Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #940 The Trumpenkampfverbande, Part 14: Unsettling In, Part 2 (German Ostpolitik, part 5)

Dave Emory’s entire life­time of work is avail­able on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by early winter of 2016. The new drive (available for a tax-deductible contribution of $65.00 or more.) (The previous flash drive was current through the end of May of 2012.)

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.

You can subscribe to e-mail alerts from Spitfirelist.com HERE.

You can subscribe to RSS feed from Spitfirelist.com HERE.

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.

This broadcast was recorded in one, 60-minute segment.

trump-hat

Trump kept a copy of this by his bedside.

Trump kept a copy of this by his bedside.

Introduction: This program continues our analysis of the Trump administration as the transformation of what Mr. Emory has called “The Underground Reich” into a mass political movement. At a policy level, the “Trumpenkampfverbande” is a vehicle for the implementation of German Ostpolitik, as set forth in FTR #’s 918 and 919.

Heavily overlapped with information discussed fleetingly in FTR #939, the program begins with analysis of a possible Ukrainian/OUN/B connection to the “high-profile hacks” allegedly perpetrated by Russia.

The hack of Clinton campaign manager John Podesta’s e-mail account (blamed on Russia) originated with a phishing e-mail from Ukraine. “. . . . The email, with the subject line “*Someone has your password,*” greeted Podesta, “Hi John” and then said, “Someone just used your password to try to sign into your Google Account john.podesta@gmail.com.” Then it offered a time stamp and an IP address in “Location: Ukraine.” . . . “

Analysis of cyber-warfare is daunting–a skilled hacker or hackers can mask their identity effectively, with the result that “cyber-false flag” operations are difficult to discern. It is in this context that we revisit the subject of a Ukrainian fascist link to the “Russia did it” meme.

The OUN/B milieu in the U.S. has apparently been instrumental in generating the “Russia did it” disinformation about the high-profile hacks. In the Alternet.org article, Mark Ames highlights several points:

  • Emblem of the Ukrainian Azov Battalion

    Emblem of the Ukrainian Azov Battalion

    The “PropOrNot” group quoted in a Washington Post story tagging media outlets, websites and blogs as “Russian/Kremlin stooges/propaganda tools/agents” is linked to the OUN/B heirs now in power in Ukraine. ” . . . One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. . . . ‘the OUN-B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN-B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!). . . .”

  • The OUN/B heirs ruling Ukraine compiled a list of journalists who were “Russian/Kremlin stooges/propaganda tools/agents,” including personal data and contact information (like that made public in the WikiLeaks data dump of DNC e-mails). This list was compiled by the Ukrainian intelligence service, interior ministry and–ahem–hackers: “. . . . One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian ‘terrorists.’ [43]  The website, ‘Myrotvorets’ [43] or ‘Peacemaker’—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police. . . . Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: “Slava Ukraini!” [Glory to Ukraine!] So when PropOrNot’s anonymous “researchers” reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly ‘Myrotvorets’ blacklist of “treasonous” journalists. . . .”
  • Helmets of the Ukrainian Azov battalion: Your tax dollars at work

    Helmets of the Ukrainian Azov battalion: Your tax dollars at work

    A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing the “Russia did it” disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”

With traditional, “Atlanticist” conservative GOP figures aligning with elements of the CIA to finger Trump as a Putin tool, etc. an epochal event is unfolding, in our opinion. What the brilliant Berkeley professor Peter Dale Scott has termed “The Deep State” is squaring off with the Trumpenkampfverbande, with the latter networking with European fascist and center-left parties to improve relations with Russia. NATO and the Atlanticist dynamic that has dominated post World War II politics are receding, and a German-led EU military is gaining momentum.

Again, we forecast this in FTR #’s 918 and 919.

Trump supporters at the National Policy Institute Conference

Trump supporters at the National Policy Institute Conference

Next, we note the selection of Stephen Miller, another “alt-right” figure, as an adviser to Trump. “. . . . Miller is a former staffer for the nativist Sen. Jeff Sessions (R-Ala.), now Trump’s nominee for attorney general. The announcement of Miller’s new role drew praise from white nationalist leader Richard Spencer. ‘Stephen is a highly competent and tough individual,’ Spencer, who famously coined the term ‘alt-right’ to describe the insurgent right-wing movement that has attracted white nationalists and supremacists, told Mother Jones on Wednesday. ‘So I have no doubt that he will do a great job.’ . . . .”

In past programs, we have noted the Third Reich origins of the Freedom Party in Austria. That party is now networking both with Putin and Trump’s “alt-right” leaning National Security Adviser Michael Flynn. One of the shared goals of both the Freedom Party, corporate Germany and–through the latter–the Underground Reich is the lifting of economic sanctions on Russia.

The broadcast underscores the continuity between the “new” Freedom Party and the old, Nazi-generated Freedom Party. The issue of the South Tyrol region is exemplary in this regard:

  •  ” . . . . A TV talk show host, Corinna Milborn, grilled [Freedopm Party presidential candidate Norbert] . . . Hofer last week for an hour over his alleged nationalist views and his calls for undoing the “unjust border” that keeps South Tyrol, a region of northern Italy, apart from Austria’s Tyrol. Mr. Hofer’s grin evaporated and he almost blew his cool. . . .”
  •  
    vWaffen SS veteran Herbert Schweiger: Activist for South Tyrolean Independence

    Waffen SS veteran Herbert Schweiger: Activist for South Tyrolean Independence

    Austrian Freedom Party founder Herbert Schweiger is no stranger to the issue of the South Tyrol: “. . . . Herbert Schweiger makes no attempt to hide his Nazi views. At his home in the Austrian mountains, the former SS officer gazes out of a window to a view of a misty alpine valley. Described to me as the ‘Puppet Master’ of the far right, Schweiger, 85, is a legendary figure for neo-Nazis across the world. Our time is coming again and soon we will have another leader like Hitler,’ he says. Still remarkably sharp-minded, Schweiger was a lieutenant in the infamous Waffen SS Panzer Division Leibstandarte Adolf Hitler, an elite unit originally formed before WWII to act as the Führer’s personal bodyguards. . . .He was a founding member of three political parties in Austria – the VDU, the banned NDP and the FPO. He has given his support to the current leader of the FPO. ‘Strache is doing the right thing by fighting the foreigner,’ says Schweiger. He is now in close contact with the Kameradschaften, underground cells of hardcore neo-Nazis across Austria and Germany who, over the past three years, have started to infiltrate political parties such as the FPO. His belief that the bullet and the ballot box go hand in hand goes back to 1961, when he helped to train a terrorist movement fighting for the reunification of Austria and South Tyrol. ‘I was an explosives expert in the SS so I trained Burschenschaften how to make bombs. We used the hotel my wife and I owned as a training camp,’ he says. The hotel he refers to is 50 yards from his home. Thirty people in Italy were murdered during the campaign. One of the men convicted for the atrocities, Norbert Burger, later formed the now-banned neo-Nazi NDP party with Schweiger. . . .”

In France, the center-left candidate for president–Francois Fillon–is pushing both for an increase in French defense spending and a German-led drive for an all EU army. Both are goals of the Underground Reich and the Trumpenkampfverbande, as set forth in FTR #’s 918 and 919. His views on rapprochement with Russia are typical of a significant portion of a relatively broad spectrum of European political parties. This resonates well with the Trumpenkampfverbande, again, as discussed in FTR #’s 918 and 919.  ” . . . . similar trends are playing out in several European countries, along their own particular national lines. In Germany, for instance, center-left leaders are pushing to abandon their country’s role in leading European efforts to counter Russia. Instead, they advocate reverting to the Cold War-era policy of Ostpolitik, in which West Germany sought a neutral balancing role between East and West. Often, West European politicians do not see themselves as explicitly calling for aligning with Moscow, but rather for abandoning the costly mission to counter Russia’s aggression against faraway eastern states at a moment when they have more immediate concerns. West European leaders see themselves as fighting an increasingly untenable two-front war: a southern front against immigration and terrorism and an eastern front against Russia. The eastern front is largely a project of policy establishments that see it as essential to maintaining Europe’s postwar order. Voters are more skeptical; a 2015 Pew poll found that slight majorities in France, Germany and Italy said their countries should not uphold their treaty obligation to defend an eastern NATO ally should it be attacked by Russia. Voters, particularly those on the right, have long seen southern issues — terrorism and immigration — as more important. Their threats to install far-right governments that would dismantle the European project entirely are increasingly credible. . . .” 

The broadcast concludes with a look at Rex W. Tillerson, the CEO of Exxon Mobil, chosen by Trump to be Secretary of State. Tillerson is opposed to maintaining sanctions against Russia: ” . . . .  At the center of the debate are questions about Mr. Tillerson’s vocal opposition to American sanctions imposed on Russia as he pursued oil and gas deals in that country. . . .” This too, is resonant with corporate Germany’s wishes as set forth in FTR #’s 918 and 919. Again, corporate Germany is dominated by the Bormann network.

We conclude with a recap of the Bormann capital network’s influence within Standard Oil of New Jersey (Exxon was formerly Standard of New Jersey, now merged with Mobil, Standard of New York.) ” . . .Vastly diversified, it is said to be the largest land-owner in South America, and through stockholdings, controls German heavy industry and the trust established by the late Hermann Schmitz, former president of I.G. Farben, who held as much stock in Standard Oil of New Jersey as did the Rockefellers. . . .”

Program Highlights Include: 

  • A recap of elementary features of German Ostpolitik.
  • A synopsis of the OUN/B and its World War II and post-World War II operations.
  • A synopsis of the information indicating Russia was not behind the high-profile hacks for which it has been punished.

1a. The hack of John Podesta’s e-mail–alleged to have been performed by Russia–originated with a phishing attack from Ukraine.

“The Phishing Email that Hacked the Account of John Podesta;” CBS News; 10/28/2016.

This appears to be the phishing email that hacked Clinton campaign chairman John Podesta’s Gmail account. Further, The Clinton campaign’s own computer help desk thought it was real email sent by Google, even though the email address had a suspicious “googlemail.com” extension. . . .

. . . . The email, with the subject line “*Someone has your password,*” greeted Podesta, “Hi John” and then said, “Someone just used your password to try to sign into your Google Account john.podesta@gmail.com.” Then it offered a time stamp and an IP address in “Location: Ukraine.” 

“Google stopped this sign-in attempt. You should change your password immediately.” And it then offered a link to change his password.

“This is a legitimate email,” Charles Delevan at the HFA help desk wrote to Podesta’s chief of staff, Sara Latham. “John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.”

Delevan included the Gmail link that would be used to change a user’s password, but whoever changed Podesta’s password instead clicked on the shortened URL that was in the original phishing email. This is the same technique used to hack Colin Powell’s emails and the Democratic National Committee emails, according to the website Motherboard.

All of these hacks were executed using these shortened URLs in fake emails, according to Motherboard, and those URLs “were created with a Bitly account linked to a domain under the control of Fancy Bear,” a group of Russian hackers.

1b. Next, the program highlights a topic that was initially broached in the last program. The OUN/B milieu in the U.S. has apparently been instrumental in generating the “Russia did it” disinformation about the high-profile hacks. A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing this disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”

“The Anonymous Blacklist Quoted by the Washington Post Has Apparent Ties to Ukrainian Fascism and CIA Spying” by Mark Ames; Alternet.org; 12/7/2016.

. . . . Still the question lingers: Who is behind PropOrNot? Who are they? We may have to await the defamation lawsuits that are almost certainly coming from those smeared by the Post and by PropOrNot. Their description sounds like the “About” tab on any number of Washington front groups that journalists and researchers are used to coming across:

“PropOrNot is an independent team of concerned American citizens with a wide range of backgrounds and expertise, including professional experience in computer science, statistics, public policy, and national security affairs.”

The only specific clues given were an admission that at least one of its members with access to its Twitter handle is “Ukrainian-American”. They had given this away in a handful of early Ukrainian-language tweets, parroting Ukrainian ultranationalist slogans, before the group was known.

One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. As historian Grzgorz Rossoliński-Liebe, author of the definitive biography [18] on Ukraine’s wartime fascist leader and Nazi collaborator [19] Stepan Bandera, explained [20]:

“the OUN-B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN-B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!).”

Two months after formalizing this salute, Nazi forces allowed Bandera’s Ukrainian fascists to briefly take control of Lvov [21], at the time a predominantly Jewish and Polish city—whereupon the Ukrainian “patriots” murdered, tortured and raped thousands of Jews [22], in one of the most barbaric [23] and bloodiest pogroms ever.

Since the 2014 Maidan Revolution brought Ukrainian neo-fascists [24] back into the highest rungs of power [25], Ukraine’s Nazi collaborators and wartime fascists have been rehabilitated [26] as heroes [27], with major highways and roads named after them [28], and public commemorations. The speaker of Ukraine’s parliament, Andriy Parubiy [29], founded Ukraine’s neo-Nazi “Social-National Party of Ukraine” [30] and published a white supremacist manifesto, “View From the Right” [31] featuring the parliament speaker in full neo-Nazi uniform in front of fascist flags with the Nazi Wolfsangel symbol. Ukraine’s powerful Interior Minister, Arsen Avakov, sponsors [32] several ultranationalist and neo-Nazi militia groups like the Azov Battalion [33], and last month he helped appoint another neo-Nazi[34], Vadym Troyan [35], as head of Ukraine’s National Police [36]. (Earlier this year, when Troyan was still police chief of the capital Kiev, he was widely accused [35] of having ordered an illegal surveillance operation on investigative journalist Pavel Sheremet just before his assassination by car bomb [37].)

A Ukrainian intelligence service blacklist as PropOrNot’s model

Since coming to power in the 2014 Maidan Revolution, Ukraine’s US-backed regime has waged an increasingly surreal war on journalists who don’t toe the Ukrainian ultranationalist line, and against treacherous Kremlin propagandists, real and imagined. Two years ago, Ukraine established a “Ministry of Truth” [38]. This year the war has gone from surreal paranoia [39] to an increasingly deadly [40] kind of “terror.” [41]

One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian “terrorists.” [43]  The website, “Myrotvorets” [43] or “Peacemaker”—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police.

Condemned by the Committee to Protect Journalists [44] and numerous news organizations in the West and in Ukraine, the online blacklist includes the names and personal private information on some 4,500 journalists [45], including several western journalists [43] and Ukrainians working for western media. The website is designed to frighten and muzzle journalists from reporting anything but the pro-nationalist party line, and it has the backing of government officials, spies and police—including the SBU (Ukraine’s successor to the KGB), the powerful Interior Minister Avakov and his notorious far-right deputy, Anton Geraschenko.

Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: “Slava Ukraini!” [Glory to Ukraine!] So when PropOrNot’s anonymous “researchers” reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly “Myrotvorets” blacklist of “treasonous” journalists.

The DNC’s Ukrainian ultra-nationalist researcher cries treason

Because the PropOrNot blacklist of American journalist “traitors” is anonymous, and the Washington Post front-page article protects their anonymity, we can only speculate on their identity with what little information they’ve given us. And that little bit of information reveals only a Ukrainian ultranationalist thread—the salute, the same obsessively violent paranoia towards Russia, and towards journalists, who in the eyes of Ukrainian nationalists have always been dupes and stooges, if not outright collaborators, of Russian evil.

One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group “US United With Ukraine Coalition” [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests.

In October of this year, Yahoo News named Chalupa [48] one of “16 People Who Shaped the 2016 Election” [49] for her role in pinning the DNC leaks on Russian hackers, and for making the case that the Trump campaign was under Kremlin control. “As a Democratic Party consultant and proud Ukrainian-American, Alexandra Chalupa was outraged last spring when Donald Trump named Paul Manafort as his campaign manager,” the Yahoo profile began. “As she saw it, Manafort was a key figure in advancing Russian President Vladimir Putin’s agenda inside her ancestral homeland — and she was determined to expose it.”

Chalupa worked with veteran reporter Michael Isikoff of Yahoo News to publicize her opposition research on Trump, Russia and Paul Manafort, as well as her many Ukrainian sources. In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited “to speak specifically about Paul Manafort.” In turn, Isikoff named her as the key inside source [46] “proving” that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers.

(In 2008, when I broke the story [51] about the Manafort-Kremlin ties in The Nation with Ari Berman, I did not go on to to accuse him or John McCain, whose campaign was being run by Manafort’s partner, of being Manchurian Candidates under the spell of Vladimir Putin. Because they weren’t; instead, they were sleazy, corrupt, hypocritical politicians who followed money and power rather than principle. A media hack feeding frenzy turned Manafort from what he was—a sleazy scumbag—into a fantastical Kremlin mole [52], forcing Manafort to resign from the Trump campaign, thanks in part to kompromat material leaked by the Ukrainian SBU [53], successor to the KGB.)

Meanwhile, Chalupa’s Twitter feed went wild accusing Trump of treason—a crime that carries the death penalty. Along with well over 100 tweets hashtagged #TreasonousTrump [54] Chalupa repeatedly asked powerful government officials and bodies like the Department of Justice [55] to investigate Trump for the capital crime of treason. In the weeks since the election, Chalupa has repeatedly accused [56] both the Trump campaign and Russia of rigging the elections, demanding further investigations. According to The Guardian [57], Chalupa recently sent a report to Congress proving Russian hacked into the vote count, hoping to initiate a Congressional investigation. In an interview with Gothamist [58], Chalupa described alleged Russian interference in the election result as “an act of war.”

To be clear, I am not arguing that Chalupa is behind PropOrNot. But it is important to provide context to the boasts by PropOrNot about its Ukrainian nationalist links—within the larger context of the Clinton campaign’s anti-Kremlin hysteria, which crossed the line into Cold War xenophobia time and time again, an anti-Russian xenophobia shared by Clinton’s Ukrainian nationalist allies. To me, it looks like a classic case of blowback: A hyper-nationalist group whose extremism happens to be useful to American geopolitical ambitions, and is therefore nurtured to create problems for our competitor. Indeed, the US has cultivated extreme Ukrainian nationalists as proxies [59] for decades, since the Cold War began.

As investigative journalist Russ Bellant documented in his classic exposé, “Old Nazis, New Right,” Ukrainian Nazi collaborators were brought into the United States and weaponized [60] for use against Russia during the Cold War, despite whatever role they may have played in the Holocaust and in the mass slaughter of Ukraine’s ethnic Poles. After spending so many years encouraging extreme Ukrainian nationalism, it’s no surprise that the whole policy is beginning to blow back.

2. It looks like Steve Bannon will have some Alt-Right company in the White House advisory staff: Stephen Miller, former chief aide to Trump’s pick for Attorney General Jeff Sessions, is set to be Trumps senior advisor for policy. He’s also reportedly quite close to Alt-Right ring-leader Richard Spencer going back to their time at Duke University’s Duke Conservative Union.

“Trump’s Newest Senior Adviser Seen as a White Nationalist Ally” by Josh Harkinson; Mother Jones; 12/14/2016.

Stephen Miller drew praise from a top white nationalist, who hopes he’ll “do good things for white America.”

President-elect Donald Trump’s newest pick to be a senior adviser in the White House has long ties to a prominent white nationalist, who sees him as an ally of the movement.

Stephen Miller, a top aide to Trump’s presidential campaign, will serve as a senior White House adviser for policy, Trump’s transition team announced Tuesday. Miller is a former staffer for the nativist Sen. Jeff Sessions (R-Ala.), now Trump’s nominee for attorney general. The announcement of Miller’s new role drew praise from white nationalist leader Richard Spencer. “Stephen is a highly competent and tough individual,” Spencer, who famously coined the term “alt-right” to describe the insurgent right-wing movement that has attracted white nationalists and supremacists, told Mother Jones on Wednesday. “So I have no doubt that he will do a great job.”

Spencer and Miller first came to know each other in the late 2000s as students at Duke University, where they both belonged to the Duke Conservative Union. Miller earned notice for standing up for white lacrosse players falsely accused in 2006 of gang raping a black woman. Spencer also defended the Duke lacrosse players, writing about the case for Pat Buchanan’s American Conservative, which later hired him as an editor.

Spencer told me that at Duke, Miller helped him with fundraising and promotion for an on-campus debate on immigration policy that Spencer organized in 2007, featuring influential white nationalist Peter Brimelow. Another former member of the Duke Conservative Union confirms that Miller and Spencer worked together on the event. At DCU meetings, according to a past president of the group, Miller denounced multiculturalism and expressed concerns that immigrants from non-European countries were not assimilating.

“I knew [Miller] very well when I was at Duke,” Spencer told me when I visited him at his home in Whitefish, Montana, a few weeks before the election. “But I am kind of glad no one’s talked about this, because I don’t want to harm Trump.”

Miller wrote about two dozen columns for the Duke Chronicle, and his articles assailed multiculturalism (which he called “segregation”) and paid family leave (which he said results in men getting laid off). He also denied there was systematic racism (which he dubbed “racial paranoia”).

When contacted by Mother Jones in October, Miller did not respond on the record to specific questions about his activities with the DCU or his views on race and immigration, but he denied ever being close to Spencer. “I have absolutely no relationship with Mr. Spencer,” he said in an email that month. “I completely repudiate his views, and his claims are 100 percent false.”

Before joining the Trump campaign last year, Miller, who is 30, served as Sessions’ chief of communications. “Those who worked with them say that Sessions and Miller had a ‘mind meld,’” Julia Ioffe wrote in a June Politico profile of Miller. Sessions and Miller worked closely in opposing the Supreme Court confirmation of Sonia Sotomayor, who Sessions implied might not be impartial due to her Hispanic heritage. In 2014, after the Senate had passed a bipartisan deal on comprehensive immigration reform, Sessions helped kill it in the House by distributing anti-immigration figures and talking points that were written by Miller.

During the campaign, Miller, as a senior adviser to Trump, warmed up crowds at Trump rallies with fiery, populist speeches drawing from a nativist playbook. “We’re going to build that wall high and we’re going to build it tall,” he proclaimed at a Trump event in Dallas in June. “We’re going to build that wall, and we’re going to build it out of love. We’re going to build it out of love for every family who wants to raise their kids in safety and peace…We’re building it out of love for America and Americans of all backgrounds.”

3a. Originally founded by Third Reich veterans as a vehicle for the political rehabilitation of NSDAP members, Austria’s Freedom Party has networked with Putin and Trump’s national security adviser designate Michael Flynn. The primary focus is on lifting the sanctions imposed on Russia. This step is also favored by corporate Germany, as discussed in FTR #’s 918 and 919” . . . . Freedom Party leader Heinz-Christian Strache and Norbert Hofer, the losing candidate in this month’s presidential election, signed a “working agreement” with Russian President Vladimir Putin’s United Russia party in Moscow on Monday, according to a statement issued by the Austrian party. It added that Strache met last month in New York with Michael Flynn, nominated to become President-elect Donald Trump’s National Security Adviser. Strache wants to roll back ‘the sanctions that are harmful and ultimately useless for the economy,’ according to the Freedom Party statement. . . . “

“Austrian Populists Go to Moscow to Pitch Trump-Putin Bridge” by Boris Groendahl and Jonathan Tirone; Bloomberg Politics; 12/19/2016.

* Freedom Party chiefs in ‘diplomatic talks’ with United Russia
* Party has opposed sanctions on Russia; leads in Austrian polls

Austria’s populist Freedom Party said it wants to broker an end to sanctions on Russia by using its contacts with the White House and the Kremlin to reduce east-west tensions.

Freedom Party leader Heinz-Christian Strache and Norbert Hofer, the losing candidate in this month’s presidential election, signed a “working agreement” with Russian President Vladimir Putin’s United Russia party in Moscow on Monday, according to a statement issued by the Austrian party. It added that Strache met last month in New York with Michael Flynn, nominated to become President-elect Donald Trump’s National Security Adviser.

Strache wants to roll back “the sanctions that are harmful and ultimately useless for the economy,” according to the Freedom Party statement, which described itself as “a neutral and reliable mediator and partner.” The delegation met with United Russia’s international secretary, Sergei Zheleznyak, according to a spokesman for the Russian party.

This is the first formal agreement with a major party from EU-member state since the bloc imposed its sanctions on Russia for annexing Crimea and supporting separatists in Eastern Ukraine.

While the Freedom Party was defeated for the Austrian presidency by an independent candidate, it tops national opinion polls with about a third of the vote.

Party officials have in the past called for an end to European Union sanctions against Russia and voiced support for Russia’s annexation of Crimea. In a Facebook posting, Strache said that Russia had “freed Aleppo” from Islamic State.

“Austria needs international political and business contacts rather than negative and damaging sanctions,” Strache said on Facebook. Austria was neutral during the Cold War. Austrian companies including oil and gas group OMV AG and Raiffeisen Bank International AG have close business ties to Moscow.

During this year’s presidential ballot, Hofer campaigned on the promise to build a bridge between Trump and the Kremlin. The election’s winner, former Green Party leader Alexander Van der Bellen, offset Hofer’s appeals by arguing Austria’s most important economic interests are inside the EU. . . .

3b. We review the Nazi origins of the Freedom Party, recapping its origins as a vehicle for re-introducing German Nazi Party veterans into Austrian politics. Note the place of the South Tyrol in a Pan-Germanic “New Europe.”  

“Austria’s Far Right Sees a Prize Within Reach: The Presidency” by Alison Smale; The New York Times; 11/29/2016.

In his office in Austria’s grand old Parliament, Norbert Hofer, the man who would be Austria’s next president, presents himself as anything but a threat.

He enters with a pronounced limp as a result of a 2003 paragliding accident. He air-kisses a visitor’s hand. He then spends much of the next hour professing that he is not nationalist and certainly not anti-Semitic, insists that he is too young to have anything to do with Nazism and says that he is no part of any populist wave. . . .

. . . . Mr. Trump’s victory, Mr. Hofer said, has eroded any lingering inhibitions that Austrians may have had about openly supporting his candidacy, though that remained to be seen.

“With Trump’s victory, that barrier has loosened a bit,” Mr. Hofer said with evident satisfaction.

The existence of such barriers hints at a lasting stigma around the Freedom Party, which was created by a group of former Nazis in the 1950s and gained political traction under the charismatic leadership of the populist Jörg Haider in the 1990s. . . .

. . . . Mr. Hofer’s opponents are keenly active. Last Thursday, Mr. Van der Bellen posted a video appeal for votes from an 89-year-old Viennese woman who survived Auschwitz and said she was horrified by Freedom Party talk of a coming “civil war.”

Identified only as Gertrude, she recalled seeing her first dead body during the 1934 left-right street battles here and Viennese residents’ mocking the Jews forced to scrub streets with toothbrushes after the Nazis took power.

Mr. Van der Bellen’s campaign said her identity would be kept secret for fear of hate attacks on social media that have already been a feature of the months of campaign vitriol. The video garnered over 2.5 million views in three days.

A TV talk show host, Corinna Milborn, grilled Mr. Hofer last week for an hour over his alleged nationalist views and his calls for undoing the “unjust border” that keeps South Tyrol, a region of northern Italy, apart from Austria’s Tyrol. Mr. Hofer’s grin evaporated and he almost blew his cool. . . .

3c. A founder of the Freedom Party is SS veteran Herbert Schweiger, who has long campaigned and executed violence in support of South Tyrolean reunification with Austria.

“The Far Right Is on the March Again: The Rise of  Fascism in Austria” by Billy Briggs; Daily Mail; 3/18/2009.

. . . . Herbert Schweiger makes no attempt to hide his Nazi views. At his home in the Austrian mountains, the former SS officer gazes out of a window to a view of a misty alpine valley. Described to me as the ‘Puppet Master’ of the far right, Schweiger, 85, is a legendary figure for neo-Nazis across the world.

‘Our time is coming again and soon we will have another leader like Hitler,’ he says.

Still remarkably sharp-minded, Schweiger was a lieutenant in the infamous Waffen SS Panzer Division Leibstandarte Adolf Hitler, an elite unit originally formed before WWII to act as the Führer’s personal bodyguards.

This is his first interview for four years and the first he has ever given to a journalist from outside Austria. It happens a few weeks before he is due to appear in court charged with promoting neo-Nazi ideology.

It will be the fifth time he has stood trial for breaking a law, the Verbotsgesetz, enacted in 1947 to halt the spread of fascist ideology. He has been found guilty twice and acquitted twice. It quickly becomes apparent that little has changed in Schweiger’s mindset since his Third Reich days.

‘The Jew on Wall Street is responsible for the world’s current economic crisis. It is the same now as in 1929 when 90 per cent of money was in the hands of the Jew. Hitler had the right solutions then,’ he says, invoking the language of Goebbels.

The room is filled with mementos from his past and indicators of his sickening beliefs. His bookshelf is a library of loathing. I spot a book by controversial British Holocaust denier David Irving and one on the ‘myth of Auschwitz’. On a shelf hangs a pennant from the SS Death’s Head unit that ran Hitler’s concentration camps. Such memorabilia is banned in Austria but Schweiger defiantly displays his Nazi possessions.

If Schweiger was an old Nazi living out his final days in this remote spot, it might be possible to shrug him off as a now harmless man living in his past. But Schweiger has no intention of keeping quiet.

‘My job is to educate the fundamentals of Nazism. I travel regularly in Austria and Germany speaking to young members of our different groups,’ he says.

Schweiger’s lectures are full of hate and prejudice. He refers to Jews as ‘intellectual nomads’ and says poor Africans should be allowed to starve.

‘The black man only thinks in the present and when his belly is full he does not think of the future,’ he says. ‘They reproduce en masse even when they have no food, so supporting Africans is suicide for the white race.

‘It is not nation against nation now but race against race. It is a question of survival that Europe unites against the rise of Asia. There is an unstoppable war between the white and yellow races. In England and Scotland there is very strong racial potential.

‘Of course I am a racist, but I am a scientific racist,’ he adds, as if this is a justification.

Schweiger’s raison d’être is politics. He was a founding member of three political parties in Austria – the VDU, the banned NDP and the FPO. He has given his support to the current leader of the FPO. He has given his support to the current leader of the FPO.

‘Strache is doing the right thing by fighting the foreigner,’ says Schweiger.

He is now in close contact with the Kameradschaften, underground cells of hardcore neo-Nazis across Austria and Germany who, over the past three years, have started to infiltrate political parties such as the FPO.

His belief that the bullet and the ballot box go hand in hand goes back to 1961, when he helped to train a terrorist movement fighting for the reunification of Austria and South Tyrol.

‘I was an explosives expert in the SS so I trained Burschenschaften how to make bombs. We used the hotel my wife and I owned as a training camp,’ he says. The hotel he refers to is 50 yards from his home.

Thirty people in Italy were murdered during the campaign. One of the men convicted for the atrocities, Norbert Burger, later formed the now-banned neo-Nazi NDP party with Schweiger. . . .

3d. In the context of a European re-alignment vis a vis Russia, we turn to the subject of Francois Fillon, the recent winner of France’s center-right party presidential primary.

We begin with an article from July about Fillon’s attitudes to military spending. To summarize, Fillon is for increased military spending, increased investments in Frances nuclear forces, citing Russia’s investments as a reason to do so, and he advocates France pushing Germany to create a European Army. At the same time, Fillon suggests that NATO’s enlargement to include Russia’s neighbors was a major mistake and that France should be working more closely with Russia on areas like terrorism and Syria.

“Defense Spending Emerges as French Election Topic” by Pierre Tran; Defense News ; 7/13/2016.

François Fillon, a former prime minister, said July 13 he would commit France to spending two percent of its gross domestic product on defense and also retain the airborne and submarine-launched nuclear weapons if he won the presidential election next year.

Fillon, one of the candidates in the primaries of the conservative party Les Républicains, said the two percent figure “is important.”

“That is a target I would pursue,” he told the European-American Press Club. “And equally, I would maintain the two components for nuclear deterrence.”

French defense spending has slipped to around 1.5 percent, below the two percent target set by NATO, as the national economy struggles to grow.

Fillon said he would pursue work on the next generation of nuclear missile submarines to replace the present four-strong fleet “in the medium term.”

International tension would not allow France “to lower its guard on the nuclear deterrent front,” he said, adding that Russia is re-arming, building nuclear subs, and installing anti-ballistic missile defense capabilities around Moscow.

It was a major mistake for NATO to extend its reach so close to Russia, and it was important for Paris and Moscow to pursue a dialog as Russia remains a European country, he said.

Fillon, prime minister from May 2007 to May 2012, is one of the candidates for the primaries to be held in November, which will decide which candidate to stand in the presidential election in May.

There is a consensus among Les Republicains candidates for the primaries and the Socialist party on maintaining the two nuclear forces, which offer credibility and flexibility of response, said Jean-Pierre Maulny, deputy director of the think tank Institut de Relations Internationales et Stratégiques.

There was more debate of canceling one of the nuclear weapons in the previous presidential campaign. The arguments this time around are more about whether France should be “for or against” an atomic response, Maulny said.

France should persuade Germany to set up a European army, according to Fillon. Berlin could not rely wholly on NATO, as the alliance was unable to meet the threat from the Islamic State, he argued.

Fillon said he told French President François Hollande that rather than launch French airstrikes against Syria, the leader should sit down with his Russian counterpart Vladimir Putin and German leader Angela Merkel and agree on a “medium-term strategy” on how to deal with Syria’s Bashar Al-Assad.

Hollande ordered French airstrikes in retaliation for the Nov. 13, 2015, terror attacks in Paris, for which the Islamic State claimed responsibility. The Syria crisis has since deepened.

There may be some 60 countries in the anti-Syria coalition but as long as Russia and Iran were excluded, there was little chance of success, Fillon argued. The latter is considered essential as Teheran is the regional power.

Putin is “very difficult” to deal with but once he reaches an agreement, he keeps it, according to Fillon. “I have never seen him break his word.”

Fillon was prime minister under then-president Nicolas Sarkozy, when Putin was his Russian counterpart.

“France should persuade Germany to set up a European army, according to Fillon. Berlin could not rely wholly on NATO, as the alliance was unable to meet the threat from the Islamic State, he argued.”

Yeah, somehow it doesn’t seem like selling Germany on a European Army is going to be a tough sell.

3e. Fillon is advocating a significant European shift towards Russia, along with a growing number of European leaders and voters:

“French Election Hints at a European Shift Toward Russia” by Max Fisher; The New York Times; 11/30/2016.

The victory of François Fillon in France’s center-right presidential primary is the latest sign that a tectonic shift is coming to the European order: toward accommodating, rather than countering, a resurgent Russia.

Since the end of World War II, European leaders have maintained their ever-growing alliance as a bulwark against Russian power. Through decades of ups and downs in Russian-European relations, in periods of estrangement or reconciliation, their balance of power has kept the continent stable.

But a growing movement within Europe that includes Mr. Fillon, along with others of a more populist bent, is pushing a new policy: instead of standing up to President Vladimir V. Putin of Russia, stand with him.

Mr. Fillon has called for lifting sanctions on Russia and for partnering with Moscow in an effort to curtail immigration and terrorism. He is friendly with Mr. Putin. If pollsters are right and Mr. Fillon wins the French presidency in the spring, he could join several rising European politicians and newly elected leaders who are like-minded.

Their movement, scholars stress, is driven by forces far more formidable than any elected leader: the populist upsurge that is remaking the Continent and, simultaneously, the impersonal but overwhelming pressures of international power balancing.

These changes, along with the impending British withdrawal from the European Union and the election of Donald J. Trump as president of the United States, foretell a “dramatic shift” in the half-century of Western unity against Russia, said James Goldgeier, a political scientist and the dean of American University’s School of International Service in Washington.

“All the trend lines right now point away from a tough approach to Russian aggression and point toward more accommodation of the Russian notion that they have a privileged sphere of influence,” he said.

It is unclear how far into Europe that sphere of Russian influence might extend, or the consequences for nations that would come under it after escaping Soviet domination only a generation ago. But those are questions of degree; Mr. Fillon’s primary victory suggests that the shift has already begun.

A Pro-Putin Populism

Though Mr. Fillon would reverse his country’s hard line on Russia, he would not be the first French leader to reach out to Moscow — Charles de Gaulle, the president from 1959 to 1969, also did this — and could not, on his own, upend European unity.

More important, he would not be alone. Mr. Trump has promised cooperation with Russia and threatened to diminish the United States’ role in NATO. Several East European countries have elected leaders who advocate reconciling with Moscow.

In Western Europe, politics seems poised to move in Mr. Fillon’s direction. Mainstream parties, forced to acknowledge that they cannot contain the far right, are instead working to co-opt it.

Mr. Fillon illustrates this trend well. Unlike the French far right, he wishes to maintain his country’s membership in the European Union. But, indulging Europe’s populist wave, he has promised to curtail immigration sharply, promote conservative social values, impose “strict administrative control” over Islam and bring security against terrorism.

Benjamin Haddad, a French analyst at the Hudson Institute, a conservative think tank based in Washington, said that such policies point, in ways that might not be obvious to Americans, toward another agenda item of the European far right: partnering with Mr. Putin.

“All over Europe, Putinism has emerged as an ideological alternative to globalism, the E.U., etc.,” Mr. Haddad said, with Mr. Putin seen as “a bulwark for conservative values — a strongman against gay marriage, immigration, Islam.”

Mr. Haddad added, “It’s largely a domestic phenomenon, rather than the reflection of a strategic debate over the relationship with Moscow.”

Mr. Fillon’s warmth toward Mr. Putin is apparently heartfelt, and it predated this election. What changed is French voters, who increasingly desire hard-line policies and signs of strength that they perceive Mr. Putin as representing.

Nicolas Sarkozy, Mr. Haddad pointed out, won the French presidency in 2007 by running as a pragmatic pro-American conservative, but this year he ran as a pro-Russian populist. While Mr. Sarkozy lost the center-right primary this month, Mr. Fillon carried that same message to success.

The Eastern and Southern Fronts

In some ways, Mr. Fillon is particular to France, where nationalist politicians since de Gaulle have long asserted French independence from the United States and Britain by reaching out to Russia. But similar trends are playing out in several European countries, along their own particular national lines.

In Germany, for instance, center-left leaders are pushing to abandon their country’s role in leading European efforts to counter Russia. Instead, they advocate reverting to the Cold War-era policy of Ostpolitik, in which West Germany sought a neutral balancing role between East and West.

Often, West European politicians do not see themselves as explicitly calling for aligning with Moscow, but rather for abandoning the costly mission to counter Russia’s aggression against faraway eastern states at a moment when they have more immediate concerns.

West European leaders see themselves as fighting an increasingly untenable two-front war: a southern front against immigration and terrorism and an eastern front against Russia.

The eastern front is largely a project of policy establishments that see it as essential to maintaining Europe’s postwar order. Voters are more skeptical; a 2015 Pew poll found that slight majorities in France, Germany and Italy said their countries should not uphold their treaty obligation to defend an eastern NATO ally should it be attacked by Russia.

Voters, particularly those on the right, have long seen southern issues — terrorism and immigration — as more important. Their threats to install far-right governments that would dismantle the European project entirely are increasingly credible.

4. Trump’s nominee to be Secretary of State is Exxon Mobil CEO Rex Tillerson, who, like the Austrian Freedom Paraty (and corporate Germany/Bormann capital network) wants the sanctions on Russia lifted.

“Trump Lines Up Establishment Republicans to Vouch for Tillerson” by Michael D. Shear; The New York Times; 12/13/2016.

After waging an 18-month assault on the Republican establishment, President-elect Donald J. Trump changed course on Tuesday and enlisted the party’s high priests of foreign policy to help him win the confirmation of Rex W. Tillerson as secretary of state.

Several former Republican secretaries of defense and state sought to dismiss bipartisan concerns about Mr. Tillerson, the Exxon Mobil chief executive, over his two-decade relationship with President Vladimir V. Putin of Russia. At the center of the debate are questions about Mr. Tillerson’s vocal opposition to American sanctions imposed on Russia as he pursued oil and gas deals in that country. . . .

. . . . . A series of statements followed from former Vice President Dick Cheney and former secretaries of state James A. Baker III and Condoleezza Rice, among others. In an interview, Robert M. Gates, who served as secretary of defense under President Obama and President George W. Bush, strongly endorsed Mr. Tillerson, a longtime friend, calling him someone who “knows the world like the back of his hand.”

Mr. Gates, whose consulting firm has represented Exxon Mobil, said that senators concerned about Mr. Tillerson’s relationship with Mr. Putin are basing their criticism “on a superficial watching” of video clips of the Exxon executive receiving the Russian Order of Friendship in 2013 with Mr. Putin. . . .

5. The Manning text highlights the pivotal role of the Bormann organization in German heavy industry and, in turn, the influence of the Hermann Schmitz trust in the Bormann organization. ” . . .Vastly diversified, it is said to be the largest land-owner in South America, and through stockholdings, controls German heavy industry and the trust established by the late Hermann Schmitz, former president of I.G. Farben, who held as much stock in Standard Oil of New Jersey as did the Rockefellers. [Exxon is Standard of New Jersey, now merged with Mobil, which is Standard Oil of New York–D.E.] . . .”

Martin Bormann: Nazi in Exile; Paul Manning; Copyright 1981 [HC]; Lyle Stuart Inc.; ISBN 0-8184-0309-8; p. 292.

. . . .The Bormann organization continues to wield enormous economic influence. Wealth continues to flow into the treasuries of its corporate entitities in South America, the United States, and Europe. Vastly diversified, it is said to be the largest land-owner in South America, and through stockholdings, controls German heavy industry and the trust established by the late Hermann Schmitz, former president of I.G. Farben, who held as much stock in Standard Oil of New Jersey as did the Rockefellers. . . .

Discussion

7 comments for “FTR #940 The Trumpenkampfverbande, Part 14: Unsettling In, Part 2 (German Ostpolitik, part 5)”

  1. “Trump kept a copy of this by his bedside.”

    I bet the pages were stuck together.

    Posted by Jimmy Olson | January 4, 2017, 6:22 pm
  2. Here’s something that should probably be kept in mind now that Donald Trump has enthusiastically called for a new nuclear arms race and also basically told the world that hacking is totally cool as long as it reveals interesting info, along with other members of the GOP, putting a giant Trump-approved bullseye on all US government computer systems throughout his term: The next generation of nuclear missiles are going to be networked for the first time ever and the studies for what kind of new dangers this presents still need to be done:

    The Atlantic

    Will America’s Nuclear Weapons Always Be Safe From Hackers?

    The future arsenal will be networked, presenting unique security challenges for the U.S. Air Force.

    Patrick Tucker
    Dec 30, 2016

    Future nuclear missiles may be siloed but, unlike their predecessors, they’ll exhibit “some level of connectivity to the rest of the warfighting system,” according to Werner J.A. Dahm, the chair of the Air Force Scientific Advisory Board. That opens up new potential for nuclear mishaps that, until now, have never been a part of Pentagon planning. In 2017, the board will undertake a study to see how to meet those concerns. “Obviously the Air Force doesn’t conceptualize systems like that without ideas for how they would address those surety concerns,” said Dahm.

    It’s no simple or straight-forward undertaking. The last time the United States designed an intercontinental ballistic missile was 1975. At the end of the December, the Air Force Science Board announced that in 2017 they would explore safety and practical concerns of making a missile for the modern age along with other nuclear weapons that fall under the command of the Air Force.

    “We have a number of nuclear systems that are in need of recapitalization,” said Dahm, referring to LRSO, ICBMs and the B-21 stealth bomber. In the future, he said, “these systems are going to be quite different from the ones that they may replace. In particular, they will be much more like all systems today, network connected. They’ll be cyber enabled.” That connectivity will create new concerns in terms of safety and certification that will almost certainly require changes or additions to current DoD directives.

    The study comes at a critical time for the future of U.S. Nuclear Weapons. On December 22, Donald Trump confused and alarmed the world when he tweeted that he would both strengthen and expand America’s nuclear weapons capability. But there was less new in the announcement than might actually appear. In fact, the Obama Administration was already working to fullfill the “strengthening” part of that same promise, having already put the United States on track to spend more than $1 trillion on modernization of U.S. nuclear weapons.

    For the United States Air Force, the modernization list includes replacing LGM-30 Minuteman with a new intercontinental ballistic missile (also called a ground-based strategic deterrent), developing a controversial nuclear-armed cruise missile called the long-range standoff weapon, or LRSO, to building and deploying an entirely new B-21 stealth bomber.

    What are “surety concerns?” Read that to mean how do you make sure that your fancy networked nuclear warfare control system can’t be hijacked or go off accidentally.

    Before the United States can modernize its nuclear weapons it must first make certain it understands everything that can possibly go wrong. Think back to the classic film (and book) Dr. Strangelove, a story very much about surety failure. A crazed Air Force general sends his B-52 wing to destroy their targets in the Soviet Union. Of course, only the President is supposed to be able to call for a nuclear strike, but an obscure contingency plan (Wing Attack Plan R) allows a lower level commander to issue the order in the event that the normal command and control has been disrupted.

    The Pentagon can’t call back the wing because the B-52s can no longer receive transmissions unless preceded by specific three-letter code that only the general knows, part of a poorly thought-out safety scheme to protect the airmen from false orders. Even after the recall code is issued and most of the plans abort their missions, one continues on to a new tertiary target, as the plane’s radio has been damaged in combat. (Somehow, the drafters of Wing Attack Plan R forgot to insert a rule ordering pilots back to base when their radios are damaged, rather than continue to target.) The lone B-52 hits its target and sets in motion the end of the world.

    Surety failure squared.

    According to Defense Department Directive 3150.02, which outlines the Air Force’s Nuclear Surety Program. The directive assigns “responsibilities for DoD Nuclear Weapons Surety for the oversight of safety, security, and control of U.S. nuclear weapons and nuclear weapon systems in DoD custody.”

    “We have formal Air Force documents that detail the formal certification process for nuclear weapons. To what extent do the current models for certifying nuclear systems carry over into these modern, network enabled systems and how would you re-conceptualize certification for systems that are likely to come out of these recap programs?” asked Dahm. The 2017 Air Force Scientific Advisory Board study will attempt to answer those questions. The board consists of 50 members that are appointed by the Secretary of Defense and are drawn from academia, industry, and elsewhere. Members serve for four years.

    The fact that future nuclear weapons will be far more networked (though not necessarily to the open Internet) will create better safety and oversight, and allow for more coordinated operations. But more connectivity also introduces new potential vulnerabilities and dangers.

    “You have to be able to certify that an adversary can’t take control of that weapon, that the weapon will be able to do what it’s supposed to do when you call on it,” said Dahm. “It isn’t just cyber. That’s definitely the biggest piece, but … When was the last time we built a new nuclear system? Designed and built one? It’s been several decades now. We, as an Air Force, haven’t done certification of new nuclear systems in a long time. These systems are different … What are the surety vulnerabilities for such a system, so to speak? How would you address them? How would you certify that the system will work when you need it to work and will do what it’s supposed to do?”

    ““You have to be able to certify that an adversary can’t take control of that weapon, that the weapon will be able to do what it’s supposed to do when you call on it,” said Dahm. “It isn’t just cyber. That’s definitely the biggest piece, but … When was the last time we built a new nuclear system? Designed and built one? It’s been several decades now. We, as an Air Force, haven’t done certification of new nuclear systems in a long time. These systems are different … What are the surety vulnerabilities for such a system, so to speak? How would you address them? How would you certify that the system will work when you need it to work and will do what it’s supposed to do?””

    Well, let’s hope Trump’s nuclear arms race doesn’t get ahead of the surety studies.

    But also keep in mind that this era of networked nuclear weapons is unlikely to be limited to US nukes for very long. Every nuclear armed nation is going to have to modernize their weapons systems and they’re probably all going to be going for some sort of networked nukes going forward for something like a nuclear missile. Maybe not soon, but eventually. And while those missile are almost certainly going to be networked on protected military networks that, one hopes, won’t be exposed to the internet, it’s not like military networks aren’t hacking targets. Imagine a much scarier version of Stuxnet.

    And that’s why Trump’s repeated promotion of nuclear proliferation is so extra dangerous: the world doesn’t just have to worry about networked US nukes getting hacked and launched forward. Any country with networked nukes is going to be a potential hacking target. And thanks to Trump, the number of nations with networked nukes in the future is only going to grow.

    If you thought “who hacked the DNC?” was a fun mystery, get ready for “who hacked [insert nuclear armed country here]’s nukes?” It’ll be a blast.

    Posted by Pterrafractyl | January 5, 2017, 3:51 pm
  3. It sounds like Trumps has arrived at a likely pick for intelligence chief: recently retired GOP Senator – and ambassador to Germany from 2001-2005 – Dan Coats:

    Politico

    Trump to tap ex-Sen. Dan Coats as intelligence chief

    If the Senate confirms Coats, the recently retired lawmaker will be tasked with leading an intelligence community the incoming president has criticized and vowed to reform.

    By Eric Geller and Cory Bennett

    01/05/17 04:59 PM EST Updated

    President-elect Donald Trump will pick former Indiana Sen. Dan Coats to be his director of national intelligence, a Trump transition source confirmed on Thursday.

    If the Senate confirms Coats, the recently retired lawmaker will be tasked with leading an intelligence community the incoming president has criticized and vowed to reform.

    Coats — who served on the Intelligence and Armed Services committees while in the upper chamber — reemerged in recent days as the leading candidate to become Trump’s intelligence chief, with several news outlets reporting he was the expected choice. He would enter the job at the center of a spat between Trump and the government’s intelligence community over Russia’s alleged hacking of the recent U.S. election.

    The next commander in chief has repeatedly refused to accept intelligence agencies’ conclusion that senior Moscow officials directed the digital campaign, potentially in an attempt to boost Trump’s chances at the White House and undermine the candidacy of Hillary Clinton. Trump believes intelligence personnel have become politicized and are pushing a false narrative to try and undermine his future administration.

    According to a recent Wall Street Journal report, Trump and his top advisers are working on a plan to scale down the Office of the Director of National Intelligence. The story follows a November Intercept report that Trump’s team was discussing whether to “dismantle” the office altogether.

    Current Director of National Intelligence James Clapper on Thursday said his staff had not talked to Trump’s team about such a large-scale rearrangement — or all-out axing — of his office. ODNI oversees intelligence collection and analysis activities at the FBI, NSA, CIA and 13 other agencies in the intelligence community.

    Sean Spicer, the incoming White House press secretary, has tried to downplay the reports, calling them “false.”

    “All transition activities are for information-gathering purposes, and all discussions are tentative,” he said on Thursday.

    In addition to his time on the Armed Services and Intelligence committees, Coats served as the U.S. ambassador to Germany from 2001 to 2005. The term came between two stints in the Senate — from 1989 to 1999, and 2011 to 2017.

    Former colleagues in the upper chamber cited Coats’ time as an ambassador as one of several reasons the retired senator was qualified to head ODNI.

    Senate Armed Services Chairman John McCain (R-Ariz.) called Coats a “great” choice, echoing remarks from other national security-focused Republicans, including Senate Intelligence Committee Chairman Richard Burr of North Carolina.

    “He’s one of my favorite people,” McCain told POLITICO on Thursday. “I think he’s so well-qualified.”

    McCain has been a staunch defender of the spy world amid Trump’s disparaging remarks. At an Armed Services Committee hearing Thursday, McCain told Clapper that he trusted the major intelligence agencies to faithfully execute a report on Russia’s election-season hacking that will be made public early next week.

    After the hearing, McCain told POLITICO that Coats would “do what he believes is right” when it comes to ODNI reform.

    “He stood up to the Bush administration when he was ambassador to Germany,” McCain added. “He has a record.”

    Coats’ positions on ODNI reform are not immediately apparent from his time as a public servant, although he has recently sided with intelligence advocates on a number of controversial items.

    In 2015, Coats supported a landmark cyber bill that expanded cyberthreat data-sharing between the government and the private sector. But civil liberties groups and privacy-minded lawmakers loathed the measure, arguing it would give the government’s spying wing unfettered access to more of Americans’ personal data.

    That same year, Coats voted against axing the NSA’s controversial bulk-phone-records collection program, a provision included in a surveillance reform bill — the USA Freedom Act.

    Also in 2015, Coats sponsored an amendment that would elevate the role of the government’s counterintelligence office, which tries to ferret out insider threats — essentially people like NSA leaker Edward Snowden. The office also tracks foreign spies operating in the U.S.

    “In the wake of the Snowden leaks, it is more important than ever for the White House, the director of national intelligence and the Senate Intelligence Committee to work together to strengthen our counterintelligence practices,” he said at the time. “With Russia trying to resurrect the Cold War and China growing more brazen, a mistake of this magnitude cannot be repeated.”

    Coats has a tense relationship with Russia, whose ties with the U.S. have deteriorated over Moscow’s military aggression in Ukraine, the Syrian civil war and failed joint airstrikes against the Islamic State, not to mention the recent round of apparent cyberattacks on the U.S. election.

    Coats is one of several lawmakers banned from visiting Russia as part of Moscow’s retaliation for 2014 U.S. sanctions.

    “According to a recent Wall Street Journal report, Trump and his top advisers are working on a plan to scale down the Office of the Director of National Intelligence. The story follows a November Intercept report that Trump’s team was discussing whether to “dismantle” the office altogether.”

    So Coats, a strong backer of the intelligence community, just might head of the ODNI…or maybe dismantle it. But if Coats does scale back or dismantle the ODNI and this extends to a larger overhaul/scaling back of the US intelligence community, don’t assume that those intelligence operations are going to go away. After all, this is the age of hyper-privatized intelligence. And as Jeff Sharlet – who has done more than anyone else in documenting and exposing the power of the crypto-fascist Christian Dominionist network in DC known as “The Family” – reminded us on his Facebook page following the reports of Trump tapping Coats, if there’s one thing Coats loves to do, it’s privatize government services. In particular, privatize them and hand them over to religious institutions. Yep, he’s a member of “The Family” too.

    So if we do see a big new drive to further privatize the US intelligence community, those private contractors bidding for those contracts should probably find religion soon. Very overt religion:

    Facebook

    Jeff Sharlet

    Friday January 6, 2017, at 1:01 PM

    I’d almost forgotten the time Dan Coats, Trump’s pick for National Intelligence Director — the man to whom 16 intelligence agencies report — called me an “enemy of Jesus.”

    Well, I didn’t hear him do it, but the source seemed solid. It was, I think, 2004, and I’d been invited to speak at the University of Potsdam, near Berlin, in a series sponsored by the U.S. embassy. My subject was “the Family,” the secretive fundamentalist organization of which Coats, unbeknownst to me at the time, is a member. When I arrived, my German host told me there’d been a little problem: the ambassador — Dan Coats — had blocked funding for my talk. “He said,” my host said, in thickly accented English, “you are an ‘enemy of Jesus.'”

    My host was one of those deadpan Germans. He didn’t smile. I said, “You’re joking.”

    “Yes,” he said, still unsmiling, “that is what I thought, too.” Apparently, the Germans had gone back and forth a couple of times with the embassy, unable to believe this was serious. And apparently the embassy personnel were plenty embarrassed about it, too. But that was Coats’ ruling, so it stuck. Fortunately for me, the university picked up my tab.

    Later I’d learn from the late David Kuo, a Bush official who’d also been a Family member, though ambivalent enough about it in his last years to be relatively open with me, that one of Coats’ Family initiatives, in collaboration with then Senator John Ashcroft — also a Family member, his entire career shaped by his affiliation — had been to insert the idea of “charitable choice” into the 1996 Welfare Reform Act, as I wrote in my 2008 book THE FAMILY,

    “allowing religious groups to win government funding without separating out their religious agenda—into the 1996 welfare-reform bill. The theory behind faith-based initiatives grew out of the work of scholars and theologians schooled in traditions that could hardly be considered fundamentalist, or even conservative. But its implementation was in many senses the logical result of the Family’s decades of ministry to Washington’s elite combined with the increasingly established power of populist fundamentalism: a mix of sophisticated policy maneuvers and the kind of sentimentalism that blinded many supporters to the fact that faith-based initiatives, no matter how well intended, are nothing less than “the privatization of welfare,” as the faith-based theorist Marvin Olasky put it in a 1996 report commissioned by then-Governor Bush. Such an outcome satisfied elite fundamental- ism’s long-standing belief in the relationship between laissez-faire economics and God’s invisible, interventionist hand, and populist fundamentalism’s desire for public expressions of faith, preferably heartwarming ones. The goal, Senator Coats declared, was the ‘transfer of resources and authority . . . to those private and religious institutions that shape, direct, and reclaim individual lives.'”

    That’s right — the man running the entire U.S. intelligence apparatus, working in concert with the new fundamentalist director of the CIA, Mike Pompeo, and the lunatic Islamophobe Gen. Mike Flynn, believes in the “transfer of resources and authority” to private religious institutions.

    Like, for instance, the Family? Presiding over the 1987 National Prayer Breakfast, the strange annual ritual created by the Family to “consecrate” the nation to Jesus (and attended by the president, much of congress, and numerous heads of state), Coats declared “This is just the visible part of the prayer breakfast movement.” He seemed to think it a point of pride that an event of such civic importance was mostly, as the behind-the-scenes leader of the movement puts it, “invisible.”

    Of course, I’m sure Coats, a longtime extreme culture warrior, supports many other religious organizations, too. Don’t worry — he’ll spread the “resources and authority” around.

    It’s important to note, when one considers men such as Coats and organizations such as the Family, that this is not a conspiracy. They’re not breaking the law. They’re making the law. It is, as Coats says, “a movement.” One secularists and liberals have long ignored, misunderstood, or scoffed at. Now, under perhaps the most personally impious president since Eisenhower, it’s coming fully into its own.

    But here’s the bright side. Our new National Intelligence Director may have big plans, but it’s very possible that he won’t be terribly effective at executing them. This is, after all, a man who considered Dan Quayle as his mentor. I’ve been told that Quayle, in turn, thought of Coats as very promising, but — how to say? — sometimes a little slow on the uptake.

    “That’s right — the man running the entire U.S. intelligence apparatus, working in concert with the new fundamentalist director of the CIA, Mike Pompeo, and the lunatic Islamophobe Gen. Mike Flynn, believes in the “transfer of resources and authority” to private religious institutions.”

    Well, that’s ominous. It might be a good time to start praying. Hard.

    Posted by Pterrafractyl | January 6, 2017, 3:45 pm
  4. The joint CIA/FBI/NSA declassified version of the Intelligence Report on Russian hacking came out. Given the vagueness and lack of details in the report it’s hard to conclude much from the declassified report except that that the evidence for Russian hacking must be classified:

    Slate

    The Declassified Intelligence Report on Russian Hacking Tells Us Very Little We Don’t Already Know

    By Ben Mathis-Lilley
    Jan. 6 2017 5:13 PM

    On Thursday, Director of National Intelligence James Clapper told the Senate Armed Services Committee that an unclassified version of a joint “intelligence community” report about Russian hacking would be released next week. Said report was in fact posted online this afternoon, and after reading it, the “Friday news dump” timing makes sense: The top-line takeaways in the document are mostly conclusions that have already been leaked or discussed publicly by figures such as Clapper himself. Moreover, since the release is an unclassified version of a report that presumably involves material obtained through intelligence-gathering operations that are still active, no information about the “sources and methods” supporting its conclusions is included.

    To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently).

    The report’s final paragraph does involve what I believe is a new, ominous tidbit about ongoing hack attempts:

    Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense, and foreign policy fields. This campaign could provide material for future influence efforts as well as foreign intelligence collection on the incoming administration’s goals and plans.

    In other words: More fun times ahead!

    “To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently).”

    Five papers of no evidence. It’s not exactly a slam dunk case. And when you read that the charge that Russian government actors were responsible for the DNC/Podesta hacks is

    …an assertion that’s supported by publicly available evidence analyzed by third parties

    keep in mind that there really is evidence that the Podesta spearphishing campaign was part of a much broader attack against the DNC. But that evidence is, like so much evidence in this case, based on the inexplicable and massive security mistake made by the hackers when they left their Bitly profile used to execute their spearphisphing attack open to the public so every in the world could see that these hackers set up special spearphishing attacks against a large number of Democratic officials. One of many inexplicable and massive security mistakes that these Russian hackers made.

    It should also probably be noted that while this report is signed off by the CIA, NSA, and FBI, the FBI never actually examined the DNC’s hacked server. Instead, according to the DNC, the FBI never even asked for access to the DNC’s servers that and job was outsourced to Crowdstrike:

    BuzzFeed

    The FBI Never Asked For Access To Hacked Computer Servers

    The Democratic National Committee tells BuzzFeed News that the bureau “never requested access” to the servers the White House and intelligence community say were hacked by Russia.

    Ali Watkins
    BuzzFeed News Reporter
    posted on Jan. 4, 2017, at 5:13 p.m.

    WASHINGTON — The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.

    Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.

    “The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.

    The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.

    “CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.

    The FBI declined to comment.

    “Beginning at the time the intrusion was discovered by the DNC, the DNC cooperated fully with the FBI and its investigation, providing access to all of the information uncovered by CrowdStrike — without any limits,” said Walker, whose emails were stolen and subsequently distributed throughout the cyberattack.

    It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014.

    BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency.

    In a 13-page report made public the last week of December, the FBI and the Department of Homeland Security confirmed in a joint analysis that Russia was behind the widespread hacks, which targeted Democrats with the intention to manipulate the US election. But the analysis was attributed to broad intelligence across both public and private sectors. Nowhere in the report does it say that the government conducted its own computer forensics on the DNC servers.

    “Public attribution of these activities to [Russian Intelligence Services] is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities,” the report says.

    “Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.

    Keep in mind that, since the NSA signed off on the joint report just released, it’s possible that access to the DNC server effectively wasn’t necessary to trace when the attack happened and who did it (“who” as in which computer the attack originated from). Still, since the public statements about the evidence have always followed the logic of ‘the methods used by the hackers are similar to those methods the Russian government’s hackers are known to use’, examining the server itself seems like the primary way to collect that evidence of the methods used. And note the statement from the US intelligence official that it’s not just the FBI who hasn’t examined the servers: no US government entity has run an independent forensic analysis on the system.

    So, yeah, it’s all rather odd. And then it got odder:

    BuzzFeed

    The FBI Now Says Democrats Were Behind Hack Investigation Delay

    The Democratic National Committee refused to give FBI investigators access to their hacked servers, according to an FBI statement, a conclusion the president-elect was quick to embrace.

    Ali Watkins
    BuzzFeed News Reporter
    posted on Jan. 5, 2017, at 7:11 p.m.

    WASHINGTON — The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers.

    “The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,” a senior law enforcement official told BuzzFeed News in a statement. “These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”

    The DNC said the FBI had never asked for access to their hacked servers, BuzzFeed News reported on Wednesday.

    A DNC source familiar with the investigation tried to downplay that report on Thursday, hours before the FBI statement was issued. The fact that the FBI didn’t have direct access to the servers was not “significant,” the source said.

    “I just don’t think that that’s really material or an important thing,” the source continued. “They had what they needed. There are always haters out here.”

    The DNC source also brushed off the idea that it was the DNC that refused to let FBI access the server. When BuzzFeed News attempted to reach the official after the FBI statement came out, he declined to comment.

    The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. That investigation saw FBI Director James Comey break long-standing tradition against potentially influencing elections, issuing a public letter to Congress 10 days before the election announcing potential new evidence in the case. The review ended with the FBI maintaining its v Julyonclusion that Clinton should not face criminal charges, a fact that was declared only two days before polls opened. The timing fueled speculation over Clinton’s potential wrongdoing and tipped the scales in Trump’s favor, Democrats say.

    The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. That hack — which federal officials have formally attributed to Russian hackers cleared by senior Russian officials — and subsequent release of stolen emails was part of a broader effort by Russia to influence the US election and push Donald Trump into the White House, according to FBI and CIA analysis.

    A US intelligence official, requesting anonymity to discuss the investigation, said that because the FBI did not have access to the DNC servers, investigators had been forced to rely on computer forensics from the Crowdstrike analysis. Crowdstrike was originally hired by the DNC to investigate the hacks in the spring of 2016.

    In a statement sent to BuzzFeed News Wednesday, the DNC said it cooperated fully with the FBI investigation and shared all of the Crowdstrike information with the FBI.

    The DNC declined to comment on the FBI’s statement.

    The FBI and the Department of Homeland Security, in a report released in the last week of December, publicly accused Russia of being behind the sweeping cyberattacks. The White House subsequently expelled 35 Russian diplomats from the US, issued sanctions against Russian intelligence officials, and cut off access to two Russian diplomatic facilities in the US.

    A separate report on the widespread Russian influence operation, compiled by the Director of National Intelligence, was briefed to the White House on Thursday. A declassified version is expected to be publicly released on Monday.

    ““The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,” a senior law enforcement official told BuzzFeed News in a statement. “These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.””

    Yeah, that’s odder. But note the ambiguity in the FBI’s statement. It’s not saying that the DNC rebuffed the FBI forever. It said the DNC rebuffed the FBI “until well after the initial compromise had been mitigated”. And the initial compromised was presumably “mitigated” by May of 2016 since that’s as far as the leaked emails go up to. So has the FBI, or any other government agency, requested access to the DNC servers after that point? How about since the election? If that request hasn’t even been made that will only add to the oddness of it all. Especially since the DNC responded to the FBI’s counter-assertion by reasserting that it’s giving the FBI full access to whatever it requested, and if there’s a problem with the FBI getting access to that server, it’s a problem between the FBI and Crowdstrike:

    BuzzFeed

    DNC: That Fight With FBI Over Hacked Servers Was All A Misunderstanding

    Democratic Party officials say the public spat over their hacked servers was a miscommunication.
    posted on Jan. 6, 2017, at 6:39 p.m.

    Ali Watkins
    BuzzFeed News Reporter

    WASHINGTON — The Democratic National Committee downplayed its public spat with the FBI on Friday over why federal investigators did not independently examine their servers breached by Russian cyberspies, saying it was a misunderstanding that didn’t have anything to do with lingering political tensions between the two.

    “There’s no fight between the Bureau and the DNC,” a high-level DNC official told BuzzFeed News, requesting anonymity to discuss the investigation. “I don’t know how this has happened, I don’t know where this is coming from.”

    The FBI announced in July it was investigating a sweeping cyberattack against the DNC, later attributed to Russia-backed hackers. That intrusion, and subsequent release of stolen DNC emails, was part of a broader Kremlin-directed effort to undermine the US election, smearing Democrats and bolstering Donald Trump, according to an intelligence assessment released Friday.

    The FBI’s investigation of the hack, launched in July, came under sharp scrutiny Wednesday after BuzzFeed News revealed that the FBI had never had direct access to the committee’s hacked servers, and that no US Government entity had yet run an independent forensic analysis on the system. Instead, federal investigators had relied on computer forensics from a third-party DNC contractor, Crowdstrike.

    “How and why are they so sure about hacking if they never even requested an examination of the computer servers?” President-elect Donald Trump tweeted on Thursday about the scandal. “What is going on?”

    A spokesman for the DNC did not respond when asked what had led to the communications breakdown between their organization and the FBI by Friday night. The FBI did not respond to a request for comment.

    The DNC said Wednesday that the FBI had never asked for access to the servers. On Thursday, in a stunning counterpunch, the FBI said it had not only asked, but had consistently and repeatedly been denied access by DNC officials, who the bureau said had “inhibited” the investigation.

    It was a startling twist in a tense storyline that’s emerged between the DNC and the FBI, who top Democrats say torpedoed Hillary Clinton’s presidential prospects by mishandling its wholly separate investigation into the Democratic presidential nominee’s use of a private email server while she was Secretary of State.

    The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night.

    “Someone is lying their ass off,” a US intelligence official said of the warring statements.

    But officials with the DNC still assert they’ve “cooperated with the FBI 150%.”

    “They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,” the DNC official said. “If anybody contradicts that it’s between Crowdstrike and the FBI.”

    DNC officials planned to reach out to the FBI Friday to try and clarify both institutions’ positions, the official said.

    Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records.

    Trump received a briefing from the heads of the US intelligence community on the new intelligence community report on Friday, the full, still-classified version of which reportedly offers evidence linking the Kremlin to the widespread election subterfuge, including the DNC hack. Trump called the meeting “constructive,” but stopped short of saying Russia was to blame.

    ““They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,” the DNC official said. “If anybody contradicts that it’s between Crowdstrike and the FBI.””

    That’s quite a twist! While it’s unclear what to conclude at this point, one way to interpret the DNC’s statement is that if there’s a barrier between that DNC server and the government agencies, it’s a barrier put up by Crowdstrike.

    Also keep in mind in all this that the DNC and Democratic Party in general really does have a profound reason to not trust the FBI at this point in time given the way the agency did everything it could to throw the election towards Donald Trump. So if there’s some hesitancy on the part of the DNC to have the FBI examine its servers that’s not an entirely outlandish sentiment, although that wouldn’t explain why no government agency at all has directly examined the servers.
    So now that it’s reported that Crowdstrike apparently had exclusive access to the DNC’s servers, and given the extremely vague nature of the declassified evidence presented thus far, it’s inevitable that questions are going to be asked about Crowdstrike’s objectivity in determining who did the hacks. So it’s probably worth noting that when those questions get asked, the answers are going to be complicated:

    The Nation

    Is Skepticism Treason?
    Despite the scores of media pieces which assert that Russia’s interference in the election is “case closed,” some cyber experts say skepticism is still in order.
    By James Carden
    January 3, 2017

    ? The final days of 2016 were filled with more developments—some real, some not—in the ongoing story of Russia’s alleged interference in the US presidential election. On December 29, the FBI and the Department of Homeland Security released a joint report that provided “technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election.”

    In retaliation, the Obama administration announced that it was expelling 35 Russian diplomats, closing 2 diplomatic compounds in Maryland and New York, and applying sanctions on Russia’s intelligence service. A day later, December 30, The Washington Post reported that an electrical utility in Vermont had been infiltrated by the same Russian malware that used to hack the DNC.

    Taken together, these events set off a wave of media condemnation not just of the Russian government, but of President-elect Donald J. Trump for what is widely believed to be his overly accommodative posture toward Russian President Vladimir Putin.

    Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is “case closed,” might some skepticism be in order? Some cyber experts say “yes.”

    As was quickly pointed out by the Burlington Free Press, The Washington Post’s story on the Vermont power grid was inaccurate. The malware was detected on a laptop that belonged to the utility but was not connected to the power plant. “The grid is not in danger,” said a spokesman for the Burlington utility. The Post has since amended its story with an editor’s note (as it did when its November 24 story on Russian “fake news” by reporter Craig Timberg was widely refuted) dialing back its original claims of Russian infiltration.

    Cyber-security experts have also weighed in. The security editor at Ars Technica observed that “Instead of providing smoking guns that the Russian government was behind specific hacks,” the government report “largely restates previous private sector claims without providing any support for their validity.” Robert M. Lee of the cyber-security company Dragos noted that the report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” Cybersecurity consultant Jeffrey Carr noted that the report “merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.”

    In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.

    In late December, Crowdstrike released a largely debunked report claiming that the same Russian malware that was used to hack the DNC has been used by Russian intelligence to target Ukrainian artillery positions. Crowdstrike’s co-founder and chief technology officer, Dmitri Alperovitch, told PBS, “Ukraine’s artillery men were targeted by the same hackers…that targeted DNC, but this time they were targeting cellphones [belonging to the Ukrainian artillery men] to try to understand their location so that the Russian artillery forces can actually target them in the open battle.”

    Dmitri Alperovitch is also a senior fellow at the Atlantic Council.

    The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda.

    It would seem then that a healthy amount of skepticism toward a government report that relied, in part, on the findings of private-sector cyber security companies like Crowdstrike might be in order. And yet skeptics have found themselves in the unenviable position of being accused of being Kremlin apologists, or worse.

    “The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda.

    Ok, so let’s review:
    1. Just days before the declassified joint CIA/FBI/NSA report on the alleged Russian hacking of the DNC, we get a report from BuzzFeed about how a DNC official asserts that the FBI never actually asked to examine the DNC’s server and instead relied on CrowdStrike’s analysis.

    2. The FBI replied the next day that, no, it was the DNC that refused access to its server, forcing the FBI to rely on Crowdstrike. Although the FBI’s statement also included the curious addition that the DNC refused access until the hack with “mitigated”, ans that happened a while ago (the hacked emails ended in May).

    3. The DNC then replies that this was all a miscommunication and reasserts tha the DNC has offered the FBI whatever is asked for, suggesting that if there’s a problem with the FBI gaining access to that server it’s a problem between the FBI and CrowdStrike.

    4. It turns out Crowdstrike’s co-founder and chief technology officer, Dmitri Alperovitch, is also a senior fellow at the Atlantic Council, an organization that’s been pushing for a new Cold War in recent years.

    Wow. And yuck.

    Still, it’s not impossible that there really is evidence strongly indicating that the Russian government was behind the hacks. After all, if the NSA is the agency providing that evidence it’s not like that’s going to be in the declassified document.

    But if that’s the case and the Russia government really did direct this hacking campaign it should be recognized that the situation is far more perilous than is currently recognized by the people freaking out about Russian hacking. Because the actions by the hackers suggesting they intended to be identified as Russian hackers also suggest that the Russians didn’t simply plan on a series of highly provocative high-profile hacks but also planned on getting blamed for it by making a string in inexplicable newbie mistakes. And that would all suggest it a was a series of hacks intended to be an opening salvo in a ‘tit for tat’ cyber-escalation of US/Russian tensions. If that’s what really happened, that’s beyond awful. Because it’s not like a Trump administration is going to magically heal that growing US/Russian divide. If anything it’s about to become a deeper divide than at any point since the Cold War as this issue becomes a festering psychic wound tied to all of the atrocities the Trump administration is about to unleash on the US and the world. The looming Trump catastrophe is poised to become intertwined with a new Red Menace hysteria. And any “official” attempts to make nice between the Trump administration and Russian government are just going to add to that festering psychic wound. If this really was a Russian government hack, it was basically a preemptive cyber-arson attack on the bridge between US/Russian relations and that’s a horrifically tragic scenario. Unless you’re a New Cold Warrior in which case this is probably a nice turn of events.

    Of course, we can’t rule out the obvious possibility that this was a set up by some sort of third party actor given the extremely vague and dubious nature of the hacking investigation thus far, and that’s part of why it’s going to be very interesting to see if the Trump administration continues with this investigation and comes up with its own conclusion about who was behind it.

    And here’s the thing to also keep in mind in this whole situation that makes it extra dangerous: If this really was a third party framing Russia, and the Trump administration is able to persuasively make that case that it wasn’t Russia, that doesn’t mean the Trump team has to accurately report who they think really did the hacking. They could potentially make up anyone. Maybe it was China. Maybe Iran. If you’re a 400 pound hacker, watch out. It could be you. And that’s the nature of the situation since there’s no reason to believe the Trump Team, which ran one of the most deceptive campaigns in US history, is going to tell the truth on this matter. Especially after he overhauls US intelligence services and fills them with far-right Trump cronies. Remember, if it turns out that the US government is currently rigging the analysis to force a conclusion that Russia did it, it’s not as if that would make the Trump team less inclined to do so. If anything, it’s the opposite.

    In other words, thanks, in part, to the unconvincing nature of the hacking reports so far, if the Russians really didn’t do the hacks, this ‘Russian hacking’ situation could morph into a ‘Trump gets to blame whoever he wants for the hacking’ situation. And then carry out retribution. Or maybe given them an award. It’s unclear what Trump would do. But he’ll be able to do it. In a couple of weeks.

    Wow. And yuck.

    Posted by Pterrafractyl | January 7, 2017, 4:08 pm
  5. Here’s a noteworthy take by Russian investigative journalist and specialist in Russian security services Andrei Soldatov on the now notorious ‘golden showers’ dossier created an ex-MI6 spy Christopher Steele – first hired by one or more of Trump’s GOP primary and later working for the Clinton campaign – alleging to describe Vladimir Putin’s direct orchestration of the DNC hacks/leaks and how Russian security services allegedly gathered compromising information on Donald Trump involving videos of prostitutes in a Moscow hotel.

    As Soldatov sees it, the document does indeed ring true in terms of the way it describes how a Russian intelligence operation of this nature would be executed. But it doesn’t ring very true in terms of the factual mistakes. So, like so much of the intelligence swirling around the Russian hack, it rings true when you zoom out but rings questionable when you zoom in:

    The Guardian

    The leaked Trump-Russia dossier rings frighteningly true

    There is factual confusion in this document but its depiction of the Kremlin’s tactics is sound

    Andrei Soldatov

    Thursday 12 January 2017 14.56 EST

    The Kremlin has dismissed the stories about Donald Trump’s alleged dealings with Russia as “pulp fiction”. Even a superficial glance at the dossier on his relationship with Moscow supposedly compiled by a former M16 counter-intelligence officer and published by BuzzFeed reveals a confusion that raises questions about its credibility at the very least.

    For example, the FSB unit named as responsible for gathering material on Hillary Clinton – Department K – has nothing to do with eavesdropping or cyber investigations. It was, however, much in the Russian news recently because it was tasked with “supervising” the banking and financing system and its officers were involved in a major scandal that ended with an Interior Ministry official jumping out of a window during interrogation. There is another Department K in the Interior Ministry and it is this that is in charge of cyber investigations. The dossier names Igor Diveikin, a senior official in the political department of Putin’s office, as tasked to deal with the US election. He was indeed in charge of elections, but in Russia, not the US. Last October, a month before the US elections, he was moved to the apparatus of the state Duma.

    Beyond the factual detail, there are problems too with the document’s analysis: as in a classic conspiracy, Putin’s decisions in 2016 to fire prominent officials, including the all-powerful Sergei Ivanov, a head of the presidential administration, are explained via the ups and downs of Russia’s interference in the American election.

    But Putin had plenty of other reasons to start selective repressive acts against his elites – 2016 was also a year of the Duma elections and there is palpable anxiety in Moscow about the presidential elections in 2018. There are big questions too about the sources: high-placed Kremlin officials seem a little too keen to talk to a former British spy, and feed him damaging information about the most sensitive Kremlin operation in the 21st century – right in the middle of the operation.

    Though many of the report’s elements appear hastily compiled, overall it reflects accurately the way decision-making in the Kremlin looks to close observers. There’s been much focus on the shakier elements but what is plausible about this episode? The leaked document paints a picture of groups of hackers all over the world hired to attack western targets. And that sounds about right. I have been covering the Russian secret services since 1999 and have spent the last five years researching Russian cyber activities. Outsourcing sensitive offensive operations is the Kremlin’s way to lower risk and create deniable responsibility. It was used in Crimea, Ukraine and Syria with Russian “volunteers” and private military companies, while in cyberspace it has been the Kremlin tactic since the mid-2000s.

    The dossier suggests that Putin personally supervised the operation, with the Foreign Ministry playing only a minor role. This is exactly what has been observed since the annexation of Crimea – that the Foreign Ministry is no longer in charge of defining policy for Ukraine or Syria, so decision-making is likely to be more capricious. It also fits with the assessment of many experts that the hack of the US Democrats was prompted by the Panama Papers exposé, which was seen in the Kremlin as a personal attack on Putin.

    Finally, the dossier states that the Kremlin extensively borrowed its methods for dealing with Trump from the KGB playbook. For instance, it claims the Russian secret services were eager to collect dirt on Trump during his trips to Russia to explore whether a recruitment was feasible. The evidence is questionable, but the idea looks entirely plausible – after all, the KGB even had a special terminology for this kind of operation: it was called razvedka s territorii or “gathering intelligence from the territory”, meaning recruiting foreigners once they come to Russia. For that purpose every regional department of the KGB had a “first section” tasked to deal with foreigners once they get to the “territory” of the region, and Putin himself spent a few years in this section in St PetersburgPanama Papers.

    Unverifiable sensational details aside, the Trump dossier is a good reflection of how things are run in the Kremlin – the mess at the level of decision-making and increasingly the outsourcing of operations, combined with methods borrowed from the KGB and the secret services of the lawless 1990s. That is not the picture projected by the Kremlin externally – namely, that the Russian government is an effective bureaucracy, strategic in foreign policy planning and ruthless in execution. And that, whatever the truth of Putin’s connections with Trump, makes it all pretty scary.

    Unverifiable sensational details aside, the Trump dossier is a good reflection of how things are run in the Kremlin – the mess at the level of decision-making and increasingly the outsourcing of operations, combined with methods borrowed from the KGB and the secret services of the lawless 1990s. That is not the picture projected by the Kremlin externally – namely, that the Russian government is an effective bureaucracy, strategic in foreign policy planning and ruthless in execution. And that, whatever the truth of Putin’s connections with Trump, makes it all pretty scary.”

    So they way Soldatov sees it, if the hack attacks against the Democrats really was a Kremlin run psyop run by Putin to directly intervene in the US elections, the way that dossier describes that operation is at least in keeping with how the Russian security services would actually do it. So if it’s a fake document it was written by someone with a reasonably realistic view of how the Kremlin would operate. And yet it also contains no shortage of factual errors about how the Kremlin is currently operating.

    So it’s an unverifiable narrative of what is going on but plausible. Except for the errors, which could just be human error but could also be red flags about the Mr. Steele’s sources. And considering that Steele was reportedly Alexander Litvinenko’s MI6 case officer it would be interesting to learn more about his sources which, of course, probably can’t happen for sources of this nature, assuming they exist.

    But it also doesn’t explain why the Kremlin would be outsourcing its hacks to outside hackers to maintain plausible deniability but still choose to outsource it to Russian hackers using Russian servers and who plant the name of the founder of Russian intelligence in the meta data of the hacked documents. If there was an attempt to maintain plausible deniability by the Kremlin by outsourcing the hacks, that deniability wasn’t predicated on hiding Russian hacker involvement. It was predicated on directly pointing at Russian hacker involvement and then hoping some sort of reverse psychology defense would work (a sort of “why would be implicate ourselves?” defense). And, of course, if reverse psychology really was part of some sort of planned plausible deniability, that hasn’t worked since almost no one is paying attention to all the inexplicable acts by the hackers to point towards them being Russian and Russian isn’t actually making that “why would be implicate ourselves?” defense.

    So how to we proceed with assessing the veracity of this dossier? Well, there is one interesting option: ask the FBI what they thought about it. More specifically, ask the FBI why they ignored it despite Mr. Steele repeatedly informing the FBI of his findings. Mr. Steele reportedly got so concerned about the lack of an FBI response to his information that he became convinced that there was an FBI cabal dead set on doing nothing about it. Given that, perhaps we should ask the FBI why exactly they didn’t pursue it. Maybe they’ll provide a series of valid points challenging the credibility of the document. Or maybe they don’t have a good excuse and it really was just the pro-Trump cabal at work. Either way, asking the FBI about its take on the dossier seems worthwhile:

    The Independent

    Former MI6 agent Christopher Steele’s frustration as FBI sat on Donald Trump Russia file for months

    Exclusive: Steele was so concerned by revelations he worked without payment after Trump’s election victory in November

    Kim Sengupta Defence Editor
    Saturday 14 January 2017 12:04 BS

    Christopher Steele, the former MI6 agent who investigated Donald Trump’s alleged Kremlin links, was so worried by what he was discovering that at the end he was working without pay, The Independent has learned.

    Mr Steele also decided to pass on information to both British and American intelligence officials after concluding that such material should not just be in the hands of political opponents of Mr Trump, who had hired his services, but was a matter of national security for both countries.

    However, say security sources, Mr Steele became increasingly frustrated that the FBI was failing to take action on the intelligence from others as well as him. He came to believe there was a cover-up, that a cabal within the Bureau blocked a thorough inquiry into Mr Trump, focusing instead on the investigation into Hillary Clinton’s emails.

    It is believed that a colleague of Mr Steele in Washington, Glenn Simpson, a former Wall Street Journal reporter who runs the firm Fusion GPS, felt the same way and, at the end also continued with the Trump case without being paid.

    Fusion GPS had been hired by Republican opponents of Mr Trump in September 2015. In June 2016 Mr Steele came on the team. He was, and continues to be, highly regarded in the intelligence world. In July, Mr Trump won the Republican nomination and the Democrats became new employers of Mr Steele and Fusion GPS.

    In the same month Mr Steele produced a memo, which went to the FBI, stating that Mr Trump’s campaign team had agreed to a Russian request to dilute attention on Moscow’s intervention in Ukraine. Four days later Mr Trump stated that he would recognise Moscow’s annexation of Crimea. A month later officials involved in his campaign asked the Republican party’s election platform to remove a pledge for military assistance to the Ukrainian government against separatist rebels in the east of the country.

    Mr Steele claimed that the Trump campaign was taking this path because it was aware that the Russians were hacking Democratic Party emails. No evidence of this has been made public, but the same day that Mr Trump spoke about Crimea he called on the Kremlin to hack Hillary Clinton’s emails.

    By late July and early August MI6 was also receiving information about Mr Trump. By September, information to the FBI began to grow in volume: Mr Steele compiled a set of his memos into one document and passed it to his contacts at the FBI. But there seemed to be little progress in a proper inquiry into Mr Trump. The Bureau, instead, seemed to be devoting their resources in the pursuit of Hillary Clinton’s email transgressions.

    The New York office, in particular, appeared to be on a crusade against Ms Clinton. Some of its agents had a long working relationship with Rudy Giuliani, by then a member of the Trump campaign, since his days as public prosecutor and then Mayor of the city.

    As the election approached, FBI director James Comey made public his bombshell letter saying that Ms Clinton would face another email investigation. Two days before that Mr Giuliani, then a part of the Trump team, talked about “a surprise or two you’re going to hear about in the next few days. We’ve got a couple of things up our sleeve that should turn things around”.

    After the letter was published Mr Giuliani claimed he had heard from current and former agents that “there’s a kind of revolution going on inside the FBI” over the original decision not to charge Ms Clinton and that Mr Comey had been forced by some of his agents to announce the reinvestigation. Democrats demanded an investigation into how Mr Giuliani acquired this knowledge without getting an answer.

    In October a frustrated and demoralised Mr Steele, while on a trip to New York, spoke about what he has discovered to David Corn, the Washington editor of the magazine Mother Jones. There was a little flurry of interest that quickly died down.

    Mr Trump’s surprise election victory came and the Democrat employers of Mr Steele and Mr Johnson no longer needed them. But the pair continued with their work, hopeful that the wider investigation into Russian hacking in the US would allow the Trump material to be properly examined.

    It was against this background that Senator John McCain, who had been hearing with growing alarm reports about Mr Trump and the Kremlin, met Sir Andrew Wood, a former British ambassador to Moscow, who had spent 10 years in Russia and is highly respected for his knowledge of Russian affairs, at a security conference in Halifax, Canada.

    Sir Andrew stressed to Senator McCain that he had not read the dossier, but vouched for Mr Steele’s professionalism and integrity. The chair of the Senate Armed Forces Committee then sent an emissary to London who picked up the dossier from an intermediary acting on behalf of Mr Steele. The Senator personally took the material to Mr Comey.

    Mr Steele is now in hiding, under attack from some Tory MPs for supposedly trying to ruin the chances of Theresa May’s Government building a fruitful relationship with the Trump administration. Some of them accuse him of being part of an anti-Brexit conspiracy. A right-wing tabloid has “outed” him as being a “confirmed socialist” while at university.

    “However, say security sources, Mr Steele became increasingly frustrated that the FBI was failing to take action on the intelligence from others as well as him. He came to believe there was a cover-up, that a cabal within the Bureau blocked a thorough inquiry into Mr Trump, focusing instead on the investigation into Hillary Clinton’s emails.”

    Well, it sure would be interesting to hear the FBI’s take on this dossier. If it doesn’t think its real, why not? And if it does agree its real, what’s the explanation for not investigating it? Fortunately, there’s an Inspector General investigation of the FBI’s behavior during the 2016 campaign getting underway so hopefully the FBI will have a chance to clarify its own take on dossier. And also clarify what the hell it was doing in general in 2016.

    It’s also unfortunately worth noting that regardless of whether or the dossier is real or not, it’s karma for Trump:

    Yahoo News

    Trump didn’t really believe the birther conspiracy he was pushing, son-in-law reportedly says

    Dylan Stableford
    Senior editor
    January 9, 2017

    President-elect Donald Trump is expected to name Jared Kushner, his son-in-law, as a senior adviser, multiple media outlets reported Monday afternoon.

    Kushner, who is married to Trump’s daughter, Ivanka, has been a longtime confidante of the president-elect. In a a New York magazine cover profile of Kushner, “The Young Trump,” Andrew Rice reports that “back when Trump was spinning birther conspiracy theories, which were lapped up by gullible Republicans, one person who talked to Kushner says he offered assurances his father-in-law didn’t really believe that stuff.”

    The 35-year-old entrepreneur — who served as a key adviser to the Trump campaign, particularly in the weeks leading up to the election — has long tried to convince his friends and business associates that there’s a different, more pragmatic Trump than the one America saw on the campaign trail.

    Arthur Mirante, a real estate broker, told the magazine that he “occasionally sent quizzical emails” to Kushner, who served as an unofficial adviser to Trump, after some of the candidate’s more outlandish statements.

    “And I would always get a typical Jared response,” Mirante said. “That was, ‘Look, there’s a bigger picture here, you know. I know what he said maybe didn’t look good, but he really didn’t mean it that way.’ There was always the typical Jared explanation, totally devoid of politics. Just that, ‘There are things happening here that you don’t understand, and this is going to work out, trust me.’”

    “People say he’s unhinged,” Kushner reportedly said of Trump to another associate. “I think he unhinged everyone else.”

    “Kushner, who is married to Trump’s daughter, Ivanka, has been a longtime confidante of the president-elect. In a a New York magazine cover profile of Kushner, “The Young Trump,” Andrew Rice reports that “back when Trump was spinning birther conspiracy theories, which were lapped up by gullible Republicans, one person who talked to Kushner says he offered assurances his father-in-law didn’t really believe that stuff.”

    And that’s probably one of more disturbing aspects of this whole situation: if this dossier is fake, the incoming president lacks the moral high ground required to decry it. Or credibility.

    And in related news, Donald Trump once again praised the DNC hacks at his January 11th press conference, saying, Hacking is bad and it shouldn’t be done. But look at the things that were hacked. Look at what was learned from that hacking“…

    Posted by Pterrafractyl | January 14, 2017, 4:02 pm
  6. You know how Donald Trump recently reiterating his long-standing quasi-approving stance on hacking during his recent press conference, suggesting that the DNC hacks were ok, recently saying “hacking is bad and it shouldn’t be done. But look at the things that were hacked. Look at what was learned from that hacking”? Well, as someone from Anonymous reminded us on Twitter recently, that attitude – that political hacks are ok if it reveals something the public might find interesting – is probably going to be getting a bit of a stress test over the next four years:

    CNBC

    Anonymous to Trump: You Will ‘Regret’ the Next 4 Years

    Alyssa Newcomb
    1/18/2017

    Anonymous, the loose collective of online hackers, issued an ominous warning to President-elect Donald Trump ahead of his inauguration, telling the billionaire he’s going to “regret” the next four years.

    On Twitter, the group put out a call to action to its followers, urging them to expose any potential compromising information they can find about the soon-to-be new leader of the free world.

    The group tweeted at Trump, repeating unsubstantiated allegations that he has “financial and personal ties with Russian mobsters, child traffickers, and money launderers.”

    “This isn’t the 80’s any longer, information doesn’t vanish, it is all out there. You are going to regret the next 4 years. @realDonaldTrump,” reads a tweet from @YourAnonCentral, an account used to disseminate information among the hacker group.

    Trump, a usually trigger-happy tweeter, seems to be ignoring the threats for now.

    Trump has long been in Anonymous’ crosshairs, with the group declaring war on him last year when he was a candidate for President of the United States.

    In March, private information about Trump was “leaked” by hackers claiming to be a part of Anonymous, including a cell phone and social security number. However, it was later proven that information wasn’t new and had been floating around online for some time.

    “”This isn’t the 80’s any longer, information doesn’t vanish, it is all out there. You are going to regret the next 4 years. @realDonaldTrump,” reads a tweet from @YourAnonCentral, an account used to disseminate information among the hacker group.”

    That sure sounds like at least someone in Anonymous either already has some hacked info on Trump ready to go or is intent on getting it. But with Anonymous being, well, anonymous, it’s hard to say how much this tweet from the ‘YourAnonCentral’ Twitter account represents a larger segment of the group.

    Still, it’s worth noting that this wasn’t the first Anonymous operation declared against Trump. And that last operation was declared March of last year it split Anonymous between those that wanted to go after Trump, those who were pro-Trump, and those who felt that Anonymous shouldn’t be picking specific sides in particular races, which at the time was the YourAnonCentral position. So if this recent YourAnonCentral tweet came from the same individual tweeting about the anti-Trump operations back in March, it would appear that the conclusion of the 2016 elections has ended their hesitancy and now that Trump is in office YourAnonCentral is ready for some anti-Trump operations:

    The Guardian

    Anti-Trump campaign sparks civil war among Anonymous hackers

    Critics say targeting Republican counters hacking collective’s tradition of not taking sides in political contests and others allege movement is being hijacked

    Nicky Woolf in Los Angeles

    Thursday 24 March 2016 09.00 EDT

    The ripple effects of Donald Trump’s presidential candidacy have led to a civil war in the Republican party. But they have also had the unexpected consequence of leading to a subterranean civil war within Anonymous, the mysterious hacking collective.

    Most of the political operations targeted by Anonymous – including the Church of Scientology, Isis and the KKK – have instigated some level of internal dispute among people claiming to be part of Anonymous. But when the group announced their next target would be the Trump campaign, it set off the most heated debate yet within the movement – which has no leader and no specific set of aims.

    Many disavowed the anti-Trump operation as being counter to Anonymous’s tradition of not taking sides in political contests. (A previous operation against Trump was similarly derailed, albeit on a smaller scale, when another hacker calling himself Black Mafia wrested control of the Twitter account.)

    Others have even alleged the movement is being hijacked by either campaign operatives or activists trying to co-opt Anonymous for their own political ends. On 15 March, a video was released.

    “We are feeling deeply concerned about an operation that was launched in our name – the so-called Operation Trump,” says the video, which, in classic Anonymous style, is narrated by a disembodied computerised voice.

    “We – Anonymous – are warning you about the lies and deceits pushed under our banner,” the voice continues.

    But a user named Beemsee posted a message to a site called Ghostbin to defend the operation.

    “There has been large amounts of opposition to this operation as many think that OpTrump aims to censor Donald Trump’s free speech,” said Beemsee, who is linked to the Twitter account OpTrumpHQ. “This is not the case. We do NOT stand for a specific political ideology,” Beemsee continued.

    The Twitter account YourAnonCentral is one of the longest-standing nodes for Anonymous communications. Its administrator, who has been involved in the movement since its inception around 2006 on the anarchic image-board 4chan, said that the Trump and Sanders campaigns had been seen “actively attempting to subvert and misuse Anonymous for their own gains”.

    “They are both using Anonymous as a prop in their ‘war’ and it is a lie,” the administrator said over Twitter direct message. “Anonymous comes from every part of the political spectrum, the only things we could be all (mostly) aligned on are against the censorship of candidates by the media or against human rights violations or similar,” adding that mimicking the style of Anonymous would be “really easy” for anyone motivated to do so.

    Some personal information on Trump has been released as part of the operation, but many in the movement have derided it as including only information that was already in the public domain.

    OpTrumpTruth was one of the early Twitter accounts associated with the purported action against Trump. The operator of the account said that she had joined Anonymous nine months ago, and had been part of previous operations against SeaWorld and campaigns in support of Chelsea Manning.

    She described herself as politically independent but said, also over Twitter direct message, that “we believe Mr Trump is a blatant hateful racist with enough money to buy his way to power that’s something that we in good conscience can’t allow”.

    Asked about the schism in the movement, she said that many of the major Anonymous accounts – including YourAnonCentral – were opposed to the anti-Trump operation because “they say Anonymous is against the whole system not just one man.”

    She also said that there were many Trump supporters within Anonymous and “those people will not want to see anything that brings him down.”

    On the message-board for OpTrump – which is open and, of course, anonymous – users have been engaging in fiery debate as to the veracity, and the advisability, of taking sides in the presidential election. “So what decision should we make, not choosing doesn’t help anything,” said a user who had taken the nickname EverythingBerns. “Well, you’ve got to pick someone,” one user replied. “DON’T CHOSE [sic]” said another.

    Another account using the visual lingua franca of Anonymous, called OpWhiteRose, also agitates against Trump. After several messages, the operator of that account admitted that they had no involvement or affiliation with Anonymous. Instead, the operator said they were “a small group of like-minded people who want to stop Trump’s politics from destroying the US.”

    “Asked about the schism in the movement, she said that many of the major Anonymous accounts – including YourAnonCentral – were opposed to the anti-Trump operation because “they say Anonymous is against the whole system not just one man.””

    Well, it sounds like Donald Trump’s election just cost him the one thing that was stopping at least part of Anonymous from attacking him during his campaign: he wasn’t actually important enough at the time. But he is now! And given the hyper-egocentric proto-fascist nature of Trump’s politics, he’s not just one man operating in a larger political system Anonymous opposes. He is increasingly the system. That’s how authoritarian cults of personality systems work.

    So we’ll see what happens, but don’t forget: as long as any future Trump hacks reveal anything the public might find interesting, Trump preemptively approves of them.

    Posted by Pterrafractyl | January 18, 2017, 4:12 pm
  7. Here’s a fun-fact that should definitely be kept in mind when assessing the publicly available evidence that “Fancy Bear” and “Cozy Bear” hacked the DNC and were in fact part of a larger Kremlin operation: Back before these two hacking entities were labeled “Fancy Bear” and “Cozy Bear” they were already known by the labels “APT28” and “APT29” (Advanced Persistent Threat 28 and 29). And after the May 2015 Bundestag hack of the committee investing NSA hacking on German soil that resulted in the release by Wikileaks of 2,420 documents Germany’s domestic intelligence agency with attributed the hack to APT28:

    BBC News

    Russia ‘was behind German parliament hack’

    13 May 2016

    Germany’s domestic intelligence agency has accused Russia of being behind a series of cyber attacks on German state computer systems.

    The BfV said a hacker group thought to work for the Russian state had attacked Germany’s parliament in 2015.

    This week it emerged that hackers linked to the same group had also targeted the Christian Democratic Union party of Chancellor Angela Merkel.

    Russia has yet to respond publicly to the accusations made by the BfV.

    Sabotage threat

    BfV head Hans-Georg Maassen said Germany was a perennial target of a hacker gang known as Sofacy/APT 28 that some other experts also believe has close links with the Russian state. This group is believed by security experts to be affiliated with the Pawn Storm group that has been accused of targeting the CDU party.

    Sofacy/APT 28 is believed to have been formed in 2004 and has been blamed for a wide range of attacks on both governments and financial institutions.

    The attacks on German state organisations and institutions were carried out to gather intelligence data, Mr Maassen said.

    He added that his agency had been monitoring the group for years. He said some of its hack attacks on Germany had been ongoing for more than a decade.

    The attack on the German parliament sought to install software that would have given the attackers permanent access to computers used by staff and MPs. Other attacks involved gathering data about critical infrastructure such as power plants and other utilities, Mr Maassen said.

    “BfV head Hans-Georg Maassen said Germany was a perennial target of a hacker gang known as Sofacy/APT 28 that some other experts also believe has close links with the Russian state. This group is believed by security experts to be affiliated with the Pawn Storm group that has been accused of targeting the CDU party.”

    Note that the “other experts” who also believe APT28 has close links with the Russian state the article links to is the privacy security firm FireEye, which also played a role analyzing the DNC hacks.

    Also note that APT28 was believed to have formed in 2004 and had been attacking Germany institutions for more than a decade according to the BfV:

    Sofacy/APT 28 is believed to have been formed in 2004 and has been blamed for a wide range of attacks on both governments and financial institutions.

    The attacks on German state organisations and institutions were carried out to gather intelligence data, Mr Maassen said.

    He added that his agency had been monitoring the group for years. He said some of its hack attacks on Germany had been ongoing for more than a decade.

    So when we’re assessing the sources of information that are currently pointing in the direction of “Fancy Bear” and “Cozy Bear” being part of a Kremlin-backed hacking group, keep in mind that the BvF has apparently been monitoring them for years.

    Oh, and also note that there was an update back in December from the German government regarding its assessment of the 2015 Bundgestag hacks that it attributed to APT28 and Russia: while it asserts the hacks did indeed take place, the leaked documents were later determined to be an insider leak (via Google translate):

    Frankfurter Allgemeine Politik

    Wikileaks source for revelations in the Bundestag suspects

    After the publication of thousands of documents from the NSA investigation committee, Russian hackers had recently been suspected. Now the authorities are leaving a leak in the Bundestag itself.
    17.12.2016

    After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.

    According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises.

    The “mirror” pointed out that the Wikileaks material covered 90 gigabytes, but the infiltrated Bundestagsrechnern only 16 gigabytes of data were stolen. The Cyberattacke apparently also had no members of the Bundestag or employees from the environment of the NSA investigation committee affected.

    The “Frankfurter Allgemeine Sonntagszeitung” had cited a high security officer a week ago with the words that there was “high plausibility” for the fact that the secrets published by Wikileaks were captured in the cyber attack on the Bundestag. Russian hackers are responsible for the attack. Also the committee chairman Patrick Sensburg (CDU) had not excluded a foreign hacker attack immediately after the publication of the documents.

    According to WikiLeaks, the approximately 2400 documents come from various federal agencies such as the Bundesnachrichtendienst and the federal offices for constitutional protection and security in information technology. The documents are intended to provide evidence of cooperation between the US National Security Agency (NSA) and the BND.

    “According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises.”

    Yes, we get auto-translated argle-bargle thanks to the dearth of English language reporting on this December update. But that sure sounds like the released Bundestag NSA documents were determined to NOT be part of the 2015 hack but instead was done by a leaker. A leaker that the Bundestagspolizei is still looking for:

    After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.

    So that happened, and it might contain a rather important lesson regarding the DNC. How so? Well, as the article below highlights, when it comes to the DNC’s server and the relatively weak IT security that was being employed, it’s entirely possible that the DNC server was indeed hacked, but that the release of documents was due to an independent insider leak. And given that both APT28 and APT29 were determined to have hacked that server, but seemingly behaved as if they didn’t realize the other group was there too, it’s entirely possible that the DNC was independently hacked multiple entities in addition to a possible insider leak.

    But as the article below also points out, it’s entirely possible that “APT28” and “APT29” aren’t even distinct entities at all. Why? Because the conclusion by firms like FireEye and Crowdstrike that there are these two groups, “APT28” and “APT29”, that were leaving years of electronic trails from all their hacking activities isn’t based on any distinct “APT28” or “APT29” calling card. It’s based on the tool sets of hacking tools and infrastructure (like servers) used by these groups. And those tool sets used by APT28 and APT29 are readily available on the Dark Web and circulating among hacker communities as was the infrastructure. In other words, it’s entirely possible that that a wide variety of skilled hackers have access to the exact same hacking tools that were used by groups like FireEye and Crowdstrike to uniquely identify APT28/29 and the same sets of corrupted servers. And since so much of the rest of the evidence that was used to attribute the hacking evidence to Russian hackers is based on readily spoofable information – like the cyrillic characters in a hacked document or that the hacking tool set code appeared to be compiled during Moscow working hours…all spoofable evidence – it very possible that the evidence used to attribute these hacks to Kremlin-backed hackers could have been spoofed by a wide variety of possible culprits:

    Counter Punch

    Did the Russians Really Hack the DNC?

    by Gregory Elich
    January 13, 2017

    Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

    How substantial is the evidence backing these assertions?

    Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.

    On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government. Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]

    Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.

    Each of the two intrusions acted as an advanced persistent threat (APT), which is an attack that resides undetected on a network for a long time. The goal of an APT is to exfiltrate data from the infected system rather than inflict damage. Several names have been given to these two actors, and most commonly Fancy Bear is known as APT28, and Cozy Bear as APT29.

    The fact that many of the techniques used in the hack resembled, in varying degrees, past attacks attributed to Russia may not necessarily carry as much significance as we are led to believe. Once malware is deployed, it tends to be picked up by cybercriminals and offered for sale or trade on Deep Web black markets, where anyone can purchase it. Exploit kits are especially popular sellers. Quite often, the code is modified for specific uses. Security specialist Josh Pitts demonstrated how easy that process can be, downloading and modifying nine samples of the OnionDuke malware, which is thought to have first originated with the Russian government. Pitts reports that this exercise demonstrates “how easy it is to repurpose nation-state code/malware.” [2]

    In another example, when SentinalOne Research discovered the Gyges malware in 2014, it reported that it “exhibits similarities to Russian espionage malware,” and is “designed to target government organizations. It comes as no surprise to us that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands.” The security firm explains that Gyges is an “example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime.” [3]

    Attribution is hard, cybersecurity specialists often point out. “Once an APT is released into the wild, its spread isn’t controlled by the attacker,” writes Mark McArdle. “They can’t prevent someone from analyzing it and repurposing it for their own needs.” Adapting malware “is a well-known reality,” he continues. “Finding irrefutable evidence that links an attacker to an attack is virtually unattainable, so everything boils down to assumptions and judgment.” [4]

    Security Alliance regards security firm FireEye’s analysis that tied APT28 to the Russian government as based “largely on circumstantial evidence.” FireEye’s report “explicitly disregards targets that do not seem to indicate sponsorship by a nation-state,” having excluded various targets because they are “not particularly indicative of a specific sponsor’s interests.” [5] FireEye reported that the APT28 “victim set is narrow,” which helped lead it to the conclusion that it is a Russian operation. Cybersecurity consultant Jeffrey Carr reacts with scorn: “The victim set is narrow because the report’s authors make it narrow! In fact, it wasn’t narrowly targeted at all if you take into account the targets mentioned by other cybersecurity companies, not to mention those that FireEye deliberately excluded for being ‘not particularly indicative of a specific sponsor’s interests’.” [6]

    FireEye’s report from 2014, on which much of the DNC Russian attribution is based, found that 89 percent of the APT28 software samples it analyzed were compiled during regular working hours in St. Petersburg and Moscow. [7]

    But compile times, like language settings, can be easily altered to mislead investigators. Mark McArdle wonders, “If we think about the very high level of design, engineering, and testing that would be required for such a sophisticated attack, is it reasonable to assume that the attacker would leave these kinds of breadcrumbs? It’s possible. But it’s also possible that these things can be used to misdirect attention to a different party. Potentially another adversary. Is this evidence the result of sloppiness or a careful misdirection?” [8]

    “If the guys are really good,” says Chris Finan, CEO of Manifold Technology, “they’re not leaving much evidence or they’re leaving evidence to throw you off the scent entirely.” [9] How plausible is it that Russian intelligence services would fail even to attempt such a fundamental step?

    James Scott of the Institute for Critical Infrastructure Technology points out that the very vulnerability of the DNC servers constitutes a muddied basis on which determine attribution. “Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats; and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.” [10]

    Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]

    This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.

    At any rate, the documents posted to the Guccifer 2.0 blog do not necessarily originate from the same source as those published by WikiLeaks. Certainly, none of the documents posted to WikiLeaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak.

    APT28 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT28. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. [12] It seems an odd oversight for a nation-state operation, in which plausible deniability would be essential, to overlook that glaring point during software development.

    Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

    One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael. [17]

    “Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18]

    In answer to critics, the Department of Homeland Security and the FBI issued a joint analysis report, which presented “technical details regarding the tools and infrastructure used” by Russian intelligence services “to compromise and exploit networks” associated with the U.S. election, U.S. government, political, and private sector entities. The report code-named these activities “Grizzly Steppe.” [19]

    For a document that purports to offer strong evidence on behalf of U.S. government allegations of Russian culpability, it is striking how weak and sloppy the content is. Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. “PowerShell backdoor,” for instance, is a method used by many hackers, and in no way describes a Russian operation.

    Indeed, one must take the list on faith, because nowhere in the document is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X-Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]

    The salient impression given by the government’s report is how devoid of evidence it is. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as “pedestrian advice to IT professionals about computer security.” As for the report’s indicators of compromise (IoC), Hinderaker characterizes these as “tools that are freely available and IP addresses that are used by hackers around the world.” [21]

    In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed “quite substantially.” Wordfence notes that not only is the software “commonly available,” but also that it would be reasonable to expect “Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.” To put it plainly, Wordfence concludes that the malware sample “has no apparent relationship with Russian intelligence.” [23]

    Wordfence also analyzed the government’s list of 876 IP addresses included as indicators of compromise. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low-cost server hosting companies. “A common pattern that we see in the industry,” Wordfence states, “is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.” Fifteen percent of the IP addresses are currently Tor exit nodes. “These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.” [24]

    If one also takes into account the IP addresses that not only point to current Tor exits, but also those that once belonged to Tor exit nodes, then these comprise 42 percent of the government’s list. [25] “The fact that so many of the IPs are Tor addresses reveals the true sloppiness of the report,” concludes network security specialist Jerry Gamblin. [26]

    Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. “It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.” Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. “No,” he continues. “This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage.” Graham goes on to point out that “what really happened” with the supposed Russian hack into the Vermont power grid “is that somebody just checked their Yahoo email, thereby accessing one of the same IP addresses I did. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid)” is U.S. government “misinformation.” [27]

    The indicators of compromise, in Graham’s assessment, were “published as a political tool, to prove they have evidence pointing to Russia.” As for the P.A.S. web shell, it is “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” Relying on the government’s sample for attribution is problematic: “Just because you found P.A.S. in two different places doesn’t mean it’s the same hacker.” A web shell “is one of the most common things hackers use once they’ve broken into a server,” Graham observes. [28]

    Although cybersecurity analyst Robert M. Lee is inclined to accept the government’s position on the DNC hack, he feels the joint analysis report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” The report’s list “detracts from the confidence because of the interweaving of unrelated data.” The information presented is not sourced, he adds. “It’s a random collection of information and in that way, is mostly useless.” Indeed, the indicators of compromise have “a high rate of false positives for defenders that use them.” [29]

    The intent of the joint analysis report was to provide evidence of Russian state responsibility for the DNC hack. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. [32] The FBI, for its part, says it made “multiple requests” for access to the DNC servers and was repeatedly turned down. [33] Either way, it is a remarkable admission. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC-hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT28 and APT29 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place?

    In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a document briefed to U.S. officials. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government’s case. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of “high confidence” in assessing that Russia hacked the DNC and released documents to WikiLeaks. Instead, the bulk of the report is an unhinged diatribe against Russian-owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run “anti-fracking programming, highlighting environmental issues and the impacts on health issues,” airing a documentary on Occupy Wall Street, and hosting third-party candidates during the 2012 election.[34]

    The report would be laughable, were it not for the fact that it is being played up for propaganda effect, bypassing logic and appealing directly to unexamined emotion. The 2016 election should have been a wake-up call for the Democratic Party. Instead, predictably enough, no self-examination has taken place, as the party doubles down on the neoliberal policies that have impoverished tens of millions, and backing military interventions that have sown so much death and chaos. Instead of thoughtful analysis, the party is lashing out and blaming Russia for its loss to an opponent that even a merely weak candidate would have beaten handily.

    Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the documents.

    So, did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]

    There are too many inconsistencies and holes in the official story. In all likelihood, there were multiple intrusions into DNC servers, not all of which have been identified. The public ought to be wary of quick claims of attribution. It requires a long and involved process to arrive at a plausible identification, and in many cases the source can never be determined. As Jeffrey Carr explains, “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.” [37]

    Russia-bashing is in full swing, and there does not appear to be any letup in sight. We are plunging headlong into a new Cold War, riding on a wave of propaganda-induced hysteria. The self-serving claims fueling this campaign need to be challenged every step of the way. Surrendering to evidence-free emotional appeals would only serve those who arrogantly advocate confrontation and geopolitical domination.

    So, did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]

    And that right there points to one of the most fascinating possibilities in this DNC hack situation: it’s possible that the Kremlin can’t honestly deny that Russian hackers hacked the DNC because they really did hack the DNC, but didn’t actually release the information and instead it was either an insider leak or an entirely different set of hackers that stole those documents and handed them over to Wikileaks. Wouldn’t that be a doozy of a clusterf#ck.

    And if that seems too improbably, keep in mind that APT28 and 29 appeared to both hack the DNC simultaneously without realizing the other one was there and also keep in mind that the attribution of an attack to either APT28 or APT29 or any individual hacking group when your assessment is based on things like which readily-available hacking tool set they used or which corrupted servers they launched the attack from is exceptionally difficult:

    Indeed, one must take the list on faith, because nowhere in the document is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X-Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X-Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]

    “Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.””

    And what about the evidence that would appear to directly attribute these hacks to Russian hackers?


    Security Alliance regards security firm FireEye’s analysis that tied APT28 to the Russian government as based “largely on circumstantial evidence.” FireEye’s report “explicitly disregards targets that do not seem to indicate sponsorship by a nation-state,” having excluded various targets because they are “not particularly indicative of a specific sponsor’s interests.” [5] FireEye reported that the APT28 “victim set is narrow,” which helped lead it to the conclusion that it is a Russian operation. Cybersecurity consultant Jeffrey Carr reacts with scorn: “The victim set is narrow because the report’s authors make it narrow! In fact, it wasn’t narrowly targeted at all if you take into account the targets mentioned by other cybersecurity companies, not to mention those that FireEye deliberately excluded for being ‘not particularly indicative of a specific sponsor’s interests’.” [6]

    FireEye’s report from 2014, on which much of the DNC Russian attribution is based, found that 89 percent of the APT28 software samples it analyzed were compiled during regular working hours in St. Petersburg and Moscow. [7]

    But compile times, like language settings, can be easily altered to mislead investigators. Mark McArdle wonders, “If we think about the very high level of design, engineering, and testing that would be required for such a sophisticated attack, is it reasonable to assume that the attacker would leave these kinds of breadcrumbs? It’s possible. But it’s also possible that these things can be used to misdirect attention to a different party. Potentially another adversary. Is this evidence the result of sloppiness or a careful misdirection?” [8]

    Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]

    This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.

    And how about the command-and-control servers that was part of the common “infrastructure” used to attribute these hacks to APT28/APT29:

    Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

    One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael. [17]

    “Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18]

    “Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael.”

    So what can we conclude? Well, for one, if the Kremlin really did order these hacks, they were pulled off using readily available outdated hacking tools that are used by hackers around the world. And who knows, maybe using outdated tools that can still get the job done is the method of choice for nation state hacking groups simply because that would provide the most plausible deniability.

    Except in the case of APT28 that’s not the case. At least not always. As FireEye put it in the July 2016 Defense One article below, where they make the case that the DNC hackers wanted to be caught and were trying to send a message, one of the reasons FireEye became convinced that these were state-sponsored groups was the high number of zero-day (never seen before) exploits they used. Although this wasn’t a reference to the DNC hack but instead an unrelated July 2015 hack which was also attributed to APT28:

    Defense One

    Russia Wanted to be Caught, Says Company Waging War on the DNC Hackers

    By Patrick Tucker Read bio

    July 28, 2016

    Pointing a finger at Russia is easy. Punishing them is hard. That’s why they hacked the DNC, according to the company that first named one of the key suspects.

    The Russian groups behind the DNC hack no longer seem to care about getting caught. Long before the Kremlin-sponsored hacking squads APT 28 and APT 29 were making waves for stealing files from the Democratic National Committee, they made an appearance in two white papers put out by FireEye. The cybersecurity company has been monitoring and analyzing the two groups on behalf of corporate clients for years. In the DNC breach, a company spokesman told Defense One: “They wanted experts and policymakers to know that Russia is behind it.”

    That fits a pattern of increasing bold moves over the past year by the groups, which are also known as FANCY BEAR and COZY BEAR, says Christopher Porter, the manager of Horizons, the strategic intelligence and forecasting arm of FireEye iSIGHT Intelligence, the company’s threat monitoring division.

    “We see them now persisting even when they know that security professionals have been called in to remove them from a system. They continue their operational pace at a very high level. So that’s a huge risk and a sea change in their behavior,” Porter said. “Even when they know they’re caught, they don’t stop the operation, necessarily.”

    That’s highly unusual for an advanced persistent threat. It signals that Russia is willing to work in a space normally reserved for criminals, devoting government resources and acting with impunity. That makes them incredibly difficult to counter, for the same reason the West had no good response to the “little green men” — the Russian forces that invaded Ukraine disguised as a organic populist militant movement.

    That camouflaged brazenness was also seen in the 2015 hack on the Joint Chiefs of Staff’s nonclassified email, also attributed to APT 29. The attackers were “jumping from one computer to another” in the network, according to a representative of the company the Pentagon hired to fix the damage. “A lot of the time you don’t have the command-and-control architecture to be able to go in and see the attack,” he said. “So the advanced threat characteristics change to be more automated, a kind of pervasive deployment using common vulnerabilities and exploiting them widely.”

    That means that APT 29 has stopped retreating from networks when they think they’ve been detected. Now they adapt the hack in the open, bobbing and weaving like a fast and clever boxer, taunting the victim to expel them.

    “We’ve even seen them on some systems where they know that there is anti-virus [software] on a computer inside of a network system that they’re on,” FireEye’s Porter said. “They’re moving laterally within a network. They know that their tool is going to be detected by a system that they’re about to move to and they’ll do it anyway because they’re such skilled hackers that they can compromise the system and then jump to another system and get what they need before they can be quarantined.”

    There’s a reason that’s not normal behavior, even among very skilled hackers. After attackers are expelled from a system, defenders move quickly to patch the security hole they used. Groups that run advanced persistent attacks move stealthily, lest they burn too quickly through their bag of tricks.

    Yet FireEye found that APT 28 and APT 29 didn’t even bother to change the pace of their attacks as their targets became aware of them.

    “We have a Mandiant arm that can go back and recreate what happened,” after a breach, Porter said. “When we look back on it over time, there’s no evidence that if their operations were exposed on Tuesday that, on Wednesday, exploitation pace against their targets would change. It didn’t make any difference. They have an armory of zero days,” attacks that have never been seen before.

    Case in point: a July 2015 incident in which a security firm published a blog post about how APT 28 was using a specific zero-day exploit. The group updated the hack the next day, as FireEye focused reporting team manager Kristen Dennesen told the RSA conference this year.

    Porter thinks that’s one piece of evidence that both groups have state sponsorship. You need more than than coding chops to pull off a stunt like that; it helps to have an international intelligence collection network you can work with.

    “If these state-backed actors have professional military or intelligence operators overseeing the operation, any change you can make, they’re going to try and find a counter to that,” he said. “They seem to know that certain white papers are going to be public and they make the changes the day before they come out. We’ve seen evidence that they’ve known in advance that someone is going to reveal that they were going to be discovered and they make changes so that they continue uninterrupted.”

    “Case in point: a July 2015 incident in which a security firm published a blog post about how APT 28 was using a specific zero-day exploit. The group updated the hack the next day, as FireEye focused reporting team manager Kristen Dennesen told the RSA conference this year.”

    And that 2015 use of a burst of zero-day exploits is, in part, the basis for FireEye’s conclusions that APT28 is state-sponsored. This is of course assuming the same group responsible for that 2015 hack was also responsible for the DNC hack and this wasn’t a case of misattribution due to similarities in the tool set and infrastructure than would be point towards APT28 being state-sponsored. But as we saw above, assuming there isn’t a case of misattribution for all these hacks is a pretty big assumption and if there really are multiple hacking groups sharing the same code/infrastructure, all it’s going to take is one of those groups using a zero-day exploit or something to make it seems like all the similar hacking groups are state-sponsored too. And that means some random hacker using the same readily-available tool set could end up doing something that looks like an act of cyberwar simply by using the same tool sets used by an actual state-sponsored actor and, in turn, having the hack misattributed to the state-sponsor. So that’s pretty scary.

    And in related news, the Shadow Brokers apparently retired and dumped a bunch more previously unknown NSA hacks on the web for hackers around the world to use.

    Posted by Pterrafractyl | January 18, 2017, 8:29 pm

Post a comment