr, 100 million from the Russian social media site VK.com, and most recently another 71 million from Twitter, adding up to more than 800 million accounts and growing.

    Just how Peace obtained that data is far from clear. Much of it is from older breaches, dating back to as early as 2012. But the consequences have already been serious—likely due in part to victims reusing passwords between sites—and include hackers compromising the Twitter accounts of Mark Zuckerberg, Twitter founder Ev Williams, a multitude of celebrities including Drake and Katie Perry and likely many more less-visible attacks. In fact, these breaches are so large it’s hard to imagine anyone with a digital life who is not in some way affected.

    Earlier this week, WIRED approached Peace through the RealDeal market messaging system and interviewed him or her via encrypted, anonymous IM. Almost none of Peace’s claims could be confirmed. Take them only as the unverified statements of a mysterious, pseudonymous, brazenly criminal hacker. Here, with some editing for clarity, is our conversation, which took place on Monday, June 6.

    [Editors’ note: After some initial back-and-forth to verify Peace is the same person WIRED contacted on the RealDeal black market…]

    WIRED: My first question, how have you got your hands on all these collections of breached user credentials?

    Peace: Well, all these have been hacked through [a] ‘team,’ if you want to call it that, of Russians. Some have been my work, others by another person.

    Are you Russian, yourself?

    Yes.

    Can you tell me where you’re based?

    At this point due to multiple investigations I would not want to say.

    Is there a name for your “team”?

    At this time I can not give out details like that, sorry.

    It seems like much of the data you’re selling is old (though still clearly useful for hackers.) The Linkedin data is from 2012, for instance, and the MySpace data also seems to be from 2013. How did it happen that you came to possess this old data and are only selling it now?

    It’s fun f**king around with these people—MySpace, Tumblr, LinkedIn—as they threaten to investigate and cooperate with law enforcement. Peace

    Well, these breaches were shared between the team and used for our own purposes. During this time, some of the members started selling to other people. The people who we sold to [were] selective, not random or in public forums and such, but people who would use [the data] for their own purposes and not resell or trade. Although [after] long enough, certain individuals obtained the data and started to sell [it] in bulk ($100/100k accounts, etc.) in the public. After noticing this, I decided for myself to start making a little extra cash to start selling publicly, as well.

    So you’re doing this separately from the rest of your crew? Are they OK with you selling this data on your own?

    Well, this crew is no longer together. The leader “retired” if you want to call it that, a long time ago, however a certain some one (Tessa) started selling without permission. Most of the members went on to do other things and a lot aren’t in contact, so there wasn’t any “consequence” for his actions. For me personally given the fact that it was long ago I thought I’d join in and start selling, too. [Editors’ note: Someone using the handle “Tessa” has in fact provided 32 million Twitter users’ data to the breach tracking website LeakedSource.com.]

    Why didn’t the crew want to sell the whole collection earlier?

    It is not of value if data is made public. We had our own use for it and other buyers did as well. In addition buyers expect this type of data to remain private for as long as possible. There are many [databases] not made public for that reason and [in] use for many years to come.

    What was your “own use” for it? How were you able to make more by selling the data privately?

    Well, [the] main use is for spamming. There is a lot of money to be made there, as [well as] in selling to private buyers looking for specific targets. As well, password reuse—as seen in recent headlines of account takeovers of high profile people. Many simply don’t care to use different passwords which allows you to compile lists of Netflix, Paypal, Amazon, etc. to sell in bulk. (50K/100K/etc)

    How much would you say the crew made selling parts of the LinkedIn database privately, for instance, before you started selling the whole collection?

    I don’t think that would be in my best interest to disclose that information. However I can say for me personally, selling publicly, [I’ve made] $15K for LinkedIn.

    How much for the MySpace and Tumblr data?

    For both, almost $20K.

    Like, $10,000 each?

    More for Myspace. For Tumblr a couple Gs in total…but mostly myspace due to the fact that Tumblr had salt for the hashes.

    The Myspace data was also hashed, wasn’t it? But not salted?

    Yes, it was hashed, however no salt. [Editors’ note: For more information on hashing and salting, read tthis explainer.]

    How much for the Fling data?

    That was about $1,200 or something like that, can’t remember exact amount.

    Do you have more collections that you haven’t put up for sale yet?

    Yes, about another 1B users or so, again in the same timeframe: 2012-2013.

    I hope this doesn’t sound rude, but why did you agree to talk to me?

    No, well, it’s fun fu cking around with these people—MySpace, Tumblr, LinkedIn—as they threaten to investigate and cooperate with law enforcement. I’d rather give them a bone to chew on, so to speak, make them feel like they can catch me or others.

    And you’re sure you can evade law enforcement?

    Haha, yes, where I am at.

    It seems like a lot of risk for the $25K or so you say you’ve made so far.

    Well, that is publicly. And in less than a month. It is no risk for me, as they can’t do anything. Like I said, quick easy cash in about a month. [I] should have enough to go buy a nice car.

    Are you confident you won’t be caught because you’re in Russia? Don’t the Russian police occasionally extradite hackers? A billion-plus passwords might be enough to get some attention.

    Well, it is a little more complicated than that, but I have plans in case something happens.

    “Peace: Well, all these have been hacked through [a] ‘team,’ if you want to call it that, of Russians. Some have been my work, others by another person.”

    That was “Peace of Mind”‘s blanket statement about where the data came from and what his relationship was with it: it was a team of Russians, including Peace of Mind. And here’s what he said about Tessa88:


    Well, this crew is no longer together. The leader “retired” if you want to call it that, a long time ago, however a certain some one (Tessa) started selling without permission. Most of the members went on to do other things and a lot aren’t in contact, so there wasn’t any “consequence” for his actions. For me personally given the fact that it was long ago I thought I’d join in and start selling, too. [Editors’ note: Someone using the handle “Tessa” has in fact provided 32 million Twitter users’ data to the breach tracking website LeakedSource.com.]

    That sure sounds like Peace of Mind was asserting that Tessa88 was part of the original team of alleged Russians.

    And look at Peace of Mind’s alleged motivation for taking such a big risk for a relatively small amount of money: he just liked messing with websites who are willing to work with law enforcement. Also, he is safe from law enforcement where he is located:


    I hope this doesn’t sound rude, but why did you agree to talk to me?

    No, well, it’s fun fu cking around with these people—MySpace, Tumblr, LinkedIn—as they threaten to investigate and cooperate with law enforcement. I’d rather give them a bone to chew on, so to speak, make them feel like they can catch me or others.

    And you’re sure you can evade law enforcement?

    Haha, yes, where I am at.

    It seems like a lot of risk for the $25K or so you say you’ve made so far.

    Well, that is publicly. And in less than a month. It is no risk for me, as they can’t do anything. Like I said, quick easy cash in about a month. [I] should have enough to go buy a nice car.

    Are you confident you won’t be caught because you’re in Russia? Don’t the Russian police occasionally extradite hackers? A billion-plus passwords might be enough to get some attention.

    Well, it is a little more complicated than that, but I have plans in case something happens.

    So “Peace of Mind” is basically trying to tell the world that he is part of some Russian hacking team who can hack with impunity because he is in Russia. If that was the case, telling the world about that probably isn’t the best way to maintain that impunity.

    Also keep in mind that that above interview was done before we had InfoArmor’s report describing how a “Group E” appears to be the original hacker in the Yahoo hack and “Tessa88” and “Peace of Mind” purchased or somehow acquired the info only recently to make a big high profile splash. And as we saw in the WSJ article about the InfoArmor report InfoArmor viewed Tessa88 and Peace of Mind as separate from “Group E”:

    The Wall Street Journal

    Yahoo Hackers Were Criminals Rather Than State-Sponsored, Security Firm Says
    InfoArmor says the hackers sold Yahoo database at least three times, including once to a state-sponsored actor

    By Robert McMillan
    Sept. 28, 2016 12:44 p.m. ET

    An information-security firm says the hackers who stole at least 500 million records from Yahoo Inc. two years ago are criminals who are selling access to the database, and not a state-sponsored group as Yahoo contends.

    According to InfoArmor’s investigation, Group E was the source of some databases sold by two other hackers, named Tessa88 and Peace of Mind. They offered a smorgasbord of data dumps—some of them legitimate data, others not, but ultimately parted ways with Group E, InfoArmor said.

    Earlier this year, both Tessa88 and Peace of Mind offered for sale what they said were Yahoo account credentials. Those offers prompted Yahoo’s investigation. But neither Peace of Mind nor Tessa88 ever produced data that was taken from Yahoo.

    And in the above interview it notes that Tessa88 only started showing up in April of this year. So while it’s currently assumed that Tessa88 was part of the original team that hacked LinkedIn and MySpace, that’s pure speculation. We’re basically assuming Tessa88 and Peace of Mind are telling the truth.

    Additionally, when you read the actual InfoArmor report, they describe Tessa88 as as not even being fully aware of what they were actually selling. And Tessa88 is described as being part of a carefully orchestrated effort to publicly sell the hacked data in a manner that obscured the original source:

    InfoArmor

    InfoArmor: Yahoo Data Breach Investigation

    September 28, 2016

    Background

    Yahoo was compromised in 2014 by a group of professional blackhats who were hired to compromise customer databases from a variety of different targeted organizations. Some of their initial targets, which occurred in 2012 and 2013, are linked directly with the recent large scale data breaches of social media networks and online-services such as MySpace, Tumblr and LinkedIn. Other well-known brands have been impacted by this group but the data stolen from them is not currently available for sale or validation in the underground, as of the writing of this report.

    According to Andrew Komarov, Chief Intelligence Officer of InfoArmor, the nature of the identified data breach has a more “closed” character, due to the specifics of customers associated with this specific data and the motivations of the bad actors involved. Of significant importance, the Yahoo data leak as well as the other notable exposures, opens the door to significant opportunities for cyber espionage and targeted attacks to occur.

    InfoArmor performed extensive analysis of collected intelligence surrounding the hack from a variety of sources in order to clarify the motivation and attribution of the key threat actors. As a result, it is clear that many recent press reports and published articles have significant inaccuracies.

    Timeline Analysis

    The first mention of Yahoo and a potential data breach appeared on cybercriminal forums immediately after the LinkedIn data was published for sale by the threat actor nicknamed “tessa88.”

    03.04.2016 (3 April 2016)

    tessa88, registered on several underground communities, was the first to mention that Yahoo account credentials were available for sale. According to operative sources and long term analysis, tessa88 acted as a proxy between the actual bad actors responsible for one of the largest hacks in history and potential buyers from various underground communities.

    This approach was “carefully” orchestrated in order to mask the actual sources of the hacks and to commercialize the data in an anonymous manner, due to the fact that this data had been used by the threat actors for their own purposes, namely, targeted account takeover (ATO) and spam. Initially tessa88 proposed several databases for sale, including VK, MySpace, Fling and other notable e-mail providers and some instant messaging services from Eastern Europe. He initially mentions this data in a post, dated 11.02.2016 (February 2016), coinciding with the time frame when the data associated with the 2012 hacks was actually acquired.

    In the interaction below, a record of the contact who engaged with tessa88 through operative channels, it is clear that tessa88 was not fully aware of the details surrounding the data he was selling. In some cases, this caused significant delays in data samples being shared.

    01.05.2016 (01 May 2016)

    The actor “Peace_of_Mind” (PoM), well known for his activities at “The Real Deal Market” (TRDM) and “The Hell” forum, after identifying his post regarding the stolen data at one of the underground forums, contacts tessa88 and proposes some sort of cooperation [partnership] in exchange for some of his data.

    Subsequent to this engagement, the databases initially published for sale by tessa88 are then resold by Peace_of_Mind in TOR network at TRDM. This is an interesting example of cooperation between a Russian speaking threat actor and an English speaking actor, demonstrating that cybercrime is an entirely transnational issue.

    14.05.2016 (14 May 2016)

    Peace_of_Mind outlines that he will share the data dumps of Mate1.com, Zooks.com, Lbsg.net, r2games.com and several other hacked WEB-resources, all having large user populations, with tessa88. At this point, tessa88 updated his initial thread on the underground forums with these resources and adds LinkedIn for the first time in the list of the stolen databases available for sale.

    This approach was “carefully” orchestrated in order to mask the actual sources of the hacks and to commercialize the data in an anonymous manner, due to the fact that this data had been used by the threat actors for their own purposes, namely, targeted account takeover (ATO) and spam. Initially tessa88 proposed several databases for sale, including VK, MySpace, Fling and other notable e-mail providers and some instant messaging services from Eastern Europe. He initially mentions this data in a post, dated 11.02.2016 (February 2016), coinciding with the time frame when the data associated with the 2012 hacks was actually acquired.”

    Given all that, it sure looks like “Tessa88” and “Peace of Mind” are playing out the ‘Boris and Natasha’ role a global audience to, at a minimum, cover the tracks of “Group E”, an elite black hat for hire hacking crew that’s assumed to be Eastern European. And maybe they really are Eastern European. Maybe some of them are Russian. We don’t know. What we do know is that they really want the world to think they’re Russian.

    Posted by Pterrafractyl | October 7, 2016, 6:15 pm
  11. According to US intelligence sources briefed on the investigation of Hal Martin, it looks like they aren’t seeing any connection to the “Shadow Brokers” leak and investigators are still trying to determine both what Martin was doing with that data and who the actual source is for the Shadow Brokers leak. And there’s still no hint that investigators are even considering the possibility that Jacob Appelbaum was the Shadow Brokers source, like James Bamford suggests they should. Instead, it’s looking like the official explanation is going to be that it was code accidentally left on a server by NSA staff and picked up by Russian hackers. They haven’t entirely arrived at that conclusion quite yet, but that’s clearly the answer they’re going to arrive at:

    NBC News

    NSA Leak Mystery Not Solved With Arrest of Hal Martin

    by Ken Dilanian
    Oct 7 2016, 4:57 pm ET

    U.S. intelligence officials are investigating the possibility that recent leaks of sensitive National Security Agency hacking tools did not stem from the alleged theft of classified materials by a Pentagon contractor whose arrest was made public this week.

    Current and former U.S. officials briefed on the matter told NBC News that investigators so far have found no evidence that Harold T. Martin III, a Maryland resident who was charged with taking home reams of documents from his Top Secret job inside the NSA, sold or distributed the material. They haven’t ruled it out, however, and they are looking into whether his home computers could have been hacked.

    Still, officials say they are examining other possibilities to explain the recent leaks, which seem to have originated well after Edward Snowden began his forced exile in Russia three years ago. One is that there could be a third, still unidentified government insider stealing classified information. Another is that the leaks were the result of one of the NSA’s own hackers being sloppy or careless about hiding his tools, which were then swiped by an outside party.

    “There probably is another person, but it’s probably more innocuous than the other two cases,” one former senior official told NBC News. He added that it likely stemmed from “incompetence and complacency.” The material leaked, he said, was “not the Holy Grail — it was a byproduct of the Holy Grail.”

    Nearly all NSA hacking tools are on the internet, the official said, if you know where to look. “We hide in the noise,” he said. The theory, he added, is that a government hacker left his tools in a place where others could find them — for example, on a non-NSA server.

    The current and former officials say the leaks in question include a suite of NSA hacking tools put up for sale in August by a group identifying itself as the Shadow Brokers. Snowden himself tweeted in August that Russia may have had a hand in that disclosure.

    The investigation into the leaks led the FBI to Martin, who had been taking home classified documents for many years, officials say. His motives have not been established.

    “The investigation into the leaks led the FBI to Martin, who had been taking home classified documents for many years, officials say. His motives have not been established.”

    Note that, according to a report in the Guardian, the NSA now believes that Martin has been taking NSA documents home “since the 1990s” but can’t tie him to any known leaks. So either this guy is amazing at smuggling out documents from the NSA or it’s not actually very difficult.

    Also note that, according to the report below that’s from late September, before the Hal Martin arrest was publicly disclose, NSA investigators have basically already concluded that the Shadow Brokers leak was a result of someone leaving NSA code on a server. What’s the evidence? NSA officials gold investigators about an incident where an employee or contractor left the hacking tools on the server years ago, then told the NSA about it shortly thereafter, and then the NSA went searching for signs that someone else was using the tools and concluded that no one had found the tools and nothing more needed to be done. That’s quite an admission tucked away in the Reuters article below.

    They’re also pretty sure Russia did eventually hack this server and is now behind the Shadow Brokers leak. Why Russia? One reason given is that the Shadow Brokers decided to reveal the code to the world instead of selling it like regular criminals. It doesn’t seem like particularly conclusive proof of specifically Russian involvement, but that’s the theory they’re going with:

    Reuters

    Exclusive: Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’

    By Joseph Menn and John Walcott | SAN FRANCISCO/WASHINGTON
    Thu Sep 22, 2016 | 10:44pm EDT

    A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters.

    The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers.

    The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible.

    Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

    But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

    NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

    That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

    Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.

    Representatives of the NSA, the Federal Bureau of Investigation and the office of the Director of National Intelligence all declined to comment.

    After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

    That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

    Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

    In this case, as in more commonplace discoveries of security flaws, U.S. officials weigh what intelligence they could gather by keeping the flaws secret against the risk to U.S. companies and individuals if adversaries find the same flaws.

    Critics of the Obama administration’s policies for making those decisions have cited the Shadow Brokers dump as evidence that the balance has tipped too far toward intelligence gathering.

    The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

    One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

    The publication of the code, on the heels of leaks of emails by Democratic Party officials and preceding leaks of emails by former U.S. Secretary of State Colin Powell, could be part of a pattern of spreading harmful and occasionally false information to further the Russian agenda, said Jim Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

    Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.”

    So that’s where the investigation is clearly heading: someone left it one a server, and Russia hacked it. And what’s the evidence? Well, apparently the evidence is an admission by the NSA that they knew all about an incident three years about involving an employee or contractor leaving these tools on a server.


    Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.

    But officials heading the FBI-led investigation now discount both of those scenarios, the people said in separate interviews.

    NSA officials have told investigators that an employee or contractor made the mistake about three years ago during an operation that used the tools, the people said.

    That person acknowledged the error shortly afterward, they said. But the NSA did not inform the companies of the danger when it first discovered the exposure of the tools, the sources said. Since the public release of the tools, the companies involved have issued patches in the systems to protect them.

    Investigators have not ruled out the possibility that the former NSA person, who has since departed the agency for other reasons, left the tools exposed deliberately. Another possibility, two of the sources said, is that more than one person at the headquarters or a remote location made similar mistakes or compounded each other’s missteps.

    After the discovery, the NSA tuned its sensors to detect use of any of the tools by other parties, especially foreign adversaries with strong cyber espionage operations, such as China and Russia.

    That could have helped identify rival powers’ hacking targets, potentially leading them to be defended better. It might also have allowed U.S officials to see deeper into rival hacking operations while enabling the NSA itself to continue using the tools for its own operations.

    Because the sensors did not detect foreign spies or criminals using the tools on U.S. or allied targets, the NSA did not feel obligated to immediately warn the U.S. manufacturers, an official and one other person familiar with the matter said.

    So, assuming this is accurate, it sounds like the NSA at least half-solved the Shadow Brokers mystery in terms of where the code came from. Either that or the intelligence community is so paranoid about acknowledging the possibility that it was part of the Snowden/Appelbaum heist that making up a story like this is the better alternative. Either way, there’s still the question of who is doing the leaking now. And as we saw, while they haven’t concluded it was Russia, it’s presumed to be Russia:


    The investigators have not determined conclusively that the Shadow Brokers group is affiliated with the Russian government, but that is the presumption, said one of the people familiar with the probe and a fifth person.

    One reason for suspecting government instead of criminal involvement, officials said, is that the hackers revealed the NSA tools rather than immediately selling them.

    Regarding the decision the hackers’ to release the code to the world instead of immediately selling it, keep in mind that the Shadow Brokers actually only released some of the code as a kind of teaser, written in ‘Boris and Natasha’ broken English, and then offered the rest of the code to private bidders via a Bitcoin auction. But it was the claims by Wikileaks that they had all the code and were going to release it for free that really made it seem like the hackers weren’t actually in it for the money. And, of course, don’t forget that Jacob Appelbaum was Wikileaks’ chief hacker and remains quite close to the organization.

    Also note that Wikileaks hasn’t actually released the code yet, which raises the question as to whether or not they’re keeping it as a kind of leverage to protect Assange. And maybe protect Appelbaum…could that be part of why he’s never mentioned in the investigation? The threat of releasing everything now before systems can get patched? Either way, the hackers are at least pretending to really want some money for the code:

    Network World

    Shadow Brokers rant about people wanting stolen NSA-linked hacking tools for free

    The Shadow Brokers sounded angry when the group complained about people wanting the stolen NSA-linked hacking tools for free.

    By Ms. Smith
    Oct 2, 2016 10:19 AM PT

    The hacking group trying to auction off NSA-linked Equation Group hacking tools is unhappy because no one has coughed up the big bucks yet to buy the exploits.

    On Saturday, the Shadow Brokers took to Medium to release the group’s third message. The hackers sound hurt that people don’t trust them and – if cursing is any indication – the hackers are angry that the Equation Group cyber weapons auction has flopped so far.

    The Shadow Brokers want $1 million dollars and sound irritated that interested parties want the stolen hacking tools for free. “Peoples is having interest in free files. But people is no interest in #EQGRP_Auction.”

    Although the writing style is likely to throw analysts off the track of determining who wrote Shadow Brokers’ messages, the allegedly forced broken English gets annoying fast even if you aren’t a grammar Nazi. That might partially be why the group’s second message was basically ignored by the media; however, it did mention a bid of 1.5 bitcoins which is currently worth about $915. The blockchain info shows a measly 1.761821 bitcoins received in total – which was worth $1,073.85 at the time of publishing.

    What are they auctioning off besides the firewall toolkit, released as proof about the “remote exploits, privilege escalations, persistence mechanisms, RATs, LPs, and post-exploit collection utilities”? The Shadow Brokers claim to have more Equation Group toolkits for other platforms like “Windows, Unix/Linux, Routers, Databases, Mobile, Telecom. Newer revisions too. The auction file is toolkit for one of other platforms. Includes remote exploits, local exploits/privilege escalations, persistence mechanisms, RATs, LPs, post-exploit collection utilities. Value estimated in millions of euros/dollars.”

    Four different sources told Reuters that the NSA believes Russian hackers got hold of the exploits after an employee or contractor “carelessly left them available on a remote computer.” That mistake allegedly occurred about three years ago after an operation, which used the tools, ended.

    *If you are offended by cussing, even partially redacted cursing, then you might want to avoid reading the rest.

    The Shadow Brokers claim the group is not selling the hacking tools in the underground because doing so is not as easy as whipping “out a phone book of reputable underground cyber arms dealers and make text and voicemail.”

    The auction idea is compared to selling a million-dollar piece of art, asking if you would sell it at a yard sale or at a “rich f**k auction house.” The group added, “Is thinking peoples is having more balls, is taking bigger risks for to make advantage over adversaries. Equation Group is pwning you every day, because you are giant f**king p**sies.”

    Shadow Brokers say the group doesn’t want 1 million bitcoins, but 1 million dollars via bitcoins. “Three different files. #1 = Free File is free. #2 = Auction File is auction. #3 = Consolation Prize file is for losing bidders if goal reached (goal not reached).”

    And to security experts who have complained that the hacking tools in the free file were old, the Shadow Brokers came up with an interesting analogy: “Exploit is being like good p**sy, what difference between 20yr old and 40yr old, if both getting job done? When you giving away sh*t for free, you giving new sh*t or old sh*t? $12 million is being pretty good free sh*t!”

    The no refund policy as well as the no end date to the auction were also addressed. As for the latter, Shadow Brokers exploded with an enraged, “Holy f**king sh*t, so many f**king rules with you peoples.”

    If someone will just show a little trust by bidding the asking price in the auction which the group swears is legit, then the Shadow Brokers promise to disappear and never be heard from again.

    Although the writing style is likely to throw analysts off the track of determining who wrote Shadow Brokers’ messages, the allegedly forced broken English gets annoying fast even if you aren’t a grammar Nazi. That might partially be why the group’s second message was basically ignored by the media; however, it did mention a bid of 1.5 bitcoins which is currently worth about $915. The blockchain info shows a measly 1.761821 bitcoins received in total – which was worth $1,073.85 at the time of publishing.”

    Yes, someone who appears to be a native English speaker trying to appear like a non-native English speaker is very upset that the no one in the world wants to pay them $1 million in bitcoins with a no refunds policy for the code that Wikileaks promises to release for free at some point.

    So that’s the apparent state of the Shadow Brokers investigation. It wasn’t Hal Martin, who appears to be some sort of NSA data hoarder. And it wasn’t Jacob Appelbaum or anyone related to the Snowden Affair (even though Wikileaks somehow got their hands on the code and has yet to release it all after saying they were going to do so). Instead it was an NSA employee or contractor who left the code on a server and actually told the NSA about all this shortly doing so and the NSA knew about this years ago but concluded that nothing bad would happen if they didn’t tell anyone about. That’s what happened. And maybe that’s actually what happened. But it will be interesting to see if Wikileaks ever releases that code and whether or not the investigators conclusions regarding the culpability of Appelbaum or someone associated with his network suddenly change.

    Posted by Pterrafractyl | October 10, 2016, 7:40 pm
  12. Now that the US government is officially blaming Russia for the various high-profile political hacks this year, one of the big questions going forward is how the US responds. And as this post from the the Council on Foreign Relations blog suggests, that US response might not come in the form of some retaliatory cyber actions. Instead, we should probably expect non-cyber responses like increasing military aid for Russia’s neighbors and increasing government investments in anonymizing cyber technology (like Tor):

    Council on Foreign Relations Blog

    After Attributing a Cyberattack to Russia, the Most Likely Response Is Non Cyber

    by Adam Segal
    October 10, 2016

    Almost four months after the cybersecurity firm CrowdStrike claimed that two Russian hacker groups were behind the theft of data from computers at the Democratic National Committee and other political organizations, the U.S. government has publicly attributed the attacks to Russia. In a joint statement from the Director of National Intelligence and Department of Homeland Security, the intelligence community declared that it was “confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.” According to the statement, the hack was not the work of an individual calling himself Guccifer 2.0 or a 400 pound hacker sitting on a bed, but was: intended to interfere with the U.S. elections; consistent with other Russian efforts to influence public opinion in Europe and Eurasia; and was likely to have been authorized at the highest levels of the Russian government.

    The next steps for the Obama administration are unclear. As Henry Farrell notes, the U.S. government will now have to decide if it will provide compelling evidence of Russian culpability. Releasing additional proof will be necessary if the United States wants to build some international legitimacy for whatever retaliatory actions it takes. In fact, the United States signed onto a 2015 UN report that said that accusations of internationally “wrongful acts brought against states”–the kind the United States is accusing Russia—”should be substantiated.” But substantiation has significant risks. It will be difficult to assign responsibility without revealing intelligence capabilities, and attribution may allow Russia to patch vulnerabilities and result in the loss of U.S. defensive and offensive capabilities.

    A number of analysts have stressed the challenges facing the United States in responding to these attacks, and especially in preventing the confrontation from spinning out of control. While covert cyber operations would be one example of a a proportional response—and the United States certainly has the capability to attack Russian networks—it cannot ensure escalation dominance and the ability to end the conflict. Attacks that attempt to undermine Putin’s legitimacy by exposing emails or financial records and revealing compromising information might provoke even more widespread threats to U.S. critical infrastructure. Moreover, as former NSA general counsel Rajesh De and former CIA deputy director Michael Morrell note, offensive cyberattacks are counterproductive to the norms of behavior that the United States is trying to establish.

    This does not mean there should be no reaction. Instead, Washington will want to consider a range of options such as extending sanctions to those around Putin using a new a new executive order, more aid to Estonia and other states on Russia’s periphery, and more funds for the development of next generation anonymizing tools for dissidents and non-governmental organizations that monitor the Kremlin. The United States could also take steps to dismantle the IT infrastructure and hop points that Russian intelligence used to compromise U.S. political institutions to disrupt future cyber operations. This could take the form of clandestine activity or publicly visible steps, such as working with the international network of computer emergency response teams much like the United States did to counteract the 2011-2013 Iranian denial of service attacks against U.S. banks.

    Great powers are still trying to navigate the bounds of acceptable and proportionate responses when faced with confrontational state-sponsored cyber activity. Although analogies to nuclear policy or previous U.S. experience with Russian kompromat from the past may be helpful to navigate the present, cyberspace has unique characteristics that make these imperfect parallels. Washington’s response to Moscow’s actions will set the bar for future responses and set the example for other countries who could be victim of the same kind of activity. The White House will want to choose its next move carefully.

    This does not mean there should be no reaction. Instead, Washington will want to consider a range of options such as extending sanctions to those around Putin using a new a new executive order, more aid to Estonia and other states on Russia’s periphery, and more funds for the development of next generation anonymizing tools for dissidents and non-governmental organizations that monitor the Kremlin. The United States could also take steps to dismantle the IT infrastructure and hop points that Russian intelligence used to compromise U.S. political institutions to disrupt future cyber operations. This could take the form of clandestine activity or publicly visible steps, such as working with the international network of computer emergency response teams much like the United States did to counteract the 2011-2013 Iranian denial of service attacks against U.S. banks.”

    Yes, if the US responds to its charges against Russia with cyber attacks of its own, that could lead to a massive escalation of attacks that neither side can control. But there are other options, like fueling a military build up on Russia’s borders. No possibility for a disastrous escalation of tensions there!

    The other recommendation was that the US could increase funds for anonymization tools that could be used by Russian dissidents. And that’s an obvious reference to tools like Tor. Tools like Tor which happen to have been developed by cypherpunk hackers like Jacob Appelbaum (who is no longer with Tor following a wave of sexual harassment allegations this summer).

    Since it’s possible, or at least recommended by the CFR blog, that the US respond to these hacks with a military build up around Russia and an increase in funding for tools like Tor, maybe it’s worth keeping in mind:
    a. The manner in which the Snowden Affair appeared to have had the disruption of the US-Russian “reset” as one of its objectives.

    b. The degree to which Snowden, Appelbaum, and the rest of the cypherpunk community would love to see the development of even more secure anonymization tools like Tor that would greatly enhance the power of hackers to operate anonymously.

    and c. The distinct possibility – in terms of capability, ideology, and motives – that someone from this cypherpunk network could be behind at least some of these high-profile hacks.

    So whether or not these hacks really are coming from the cypherpunk elite hacker networks, if the US responds to these high-profile hacks with a big new investment in the cypherpunks’ dream-tools, you can be pretty sure there’s going to be a lot more high-profile hacks. Hacking the US will be like a cypherpunk pinata: hit it hard enough in a manner that implicates a country like Russia or China (countries the anonymization tools were built to be used in) and fun prizes eventually fall out!

    Similarly, if the US does indeed respond to these hacks with a big military build up in places like the Baltics and Georgia and specifically attributes the build up to the alleged Russian hacks, you can also be pretty sure there’s going to be a lot more high-profile US hacks.

    Still, it’s possible the US does actually have solid evidence that the Russian government was indeed behind the hacks but can’t reveal because that evidence would expose sources and methods. And let’s say the US has concluded there’s a justification for some sort or response. In that case, what should the US government do?

    The answer isn’t obvious and more importantly it isn’t obvious it isn’t obvious because we’re in new weird territory here. Kind of like the new weird territory of the nuclear age and the madness of mutually assured destruction with nukes or other WMDs. Doomsday-ish techno-showdowns aren’t new, but each one is its own snowflake of doom.

    And since one of the biggest threats in the age of the Great Hack is the risk that one of these hacks either directly leads to the use of a WMD (like someone taking over launch systems) or indirectly (like a hack response that spirals out of control), it’s definitely worth keeping in mind that one of the biggest goals of the age of the Great Hack is to get rid of WMDs. Or at least get that all pointed towards space for the eventual Borg attack (Good luck with that!). And while that may not be possible any time soon, we probably shouldn’t underestimate the utility of an endless international conversation about a vision for a future that doesn’t involve doomsday showdowns. Because technology is making doomsday showdowns easier and easier and that trending isn’t ending until we do. And bad relations aren’t an excuse for not talking about how to build a better tomorrow.

    So why shouldn’t the response to this growing US-Russian showdown be a “Russian reset” reset? And why not make building a global agreement for not using high profile hacks as a way of messing with other nations elections one of those building blocks for that better tomorrow. Regardless of whether Russia was behind these hacks or not, now is probably a good time for a reset reset and a long meaningful talk about what to do next.

    Posted by Pterrafractyl | October 12, 2016, 8:29 pm
  13. Here’s something rather notable about the big DDoS attack last week that took down a number of major websites: Wikileaks basically claimed the attack done by Wikileaks supporters in retaliation against the cut off of Julian Assange’s internet access. And while Wikileaks’s claim hasn’t been proven, as the article below notes, shortly after Wikileaks sent out a tweet asking its supporters to end the attack, the attack ended:

    The Daily Dot

    WikiLeaks asks supporters to stop massive DDoS attack snarling major website

    Aaron Sankin —
    Oct 21 at 11:41PM | Last updated Oct 21 at 11:41PM

    In a tweet on Friday afternoon, the official account of the radical transparency group WikiLeaks asked it supporters to halt a massive distributed denial of service (DDoS) attack that brought down many of the internet’s most popular websites.

    In a tweet on Friday afternoon, the official account of the radical transparency group WikiLeaks asked it supporters to halt a massive distributed denial of service (DDoS) attack that brought down many of the internet’s most popular websites.

    Mr. Assange is still alive and WikiLeaks is still publishing. We ask supporters to stop taking down the US internet. You proved your point. pic.twitter.com/XVch196xyL— WikiLeaks (@wikileaks) October 21, 2016

    That same morning, Dyn, which manages the Domain Name System (DNS) for sites like Twitter, Spotify, and Netflix released a statement that its servers on the East Coast of the United Sates were being flooded with fraudulent traffic.

    Computers identify websites using IP addresses (58.188.221.232, for example), but humans typically have a difficult time remembering long strings of numbers. DNS servers translate those IP address into more more manageable domain names (dailydot.com, for example). When Dyn’s DNS system went down, the ability to translate between IP addresses and domain names broke down.

    The attack began around 7am ET and has led to the affected sites having accessibility issues throughout the course of the day.

    The attack is believed to have been carried out by a botnet called Mirai, which uses Internet of Things enabled devices, such as wi-fi routers and web cams, to send voluminous amounts of traffic. The same botnet was also reportedly responsible for an attack against the website of prominent and influential cybersecurity blogger Brian Krebs.

    Shortly after WikiLeaks tweeted its message, Dyn posted a status update to its site proclaiming, “This incident has been resolved.”

    No direct evidence has been presented as to why WikiLeaks believes its supporters were behind the attack. A request for comment was not immediately returned.

    However, controversial WikiLeaks founder Julian Assange is in the midst of an intense public spat with the United States government. Assange, who has spent the past four years holed up in London’s Ecuadorian Embassy evading participation in a Swedish sexual assault investigation, recently had his personal internet connection temporarily restricted by the Ecuadorian government.

    In a statement released earlier this week, Ecuadorian officials said they made moves to limit Assange’s internet access following WikiLeaks’ publication of troves of emails stolen from senior Democratic party officials in an attempt to damage the presidential campaign of former Secretary of State Hillary Clinton and boost the chances of former reality TV star Donald Trump. The Obama administration has formally accused senior officials in the Russian government as being responsible for the breaches of the party’s computer systems, but WikiLeaks has pushed by against those assertions.

    “Shortly after WikiLeaks tweeted its message, Dyn posted a status update to its site proclaiming, “This incident has been resolved.””

    Well, coincidences do happen. But the fact that it’s really hard to dismiss the idea that one or more Wikileaks supporters carried this out (the attack was carried out by a Botnet so it could have conceivably been one person running the whole attack) is a reflection of the reality that Wikileaks is probably going to have an abundance of supporters with extensive hacking skills. The kind of hacking skills that, if misinterpreted, could create a major international incident. It’s a fun fact increasingly worth keeping in mind.

    Posted by Pterrafractyl | October 24, 2016, 6:49 pm
  14. Here’s an article that should serve as a reminder that, if Hillary Clinton wins, the GOP investigations are going to be up and running from the very first day and probably continue until she leaves office (assuming the GOP never loses control of the House during her time in office). It’s a reminder we don’t really need since it’s obvious this will happen, but with key GOP leaders already talking about “years” of investigations they have lined up it’s still worth noting. But there’s another reminder in the article that hasn’t received too much attention yet: If Hillary wins, the GOP’s reliance on Wikileaks for anything Hillary-related is only going to grow and grow:

    The Washington Post

    House Republicans are already preparing for ‘years’ of investigations of Clinton

    By David Weigel
    October 26 at 12:19 PM

    SOUTH JORDAN, Utah — Jason Chaffetz, the Utah congressman wrapping up his first term atop the powerful House Oversight Committee, unendorsed Donald Trump weeks ago. That freed him up to prepare for something else: spending years, come January, probing the record of a President Hillary Clinton.

    “It’s a target-rich environment,” the Republican said in an interview in Salt Lake City’s suburbs. “Even before we get to Day One, we’ve got two years’ worth of material already lined up. She has four years of history at the State Department, and it ain’t good.”

    If Republicans retain control of the House, something that GOP-friendly maps make possible even in the event of a Trump loss, Clinton will become the first president since George H.W. Bush to immediately face a House Oversight Committee controlled by the opposition party. (Bill Clinton, George W. Bush and Barack Obama lost Congress later in their presidencies.)

    And other Republican leaders say they support Chaffetz’s efforts — raising the specter of more partisan acrimony between them and the White House for the next four years.

    “The rigorous oversight conducted by House Republicans has already brought to light troubling developments in the [Hillary] Clinton email scandal,” the office of House Speaker Paul D. Ryan (R-Wis.) said in a statement to The Washington Post. “The speaker supports [Oversight’s] investigative efforts following where the evidence leads, especially where it shows the need for changes in the law.”

    And the Oversight Committee may not be the only House panel ready for partisan battle. While the Select Committee on Benghazi appears to have finished its work, Rep. Jim Jordan (R-Ohio), a committee member who says Clinton might have perjured herself on questions about her email, said recently that he wants the committee to continue.

    If she wins, Clinton would enter office with low favorable ratings and only one-third of voters considering her “honest and trustworthy.” As a result, Republicans are not inclined to give her a political honeymoon. To many of them, a Clinton victory would mean that Trump threw away an election that anyone else could have won.

    “This should have been a slam dunk for the GOP,” party consultant Frank Luntz said Sunday on CBS News’s “Face the Nation.”

    That analysis stems from the investigations Republicans have led — or asked for — into Clinton’s tenure at the State Department. Clinton has been dogged by investigations into the terrorist attacks in Benghazi, and for the better part of two years, she’s reeled from questions about the private email server she used while secretary of state. Chaffetz, too, views Clinton as a lucky candidate whose past will catch up with her after the polls close.

    “She’s not getting a clean slate,” he said. “It’s not like the State Department was bending over backwards to help us understand what was going on. We’ve got document destruction. We’ve got their own rogue system. We’ve got classified information out the door. We’ve got their foundation doing who knows what. I mean, it took them four years just to release her schedule.”

    Several Clinton allies recoiled when asked about Chaffetz’s plans for 2017. Clinton spokesman Brian Fallon said Chaffetz threatened to “ignore the public’s clear desire for the two parties to work together,” and he and others accused Chaffetz of wasting taxpayer money chasing old stories.

    “It’s clear Congressman Chaffetz is ready to spend resources on additional worthless political investigations that will, again, come up with nothing,” said David Brock, a former Clinton foe who now runs the pro-Clinton political action committee American Bridge and its affiliates.

    Rep. Elijah E. Cummings (D-Md.), the ranking member of the Oversight Committee and the Select Committee on Benghazi, said that new Clinton investigations based on the scandals vetted since 2013 would amount to waste.

    “Republicans are pretending like they haven’t been investigating Secretary Clinton for years ever since she announced that she was running for president, including everything from Benghazi to emails to the Clinton Foundation,” Cummings said in a statement. “It’s no exaggeration to say that on the first day Secretary Clinton walks into the White House, Republicans will have already investigated her more than any other president in history.”

    Chaffetz, elected in 2008 after beating an incumbent congressman in a primary, rose quickly in the House. After John A. Boehner’s surprise retirement, Chaffetz briefly ran for speaker of the House. Today, he says he’s “supportive” of Ryan and has no plan to chase his job — though he does not rule out supporting someone else. Oversight, he explained, is “where the action is.”

    Chaffetz emphasized that the questions raised since he took over the committee in 2015 have not all been answered.

    “We still have tens of thousands of missing documents,” he said. “That ranges from everything from the missing boxes [of subpoenaed emails] to the David Petraeus emails, to [State Department Undersecretary] Patrick Kennedy’s communications.”

    Chaffetz also suggested that coming Clinton hearings would touch on issues that had not been vetted. He had sent the committee’s investigators a weekend article from the Wall Street Journal that asked whether Virginia Gov. Terry McAuliffe (D) had slanted the FBI’s probe of Clinton by helping outside groups put $467,500 into the campaign of Virginia senate candidate Jill McCabe, whose husband, Andrew, later became deputy director of the FBI.

    “It seems like an obscene amount of money for a losing race,” Chaffetz said. “The ties between the governor and the Clintons are well-known. He raises money for a lot of people, but why so much for this one person?”

    In addition, Chaffetz previously said in an interview with CNN, an FBI agent’s suggestion that Kennedy had tried to get Clinton’s emails declassified deserved a hard look. “I honestly don’t believe they act in the best interests of our country,” he said of the State Department. Future Oversight investigations, he said, might depend on whether Clinton tries to put people ensnared by previous probes into her administration.

    “It depends on who stays and who goes,” Chaffetz said. “If Hillary Clinton brings in the same gang — Loretta Lynch, Cheryl Mills, Huma Abedin, Jake Sullivan — she has her cast of characters. If they put on the same play, she’s not going to get good reviews from the critics. Every single time we turn around, this puzzle gets more complicated with more pieces to it. That story about the $12 million from Morocco to the Clinton Foundation? You could take any one of these stories and have a year’s worth of investigations.”

    But the Morocco story also points to a potential problem for Chaffetz. The embarrassing 2015 emails from Clinton staffers, debating whether the future candidate should go to Morocco to collect a large charitable donation, came from hacked exchanges published by WikiLeaks. Chaffetz was inclined to steer away from them and had told Oversight investigators to avoid poking through the website’s cache. “You don’t want to be dealing with stolen documents,” he said.

    Few Republicans share that caution. At his rallies, Trump has cited several WikiLeaks-based stories and accused the media of covering them up — sometimes before leading chants of “lock her up,” directed at Clinton. He has also drawn attention to women who have accused Bill Clinton of unwanted sexual advances, and to videos produced by conservative sting artist James O’Keefe that purport to show Democratic strategists plotting violence at Trump rallies.

    Rep. Tim Murphy (R-Pa.), who chairs the investigative subcommittee of the Energy and Commerce Committee, tweeted that he was “stunned” by the O’Keefe videos. Chaffetz did not mention them. While Democrats blanch at what he might investigate, Clinton’s longtime critics worry that the Oversight Committee will not go far enough.

    “In the past, Republicans have used scandal investigations to keep their political opponents off kilter, as opposed to using them for serious accountability,” said Tom Fitton, the president of Judicial Watch, which has filed dozens of ongoing Clinton suits. “They made noise about Clinton lying to Congress, when, if they were really concerned about it, they could have passed a contempt resolution.”

    The negative feelings toward Clinton — the certainty, in conservative media, that she is “crooked” — could put pressure on Republicans from the first moments of Clinton’s presidency. Asked whether investigations could lead to extended political crises, with echoes of Watergate, Chaffetz said it would depend on Clinton and her team.

    “It depends on how cooperative they are, how seriously they take it,” Chaffetz said. “If they continue to erect walls and shore up the turrets, then, yeah, it’s going to be a battle. But if they act like they’re supposed to, if they comply with subpoenas and actually respond to requests from Congress, well, our republic requires that.”

    ““It’s a target-rich environment,” the Republican said in an interview in Salt Lake City’s suburbs. “Even before we get to Day One, we’ve got two years’ worth of material already lined up. She has four years of history at the State Department, and it ain’t good.””

    That was the warning coming from Jason Chaffetz, head of the House Oversight Committee: get ready for the GOP to make impeaching Hillary Clinton their full-time job. And House Speaker Paul Ryan appeared to fully back him up. It’s predictable that they would do so, but it wasn’t necessarily predictable that they would just come out and admit it before the election. But that’s what they just did so it will be interesting to see if that admission enters into both the presidential and House races with the election less than two weeks away. Pledging to begin years of investigations from day one is a rather polarizing statement for party leaders to make.

    And that pledge basically means Julian Assange’s current status as a kind of GOP savior-in-waiting is probably going to continue unabated too:

    “It depends on who stays and who goes,” Chaffetz said. “If Hillary Clinton brings in the same gang — Loretta Lynch, Cheryl Mills, Huma Abedin, Jake Sullivan — she has her cast of characters. If they put on the same play, she’s not going to get good reviews from the critics. Every single time we turn around, this puzzle gets more complicated with more pieces to it. That story about the $12 million from Morocco to the Clinton Foundation? You could take any one of these stories and have a year’s worth of investigations.”

    But the Morocco story also points to a potential problem for Chaffetz. The embarrassing 2015 emails from Clinton staffers, debating whether the future candidate should go to Morocco to collect a large charitable donation, came from hacked exchanges published by WikiLeaks. Chaffetz was inclined to steer away from them and had told Oversight investigators to avoid poking through the website’s cache. “You don’t want to be dealing with stolen documents,” he said.

    Few Republicans share that caution. At his rallies, Trump has cited several WikiLeaks-based stories and accused the media of covering them up — sometimes before leading chants of “lock her up,” directed at Clinton. He has also drawn attention to women who have accused Bill Clinton of unwanted sexual advances, and to videos produced by conservative sting artist James O’Keefe that purport to show Democratic strategists plotting violence at Trump rallies.

    Is Chaffetz really going to resist the allure of all those Wikileaks documents? Julian Assange is still presumably going to remain hell-bent on somehow taking down Hillary one way or another so we should expect a steady stream of Hillary-related leaks, real or not. And Wikileaks has already proven time and again this campaign season that its capable of titillating GOP audiences. So if Wikileaks releases a leak that could actually either create a new GOP investigation or further an existing investigation, it’s hard to believe that Chaffetz and the rest of the GOP isn’t going to be more than happy to overcome any remaining reticence they might have about rely on stolen documents.

    All in all, it’s very clear we can expect an endless wave of investigations and, therefore, it’s also very clear that we can expect one giant endless GOP prayer for Wikileaks to somehow provide the evidence they need to prove Hillary is a demon or something. And the more the GOP invests its political fortunes in somehow taking down Hillary, the stronger that Wikileaks prayer is going to get.

    So while it’s obviously going to be quite interesting to see how years of endless GOP investigations impacts the public’s view of Hillary, it’s going to be extra interesting to see just how popular Julian Assange is with the American right-wing after four to eight years of this. Especially if the GOP begins to experience a “Boy who cried corrupt wolf” public backlash, making some sort of big ‘score’ from Assange all the more important for the “investigate Hillary into oblivion” strategy. Yes, some in the GOP might still have cold feet about cozying up to Wikileaks, but the interest is obviously there to take this relationship to the next level. And why not? It’s a relationship that clearly has a lot of long-term potential. And who knows, maybe they’re soulmates.

    Posted by Pterrafractyl | October 26, 2016, 3:04 pm
  15. Interesting that the Podesta hack originated from Ukraine. While it is possible that this was done by Russian-linked groups in Ukraine, where they have launched many attacks from before, it is also possible that the attack came from pro-Ukrainian fascist forces as well, possibly to ensure that Hillary stays in their camp?

    https://m.cnsnews.com/news/article/

    In the email, the hackers even provided an Internet address of the purported Ukrainian hacker that actually traced to a mobile communications provider in Ukraine.

    Posted by Roger Stoned | November 1, 2016, 10:51 am
  16. Awww…it looks like the “Trump server set up secret communication with Alfa” story is already crumbling as other experts with access to the data comment on the findings, including the FBI which had already investigated the matter. As the article below notes, it’s not that there isn’t something somewhat odd about the communication pattern been Alfa’s mystery server with the server used by the Trump organization allegedly for marketing purposes. It is odd. But it’s also potentially totally innocuous so nothing can be concluded:

    The Washington Post

    That secret Trump-Russia email server link is likely neither secret nor a Trump-Russia link

    By Philip Bump
    November 1, 2016 at 12:28 PM

    Of all the things that were going to get Donald Trump into trouble over the course of this election, I would have put “automated computer server activity” pretty low on the list. But here we are.

    On Monday night, Slate published a lengthy story written by Franklin Foer exploring an odd connection between Trump’s businesses and a bank in Russia. Researchers looking to track Russian attempts at hacking American political interests noticed that a server at the bank had been connecting to a server linked to Trump — sporadically, in a pattern that they felt was indicative of interpersonal communication. With attention in the presidential race focused on how Trump’s political and economic interests might overlap with those of the Russian state, this was a tantalizing wisp of smoke.

    For all of Foer’s exegesis of the situation — culminating, he admits, with a lack of certainty about what it all means — it seems likely that the simplest answer isn’t that someone affiliated with Trump or his campaign set up a backchannel method for contacting someone at Alfa Bank in Russia. It seems more likely that the human tendency for pattern-seeking is extracting a conspiracy theory from the automated clunkiness of the way the Internet works.

    Naadir Jeewa does consulting work on precisely the sorts of systems involved in the Trump-Alfa scenario. When Foer’s piece was published, he quickly tweeted a number of reasons that he was skeptical of the idea that this was somehow nefarious. (He has subsequently written out his thoughts.) Based in the United Kingdom, he spoke with The Fix by phone on Tuesday morning to explain his reasoning.

    To understand what’s likely happening, we need to establish a few basics. First of all, the Trump server wasn’t really a Trump server. It was much less of a Trump email server, for example, than Hillary Clinton’s email server was hers. Clinton had a physical server that hosted her email. The trump-email.com domain that Alfa was connecting to was hosted by a company called Cendyn. Cendyn runs marketing systems for the hospitality industry, meaning that it offers an out-of-the-box solution for a company that owns a bunch of hotels to push out sales pitch emails to its customers. In other words, trump-email.com isn’t the email server Trump used to send emails from his closet. It was a domain name that linked back to a Cendyn server.

    This is important for a few reasons. The first, Jeewa said, was that the trump-email.com was configured to reject a certain type of query from another server. Since its job was simply to push out thousands of enticements to come stay at Trump Soho (or whatever) it didn’t need to receive many incoming requests (like incoming email). The second is that the conspiracy theory hinges on Trump’s team using an offsite server hosted by someone else for its quiet communications with its Russian allies. Instead of, say, their own server, under their own control. Or an encrypted chat app. Or a phone call.

    So why were the Alfa Bank servers communicating with trump-email.com in a rhythm that both seems to mirror human communication patterns and seems to have increased over the course of the campaign? To the latter point, the researchers looking at the traffic only began tracking communications in July, so everything’s been within the context of the campaign. A graph created by the researchers seems “to follow the contours of political happenings in the United States,” in Foer’s words.

    [see graph of server activity]

    But it doesn’t really. The biggest spike appears to have happened in early August — a point at which there was certainly a lot going on, but nothing particularly exceptional. This, too, seems more like pattern-seeking than a real correlation to events. (The question of when the communications occurred during the day is hard to evaluate, given the limited data we have available. It’s worth remembering, though, that the seven-hour time shift between Moscow and the U.S. East Coast means that either we or they are at work for most of any 24-hour period.)

    Jeewa notes that the type of requests the Alfa Bank servers were making were what’s called an “A record lookup.” (This is according to the files that have been made public, which, he said, could have been filtered to exclude other examples.) The domain name system relies on domain name servers (DNS), which act like a sort of Internet phone book. If you look up a business in a phone book, you’ll see its main number, maybe a fax line, maybe some numbers for various departments. DNS look-ups work the same way: If a server wants to know how to contact trump-email.com, it contacts a DNS server to learn its number — not a phone number, but an Internet protocol (IP) address, which is a string of numbers allowing Internet traffic to find its destination. Domains, like the business in our phone book example, have different information available about how they can be contacted. An MX record provides a pointer to the domain’s email system (think: fax number in the phone book). An A record is the main phone number, the IP address hosting the domain. It’s probably the most basic type of domain lookup request. That’s what Alfa Bank’s servers appear to have kept requesting again and again.

    Why? When an email is sent, the receiving server often checks to verify where it came from. To continue the analogy above, it’s as though you got a call on your cell from a number, and the person said he was calling from Ace Electronics. You might look up Ace Electronics in the phone book and see if the phone number matched. Similar thing here: When an email came from trump-email.com, Alfa Bank’s server likely checked the DNS system to get more information about the point of origin. Jeewa demonstrates that this is common practice by pointing out that one of the hacked Clinton campaign emails released by WikiLeaks includes an email from Cendyn’s servers — and a request back from the recipient for more information. For some reason, it seems, the Alfa Bank servers keep asking for that A record over and over again.

    One possibility is that the Trump system keeps sending out spam emails. Another is that the Alfa Bank server has a configuration issue. As Jeewa says in his write-up, “email systems are terrible.” Email is a clunky, kludge-y way of passing text messages around the Web, and bugs can get introduced that cause weird behavior. It’s far more likely in this case that the Alfa Bank servers are misfiring than that there’s a secret communications system being used. Dyn — the DNS system that was attacked two weeks ago, crippling Internet connectivity — told a reporter from The Verge that it wasn’t only Alfa that was looking up trump-email.com, suggesting that the server wasn’t as secret as it seems.

    Foer mentions in his piece that the New York Times was investigating the link. On Monday, the paper reported that the FBI had looked into and dismissed the idea that the two servers represented a secret communications channel. Investigators “concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts,” the Times’ Eric Lichtblau and Steven Lee Myers reported.

    The campaign offered a statement to Foer. It read, in part: “The email server, set up for marketing purposes and operated by a third-party, has not been used since 2010. … The Trump Organization is not sending or receiving any communications from this email server. The Trump Organization has no communication or relationship with this entity or any Russian entity.”

    After the Times started asking questions, the trump-email.com domain name changed, with Alfa Bank contacting the new email shortly afterward. This is offered by Foer as further evidence of a conspiracy, but Jeewa isn’t sure. “All it looks like now is that their set up is like every other customers’,” he said, meaning that the Trump system now fits the pattern of Cendyn’s normal host-naming — or, more directly, that an old server used by one of Trump’s companies was brought into conformance with Cendyn’s other customers.

    Why did the Alfa Bank server reach out to the new domain right away? It’s not clear. Perhaps because the new server sent a test email, Jeewa said, and Alfa Bank was in the test group.

    “Foer mentions in his piece that the New York Times was investigating the link. On Monday, the paper reported that the FBI had looked into and dismissed the idea that the two servers represented a secret communications channel. Investigators “concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts,” the Times’ Eric Lichtblau and Steven Lee Myers reported.

    Well, that settles that…in that it settles nothing which is appropriate given the lack of any conclusive evidence.

    At the same time, it’s worth noting that if any groups want to set up secure servers for private communication with each other in the way alleged by the original Slate article, now we all know how to do it: set up your servers to behave as closely to these servers as possible because at that point it will seem innocuous if someone detects the odd behavior. After all, a marketing server would potentially be a pretty good front for something like that.

    It’s analogous to the challenges of discerning the identity of, say, alleged Russian hackers when the data used to make that ID can be so easily spoofed by a skilled hacker or confirming the validity of hacked emails when the email content can be totally forged and no one would know it. So while digital conspiracy theories are likely to be increasingly prevalent as major hacks continue to rock societies, and while those digital conspiracy theories are likely to be criticized because the evidence to conclusively back them up simply isn’t available, the 2016 US campaign is turning into a giant lesson in the reality that digital conspiracy theories are basically the only option in a digital age.

    It’s also a reminder that the problem isn’t really with the digital conspiracy theories. Those are unavoidable and unfortunately necessary. The problems are with the digital conspiracy conclusions using inconclusive evidence.

    Posted by Pterrafractyl | November 1, 2016, 6:41 pm
  17. With the 2016 US election season coming to a merciful end, and the question of just how much damage Donald Trump did to the Trump brand by running as an Alt-Right white nationalist candidate yet to be answered, it’s worth noting that the Trump isn’t the only brand potentially seriously sullied by this election. Of course there’s the GOP’s brand too, but that was already pretty sullied. Perhaps a more interesting question is what this is going to do to Wikileaks’ brand, because it’s not as if the world has gotten an explanation for why the organization was doing everything it could to thrust President Donald Trump onto the world stage. And here’s Wikileak’s answer…it’s and answering that’s probably not going to do much for the brand: Wikileaks wasn’t trying to help Donald Trump at all. Nope. Nothing to see here:

    Talking Points Memo Livewire

    Assange Defends WikiLeaks Against Allegations It’s Interfering In US Election

    By Esme Cribb
    Published November 8, 2016, 12:10 PM EDT

    Julian Assange released a statement Tuesday pushing back on accusations that WikiLeaks is interfering in the 2016 U.S. presidential election.

    “Our organization defends the public’s right to be informed,” Assange wrote in the statement published on WikiLeaks’ website. “This is why, irrespective of the outcome of the 2016 US Presidential election, the real victor is the US public which is better informed as a result of our work.”

    He dismissed allegations that WikiLeaks has disproportionately focused on material related to Hillary Clinton’s campaign, and wrote that the organization has not received equivalent information about Donald Trump or third-party candidates which “fulfills our stated editorial criteria.”

    Assange asserted that Wikileaks has no “personal desire” to influence the election results.

    “Publishing is what we do,” he wrote. “To withhold the publication of such information until after the election would have been to favour one of the candidates above the public’s right to know.”

    He touted WikiLeaks’ record of authenticating leaked documents and said that the organization’s ultimate mission is to inform the public.

    “Wikileaks remains committed to publishing information that informs the public, even if many, especially those in power, would prefer not to see it,” Assange wrote. “WikiLeaks must publish. It must publish and be damned.”

    The radical transparency organization’s actions over the past few months seem to undermine Assange’s defense, however. WikiLeaks has used its Twitter account to criticize Clinton for her “rewarding of corruption,” promote polls that apparently indicate the Democratic nominee is “entitled, uncool and unaware of it,” and offer a $20,000 bounty for information about the murder of a Democratic National Committee staffer. In September, the organization also tweeted and then deleted a poll asking users to speculate about Clinton’s health.

    Assange himself wrote in February that a vote for Clinton is “a vote for endless, stupid war.” In a June interview, he called Clinton “a bit of a problem for freedom of the press.” And Trump ally Roger Stone claimed in a speech he delivered in August that he had “communicated with Assange” about an “October surprise” the WikiLeaks founder had promised to reveal about Clinton, which never materialized.

    “Assange himself wrote in February that a vote for Clinton is “a vote for endless, stupid war.” In a June interview, he called Clinton “a bit of a problem for freedom of the press.” And Trump ally Roger Stone claimed in a speech he delivered in August that he had “communicated with Assange” about an “October surprise” the WikiLeaks founder had promised to reveal about Clinton, which never materialized.”

    Yeah, it’s kind of hard to ignore Roger Stone’s claims that either he or one or one of his friends was in contact with Assange and getting inside information on when Wikileaks was going to do an anti-Hillary dump. We’re all apparently just supposed to ignore about that. And while an official “October Surprise” may not have emerged from Wikileaks in October, that probably had something to do with the fact that they were releasing all the Hillary/Democrat-related information in near daily dribs and drabs for months. Sure, the leaks weren’t really “surprising” at that point, but they were still pretty damaging and very obviously favorable to the Trump campaign. But we’re presumably supposed to ignore that too.

    So, given the enormous damage Wikileaks did to its credibility by basically acting as Donald Trump’s digital dirty-tricks middleman, one of the interesting questions worth asking now is what happens if people in general just started ignoring Wikileaks. Or, more specifically, what if Wikileaks acquired a reputation as a crypto-far-right organization and effectively died because it lost that critical trust factor. Or whatever other reason that might cause the organization to dissolve. What happens to all the unleaked information? Because just imagine how much real, and totally fake, unleaked information is still residing on its servers. Does some other ‘transparency organization’ get all the data? Assange has previously hinted that an “insurance” file will get released if Wikileaks is shut down. But what if it just dies a slow death? Is everything going to be dumped in one giant death rattle? In other words, does Wikileaks have a will? If there is a Wikileaks will, can we all see it or is it private? After the near-death experience Wikileaks helped but the the United States through it seems like a question worth answering.

    Posted by Pterrafractyl | November 8, 2016, 2:59 pm

Post a comment