- Spitfire List - http://spitfirelist.com -

FTR #964 Lies, Damned Lies and Statistics

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE [1].

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE [2].

You can sub­scribe to RSS feed from Spitfirelist.com HERE [2].

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE [3].

This broad­cast was record­ed in one, 60-minute seg­ment [4].

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration. [5]

Trump kept a copy of this by his bed­side. Rus­sia is NOT his source of inspi­ra­tion.

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism. [6]

Waf­fen SS-clad World War II reen­ac­tors, in orig­i­nal pho­to used by Trump cam­paign. Rus­sia is NOT the font of Trump­ism.

Intro­duc­tion: As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

Com­pound­ing the sit­u­a­tion are some recent dis­clo­sures and devel­op­ments:

Fol­low­ing [13] a Bloomberg report about wide­spread Russ­ian hack­ing of Amer­i­can elec­tions sys­tems:  “ . . . . Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked. ‘We can­not ver­i­fy any infor­ma­tion in that report,’ Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.’ She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els. ‘There are cyber­se­cu­ri­ty firms mak­ing some wild claims,’ she said. ‘It is a very aggres­sive indus­try.’ . . .”

With the high-pro­file hacks being attributed–almost cer­tain­ly falsely–to Rus­sia, there are omi­nous devel­op­ments [14] tak­ing place that may well lead to a Third World War. Dur­ing the clos­ing days of his Pres­i­den­cy, Oba­ma autho­rized the plant­i­ng of cyber weapons on Russ­ian com­put­er net­works. Oba­ma did this after talk­ing with Putin on the Hot Line, estab­lished to pre­vent a Third World War. Putin denied inter­fer­ing in the U.S. elec­tion.

The con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders appears to have been based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it.

That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

Of para­mount sig­nif­i­cance is the fact that IF, on Putin’s orders (and we are to believe such) Rus­sia con­tin­ued to hack U.S. com­put­er sys­tems to influ­ence the elec­tion, Putin would have to have gone utter­ly mad. Those hacks would have pre­clud­ed any rap­proche­ment between Rus­sia and the Unit­ed States under a Pres­i­dent Trump. There is not indi­ca­tion that Putin went off the deep end.

Also augur­ing a Third World War are two devel­op­ments in Syr­ia. Sey­mour Hersh pub­lished an arti­cle in Die Welt [15] reveal­ing that, not only was the April 4 alleged Sarin attack NOT a chem­i­cal weapons attack but there was wide­spread knowl­edge of this in Amer­i­can mil­i­tary and intel­li­gence cir­cles.

Omi­nous­ly, the Trump White House is claim­ing they have advance knowl­edge [16] of an impend­ing Syr­i­an chem­i­cal weapons strike and will pun­ish Syr­ia heav­i­ly, and hold Rus­sia account­able.

Pro­gram High­lights Include: The fact that the bulk of activ­i­ty detect­ed by the DHS on U.S. elec­tion sys­tems was “scanning”–standard oper­at­ing pro­ce­dure for hack­ing; a for­mer NSA hack­ing specialist–Jake Williams–said that spear-phish­ing oper­a­tion was of “medi­um sophis­ti­ca­tion” that “prac­ti­cal­ly any hack­er can pull off” [17]; the ques­tion of whether or not GOP Sec­re­taries of State might have delib­er­ate­ly respond­ed to the spear-phish­ing e‑mails that per­mit­ted the “hit” on U.S. elec­tion sys­tems; the Russ­ian autho­riza­tion of the use by the Syr­i­an air force of a smart bomb to elim­i­nate Al-Qae­da-linked jihadists; the release of a chem­i­cal cloud as a result of that strike that was caused by sec­ondary explo­sions; Cam­bridge Ana­lyt­i­ca’s [18] hir­ing of GOP online data-bas­ing king­pin Dar­ren Bold­ing.

1a. As we have not­ed in many pre­vi­ous broad­casts and posts, cyber attacks are eas­i­ly dis­guised. Per­pe­trat­ing a “cyber false flag” oper­a­tion is dis­turbing­ly easy to do. In a world where the ver­i­fi­ably false and phys­i­cal­ly impos­si­ble “con­trolled demolition”/Truther non­sense has gained trac­tion, cyber false flag ops are all the more threat­en­ing and sin­is­ter.

Now, we learn that the CIA’s hack­ing tools are specif­i­cal­ly craft­ed to mask CIA author­ship of the attacks. Most sig­nif­i­cant­ly, for our pur­pos­es, is the fact that the Agen­cy’s hack­ing tools are engi­neered in such a way as to per­mit the authors of the event to rep­re­sent them­selves as Russ­ian.

This is of para­mount sig­nif­i­cance in eval­u­at­ing the increas­ing­ly neo-McCarthyite New Cold War pro­pa­gan­da about “Russ­ian inter­fer­ence” in the U.S. elec­tion.

“Wik­iLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russ­ian, Chi­nese, Ara­bic” by Stephanie Dube Dwil­son; Heavy; 4/3/2017. [7]

This morn­ing, Wik­iLeaks released part 3 of its Vault 7 series, called Mar­ble. Mar­ble reveals CIA source code files along with decoy lan­guages that might dis­guise virus­es, tro­jans, and hack­ing attacks. These tools could make it more dif­fi­cult for anti-virus com­pa­nies and foren­sic inves­ti­ga­tors to attribute hacks to the CIA. Could this call the source of pre­vi­ous hacks into ques­tion? It appears that yes, this might be used to dis­guise the CIA’s own hacks to appear as if they were Russ­ian, Chi­nese, or from spe­cif­ic oth­er coun­tries. These tools were in use in 2016, Wik­iLeaks report­ed.

 It’s not known exact­ly how this Mar­ble tool was actu­al­ly used. How­ev­er, accord­ing to Wik­iLeaks, the tool could make it more dif­fi­cult for inves­ti­ga­tors and anti-virus com­pa­nies to attribute virus­es and oth­er hack­ing tools to the CIA. Test exam­ples weren’t just in Eng­lish, but also Russ­ian, Chi­nese, Kore­an, Ara­bic, and Far­si. This might allow a mal­ware cre­ator to not only look like they were speak­ing in Russ­ian or Chi­nese, rather than in Eng­lish, but to also look like they tried to hide that they were not speak­ing Eng­lish, accord­ing to Wik­iLeaks. This might also hide fake error mes­sages or be used for oth­er pur­pos­es. . . .

1b. There has been a wide­ly-cir­cu­lat­ed report about how the elec­tion sys­tems of 39 US states were “hit” by ‘Russ­ian hack­ers’, most of them just a week, before the 2016 Novem­ber elec­tion? [19] Well, the Nation­al Asso­ci­a­tion of Sec­re­taries of State, an orga­ni­za­tion that rep­re­sents the chief elec­tion offi­cials in 40 states, has a rebut­tal: They have no idea what this report was talk­ing about and believe it’s a mat­ter of cyber­se­cu­ri­ty firms being over­ly aggres­sive to earn state con­tracts to pro­tect elec­tion sys­tems. [13]

Again, quite a rebuttal–they have no idea what the Bloomberg report was say­ing:  “ . . . . Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked.

‘We can­not ver­i­fy any infor­ma­tion in that report,’ Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.’

Ms. Stim­son also not­ed that cyber secu­ri­ty firms appeared to be ramp­ing up the hype in order to fur­ther their own com­mer­cial agen­das.

” . . . Cyber Secu­ri­ty Firms Cap­i­tal­iz­ing On Russ­ian Scare

She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els.

‘There are cyber­se­cu­ri­ty firms mak­ing some wild claims,’ she said. ‘It is a very aggres­sive indus­try.’

In addi­tion the Depart­ment of Home­land Secu­ri­ty is also down­play­ing the sig­nif­i­cance of the report:

” . . . . Bloomberg attrib­uted the num­ber of states “hit” — Stim­son ques­tioned the mean­ing of the word — to the sys­tems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Home­land Secu­ri­ty also issued a report about the Bloomberg report, say­ing: ‘While we are not going to get into specifics of activ­i­ty at the state lev­el, the vast major­i­ty of what we saw was scan­ning — not attempts to intrude — and unsuc­cess­ful attempts to steal data held in vot­er reg­is­tra­tion data­bas­es.’. . . .”

“State Elec­tion Offi­cials Baf­fled By Report 39 States ‘Hit’ By Russ­ian Hack­ers” by Mark Fritz; Ben­zin­ga; 06/15/2017 [13]

State elec­tion offi­cials are baf­fled by a Bloomberg report [20] alleg­ing that Russ­ian hack­ers com­pro­mised the vot­ing sys­tems in 39 states, adding that cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics to win state and local con­tracts to pro­tect elec­tion sys­tems.

The June 13 Bloomberg sto­ry said that hack­ers staged incur­sions last year into vot­er data­bas­es and soft­ware sys­tems in almost twice as many states as pre­vi­ous­ly report­ed.

“In Illi­nois, inves­ti­ga­tors found evi­dence that cyber intrud­ers tried to delete or alter vot­er data. The hack­ers accessed soft­ware designed to be used by poll work­ers on Elec­tion Day, and in at least one state accessed a cam­paign finance data­base,” the report said.

It cit­ed three unnamed sources with direct knowl­edge of “the U.S. inves­ti­ga­tion into the mat­ter.”

“In all, the Russ­ian hack­ers hit sys­tems in a total of 39 states, one of them said,” the report said.

The Nation­al Secu­ri­ty Agency, the FBI and the U.S. Home­land Secu­ri­ty Depart­ment all are look­ing into var­i­ous aspects of what intel­li­gence offi­cials said was Russ­ian med­dling into the U.S. elec­tion sys­tems.

Kay Stim­son, spokes­woman for the Nation­al Asso­ci­a­tion of Sec­re­taries of State, said the mem­bers of her group — which rep­re­sents the chief elec­tion offi­cials in 40 states — were tak­en aback by the alle­ga­tion that 39 states were hacked.

“We can­not ver­i­fy any infor­ma­tion in that report,” Stim­son told Ben­zin­ga. “It has some claims that have raised some red flags. I don’t know where they’re get­ting it. We’re not able to assess to the cred­i­bil­i­ty.”

Cyber Secu­ri­ty Firms Cap­i­tal­iz­ing On Russ­ian Scare

She said that some cyber­se­cu­ri­ty firms were engag­ing in scare tac­tics at the state and local lev­els.

“There are cyber­se­cu­ri­ty firms mak­ing some wild claims,” she said. “It is a very aggres­sive indus­try.”

Bloomberg attrib­uted the num­ber of states “hit” — Stim­son ques­tioned the mean­ing of the word — to the sys­tems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Home­land Secu­ri­ty also issued a report about the Bloomberg report, say­ing: “While we are not going to get into specifics of activ­i­ty at the state lev­el, the vast major­i­ty of what we saw was scan­ning — not attempts to intrude — and unsuc­cess­ful attempts to steal data held in vot­er reg­is­tra­tion data­bas­es.”

Lit­tle Doubt Russ­ian Med­dling In Elec­tion

Despite the reac­tion to the Bloomberg report, there is lit­tle doubt that Russ­ian actors attempt­ed to access U.S. elec­tion sys­tems. Spe­cial inves­ti­ga­tor Robert Mueller has been tasked with spear­head­ing the inves­ti­ga­tion into whether the Trump cam­paign col­lud­ed with Krem­lin affil­i­ates to leak dam­ag­ing emails and rig the elec­tion.

2a. The infor­ma­tion pre­sent­ed above cer­tain­ly sup­ports the notion that the “39 states were hacked by the Rus­sians” was, at a min­i­mum, an exag­ger­a­tion. And when DHS talks about the “vast major­i­ty” of what they saw was “scan­ning”, keep in mind that “scan­ning” com­put­ers con­nect­ed to the inter­net is ubiq­ui­tous and if they were using IP address­es to attribute this scan­ning to “Russ­ian hack­ers”, if the US intel­li­gence report on the evi­dence for ‘Russ­ian hack­ers’ in the DNC serv­er hack is any indi­ca­tion of the way IP address­es are being used to assess cul­pa­bil­i­ty for these state sys­tem scan­ning attempts, IP address­es aren’t the most com­pelling evi­dence in this case [21]:

“Did the Rus­sians Real­ly Hack the DNC?” by Gre­go­ry ElichCounter Punch; 1/13/2017. [22]

Rus­sia, we are told, breached the servers of the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC), swiped emails and oth­er doc­u­ments, and released them to the pub­lic, to alter the out­come of the U.S. pres­i­den­tial elec­tion.

How sub­stan­tial is the evi­dence back­ing these asser­tions?

Com­mand-and-con­trol servers remote­ly issue mali­cious com­mands to infect­ed machines. Odd­ly, for such a key com­po­nent of the oper­a­tion, the com­mand-and-con­trol IP address in both attacks was hard-cod­ed in the mal­ware. This seems like anoth­er inex­plic­a­ble choice, giv­en that the point of an advanced per­sis­tent threat is to oper­ate for an extend­ed peri­od with­out detec­tion. A more suit­able approach would be to use a Domain Name Sys­tem (DNS) address, which is a decen­tral­ized com­put­er nam­ing sys­tem. That would pro­vide a more covert means of iden­ti­fy­ing the com­mand-and-con­trol serv­er. [13] [23] More­over, one would expect that address to be encrypt­ed. Using a DNS address would also allow the com­mand-and-con­trol oper­a­tion to eas­i­ly move to anoth­er serv­er if its loca­tion is detect­ed, with­out the need to mod­i­fy and rein­stall the code.

One of the IP address­es is claimed to be a “well-known APT 28” com­mand-and-con­trol address, while the sec­ond is said to be linked to Russ­ian mil­i­tary intel­li­gence. [14] [24] The first address points to a serv­er locat­ed in San Jose, Cal­i­for­nia, and is oper­at­ed by a serv­er host­ing ser­vice. [15] [25] The sec­ond serv­er is sit­u­at­ed in Paris, France, and owned by anoth­er serv­er host­ing ser­vice. [16] [26] Clear­ly, these are servers that have been com­pro­mised by hack­ers. It is cus­tom­ary for hack­ers to route their attacks through vul­ner­a­ble com­put­ers. The IP address­es of com­pro­mised com­put­ers are wide­ly avail­able on the Deep Web, and typ­i­cal­ly a hacked serv­er will be used by mul­ti­ple threat actors. These two par­tic­u­lar servers may or may not have been reg­u­lar­ly uti­lized by Russ­ian Intel­li­gence, but they were not unique­ly so used. Almost cer­tain­ly, many oth­er hack­ers would have used the same machines, and it can­not be said that these IP address­es unique­ly iden­ti­fy an infil­tra­tor. Indeed, the sec­ond IP address is asso­ci­at­ed with the com­mon Tro­jan virus­es Agent-APPR and Shun­nael.[17] [27]

“Every­one is focused on attri­bu­tion, but we may be miss­ing the big­ger truth,” says Joshua Cro­man, Direc­tor of the Cyber State­craft Ini­tia­tive at the Atlantic Coun­cil. “[T]he lev­el of sophis­ti­ca­tion required to do this hack was so low that near­ly any­one could do it.” [18] [28] . . . 

2b. Since dig­i­tal “sig­na­tures” are eas­i­ly spoofed by hack­ers and a dec­la­ra­tion of cyber war would be an insane move by the Russ­ian gov­ern­ment, there’s the very obvi­ous pos­si­bil­i­ty that some­one else made all these hack­ing attempts.

It’s worth not­ing that in The Inter­cept report about the leaked NSA doc­u­ment show­ing the analy­sis of the hack­ing of a Flori­da vot­ing sys­tems com­pa­ny, the arti­cle fea­tures an inter­view Jake Williams – a for­mer mem­ber of NSA’s elite hack­ing Tai­lored Access Oper­a­tions team – and ask him about the spear-phish­ing cam­paign used against those 122 offi­cials in the last week of the cam­paign. Accord­ing to Williams, that spear-phish­ing oper­a­tion was of “medi­um sophis­ti­ca­tion” that “prac­ti­cal­ly any hack­er can pull off”. [17]

The spear-phish­ing attacks used doc­u­ments from the Flori­da-based “VR Sys­tems” as the bait. That’s what the alleged Russ­ian hack­ers did in the last week of the cam­paign. And how sophis­ti­cat­ed was this spear-phish­ing attack? Almost any hack­er could have done it.

“. . . . Accord­ing to Williams, if this type of attack were suc­cess­ful, the per­pe­tra­tor would pos­sess “unlim­it­ed” capac­i­ty for siphon­ing away items of inter­est. ‘Once the user opens up that email [attach­ment],’ Williams explained, ‘the attack­er has all the same capa­bil­i­ties that the user does.’ Vikram Thakur, a senior research man­ag­er at Symantec’s Secu­ri­ty Response Team, told The Inter­cept that in cas­es like this the ‘quan­ti­ty of exfil­trat­ed data is only lim­it­ed by the con­trols put in place by net­work admin­is­tra­tors.’ Data theft of this vari­ety is typ­i­cal­ly encrypt­ed, mean­ing any­one observ­ing an infect­ed net­work wouldn’t be able to see what exact­ly was being removed but should cer­tain­ly be able to tell some­thing was afoot, Williams added. Over­all, the method is one of  ‘medi­um sophis­ti­ca­tion,’ Williams said, one that ‘prac­ti­cal­ly any hack­er can pull off.’. . . .”

So accord­ing to fed­er­al inves­ti­ga­tors, ‘the GRU’ used a spear-phish­ing tech­nique that any hack­er could have pulled off, and did it in a man­ner that left dig­i­tal “sig­na­tures”, like IP address, that appar­ent­ly led back to the GRU. The cul­prits also kept the same dig­i­tal sig­na­tures in the July 2016 hack on the Illi­nois vot­ing sys­tem that were found in the wave of spear-phish­ing attacks in the last week of the cam­paign. Even after get­ting a “cyber Red Phone” call from the White House in for the first time ever in Octo­ber, thus open­ing Rus­sia to poten­tial revenge attacks for years to come and poi­son-pilling the pos­si­ble util­i­ty of hav­ing a Russ­ian-friend­ly Pres­i­dent Trump in the White House. It’s as if the cost-ben­e­fit analy­sis didn’t fac­tor in the costs. That’s the sto­ry we’re sup­posed to accept.

And, amaz­ing­ly, based on the first report, it sounds the bulk of the 39 hacked states got hacked by this spear-phish­ing cam­paign in the last week of the cam­paign despite the intense focus around poten­tial hack­ing in the pri­or months. Those must have been some pret­ty com­pelling phish­ing emails.

It rais­es the ques­tion as to whether or not some of the those 122 tar­get­ed offi­cials were try­ing to get their sys­tems hacked. Keep in mind one of the very inter­est­ing things about a spear-phish­ing attack in a sce­nario like this: one of the hacked par­ties (the GOP) just might want to get hacked: Spear-phish­ing a great way for an insid­er to invite in a hack­er while main­tain­ing plau­si­ble deni­a­bil­i­ty. Oops! I was tricked!)

“Top-Secret NSA Report Details Russ­ian Hack­ing Effort Days Before 2016 Elec­tion” by Matthew Cole, Richard Espos­i­to, Sam Bid­dle, Ryan Grim; The Inter­cept; 06/05/2017 [17]

Russ­ian mil­i­tary intel­li­gence exe­cut­ed a cyber­at­tack on at least one U.S. vot­ing soft­ware sup­pli­er and sent spear-phish­ing emails to more than 100 local elec­tion offi­cials just days before last November’s pres­i­den­tial elec­tion, accord­ing to a high­ly clas­si­fied intel­li­gence report obtained by The Inter­cept.

The top-secret Nation­al Secu­ri­ty Agency doc­u­ment, which was pro­vid­ed anony­mous­ly to The Inter­cept and inde­pen­dent­ly authen­ti­cat­ed, ana­lyzes intel­li­gence very recent­ly acquired by the agency about a months-long Russ­ian intel­li­gence cyber effort against ele­ments of the U.S. elec­tion and vot­ing infra­struc­ture. The report, dat­ed May 5, 2017, is the most detailed U.S. gov­ern­ment account of Russ­ian inter­fer­ence in the elec­tion that has yet come to light.

While the doc­u­ment pro­vides a rare win­dow into the NSA’s under­stand­ing of the mechan­ics of Russ­ian hack­ing, it does not show the under­ly­ing “raw” intel­li­gence on which the analy­sis is based. A U.S. intel­li­gence offi­cer who declined to be iden­ti­fied cau­tioned against draw­ing too big a con­clu­sion from the doc­u­ment because a sin­gle analy­sis is not nec­es­sar­i­ly defin­i­tive.

The report indi­cates that Russ­ian hack­ing may have pen­e­trat­ed fur­ther into U.S. vot­ing sys­tems than was pre­vi­ous­ly under­stood. It states unequiv­o­cal­ly in its sum­ma­ry state­ment that it was Russ­ian mil­i­tary intel­li­gence, specif­i­cal­ly the Russ­ian Gen­er­al Staff Main Intel­li­gence Direc­torate, or GRU, that con­duct­ed the cyber attacks described in the doc­u­ment:

Russ­ian Gen­er­al Staff Main Intel­li­gence Direc­torate actors … exe­cut­ed cyber espi­onage oper­a­tions against a named U.S. com­pa­ny in August 2016, evi­dent­ly to obtain infor­ma­tion on elec­tions-relat­ed soft­ware and hard­ware solu­tions. … The actors like­ly used data obtained from that oper­a­tion to … launch a vot­er reg­is­tra­tion-themed spear-phish­ing cam­paign tar­get­ing U.S. local gov­ern­ment orga­ni­za­tions.

This NSA sum­ma­ry judg­ment is sharply at odds with Russ­ian Pres­i­dent Vladimir Putin’s denial [29] last week that Rus­sia had inter­fered in for­eign elec­tions: “We nev­er engaged in that on a state lev­el, and have no inten­tion of doing so.” Putin, who had pre­vi­ous­ly issued blan­ket denials that any such Russ­ian med­dling occurred, for the first time float­ed the pos­si­bil­i­ty that free­lance Russ­ian hack­ers with “patri­ot­ic lean­ings” may have been respon­si­ble. The NSA report, on the con­trary, dis­plays no doubt that the cyber assault was car­ried out by the GRU.

The Spear-Phish­ing Attack

As described by the clas­si­fied NSA report, the Russ­ian plan was sim­ple: pose as an e‑voting ven­dor and trick local gov­ern­ment employ­ees into open­ing Microsoft Word doc­u­ments invis­i­bly taint­ed with potent mal­ware that could give hack­ers full con­trol over the infect­ed com­put­ers.

But in order to dupe the local offi­cials, the hack­ers need­ed access to an elec­tion soft­ware vendor’s inter­nal sys­tems to put togeth­er a con­vinc­ing dis­guise. So on August 24, 2016, the Russ­ian hack­ers sent spoofed emails pur­port­ing to be from Google to employ­ees of an unnamed U.S. elec­tion soft­ware com­pa­ny, accord­ing to the NSA report. Although the doc­u­ment does not direct­ly iden­ti­fy the com­pa­ny in ques­tion, it con­tains ref­er­ences to a prod­uct made by VR Sys­tems, a Flori­da-based ven­dor of elec­tron­ic vot­ing ser­vices and equip­ment whose prod­ucts are used in eight states.

The spear-phish­ing email con­tained a link direct­ing the employ­ees to a mali­cious, faux-Google web­site that would request their login cre­den­tials and then hand them over to the hack­ers. The NSA iden­ti­fied sev­en “poten­tial vic­tims” at the com­pa­ny. While mali­cious emails tar­get­ing three of the poten­tial vic­tims were reject­ed by an email serv­er, at least one of the employ­ee accounts was like­ly com­pro­mised, the agency con­clud­ed. The NSA notes in its report that it is “unknown whether the afore­men­tioned spear-phish­ing deploy­ment suc­cess­ful­ly com­pro­mised all the intend­ed vic­tims, and what poten­tial data from the vic­tim could have been exfil­trat­ed.”

VR Sys­tems declined to respond to a request for com­ment on the spe­cif­ic hack­ing oper­a­tion out­lined in the NSA doc­u­ment. Chief Oper­at­ing Offi­cer Ben Mar­tin replied by email to The Intercept’s request for com­ment with the fol­low­ing state­ment:

Phish­ing and spear-phish­ing are not uncom­mon in our indus­try. We reg­u­lar­ly par­tic­i­pate in cyber alliances with state offi­cials and mem­bers of the law enforce­ment com­mu­ni­ty in an effort to address these types of threats. We have poli­cies and pro­ce­dures in effect to pro­tect our cus­tomers and our com­pa­ny.

Although the NSA report indi­cates that VR Sys­tems was tar­get­ed only with login-steal­ing trick­ery, rather than com­put­er-con­trol­ling mal­ware, this isn’t nec­es­sar­i­ly a reas­sur­ing sign. Jake Williams, founder of com­put­er secu­ri­ty firm Ren­di­tion Infos­ec and for­mer­ly of the NSA’s Tai­lored Access Oper­a­tions hack­ing team, said stolen logins can be even more dan­ger­ous than an infect­ed com­put­er. “I’ll take cre­den­tials most days over mal­ware,” he said, since an employee’s login infor­ma­tion can be used to pen­e­trate “cor­po­rate VPNs, email, or cloud ser­vices,” allow­ing access to inter­nal cor­po­rate data. The risk is par­tic­u­lar­ly height­ened giv­en how com­mon it is to use the same pass­word for mul­ti­ple ser­vices. Phish­ing, as the name implies, doesn’t require every­one to take the bait in order to be a suc­cess — though Williams stressed that hack­ers “nev­er want just one” set of stolen cre­den­tials.

In any event, the hack­ers appar­ent­ly got what they need­ed. Two months lat­er, on Octo­ber 27, they set up an “oper­a­tional” Gmail account designed to appear as if it belonged to an employ­ee at VR Sys­tems, and used doc­u­ments obtained from the pre­vi­ous oper­a­tion to launch a sec­ond spear-phish­ing oper­a­tion “tar­get­ing U.S. local gov­ern­ment orga­ni­za­tions.” These emails con­tained a Microsoft Word doc­u­ment that had been “tro­janized” so that when it was opened it would send out a bea­con to the “mali­cious infra­struc­ture” set up by the hack­ers.

The NSA assessed that this phase of the spear-fish­ing oper­a­tion was like­ly launched on either Octo­ber 31 or Novem­ber 1 and sent spear-fish­ing emails to 122 email address­es “asso­ci­at­ed with named local gov­ern­ment orga­ni­za­tions,” prob­a­bly to offi­cials “involved in the man­age­ment of vot­er reg­is­tra­tion sys­tems.” The emails con­tained Microsoft Word attach­ments pur­port­ing to be benign doc­u­men­ta­tion for VR Sys­tems’ EViD vot­er data­base prod­uct line, but which were in real­i­ty mali­cious­ly embed­ded with auto­mat­ed soft­ware com­mands that are trig­gered instant­ly and invis­i­bly when the user opens the doc­u­ment. These par­tic­u­lar weaponized files used Pow­er­Shell, a Microsoft script­ing lan­guage designed for sys­tem admin­is­tra­tors and installed by default on Win­dows com­put­ers, allow­ing vast con­trol over a system’s set­tings and func­tions. If opened, the files “very like­ly” would have instruct­ed the infect­ed com­put­er to begin down­load­ing in the back­ground a sec­ond pack­age of mal­ware from a remote serv­er also con­trolled by the hack­ers, which the secret report says could have pro­vid­ed attack­ers with “per­sis­tent access” to the com­put­er or the abil­i­ty to “sur­vey the vic­tims for items of inter­est.” Essen­tial­ly, the weaponized Word doc­u­ment qui­et­ly unlocks and opens a target’s back door, allow­ing vir­tu­al­ly any cock­tail of mal­ware to be sub­se­quent­ly deliv­ered auto­mat­i­cal­ly.

Accord­ing to Williams, if this type of attack were suc­cess­ful, the per­pe­tra­tor would pos­sess “unlim­it­ed” capac­i­ty for siphon­ing away items of inter­est. “Once the user opens up that email [attach­ment],” Williams explained, “the attack­er has all the same capa­bil­i­ties that the user does.” Vikram Thakur, a senior research man­ag­er at Symantec’s Secu­ri­ty Response Team, told The Inter­cept that in cas­es like this the “quan­ti­ty of exfil­trat­ed data is only lim­it­ed by the con­trols put in place by net­work admin­is­tra­tors.” Data theft of this vari­ety is typ­i­cal­ly encrypt­ed, mean­ing any­one observ­ing an infect­ed net­work wouldn’t be able to see what exact­ly was being removed but should cer­tain­ly be able to tell some­thing was afoot, Williams added.Over­all, the method is one of “medi­um sophis­ti­ca­tion,” Williams said, one that “prac­ti­cal­ly any hack­er can pull off.”

The NSA, how­ev­er, is uncer­tain about the results of the attack, accord­ing to the report. “It is unknown,” the NSA notes, “whether the afore­men­tioned spear-phish­ing deploy­ment suc­cess­ful­ly com­pro­mised the intend­ed vic­tims, and what poten­tial data could have been accessed by the cyber actor.” . . . .

3. The con­clu­sion that Rus­sia hacked the U.S. elec­tion on Putin’s orders appears to have been based on a CIA source in the Krem­lin. Even when that intel­li­gence was deliv­ered, oth­er agen­cies weren’t ready to accept the CIA’s con­clu­sion and it took intel­li­gence from anoth­er nation (not named) to pro­vide the final intel­li­gence tip­ping point that led to a broad-based con­clu­sion the not only was the Russ­ian gov­ern­ment behind the cyber­at­tacks but that Vladimir Putin him­self ordered it.

That ally’s intel­li­gence is described as “the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia,” how­ev­er the NSA still wasn’t con­vinced based on what sounds like a lack of con­fi­dence in that source. Thus, it looks like a CIA Krem­lin source and an unnamed for­eign intel­li­gence agency with ques­tion­able cre­den­tials are the basis of what appears to be a like­ly future full-scale US/Russian cyber­war.

” . . . .Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race. . . .”

We are told that a CIA deep Russ­ian gov­ern­ment source is the pri­ma­ry source of the ‘Putin ordered it’ con­clu­sion. Well, at least that’s bet­ter than the bad joke tech­ni­cal evi­dence that’s been pro­vid­ed thus far. But even that source’s claims appar­ent­ly weren’t enough to con­vinced oth­er parts of the intel­li­gence com­mu­ni­ty. It took the intel­li­gence from the unnamed ally to do that:

” . . . . But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence. . . .

. . . . In a sub­se­quent news con­fer­ence, Oba­ma allud­ed to the exchange and issued a veiled threat. “We’re mov­ing into a new era here where a num­ber of coun­tries have sig­nif­i­cant capac­i­ties,” he said. “Frankly, we’ve got more capac­i­ty than any­body both offen­sive­ly and defen­sive­ly.” . . . .

 

. . . . Then, on Oct. 31, the admin­is­tra­tion deliv­ered a final pre-elec­tion mes­sage via a secure chan­nel to Moscow orig­i­nal­ly cre­at­ed to avert a nuclear exchange. The mes­sage not­ed that the Unit­ed States had detect­ed mali­cious activ­i­ty, orig­i­nat­ing from servers in Rus­sia, tar­get­ing U.S. elec­tion sys­tems and warned that med­dling would be regard­ed as unac­cept­able inter­fer­ence. Rus­sia con­firmed the next day that it had received the mes­sage but replied only after the elec­tion through the same chan­nel, deny­ing the accu­sa­tion. . . . 

. . . .But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand. . . .

. . . . .The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing “implants” in Russ­ian net­works deemed “impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,” a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race.

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain.

As a result, the admin­is­tra­tion request­ed a legal review, which con­clud­ed that the devices could be con­trolled well enough that their deploy­ment would be con­sid­ered “pro­por­tion­al” in vary­ing sce­nar­ios of Russ­ian provo­ca­tion, a require­ment under inter­na­tion­al law.

The oper­a­tion was described as long-term, tak­ing months to posi­tion the implants and requir­ing main­te­nance there­after. Under the rules of covert action, Obama’s sig­na­ture was all that was nec­es­sary to set the oper­a­tion in motion.

U.S. intel­li­gence agen­cies do not need fur­ther approval from Trump, and offi­cials said that he would have to issue a coun­ter­mand­ing order to stop it. The offi­cials said that they have seen no indi­ca­tion that Trump has done so. . . .”

Keep in mind that such a response from the US would be entire­ly pre­dictable if the Russ­ian gov­ern­ment real­ly did order this hack. Rus­sia would be at a height­ened risk for years or decades to come if Putin real­ly did order this attack. There’s no rea­son to assume that the Russ­ian gov­ern­ment wouldn’t be well aware of this con­se­quence.

So if Putin real­ly did order this hack he would have to have gone insane. That’s how stu­pid this attack was if Putin actu­al­ly ordered it. Accord­ing to a CIA spy in the Krem­lin, along with a ques­tion­able for­eign ally, that’s exact­ly what Putin did.

He appar­ent­ly went insane and pre­emp­tive­ly launched a cyber­war know­ing full well how dev­as­tat­ing the long-term con­se­quences could be. Because he real­ly, real­ly, real­ly hates Hillary. That’s the nar­ra­tive we’re being giv­en.

And now, any future attacks on US elec­tions or the US elec­tri­cal grid that can some­how [30] be [31] pinned [32] on [33] the Rus­sians [34] is going to trig­ger some sort of painful wave or retal­ia­to­ry cyber­bombs. Which, of course, will like­ly trig­ger a way of counter-retal­ia­to­ry cyber­bombs in the US. And a full-scale cyber­war will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Krem­lin and an unnamed for­eign intel­li­gence agency

“Obama’s Secret Strug­gle to Pun­ish Rus­sia for Putin’s Elec­tion Assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Wash­ing­ton Post; 06/23/2017 [14]

Ear­ly last August, an enve­lope with extra­or­di­nary han­dling restric­tions arrived at the White House. Sent by couri­er from the CIA, it car­ried “eyes only” instruc­tions that its con­tents be shown to just four peo­ple: Pres­i­dent Barack Oba­ma and three senior aides.

Inside was an intel­li­gence bomb­shell, a report drawn from sourc­ing deep inside the Russ­ian gov­ern­ment that detailed Russ­ian Pres­i­dent Vladimir Putin’s direct involve­ment in a cyber cam­paign to dis­rupt and dis­cred­it the U.S. pres­i­den­tial race.

But it went fur­ther. The intel­li­gence cap­tured Putin’s spe­cif­ic instruc­tions on the operation’s auda­cious objec­tives — defeat or at least dam­age the Demo­c­ra­t­ic nom­i­nee, Hillary Clin­ton, and help elect her oppo­nent, Don­ald Trump.

At that point, the out­lines of the Russ­ian assault on the U.S. elec­tion were increas­ing­ly appar­ent. Hack­ers with ties to Russ­ian intel­li­gence ser­vices had been rum­mag­ing through Demo­c­ra­t­ic Par­ty com­put­er net­works, as well as some Repub­li­can sys­tems, for more than a year. In July, the FBI had opened an inves­ti­ga­tion of con­tacts between Russ­ian offi­cials and Trump asso­ciates. And on July 22, near­ly 20,000 emails stolen from the Demo­c­ra­t­ic Nation­al Com­mit­tee were dumped online by Wik­iLeaks.

But at the high­est lev­els of gov­ern­ment, among those respon­si­ble for man­ag­ing the cri­sis, the first moment of true fore­bod­ing about Russia’s inten­tions arrived with that CIA intel­li­gence.

The mate­r­i­al was so sen­si­tive that CIA Direc­tor John Bren­nan kept it out of the President’s Dai­ly Brief, con­cerned that even that restrict­ed report’s dis­tri­b­u­tion was too broad. The CIA pack­age came with instruc­tions that it be returned imme­di­ate­ly after it was read. To guard against leaks, sub­se­quent meet­ings in the Sit­u­a­tion Room fol­lowed the same pro­to­cols as plan­ning ses­sions for the Osama bin Laden raid.

It took time for oth­er parts of the intel­li­gence com­mu­ni­ty to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the pub­lic, in a declas­si­fied report, what offi­cials had learned from Bren­nan in August — that Putin was work­ing to elect Trump.

Over that five-month inter­val, the Oba­ma admin­is­tra­tion secret­ly debat­ed dozens of options for deter­ring or pun­ish­ing Rus­sia, includ­ing cyber­at­tacks on Russ­ian infra­struc­ture, the release of CIA-gath­ered mate­r­i­al that might embar­rass Putin and sanc­tions that offi­cials said could “crater” the Russ­ian econ­o­my.

But in the end, in late Decem­ber, Oba­ma approved [35]a mod­est pack­age com­bin­ing mea­sures that had been drawn up to pun­ish Rus­sia for oth­er issues — expul­sions of 35 diplo­mats and the clo­sure of two Russ­ian com­pounds — with eco­nom­ic sanc­tions so nar­row­ly tar­get­ed that even those who helped design them describe their impact as large­ly sym­bol­ic.

Oba­ma also approved a pre­vi­ous­ly undis­closed covert mea­sure that autho­rized plant­i­ng cyber weapons in Russia’s infra­struc­ture, the dig­i­tal equiv­a­lent of bombs that could be det­o­nat­ed if the Unit­ed States found itself in an esca­lat­ing exchange with Moscow. The project, which Oba­ma approved in a covert-action find­ing, was still in its plan­ning stages when Oba­ma left office. It would be up to Pres­i­dent Trump to decide whether to use the capa­bil­i­ty.

In polit­i­cal terms, Russia’s inter­fer­ence was the crime of the cen­tu­ry, an unprece­dent­ed and large­ly suc­cess­ful desta­bi­liz­ing attack on Amer­i­can democ­ra­cy. It was a case that took almost no time to solve, traced to the Krem­lin through cyber-foren­sics and intel­li­gence on Putin’s involve­ment. And yet, because of the diver­gent ways Oba­ma and Trump have han­dled the mat­ter, Moscow appears unlike­ly to face pro­por­tion­ate con­se­quences.

Those clos­est to Oba­ma defend the administration’s response to Russia’s med­dling. They note that by August it was too late to pre­vent the trans­fer to Wik­iLeaks and oth­er groups of the troves of emails that would spill out in the ensu­ing months. They believe that a series of warn­ings — includ­ing one that Oba­ma deliv­ered to Putin in Sep­tem­ber — prompt­ed Moscow to aban­don any plans of fur­ther aggres­sion, such as sab­o­tage of U.S. vot­ing sys­tems.

Denis McDo­nough, who served as Obama’s chief of staff, said that the admin­is­tra­tion regard­ed Russia’s inter­fer­ence as an attack on the “heart of our sys­tem.”

“We set out from a first-order prin­ci­ple that required us to defend the integri­ty of the vote,” McDo­nough said in an inter­view. “Impor­tant­ly, we did that. It’s also impor­tant to estab­lish what hap­pened and what they attempt­ed to do so as to ensure that we take the steps nec­es­sary to stop it from hap­pen­ing again.”

But oth­er admin­is­tra­tion offi­cials look back on the Rus­sia peri­od with remorse.

“It is the hard­est thing about my entire time in gov­ern­ment to defend,” said a for­mer senior Oba­ma admin­is­tra­tion offi­cial involved in White House delib­er­a­tions on Rus­sia. “I feel like we sort of choked.”

This account of the Oba­ma administration’s response to Russia’s inter­fer­ence is based on inter­views with more than three dozen cur­rent and for­mer U.S. offi­cials in senior posi­tions in gov­ern­ment, includ­ing at the White House, the State, Defense and Home­land Secu­ri­ty depart­ments, and U.S. intel­li­gence ser­vices. Most agreed to speak only on the con­di­tion of anonymi­ty, cit­ing the sen­si­tiv­i­ty of the issue.

The White House, the CIA, the FBI, the Nation­al Secu­ri­ty Agency and the Office of the Direc­tor of Nation­al Intel­li­gence declined to com­ment.

‘Deeply con­cerned’

The CIA break­through came at a stage of the pres­i­den­tial cam­paign when Trump had secured the GOP nom­i­na­tion but was still regard­ed as a dis­tant long shot. Clin­ton held com­fort­able leads in major polls, and Oba­ma expect­ed that he would be trans­fer­ring pow­er to some­one who had served in his Cab­i­net.

The intel­li­gence on Putin was extra­or­di­nary on mul­ti­ple lev­els, includ­ing as a feat of espi­onage.

For spy agen­cies, gain­ing insights into the inten­tions of for­eign lead­ers is among the high­est pri­or­i­ties. But Putin is a remark­ably elu­sive tar­get. A for­mer KGB offi­cer, he takes extreme pre­cau­tions to guard against sur­veil­lance, rarely com­mu­ni­cat­ing by phone or com­put­er, always run­ning sen­si­tive state busi­ness from deep with­in the con­fines of the Krem­lin.

The Wash­ing­ton Post is with­hold­ing some details of the intel­li­gence at the request of the U.S. gov­ern­ment.

In ear­ly August, Bren­nan alert­ed senior White House offi­cials to the Putin intel­li­gence, mak­ing a call to deputy nation­al secu­ri­ty advis­er Avril Haines and pulling nation­al secu­ri­ty advis­er Susan E. Rice aside after a meet­ing before brief­ing Oba­ma along with Rice, Haines and McDo­nough in the Oval Office.

Offi­cials described the president’s reac­tion as grave. Oba­ma “was deeply con­cerned and want­ed as much infor­ma­tion as fast as pos­si­ble,” a for­mer offi­cial said. “He want­ed the entire intel­li­gence com­mu­ni­ty all over this.”

Con­cerns about Russ­ian inter­fer­ence had gath­ered through­out the sum­mer.

Rus­sia experts had begun to see a trou­bling pat­tern of pro­pa­gan­da in which fic­ti­tious news sto­ries, assumed to be gen­er­at­ed by Moscow, pro­lif­er­at­ed across social-media plat­forms.

Offi­cials at the State Depart­ment and FBI became alarmed by an unusu­al spike in requests from Rus­sia for tem­po­rary visas for offi­cials with tech­ni­cal skills seek­ing per­mis­sion to enter the Unit­ed States for short-term assign­ments at Russ­ian facil­i­ties. At the FBI’s behest, the State Depart­ment delayed approv­ing the visas until after the elec­tion.

Mean­while, the FBI was track­ing a flur­ry of hack­ing activ­i­ty against U.S. polit­i­cal par­ties, think tanks and oth­er tar­gets. Rus­sia had gained entry to DNC sys­tems in the sum­mer of 2015 and spring of 2016, but the breach­es did not become pub­lic until they were dis­closed in a June 2016 report by The Post.

Even after the late-July Wik­iLeaks dump, which came on the eve of the Demo­c­ra­t­ic con­ven­tion and led to the res­ig­na­tion of Rep. Deb­bie Wasser­man Schultz (D‑Fla.) as the DNC’s chair­woman, U.S. intel­li­gence offi­cials con­tin­ued to express uncer­tain­ty about who was behind the hacks or why they were car­ried out.

At a pub­lic secu­ri­ty con­fer­ence in Aspen [36], Colo., in late July, Direc­tor of Nation­al Intel­li­gence James R. Clap­per Jr. not­ed that Rus­sia had a long his­to­ry of med­dling in Amer­i­can elec­tions but that U.S. spy agen­cies were not ready to “make the call on attri­bu­tion” for what was hap­pen­ing in 2016.

“We don’t know enough … to ascribe moti­va­tion,” Clap­per said. “Was this just to stir up trou­ble or was this ulti­mate­ly to try to influ­ence an elec­tion?”

Bren­nan con­vened a secret task force at CIA head­quar­ters com­posed of sev­er­al dozen ana­lysts and offi­cers from the CIA, the NSA and the FBI.

The unit func­tioned as a sealed com­part­ment, its work hid­den from the rest of the intel­li­gence com­mu­ni­ty. Those brought in signed new non-dis­clo­sure agree­ments to be grant­ed access to intel­li­gence from all three par­tic­i­pat­ing agen­cies.

They worked exclu­sive­ly for two groups of “cus­tomers,” offi­cials said. The first was Oba­ma and few­er than 14 senior offi­cials in gov­ern­ment. The sec­ond was a team of oper­a­tions spe­cial­ists at the CIA, NSA and FBI who took direc­tion from the task force on where to aim their sub­se­quent efforts to col­lect more intel­li­gence on Rus­sia.

Don’t make things worse

The secre­cy extend­ed into the White House.

Rice, Haines and White House home­land-secu­ri­ty advis­er Lisa Mona­co con­vened meet­ings in the Sit­u­a­tion Room to weigh the mount­ing evi­dence of Russ­ian inter­fer­ence and gen­er­ate options for how to respond. At first, only four senior secu­ri­ty offi­cials were allowed to attend: Bren­nan, Clap­per, Attor­ney Gen­er­al Loret­ta E. Lynch and FBI Direc­tor James B. Comey. Aides ordi­nar­i­ly allowed entry as “plus-ones” were barred.

Grad­u­al­ly, the cir­cle widened to include Vice Pres­i­dent Biden and oth­ers. Agen­das sent to Cab­i­net sec­re­taries — includ­ing John F. Ker­ry at the State Depart­ment and Ash­ton B. Carter at the Pen­ta­gon — arrived in envelopes that sub­or­di­nates were not sup­posed to open. Some­times the agen­das were with­held until par­tic­i­pants had tak­en their seats in the Sit­u­a­tion Room.

Through­out his pres­i­den­cy, Obama’s approach to nation­al secu­ri­ty chal­lenges was delib­er­ate and cau­tious. He came into office seek­ing to end wars in Iraq and Afghanistan. He was loath to act with­out sup­port from allies over­seas and firm polit­i­cal foot­ing at home. He was drawn only reluc­tant­ly into for­eign crises, such as the civ­il war in Syr­ia, that pre­sent­ed no clear exit for the Unit­ed States.

Obama’s approach often seemed reducible to a sin­gle imper­a­tive: Don’t make things worse. As brazen as the Russ­ian attacks on the elec­tion seemed, Oba­ma and his top advis­ers feared that things could get far worse.

They were con­cerned that any pre-elec­tion response could pro­voke an esca­la­tion from Putin. Moscow’s med­dling to that point was seen as deeply con­cern­ing but unlike­ly to mate­ri­al­ly affect the out­come of the elec­tion. Far more wor­ri­some to the Oba­ma team was the prospect of a cyber-assault on vot­ing sys­tems before and on Elec­tion Day.

They also wor­ried that any action they took would be per­ceived as polit­i­cal inter­fer­ence in an already volatile cam­paign. By August, Trump was pre­dict­ing that the elec­tion would be rigged. Oba­ma offi­cials feared pro­vid­ing fuel to such claims, play­ing into Russia’s efforts to dis­cred­it the out­come and poten­tial­ly con­t­a­m­i­nat­ing the expect­ed Clin­ton tri­umph.

Before depart­ing for an August vaca­tion to Martha’s Vine­yard, Oba­ma instruct­ed aides to pur­sue ways to deter Moscow and pro­ceed along three main paths: Get a high-con­fi­dence assess­ment from U.S. intel­li­gence agen­cies on Russia’s role and intent; shore up any vul­ner­a­bil­i­ties in state-run elec­tion sys­tems; and seek bipar­ti­san sup­port from con­gres­sion­al lead­ers for a state­ment con­demn­ing Moscow and urg­ing states to accept fed­er­al help.

The admin­is­tra­tion encoun­tered obsta­cles at every turn.

Despite the intel­li­gence the CIA had pro­duced, oth­er agen­cies were slow­er to endorse a con­clu­sion that Putin was per­son­al­ly direct­ing the oper­a­tion and want­ed to help Trump. “It was def­i­nite­ly com­pelling, but it was not defin­i­tive,” said one senior admin­is­tra­tion offi­cial. “We need­ed more.”

Some of the most crit­i­cal tech­ni­cal intel­li­gence on Rus­sia came from anoth­er coun­try, offi­cials said. Because of the source of the mate­r­i­al, the NSA was reluc­tant to view it with high con­fi­dence.

Bren­nan moved swift­ly to sched­ule pri­vate brief­in­gs with con­gres­sion­al lead­ers. But get­ting appoint­ments with cer­tain Repub­li­cans proved dif­fi­cult, offi­cials said, and it was not until after Labor Day that Bren­nan had reached all mem­bers of the “Gang of Eight” — the major­i­ty and minor­i­ty lead­ers of both hous­es and the chair­men and rank­ing Democ­rats on the Sen­ate and House intel­li­gence com­mit­tees.

Jeh John­son, the home­land-secu­ri­ty sec­re­tary, was respon­si­ble for find­ing out whether the gov­ern­ment could quick­ly shore up the secu­ri­ty of the nation’s archa­ic patch­work of vot­ing sys­tems. He float­ed the idea of des­ig­nat­ing state mech­a­nisms “crit­i­cal infra­struc­ture,” a label that would have enti­tled states to receive pri­or­i­ty in fed­er­al cyber­se­cu­ri­ty assis­tance, putting them on a par with U.S. defense con­trac­tors and finan­cial net­works.

On Aug. 15, John­son arranged a con­fer­ence call with dozens of state offi­cials, hop­ing to enlist their sup­port. He ran into a wall of resis­tance.

The reac­tion “ranged from neu­tral to neg­a­tive,” John­son said in con­gres­sion­al tes­ti­mo­ny Wednes­day.

Bri­an Kemp, the Repub­li­can sec­re­tary of state of Geor­gia, used the call to denounce Johnson’s pro­pos­al as an assault on state rights. “I think it was a polit­i­cal­ly cal­cu­lat­ed move by the pre­vi­ous admin­is­tra­tion,” Kemp said in a recent inter­view, adding that he remains uncon­vinced that Rus­sia waged a cam­paign to dis­rupt the 2016 race. “I don’t nec­es­sar­i­ly believe that,” he said.

Stung by the reac­tion, the White House turned to Con­gress for help, hop­ing that a bipar­ti­san appeal to states would be more effec­tive.

In ear­ly Sep­tem­ber, John­son, Comey and Mona­co arrived on Capi­tol Hill in a car­a­van of black SUVs for a meet­ing with 12 key mem­bers of Con­gress, includ­ing the lead­er­ship of both par­ties.

The meet­ing devolved into a par­ti­san squab­ble.

“The Dems were, ‘Hey, we have to tell the pub­lic,’?” recalled one par­tic­i­pant. But Repub­li­cans resist­ed, argu­ing that to warn the pub­lic that the elec­tion was under attack would fur­ther Russia’s aim of sap­ping con­fi­dence in the sys­tem.

Sen­ate Major­i­ty Leader Mitch McConnell (R‑Ky.) went fur­ther, offi­cials said, voic­ing skep­ti­cism that the under­ly­ing intel­li­gence tru­ly sup­port­ed the White House’s claims. Through a spokes­woman, McConnell declined to com­ment, cit­ing the secre­cy of that meet­ing.

Key Democ­rats were stunned by the GOP response and exas­per­at­ed that the White House seemed will­ing to let Repub­li­can oppo­si­tion block any pre-elec­tion move.

On Sept. 22, two Cal­i­for­nia Democ­rats — Sen. Dianne Fein­stein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a state­ment mak­ing clear that they had learned from intel­li­gence brief­in­gs that Rus­sia was direct­ing a cam­paign to under­mine the elec­tion, but they stopped short of say­ing to what end.

A week lat­er, McConnell and oth­er con­gres­sion­al lead­ers issued a cau­tious state­ment that encour­aged state elec­tion offi­cials to ensure their net­works were “secure from attack.” The release made no men­tion of Rus­sia and empha­sized that the law­mak­ers “would oppose any effort by the fed­er­al gov­ern­ment” to encroach on the states’ author­i­ties.

When U.S. spy agen­cies reached unan­i­mous agree­ment in late Sep­tem­ber that the inter­fer­ence was a Russ­ian oper­a­tion direct­ed by Putin, Oba­ma direct­ed spy chiefs to pre­pare a pub­lic state­ment sum­ma­riz­ing the intel­li­gence in broad strokes.

With Oba­ma still deter­mined to avoid any appear­ance of pol­i­tics, the state­ment would not car­ry his sig­na­ture.

On Oct. 7, the admin­is­tra­tion offered its first pub­lic com­ment on Russia’s “active mea­sures,” in a three-para­graph state­ment issued by John­son and Clap­per. Comey had ini­tial­ly agreed to attach his name, as well, offi­cials said, but changed his mind at the last minute, say­ing that it was too close to the elec­tion for the bureau to be involved.

“The U.S. intel­li­gence com­mu­ni­ty is con­fi­dent that the Russ­ian gov­ern­ment direct­ed the recent com­pro­mis­es of e‑mails from U.S. per­sons and insti­tu­tions, includ­ing from U.S. polit­i­cal orga­ni­za­tions,” the state­ment said. “We believe, based on the scope and sen­si­tiv­i­ty of these efforts, that only Russia’s senior-most offi­cials could have autho­rized these activ­i­ties.”

Ear­ly drafts accused Putin by name, but the ref­er­ence was removed out of con­cern that it might endan­ger intel­li­gence sources and meth­ods.

The state­ment was issued around 3:30 p.m., timed for max­i­mum media cov­er­age. Instead, it was quick­ly drowned out. At 4 p.m., The Post pub­lished a sto­ry about crude com­ments [37]Trump had made about women that were cap­tured on an “Access Hol­ly­wood” tape. Half an hour lat­er, Wik­iLeaks pub­lished its first batch of emails stolen from Clin­ton cam­paign chair­man John Podes­ta.

‘Ample time’ after elec­tion

The Sit­u­a­tion Room is actu­al­ly a com­plex of secure spaces in the base­ment lev­el of the West Wing. A video feed from the main room cours­es through some Nation­al Secu­ri­ty Coun­cil offices, allow­ing senior aides sit­ting at their desks to see — but not hear — when meet­ings are under­way.

As the Rus­sia-relat­ed ses­sions with Cab­i­net mem­bers began in August, the video feed was shut off. The last time that had hap­pened on a sus­tained basis, offi­cials said, was in the spring of 2011 dur­ing the run-up to the U.S. Spe­cial Oper­a­tions raid on bin Laden’s com­pound in Pak­istan.

The blacked-out screens were seen as an omi­nous sign among low­er-lev­el White House offi­cials who were large­ly kept in the dark about the Rus­sia delib­er­a­tions even as they were tasked with gen­er­at­ing options for retal­i­a­tion against Moscow.

Much of that work was led by the Cyber Response Group, an NSC unit with rep­re­sen­ta­tives from the CIA, NSA, State Depart­ment and Pen­ta­gon.

The ear­ly options they dis­cussed were ambi­tious. They looked at sec­tor­wide eco­nom­ic sanc­tions and cyber­at­tacks that would take Russ­ian net­works tem­porar­i­ly offline. One offi­cial infor­mal­ly sug­gest­ed — though nev­er for­mal­ly pro­posed — mov­ing a U.S. naval car­ri­er group into the Baltic Sea as a sym­bol of resolve.

What those low­er-lev­el offi­cials did not know was that the prin­ci­pals and their deputies had by late Sep­tem­ber all but ruled out any pre-elec­tion retal­i­a­tion against Moscow. They feared that any action would be seen as polit­i­cal and that Putin, moti­vat­ed by a seething resent­ment of Clin­ton, was pre­pared to go beyond fake news and email dumps.

The FBI had detect­ed sus­pect­ed Russ­ian attempts to pen­e­trate elec­tion sys­tems in 21 states, and at least one senior White House offi­cial assumed that Moscow would try all 50, offi­cials said. Some offi­cials believed the attempts were meant to be detect­ed to unnerve the Amer­i­cans. The patch­work nature of the Unit­ed States’ 3,000 or so vot­ing juris­dic­tions would make it hard for Rus­sia to swing the out­come, but Moscow could still sow chaos.

“We turned to oth­er sce­nar­ios” the Rus­sians might attempt, said Michael Daniel, who was cyber­se­cu­ri­ty coor­di­na­tor at the White House, “such as dis­rupt­ing the vot­er rolls, delet­ing every 10th vot­er [from reg­istries] or flip­ping two dig­its in everybody’s address.”

The White House also wor­ried that they had not yet seen the worst of Russia’s cam­paign. Wik­iLeaks and DCLeaks, a web­site set up in June 2016 by hack­ers believed to be Russ­ian oper­a­tives, already had troves of emails. But U.S. offi­cials feared that Rus­sia had more explo­sive mate­r­i­al or was will­ing to fab­ri­cate it.

“Our pri­ma­ry inter­est in August, Sep­tem­ber and Octo­ber was to pre­vent them from doing the max they could do,” said a senior admin­is­tra­tion offi­cial. “We made the judg­ment that we had ample time after the elec­tion, regard­less of out­come, for puni­tive mea­sures.”

The assump­tion that Clin­ton would win con­tributed to the lack of urgency.

Instead, the admin­is­tra­tion issued a series of warn­ings.

Bren­nan deliv­ered the first on Aug. 4 in a blunt phone call with Alexan­der Bort­nikov, the direc­tor of the FSB, Russia’s pow­er­ful secu­ri­ty ser­vice.

A month lat­er, Oba­ma con­front­ed Putin direct­ly dur­ing a meet­ing of world lead­ers in Hangzhou, Chi­na. Accom­pa­nied only by inter­preters, Oba­ma told Putin that “we knew what he was doing and [he] bet­ter stop or else,” accord­ing to a senior aide who sub­se­quent­ly spoke with Oba­ma. Putin respond­ed by demand­ing proof and accus­ing the Unit­ed States of inter­fer­ing in Russia’s inter­nal affairs.

In a sub­se­quent news con­fer­ence, Oba­ma allud­ed to the exchange and issued a veiled threat. “We’re mov­ing into a new era here where a num­ber of coun­tries have sig­nif­i­cant capac­i­ties,” he said. “Frankly, we’ve got more capac­i­ty than any­body both offen­sive­ly and defen­sive­ly.”

There were at least two oth­er warn­ings.

On Oct. 7, the day that the Clap­per-John­son state­ment was released, Rice sum­moned Russ­ian Ambas­sador Sergey Kislyak Sergey Kislyak to the White House and hand­ed him a mes­sage to relay to Putin.

Then, on Oct. 31, the admin­is­tra­tion deliv­ered a final pre-elec­tion mes­sage via a secure chan­nel to Moscow orig­i­nal­ly cre­at­ed to avert a nuclear exchange. The mes­sage not­ed that the Unit­ed States had detect­ed mali­cious activ­i­ty, orig­i­nat­ing from servers in Rus­sia, tar­get­ing U.S. elec­tion sys­tems and warned that med­dling would be regard­ed as unac­cept­able inter­fer­ence. Rus­sia con­firmed the next day that it had received the mes­sage but replied only after the elec­tion through the same chan­nel, deny­ing the accu­sa­tion.

As Elec­tion Day approached, pro­po­nents of tak­ing action against Rus­sia made final, futile appeals to Obama’s top aides: McDo­nough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, secur­ing their sup­port on any nation­al secu­ri­ty issue came to be known as “mov­ing the suite.”

One of the last to try before the elec­tion was Ker­ry. Often per­ceived as reluc­tant to con­front Rus­sia, in part to pre­serve his attempts to nego­ti­ate a Syr­ia peace deal, Ker­ry was at crit­i­cal moments one of the lead­ing hawks.

In Octo­ber, Kerry’s top aides had pro­duced an “action memo” that includ­ed a pack­age of retal­ia­to­ry mea­sures includ­ing eco­nom­ic sanc­tions. Know­ing the White House was not will­ing to act before the elec­tion, the plan called for the mea­sures to be announced almost imme­di­ate­ly after votes had been secure­ly cast and count­ed.

Ker­ry signed the memo and urged the White House to con­vene a prin­ci­pals meet­ing to dis­cuss the plan, offi­cials said. “The response was basi­cal­ly, ‘Not now,’” one offi­cial said.

Elec­tion Day arrived with­out penal­ty for Moscow.

A U.S. cyber-weapon

The most dif­fi­cult mea­sure to eval­u­ate is one that Oba­ma allud­ed to in only the most oblique fash­ion when announc­ing the U.S. response.

“We will con­tin­ue to take a vari­ety of actions at a time and place of our choos­ing, some of which will not be pub­li­cized,” he said in a state­ment released by the White House.

He was refer­ring, in part, to a cyber oper­a­tion that was designed to be detect­ed by Moscow but not cause sig­nif­i­cant dam­age, offi­cials said. The oper­a­tion, which entailed implant­i­ng com­put­er code in sen­si­tive com­put­er sys­tems that Rus­sia was bound to find, served only as a reminder to Moscow of the Unit­ed States’ cyber reach.

But Oba­ma also signed the secret find­ing, offi­cials said, autho­riz­ing a new covert pro­gram involv­ing the NSA, CIA and U.S. Cyber Com­mand.

Oba­ma declined to com­ment for this arti­cle, but a spokesman issued a state­ment: “This sit­u­a­tion was tak­en extreme­ly seri­ous­ly, as is evi­dent by Pres­i­dent Oba­ma rais­ing this issue direct­ly with Pres­i­dent Putin; 17 intel­li­gence agen­cies issu­ing an extra­or­di­nary pub­lic state­ment; our home­land secu­ri­ty offi­cials work­ing relent­less­ly to bol­ster the cyber defens­es of vot­ing infra­struc­ture around the coun­try; the Pres­i­dent direct­ing a com­pre­hen­sive intel­li­gence review, and ulti­mate­ly issu­ing a robust response includ­ing shut­ting down two Russ­ian com­pounds, sanc­tion­ing nine Russ­ian enti­ties and indi­vid­u­als, and eject­ing 35 Russ­ian diplo­mats from the coun­try.”

The cyber oper­a­tion is still in its ear­ly stages and involves deploy­ing “implants” in Russ­ian net­works deemed “impor­tant to the adver­sary and that would cause them pain and dis­com­fort if they were dis­rupt­ed,” a for­mer U.S. offi­cial said.

The implants were devel­oped by the NSA and designed so that they could be trig­gered remote­ly as part of retal­ia­to­ry cyber-strike in the face of Russ­ian aggres­sion, whether an attack on a pow­er grid or inter­fer­ence in a future pres­i­den­tial race.

Offi­cials famil­iar with the mea­sures said that there was con­cern among some in the admin­is­tra­tion that the dam­age caused by the implants could be dif­fi­cult to con­tain.

As a result, the admin­is­tra­tion request­ed a legal review, which con­clud­ed that the devices could be con­trolled well enough that their deploy­ment would be con­sid­ered “pro­por­tion­al” in vary­ing sce­nar­ios of Russ­ian provo­ca­tion, a require­ment under inter­na­tion­al law.

The oper­a­tion was described as long-term, tak­ing months to posi­tion the implants and requir­ing main­te­nance there­after. Under the rules of covert action, Obama’s sig­na­ture was all that was nec­es­sary to set the oper­a­tion in motion.

U.S. intel­li­gence agen­cies do not need fur­ther approval from Trump, and offi­cials said that he would have to issue a coun­ter­mand­ing order to stop it. The offi­cials said that they have seen no indi­ca­tion that Trump has done so.

———-

4a. Well look at that: As inves­ti­ga­tors explore the more than three dozen com­pa­nies and indi­vid­u­als that Michael Fly­nn worked for – as a con­sul­tant, advis­er, board mem­ber, or speak­er – while advis­ing the Trump cam­paign last year. And two of those enti­ties are rais­ing some extra eye­brows. Fly­nn was an advi­so­ry board mem­ber of Lux­em­bourg-based OSY Tech­nolo­gies and con­sult­ed for the US-based pri­vate equi­ty firm Fran­cis­co Part­ners. What’s so ques­tion­able about these enti­ties? Well, Fran­cis­co Part­ners owns NSO Group – a secre­tive Israel-based cyber­weapons deal­er that sells advanced hack­ing tools to gov­ern­ments around the world – and OSY Tech­nolo­gies is an NSO Group off­shoot. Fly­nn joined OSY in May of last year Yep, Michael Fly­nn worked for both the own­er of an advanced cyber­weapons deal­er and one of its off­shoots through­out the 2016 cam­paign. [9]

“The month before Fly­nn joined the advi­so­ry board of OSY Tech­nolo­gies, NSO Group opened up a new arm called West­Bridge Tech­nolo­gies, Inc. [10], in the D.C. region. (The com­pa­ny was orig­i­nal­ly reg­is­tered in Delaware in 2014, but formed in Mary­land in April 2016.) Led by NSO Group co-founder Lavie, West­Bridge is vying for fed­er­al gov­ern­ment con­tracts for NSO Group’s prod­ucts. Hir­ing Fly­nn would pro­vide NSO Group with a well-con­nect­ed fig­ure in Wash­ing­ton, to help get its foot in the door of the noto­ri­ous­ly insu­lar world of secret intel­li­gence bud­get­ing.

Yep, not only was Fly­nn work­ing for NSO Group’s OSY Tech­nolo­gies and its own­ers at Fran­cis­co Part­ners, but NSO Group was also ini­ti­at­ing plans to get more US gov­ern­ment contracts…something that would pre­sum­ably be much like­li­er to hap­pen if Don­ald Trump won the White House and brought Fly­nn into the gov­ern­ment.

And note how NSO Group wasn’t the only cyber­se­cu­ri­ty firm Fly­nn was work­ing for:
“ . . . .When you’re try­ing to build up your busi­ness, you need some­one who has con­nec­tions, some­one who is seen as an author­i­ty and a legit­i­mate pres­ence,” John­son said. Hir­ing some­one with Flynn’s back­ground in intel­li­gence would “open up doors that they wouldn’t have had access to,” John­son said.

Through­out 2016, Fly­nn worked for a num­ber of cyber­se­cu­ri­ty firms per­son­al­ly and through his con­sult­ing firm, Fly­nn Intel Group. In addi­tion to his advi­so­ry board seat at OSY Tech­nolo­gies, he sat on the board of Adobe Sys­tems, a large soft­ware com­pa­ny with Pen­ta­gon con­tracts, and the boards of the cyber­se­cu­ri­ty com­pa­nies Green­Zone Sys­tems and HALO Pri­va­cy [11]. (Though Fly­nn described him­self as an Adobe advi­so­ry board mem­ber in his finan­cial dis­clo­sure paper­work, the group said in a state­ment that he pro­vid­ed only “peri­od­ic coun­sel to Adobe’s pub­lic sec­tor team.”) . . .”

In terms of assess­ing the sig­nif­i­cance of these busi­ness rela­tion­ships, on the one hand, cyber­se­cu­ri­ty is one of the areas where one should expect the for­mer head of the US Defense Intel­li­gence Agency to go into after leav­ing gov­ern­ment. On the oth­er hand, we have just been told about the most hack-inten­sive US cam­paign in his­to­ry and all the hack­ing was done in favor of Don­ald Trump. It is dif­fi­cult to shake the notion that one or more of these firms may have been involved in one of the high-pro­file hacks.

Due to the rel­a­tive lack of sophis­ti­ca­tion required to car­ry­ing out a spear-phish­ing – the method behind both the DNC serv­er hack and Podesta’s emails [38] and, alleged­ly [39], the attempts to hack 39 state elec­tion sys­tems a week before the elec­tion [19] – it real­ly is the case that almost any­one could have pulled these hacks off if they had ade­quate hack­ing skills and want­ed to hide their tracks and make it look like ‘the Rus­sians’ did it. And the NSO Group’s soft­ware spe­cial­izes in cre­ate spear-phish­ing cam­paigns designed to trick peo­ple into click­ing on the bad links using a vari­ety of dif­fer­ent tricks and insert spy­ing mal­ware in the vic­tims’ sys­tems [40]:

“Michael Fly­nn Worked With For­eign Cyber­weapons Group That Sold Spy­ware Used Against Polit­i­cal Dis­si­dents” by Paul Blu­men­thal, Jes­si­ca Schul­berg; The Huff­in­g­ton Post; 06/19/2017 [9]

While serv­ing as a top cam­paign aide to Don­ald Trump, for­mer nation­al secu­ri­ty advis­er Michael Fly­nn made tens of thou­sands of dol­lars on the side advis­ing a com­pa­ny that sold sur­veil­lance tech­nol­o­gy that repres­sive gov­ern­ments used to mon­i­tor activists and jour­nal­ists.

Fly­nn, who resigned [41] in Feb­ru­ary after mis­char­ac­ter­iz­ing his con­ver­sa­tions with the Russ­ian ambas­sador to the U.S., has already come under scruti­ny for tak­ing mon­ey from for­eign out­fits. Fed­er­al inves­ti­ga­tors began prob­ing Flynn’s lob­by­ing efforts [42]on behalf of a Dutch com­pa­ny led by a busi­ness­man with ties to the Turk­ish gov­ern­ment ear­li­er this year. Flynn’s moon­light­ing wasn’t typ­i­cal: Most peo­ple at the top lev­el of major pres­i­den­tial cam­paigns do not simul­ta­ne­ous­ly lob­by for any enti­ty, espe­cial­ly not for­eign gov­ern­ments. It’s also unusu­al for for­mer U.S. intel­li­gence offi­cials to work with for­eign cyber­se­cu­ri­ty out­fits.

Nor was Flynn’s work with for­eign enti­ties while he was advis­ing Trump lim­it­ed to his Ankara deal. He earned near­ly $1.5 mil­lion last year as a con­sul­tant, advis­er, board mem­ber, or speak­er for more than three dozen com­pa­nies and indi­vid­u­als, accord­ing to finan­cial dis­clo­sure forms released ear­li­er [43] this year [44].

Two of those enti­ties are direct­ly linked to NSO Group, a secre­tive Israeli cyber­weapons deal­er found­ed by Omri Lavie and Shalev Hulio, who are rumored [45]to have served in Unit 8200, the Israeli equiv­a­lent of the Nation­al Secu­ri­ty Agency.

Fly­nn received $40,280 last year as an advi­so­ry board mem­ber for OSY Tech­nolo­gies, an NSO Group off­shoot based in Lux­em­bourg, a favorite tax haven for major cor­po­ra­tions. OSY Tech­nolo­gies is part of a cor­po­rate struc­ture that runs from Israel, where NSO Group is locat­ed, through Lux­em­bourg, the Cay­man Islands, the British Vir­gin Islands, and the U.S.

Fly­nn also worked as a con­sul­tant last year for Fran­cis­co Part­ners, a U.S.-based pri­vate equi­ty firm that owns NSO Group, but he did not dis­close how much he was paid. At least two Fran­cis­co Part­ners exec­u­tives have sat on OSY’s board.

Flynn’s finan­cial dis­clo­sure forms do not spec­i­fy the work he did for com­pa­nies linked to NSO Group, and his lawyer did not respond to requests for com­ment. For­mer col­leagues at Flynn’s con­sult­ing firm declined to dis­cuss Flynn’s work with NSO Group. Exec­u­tives at Fran­cis­co Part­ners who also sit on the OSY Tech­nolo­gies board did not respond to emails. Lavie, the NSO Group co-founder, told Huff­Post he is “not inter­est­ed in speak­ing to the press” and referred ques­tions to a spokesman, who did not respond to queries.

Many gov­ern­ment and mil­i­tary offi­cials have moved through the revolv­ing door between gov­ern­ment agen­cies and pri­vate cyber­se­cu­ri­ty com­pa­nies. The major play­ers in the cyber­se­cu­ri­ty con­tract­ing world – SAIC, Booz Allen Hamil­ton, CACI Fed­er­al and KeyW Cor­po­ra­tion – all have for­mer top gov­ern­ment offi­cials in lead­er­ship roles or on their boards, or have for­mer top exec­u­tives work­ing in gov­ern­ment.

But it’s less com­mon for for­mer U.S. intel­li­gence offi­cials to work with for­eign cyber­se­cu­ri­ty out­fits. “There is a lot of oppor­tu­ni­ty in the U.S. to do this kind of work,” said Ben John­son, a for­mer NSA employ­ee and the co-founder of Obsid­i­an Secu­ri­ty. “It’s a lit­tle bit unex­pect­ed going over­seas, espe­cial­ly when you com­bine that with the fact that they’re doing things that might end up in hands of ene­mies of the U.S. gov­ern­ment. It does seem ques­tion­able.”

What is clear is that dur­ing the time Fly­nn was work­ing for NSO’s Lux­em­bourg affil­i­ate, one of the company’s main prod­ucts — a spy soft­ware sold exclu­sive­ly to gov­ern­ments and mar­ket­ed as a tool for law enforce­ment offi­cials to mon­i­tor sus­pect­ed crim­i­nals and ter­ror­ists — was being used to sur­veil polit­i­cal dis­si­dents, reporters, activists, and gov­ern­ment offi­cials. The soft­ware, called Pega­sus, allowed users to remote­ly break into a target’s cel­lu­lar phone if the tar­get respond­ed to a text mes­sage.

Last year, sev­er­al peo­ple tar­get­ed by the spy­ware con­tact­ed Cit­i­zen Lab, a cyber­se­cu­ri­ty research team based out of the Uni­ver­si­ty of Toron­to. With the help of experts at the com­put­er secu­ri­ty firm Look­out, Cit­i­zen Lab researchers were able to trace the spy­ware hid­den in the texts [46] back to NSO Group spy­ware. After Cit­i­zen Lab pub­li­cized its find­ings, Apple intro­duced patch­es to fix the vul­ner­a­bil­i­ty. It is not known how many activists in oth­er coun­tries were tar­get­ed and failed to report it to experts.

NSO Group told [47]Forbes in a state­ment last year that it com­plies with strict export con­trol laws and only sells to autho­rized gov­ern­ment agen­cies. “The com­pa­ny does NOT oper­ate any of its sys­tems; it is strict­ly a tech­nol­o­gy com­pa­ny,” NSO Group told Forbes.

But once a sale is com­plete, for­eign gov­ern­ments are free to do what they like with the tech­nol­o­gy.

“The gov­ern­ment buys [the tech­nol­o­gy] and can use it how­ev­er they want,” Bill Mar­czak, one of the Cit­i­zen Lab researchers, told Huff­Post. “They’re basi­cal­ly dig­i­tal arms mer­chants.”

The month before Fly­nn joined the advi­so­ry board of OSY Tech­nolo­gies, NSO Group opened up a new arm called West­Bridge Tech­nolo­gies, Inc. [10], in the D.C. region. (The com­pa­ny was orig­i­nal­ly reg­is­tered in Delaware in 2014, but formed in Mary­land in April 2016.) Led by NSO Group co-founder Lavie, West­Bridge is vying for fed­er­al gov­ern­ment con­tracts for NSO Group’s prod­ucts. Hir­ing Fly­nn would pro­vide NSO Group with a well-con­nect­ed fig­ure in Wash­ing­ton, to help get its foot in the door of the noto­ri­ous­ly insu­lar world of secret intel­li­gence bud­get­ing.

“When you’re try­ing to build up your busi­ness, you need some­one who has con­nec­tions, some­one who is seen as an author­i­ty and a legit­i­mate pres­ence,” John­son said. Hir­ing some­one with Flynn’s back­ground in intel­li­gence would “open up doors that they wouldn’t have had access to,” John­son said.

Through­out 2016, Fly­nn worked for a num­ber of cyber­se­cu­ri­ty firms per­son­al­ly and through his con­sult­ing firm, Fly­nn Intel GroupIn addi­tion to his advi­so­ry board seat at OSY Tech­nolo­gies, he sat on the board of Adobe Sys­tems, a large soft­ware com­pa­ny with Pen­ta­gon con­tracts, and the boards of the cyber­se­cu­ri­ty com­pa­nies Green­Zone Sys­tems and HALO Pri­va­cy [11]. (Though Fly­nn described him­self as an Adobe advi­so­ry board mem­ber in his finan­cial dis­clo­sure paper­work, the group said in a state­ment that he pro­vid­ed only “peri­od­ic coun­sel to Adobe’s pub­lic sec­tor team.”)

Promi­nent human rights activists and polit­i­cal dis­si­dents have report­ed being tar­get­ed by NSO’s tech­nol­o­gy. On August 10, 2016, Ahmed Man­soor, an inter­na­tion­al­ly rec­og­nized Emi­rati human rights activist, received a text mes­sage prompt­ing him to click a link to read “new secrets” about detainees abused in UAE pris­ons. He got a sim­i­lar text the next day. But Man­soor, who had already been repeat­ed­ly tar­get­ed by hack­ers, knew bet­ter than to click the links. Instead, he for­ward­ed the mes­sages to Cit­i­zen Lab.

Cit­i­zen Lab soon deter­mined that NSO Group’s mal­ware exploit­ed an undis­closed mobile phone vul­ner­a­bil­i­ty, known as a zero-day exploit, that enabled its cus­tomers – that is, for­eign gov­ern­ments – to sur­veil a target’s phone after the tar­get clicked the link includ­ed in the phish­ing text mes­sage. If Man­soor had clicked that link, his “phone would have become a dig­i­tal spy in his pock­et, capa­ble of employ­ing his phone cam­era and micro­phone to snoop on activ­i­ty in the vicin­i­ty of the device, record­ing his What­sApp and Viber calls, log­ging mes­sages sent in mobile chat apps, and track­ing his move­ments,” Cit­i­zen Lab wrote [46] in a report.

Across the globe in Mex­i­co, where Coca-Cola and Pep­si­Co were work­ing to repeal a tax on sodas imposed in 2014, two activists and a gov­ern­ment-employed sci­en­tist, all of whom sup­port­ed the soda tax, received a series of sus­pi­cious text mes­sages [48]. The texts, which became increas­ing­ly aggres­sive and threat­en­ing, came as the sci­en­tist and the activists were prepar­ing a pub­lic rela­tions cam­paign in sup­port of rais­ing the soda tax and pro­mot­ing aware­ness of the health risks linked to sug­ary bev­er­ages.

Dr. Simón Bar­quera, researcher at Mexico’s Nation­al Insti­tute for Pub­lic Health, received a text on July 11, 2016, invit­ing him to click a link the sender said would lead him to a detailed inves­ti­ga­tion of his clin­ic. When Bar­quera didn’t fol­low through, the texts esca­lat­ed. On the 12th, he got a text with a link to a pur­port­ed court doc­u­ment, which the sender claimed men­tioned Bar­quera by name. On the 13th, yet anoth­er text includ­ed a link that sup­pos­ed­ly con­tained infor­ma­tion about a funer­al. The day after that, the sender wrote, “You are an ass­hole Simon, while you are work­ing I’m fuc king your old lady here is a pho­to.” The final text Bar­quera received in August said that his daugh­ter was in “grave con­di­tion” after an acci­dent, and includ­ed a link that would sup­pos­ed­ly tell him where she was being treat­ed.

Ale­jan­dro Calvil­lo, direc­tor of the con­sumer rights non­prof­it El Poder del Con­sum­i­dor, received a text with a link claim­ing to be from a man who want­ed to know if Calvil­lo could attend the man’s father’s funer­al. Anoth­er text sent to Calvil­lo includ­ed a link that the sender said was a viral news sto­ry that men­tioned him. The final tar­get, Luis Encar­nación, a coor­di­na­tor for the obe­si­ty pre­ven­tion group Coa­li­cion Con­traPE­SO, also received a text with a link claim­ing that he was named in a news arti­cle.

The tar­gets quick­ly got in touch with Cit­i­zen Lab and for­ward­ed their text mes­sages to the researchers. In Feb­ru­ary 2017, Cit­i­zen Lab released a new report [46] link­ing NSO Group’s tech­nol­o­gy to the phish­ing attempts tar­get­ing the pro-soda tax cam­paign­ers.

Cit­i­zen Lab researchers have also iden­ti­fied texts sent last sum­mer to Mex­i­can jour­nal­ist Rafael Cabr­era that they believe were an attempt to infect his phone with NSO Group’s Pega­sus spy­ware. Cabr­era, who now works for Buz­zFeed Mex­i­co, was tar­get­ed by hack­ers after he broke a sto­ry [49] reveal­ing a poten­tial con­flict of inter­est with the Mex­i­can first fam­i­ly and a Chi­nese com­pa­ny.

Cit­i­zen Lab believes NSO Group may have also sold its mobile phone spy­ing tech­nol­o­gy to many gov­ern­ments, includ­ing those of Kenya, Mozam­bique, Yemen, Qatar, Turkey, Sau­di Ara­bia, Uzbek­istan, Thai­land, Moroc­co, Hun­gary, Nige­ria and Bahrain.

Work­ing with repres­sive regimes is stan­dard prac­tice in the cyber­weapons indus­try. The Ital­ian sur­veil­lance mal­ware firm Hack­ing Team has worked with dozens of coun­tries known to jail dis­si­dents, accord­ing to emails uploaded to Wik­iLeaks [50]. The FBI and the Drug Enforce­ment Agency [51]were among the company’s cus­tomers, accord­ing to the doc­u­ments.

Despite recent scruti­ny over Mansoor’s case, NSO Group’s val­ue has explod­ed in recent years. Fran­cis­co Part­ners bought the cyber­weapons deal­er in 2014 for $120 mil­lion. It is now report­ed­ly [52] val­ued at over $1 bil­lion. . . .

4b. Due to the rel­a­tive lack of sophis­ti­ca­tion required to car­ry­ing out a spear-phish­ing – the method behind both the DNC serv­er hack and Podesta’s emails [38] and, alleged­ly [39], the attempts to hack 39 state elec­tion sys­tems a week before the elec­tion [19] – almost any­one could have pulled these hacks off if they had ade­quate hack­ing skills, hid­ing their tracks and mak­ing appear as though “the Rus­sians” did it. The NSO Group’s soft­ware spe­cial­izes in cre­ate spear-phish­ing cam­paigns designed to trick peo­ple into click­ing on the bad links using a vari­ety of dif­fer­ent tricks and insert spy­ing mal­ware in the vic­tims’ sys­tems. [40] Their spear-phish­ing method­ol­o­gy is sophis­ti­cat­ed.

“. . . . Increas­ing­ly, gov­ern­ments have found that the only way to mon­i­tor mobile phones is by using pri­vate busi­ness­es like the NSO Group that exploit lit­tle-known vul­ner­a­bil­i­ties in smart­phone soft­ware. The com­pa­ny has, at times, oper­at­ed its busi­ness­es under dif­fer­ent names. One of them, OSY Tech­nolo­gies, paid Michael T. Fly­nn, Pres­i­dent Trump’s for­mer nation­al secu­ri­ty advis­er, more than $40,000 [53]to be an advi­so­ry board mem­ber from May 2016 until Jan­u­ary, accord­ing to his pub­lic finan­cial dis­clo­sures. . . .”

Note how even when a phone is known to be hacked by some­one using the NSO Group mal­ware after a suc­cess­ful spear-phish­ing attempt, there’s still no way to know which NSO Group client did it. Even NSO Group claims it can’t deter­mine who did it:

“. . . .The Mex­i­can government’s deploy­ment of spy­ware has come under sus­pi­cion before, includ­ing hack­ing attempts on polit­i­cal oppo­nents and activists fight­ing cor­po­rate inter­ests in Mex­i­co [54].

Still, there is no iron­clad proof that the Mex­i­can gov­ern­ment is respon­si­ble. The Pega­sus soft­ware does not leave behind the hacker’s indi­vid­ual fin­ger­prints. Even the soft­ware mak­er, the NSO Group, says it can­not deter­mine who, exact­ly, is behind spe­cif­ic hack­ing attempts.

But cyber­ex­perts can ver­i­fy when the soft­ware has been used on a target’s phone, leav­ing them with few doubts that the Mex­i­can gov­ern­ment, or some rogue actor with­in it, was involved.

‘This is pret­ty much as good as it gets,’ said Bill Mar­czak, anoth­er senior researcher at Cit­i­zen Lab, who con­firmed the pres­ence of NSO code on sev­er­al phones belong­ing to Mex­i­can jour­nal­ists and activists.

More­over, it is extreme­ly unlike­ly that cyber­crim­i­nals some­how got their hands on the soft­ware, the NSO Group says, because the tech­nol­o­gy can be used only by the gov­ern­ment agency where it is installed. . . .”

Yet for the DNC/Podesta hacks, which were also spear-phish­ing cam­paigns but against tar­gets with a wide vari­ety of poten­tial ene­mies across the globe, the pri­ma­ry evi­dence we’re giv­en that the Russ­ian gov­ern­ment was real­ly behind the hacks was the amaz­ing­ly slop­py hack­er ‘mis­takes’ like Cyril­lic char­ac­ters in the hacked doc­u­ment meta-data [21] and leav­ing the Bit­ly accounts they were using to cre­ate the links used in the spear-phish­ing emails pub­lic so Cyber-secu­ri­ty researchers could watch their entire hack­ing cam­paign list of tar­gets [55]. In oth­er words, ‘evi­dence’ that could have eas­i­ly be left to be found.

All of this adds to the mys­tery of Michael Fly­nn and the poten­tial role he played in the Trump cam­paign: The for­mer head of the US military’s spy agency worked for a com­pa­ny that makes advanced soft­ware designed to first con­duct a suc­cess­ful spear-phish­ing cam­paign and then gives the vic­tim NSO Group’s spe­cial spy­ing mal­ware, the same kind of cam­paign that attacked the DNC, John Podes­ta, and the 39 state elec­tion sys­tems.

Yet almost no one seems to raise the ques­tion as to whether or not Fly­nn and his deep ties to the hack­ing world could have had any­thing to do with those high-pro­file hacks. Only con­sid­er­a­tion of Russ­ian hack­ers is allowed. It’s a pret­ty mys­te­ri­ous mys­tery, although per­haps not as mys­te­ri­ous as the inves­ti­ga­tion.

“Using Texts as Lures, Gov­ern­ment Spy­ware Tar­gets Mex­i­can Jour­nal­ists and Their Fam­i­lies” by Azam Ahmed and Nicole Perl­roth; The New York Times; 06/19/2017 [40]

 Mexico’s most promi­nent human rights lawyers, jour­nal­ists and anti-cor­rup­tion activists have been tar­get­ed by advanced spy­ware sold to the Mex­i­can gov­ern­ment on the con­di­tion that it be used only to inves­ti­gate crim­i­nals and ter­ror­ists.

The tar­gets include lawyers look­ing into the mass dis­ap­pear­ance of 43 stu­dents [56], a high­ly respect­ed aca­d­e­m­ic who helped write anti-cor­rup­tion leg­is­la­tion, two of Mexico’s most influ­en­tial jour­nal­ists and an Amer­i­can rep­re­sent­ing vic­tims of sex­u­al abuse by the police. The spy­ing even swept up fam­i­ly mem­bers, includ­ing a teenage boy.

Since 2011, at least three Mex­i­can fed­er­al agen­cies have pur­chased about $80 mil­lion worth of spy­ware cre­at­ed by an Israeli cyber­arms man­u­fac­tur­er. The soft­ware, known as Pega­sus, infil­trates smart­phones to mon­i­tor every detail of a person’s cel­lu­lar life — calls, texts, email, con­tacts and cal­en­dars. It can even use the micro­phone and cam­era on phones for sur­veil­lance, turn­ing a target’s smart­phone into a per­son­al bug.

The com­pa­ny that makes the soft­ware, the NSO Group, says it sells the tool exclu­sive­ly to gov­ern­ments, with an explic­it agree­ment that it be used only to bat­tle ter­ror­ists or the drug car­tels and crim­i­nal groups that have long kid­napped and killed Mex­i­cans.

But accord­ing to dozens of mes­sages exam­ined by The New York Times and inde­pen­dent foren­sic ana­lysts, the soft­ware has been used against some of the government’s most out­spo­ken crit­ics and their fam­i­lies, in what many view as an unprece­dent­ed effort to thwart the fight against the cor­rup­tion infect­ing every limb of Mex­i­can soci­ety.

“We are the new ene­mies of the state,” said Juan E. Par­di­nas, the gen­er­al direc­tor of the Mex­i­can Insti­tute for Com­pet­i­tive­ness [57], who has pushed anti-cor­rup­tion leg­is­la­tion. His iPhone, along with his wife’s, was tar­get­ed by the soft­ware, accord­ing to an inde­pen­dent analy­sis. “Ours is a soci­ety where democ­ra­cy has been erod­ed,” he said.

The deploy­ment of sophis­ti­cat­ed cyber­weapon­ry against cit­i­zens is a snap­shot of the strug­gle for Mex­i­co [58] itself, rais­ing pro­found legal and eth­i­cal ques­tions for a gov­ern­ment already fac­ing severe crit­i­cism [59]for its human rights record. Under Mex­i­can law, only a fed­er­al judge can autho­rize the sur­veil­lance of pri­vate com­mu­ni­ca­tions, and only when offi­cials can demon­strate a sound basis for the request.

It is high­ly unlike­ly that the gov­ern­ment received judi­cial approval to hack the phones, accord­ing to sev­er­al for­mer Mex­i­can intel­li­gence offi­cials. Instead, they said, ille­gal sur­veil­lance is stan­dard prac­tice.

“Mex­i­can secu­ri­ty agen­cies wouldn’t ask for a court order, because they know they wouldn’t get one,” said Eduar­do Guer­rero, a for­mer ana­lyst at the Cen­ter for Inves­ti­ga­tion and Nation­al Secu­ri­ty, Mexico’s intel­li­gence agency and one of the gov­ern­ment agen­cies that use the Pega­sus spy­ware. “I mean, how could a judge autho­rize sur­veil­lance of some­one ded­i­cat­ed to the pro­tec­tion of human rights?”

“There, of course, is no basis for that inter­ven­tion, but that is besides the point,” he added. “No one in Mex­i­co ever asks for per­mis­sion to do so.”

The hack­ing attempts were high­ly per­son­al­ized, strik­ing crit­ics with mes­sages designed to inspire fear — and get them to click on a link that would pro­vide unfet­tered access to their cell­phones.

Car­men Aris­tegui, one of Mexico’s most famous jour­nal­ists, was tar­get­ed by a spy­ware oper­a­tor pos­ing as the Unit­ed States Embassy in Mex­i­co, instruct­ing her to click on a link to resolve an issue with her visa. The wife of Mr. Par­di­nas, the anti-cor­rup­tion activist, was tar­get­ed with a mes­sage claim­ing to offer proof that he was hav­ing an extra­mar­i­tal affair.

For oth­ers, immi­nent dan­ger was the entry point, like a mes­sage warn­ing that a truck filled with armed men was parked out­side Mr. Pardinas’s home.

“I think that any com­pa­ny that sells a prod­uct like this to a gov­ern­ment would be hor­ri­fied by the tar­gets, of course, which don’t seem to fall into the tra­di­tion­al role of crim­i­nal­i­ty,” said John Scott-Rail­ton, a senior researcher at Cit­i­zen Lab at the Munk School of Glob­al Affairs at the Uni­ver­si­ty of Toron­to, which exam­ined [60] the hack­ing attempts.

The Mex­i­can gov­ern­ment acknowl­edges gath­er­ing intel­li­gence against legit­i­mate sus­pects in accor­dance with the law. “As in any demo­c­ra­t­ic gov­ern­ment, to com­bat crime and threats against nation­al secu­ri­ty the Mex­i­can gov­ern­ment car­ries out intel­li­gence oper­a­tions,” it said in a state­ment.

But the gov­ern­ment “cat­e­gor­i­cal­ly denies that any of its mem­bers engages in sur­veil­lance or com­mu­ni­ca­tions oper­a­tions against defend­ers of human rights, jour­nal­ists, anti-cor­rup­tion activists or any oth­er per­son with­out pri­or judi­cial autho­riza­tion.”

The Mex­i­can government’s deploy­ment of spy­ware has come under sus­pi­cion before, includ­ing hack­ing attempts on polit­i­cal oppo­nents and activists fight­ing cor­po­rate inter­ests in Mex­i­co [54].

Still, there is no iron­clad proof that the Mex­i­can gov­ern­ment is respon­si­ble. The Pega­sus soft­ware does not leave behind the hacker’s indi­vid­ual fin­ger­prints. Even the soft­ware mak­er, the NSO Group, says it can­not deter­mine who, exact­ly, is behind spe­cif­ic hack­ing attempts.

But cyber­ex­perts can ver­i­fy when the soft­ware has been used on a target’s phone, leav­ing them with few doubts that the Mex­i­can gov­ern­ment, or some rogue actor with­in it, was involved.

“This is pret­ty much as good as it gets,” said Bill Mar­czak, anoth­er senior researcher at Cit­i­zen Lab, who con­firmed the pres­ence of NSO code on sev­er­al phones belong­ing to Mex­i­can jour­nal­ists and activists.

More­over, it is extreme­ly unlike­ly that cyber­crim­i­nals some­how got their hands on the soft­ware, the NSO Group says, because the tech­nol­o­gy can be used only by the gov­ern­ment agency where it is installed.

The com­pa­ny is part of a grow­ing num­ber of dig­i­tal spy­ing busi­ness­es that oper­ate in a loose­ly reg­u­lat­ed space. The mar­ket has picked up in recent years, par­tic­u­lar­ly as com­pa­nies like Apple and Face­book start encrypt­ing their cus­tomers’ com­mu­ni­ca­tions, mak­ing it hard­er for gov­ern­ment agen­cies to con­duct sur­veil­lance.

Increas­ing­ly, gov­ern­ments have found that the only way to mon­i­tor mobile phones is by using pri­vate busi­ness­es like the NSO Group that exploit lit­tle-known vul­ner­a­bil­i­ties in smart­phone soft­ware. The com­pa­ny has, at times, oper­at­ed its busi­ness­es under dif­fer­ent names. One of them, OSY Tech­nolo­gies, paid Michael T. Fly­nn, Pres­i­dent Trump’s for­mer nation­al secu­ri­ty advis­er, more than $40,000 [53] to be an advi­so­ry board mem­ber from May 2016 until Jan­u­ary, accord­ing to his pub­lic finan­cial dis­clo­sures.

Before sell­ing to gov­ern­ments, the NSO Group says, it vets their human rights records. But once the com­pa­ny licens­es the soft­ware and installs its hard­ware inside intel­li­gence and law enforce­ment agen­cies, the com­pa­ny says, it has no way of know­ing how its spy tools are used — or whom they are used against.

The com­pa­ny sim­ply bills gov­ern­ments based on the total num­ber of sur­veil­lance tar­gets. To spy on 10 iPhone users, for exam­ple, the com­pa­ny charges $650,000 on top of a flat $500,000 instal­la­tion fee, accord­ing to NSO mar­ket­ing pro­pos­als reviewed by The New York Times [61].

Even when the NSO Group learns that its soft­ware has been abused, there is only so much it can do, the com­pa­ny says, argu­ing that it can­not sim­ply march into intel­li­gence agen­cies, remove its hard­ware and take back its spy­ware.

“When you’re sell­ing AK-47s, you can’t con­trol how they’ll be used once they leave the load­ing docks,” said Kevin Mahaf­fey, chief tech­nol­o­gy offi­cer at Look­out, a mobile secu­ri­ty com­pa­ny.

Rather, the NSO Group relies on its cus­tomers to coop­er­ate in a review, then turns over the find­ings to the appro­pri­ate gov­ern­men­tal author­i­ty — in effect, leav­ing gov­ern­ments to police them­selves.

Typ­i­cal­ly, the company’s only recourse is to slow­ly cut off a government’s access to the spy tools over the course of months, or even years, by ceas­ing to pro­vide new soft­ware patch­es, fea­tures and updates. But in the case of Mex­i­co, the NSO Group has not con­demned or even acknowl­edged any abuse, despite repeat­ed evi­dence that its spy tools have been deployed against ordi­nary cit­i­zens and their fam­i­lies.

5. GOP-affil­i­at­ed data ana­lyt­ics firm Deep Root has quite a data-pri­va­cy vio­la­tion. A cyber­se­cu­ri­ty researcher dis­cov­ered a Deep Root serv­er with pub­lic access to their pro­pri­etary data­base of the vot­ing habits/political views on over 198 mil­lion Amer­i­cans on June 12th. Deep Root claims this was all due to an acci­dent.

We won­der if there might be a link between the Deep Root data bas­ing and oth­er GOP cyber tac­tics and the alleged “Russ­ian hack­ing” of U.S. elec­tion sys­tems?

” . . . . To appeal to the three cru­cial cat­e­gories, it appears that Trump’s team relied on vot­er data pro­vid­ed by Data Trust. Com­plete vot­er rolls for 2008 and 2012, as well as par­tial 2016 vot­er rolls for Flori­da and Ohio, appar­ent­ly com­piled by Data Trust are con­tained in the dataset exposed by Deep Root.

Data Trust acquires vot­er rolls from state offi­cials and then stan­dard­izes the vot­er data to cre­ate a clean, man­age­able record of all reg­is­tered US vot­ers, a source famil­iar with the firm’s oper­a­tions told Giz­mo­do. Vot­er data itself is pub­lic record and there­fore not par­tic­u­lar­ly sen­si­tive, the source added, but the tools Data Trust uses to stan­dard­ize that data are con­sid­ered pro­pri­etary. That data is then pro­vid­ed to polit­i­cal clients, includ­ing ana­lyt­ics firms like Deep Root. While Data Trust requires its clients to pro­tect the data, it has to take clients at their word that indus­try-stan­dard encryp­tion and secu­ri­ty pro­to­cols are in place.

Tar­get­Point and Cause­way, the two firms employed by the RNC in addi­tion to Deep Root, appar­ent­ly lay­ered their own ana­lyt­ics atop the infor­ma­tion pro­vid­ed by Data Trust. Tar­get­Point con­duct­ed thou­sands of sur­veys per week in 22 states, accord­ing to AdAge, gaug­ing vot­er sen­ti­ment on a vari­ety of top­ics. While Cause­way helped man­age the data, Deep Root used it to per­fect its TV adver­tis­ing targets—producing vot­er turnout esti­mates by coun­ty and using that intel­li­gence to tar­get its ad buys. . . .”

“GOP Data Firm Acci­den­tal­ly Leaks Per­son­al Details of Near­ly 200 Mil­lion Amer­i­can Vot­ers” by Dell Cameron and Kate Con­ger, Giz­mo­do; 06/19/2017 [12]

Polit­i­cal data gath­ered on more than 198 mil­lion US cit­i­zens was exposed this month after a mar­ket­ing firm con­tract­ed by the Repub­li­can Nation­al Com­mit­tee stored inter­nal doc­u­ments on a pub­licly acces­si­ble Ama­zon serv­er.

The data leak con­tains a wealth of per­son­al infor­ma­tion on rough­ly 61 per­cent of the US pop­u­la­tion. Along with home address­es, birth­dates, and phone num­bers, the records include advanced sen­ti­ment analy­ses used by polit­i­cal groups to pre­dict where indi­vid­ual vot­ers fall on hot-but­ton issues such as gun own­er­ship, stem cell research, and the right to abor­tion, as well as sus­pect­ed reli­gious affil­i­a­tion and eth­nic­i­ty. The data was amassed from a vari­ety of sources—from the banned sub­red­dit r/fatpeoplehate [62] to Amer­i­can Cross­roads, the super PAC co-found­ed by for­mer White House strate­gist Karl Rove.

Deep Root Ana­lyt­ics, a con­ser­v­a­tive data firm that iden­ti­fies audi­ences for polit­i­cal ads, con­firmed own­er­ship of the data to Giz­mo­do on Fri­day.

UpGuard [63] cyber risk ana­lyst Chris Vick­ery dis­cov­ered Deep Root’s data [63] online last week. More than a ter­abyte was stored on the cloud serv­er with­out the pro­tec­tion of a pass­word and could be accessed by any­one who found the URL. Many of the files did not orig­i­nate at Deep Root, but are instead the aggre­gate of out­side data firms and Repub­li­can super PACs, shed­ding light onto the increas­ing­ly advanced data ecosys­tem that helped pro­pel Pres­i­dent Don­ald Trump’s slim mar­gins in key swing states.

Although files pos­sessed by Deep Root would be typ­i­cal in any cam­paign, Repub­li­can or Demo­c­ra­t­ic, experts say its expo­sure in a sin­gle open data­base rais­es sig­nif­i­cant pri­va­cy con­cerns. “This is valu­able for peo­ple who have nefar­i­ous pur­pos­es,” Joseph Loren­zo Hall, the chief tech­nol­o­gist at the Cen­ter for Democ­ra­cy and Tech­nol­o­gy, said of the data.

The RNC paid Deep Root $983,000 last year, accord­ing to Fed­er­al Elec­tion Com­mis­sion reports, but its serv­er con­tained records from a vari­ety of oth­er con­ser­v­a­tive sources paid mil­lions more, includ­ing The Data Trust [64] (also known as GOP Data Trust), the Repub­li­can party’s pri­ma­ry vot­er file provider. Data Trust received over $6.7 mil­lion from the RNC dur­ing the 2016 cycle, accord­ing to OpenSecrets.org [65], and its pres­i­dent, John­ny DeSte­fano [66], now serves as Trump’s direc­tor of pres­i­den­tial per­son­nel.

The Koch broth­ers’ polit­i­cal group Amer­i­cans for Pros­per­i­ty, which had a data-swap­ping agree­ment [67] with Data Trust dur­ing the 2016 elec­tion cycle, con­tributed heav­i­ly to the exposed files, as did the mar­ket research firm Tar­get­Point, whose co-founder pre­vi­ous­ly served as direc­tor of Mitt Romney’s strat­e­gy team. (The Koch broth­ers also sub­si­dized a data com­pa­ny known as i360, which began exchang­ing vot­er files [68] with Data Trust in 2014.) Fur­ther­more, the files pro­vid­ed by Rove’s Amer­i­can Cross­roads con­tain strate­gic vot­er data used to tar­get, among oth­ers, dis­af­fect­ed Democ­rats and unde­cid­eds in Neva­da, New Hamp­shire, Ohio, and oth­er key bat­tle­ground states.

Deep Root fur­ther obtained hun­dreds of files (at least) from The Kan­tar Group, a lead­ing media and mar­ket research com­pa­ny with offices in New York, Bei­jing, Moscow, and more than a hun­dred oth­er cities on six con­ti­nents. Each file offers rich details about polit­i­cal ads—estimated cost, audi­ence demo­graph­ics, reach, and more—by and about fig­ures and groups span­ning the polit­i­cal spec­trum. There are files on the Demo­c­ra­t­ic Sen­a­to­r­i­al Cam­paign Com­mit­tee, Planned Par­ent­hood, and the Amer­i­can Civ­il Lib­er­ties Union, as well as files on every 2016 pres­i­den­tial can­di­date, Repub­li­cans includ­ed.

What’s more, the Kan­tar files each con­tain video links to relat­ed polit­i­cal ads stored on Kantar’s servers.

Spread­sheets acquired from Tar­get­Point, which part­nered with Deep Root and GOP Data Trust dur­ing the 2016 elec­tion, include the home address­es, birth­dates, and par­ty affil­i­a­tions of near­ly 200 mil­lion reg­is­tered vot­ers in the 2008 and 2012 pres­i­den­tial elec­tions, as well as some 2016 vot­ers. TargetPoint’s data seeks to resolve ques­tions about where indi­vid­ual vot­ers stand on dozens of polit­i­cal issues. For exam­ple: Is the vot­er eco-friend­ly? Do they favor low­er­ing tax­es? Do they believe the Democ­rats should stand up to Trump? Do they agree with Trump’s “Amer­i­ca First” eco­nom­ic stance? Phar­ma­ceu­ti­cal com­pa­nies do great dam­age: Agree or Dis­agree?

The details of vot­ers’ like­ly pref­er­ences for issues like stem cell research and gun con­trol were like­ly drawn from a vari­ety of sources accord­ing to a Demo­c­ra­t­ic strate­gist who spoke with Giz­mo­do.

“Data like that would be a com­bi­na­tion of polling data, real world data from door-knock­ing and phone-call­ing and oth­er can­vass­ing activ­i­ties, cou­pled with mod­el­ing using the data we already have to extrap­o­late what the vot­ers we don’t know about would think,” the strate­gist said. “The cam­paigns that do it right com­bine all the avail­able data togeth­er to make the most robust mod­el for every sin­gle vot­er in the tar­get uni­verse.”

Deep Root’s data was exposed after the com­pa­ny updat­ed its secu­ri­ty set­tings on June 1, Lundry said. Deep Root has retained Stroz Fried­berg, a cyber­se­cu­ri­ty and dig­i­tal foren­sics firm, to inves­ti­gate. “Based on the infor­ma­tion we have gath­ered thus far, we do not believe that our sys­tems have been hacked,” Lundry added.

So far, Deep Root doesn’t believe its pro­pri­etary data was accessed by any mali­cious third par­ties dur­ing the 12 days that the data was exposed on the open web.

Deep Root’s serv­er was dis­cov­ered by UpGuard’s Vick­ery on the night of June 12 as he was search­ing for data pub­licly acces­si­ble on Amazon’s cloud ser­vice. He used the same process last month to detect sen­si­tive files tied to a US Defense Depart­ment project and exposed by an employ­ee of a top defense con­trac­tor [69].

This is not the first leak of vot­er files uncov­ered by Vick­ery, who told Giz­mo­do that he was alarmed over how the data was appar­ent­ly being used—some states, for instance, pro­hib­it the com­mer­cial use of vot­er records. More­over, it was not imme­di­ate­ly clear to whom the data belonged. “It was decid­ed that law enforce­ment should be con­tact­ed before attempt­ing any con­tact with the enti­ty respon­si­ble,” said Vick­ery, who report­ed that the serv­er was secured two days lat­er on June 14.

A web of data firms fun­nel research into cam­paigns

Deep Root’s data sheds light onto the increas­ing­ly sophis­ti­cat­ed data oper­a­tion that has fed recent Repub­li­can cam­paigns and lays bare the intri­cate net­work of polit­i­cal orga­ni­za­tions, PACs, and analy­sis firms that trade in bulk vot­er data. In an email to Giz­mo­do, Deep Root said that its vot­er mod­els are used to enhance the under­stand­ing of TV view­er­ship for polit­i­cal ad buy­ers. “The data accessed was not built for or used by any spe­cif­ic client,” Lundry said. “It is our pro­pri­etary analy­sis to help inform local tele­vi­sion ad buy­ing.”

How­ev­er, the pres­ence of data on the serv­er from sev­er­al polit­i­cal orga­ni­za­tions, includ­ing Tar­get­Point and Data Trust, sug­gests that it was used for Repub­li­can polit­i­cal cam­paigns. Deep Root also works pri­mar­i­ly with GOP cus­tomers (although sim­i­lar ven­dors, such as Nation­Builder, ser­vice the Democ­rats as well).

Deep Root is one of three data firms hired by the Repub­li­can Nation­al Com­mit­tee in the run-up to the 2016 pres­i­den­tial elec­tion. Found­ed by Lundry, a data sci­en­tist on the Jeb Bush and Mitt Rom­ney cam­paigns, the firm was one of three ana­lyt­ics teams that worked on the Trump cam­paign fol­low­ing the party’s nation­al con­ven­tion in the sum­mer of 2016.

Lundry’s work brought him into Trump’s cam­paign war room, accord­ing to a post-elec­tion AdAge arti­cle [70] that chart­ed the GOP’s 2016 data efforts. Deep Root was hand-picked by the RNC’s then-chief of staff, Katie Walsh, in Sep­tem­ber of last year and joined two oth­er data shops—TargetPoint Con­sult­ing and Cause­way Solutions—in the effort to win Trump the pres­i­den­cy.

To appeal to the three cru­cial cat­e­gories, it appears that Trump’s team relied on vot­er data pro­vid­ed by Data Trust. Com­plete vot­er rolls for 2008 and 2012, as well as par­tial 2016 vot­er rolls for Flori­da and Ohio, appar­ent­ly com­piled by Data Trust are con­tained in the dataset exposed by Deep Root.

Data Trust acquires vot­er rolls from state offi­cials and then stan­dard­izes the vot­er data to cre­ate a clean, man­age­able record of all reg­is­tered US vot­ers, a source famil­iar with the firm’s oper­a­tions told Giz­mo­do. Vot­er data itself is pub­lic record and there­fore not par­tic­u­lar­ly sen­si­tive, the source added, but the tools Data Trust uses to stan­dard­ize that data are con­sid­ered pro­pri­etary. That data is then pro­vid­ed to polit­i­cal clients, includ­ing ana­lyt­ics firms like Deep Root. While Data Trust requires its clients to pro­tect the data, it has to take clients at their word that indus­try-stan­dard encryp­tion and secu­ri­ty pro­to­cols are in place.

Tar­get­Point and Cause­way, the two firms employed by the RNC in addi­tion to Deep Root, appar­ent­ly lay­ered their own ana­lyt­ics atop the infor­ma­tion pro­vid­ed by Data Trust. Tar­get­Point con­duct­ed thou­sands of sur­veys per week in 22 states, accord­ing to AdAge, gaug­ing vot­er sen­ti­ment on a vari­ety of top­ics. While Cause­way helped man­age the data, Deep Root used it to per­fect its TV adver­tis­ing targets—producing vot­er turnout esti­mates by coun­ty and using that intel­li­gence to tar­get its ad buys.

A source with years of expe­ri­ence work­ing on polit­i­cal cam­paign data oper­a­tions told Giz­mo­do that the data exposed by Deep Root appeared to be cus­tomized for the RNC and had appar­ent­ly been used to cre­ate mod­els for turnout and vot­er pref­er­ences. Meta­da­ta in the files sug­gest­ed that the data­base wasn’t Deep Root’s work­ing copy, but rather a post-elec­tion ver­sion of its data, the source said, adding that it was some­what sur­pris­ing the files hadn’t been dis­card­ed.

Because the data from the 2008 and 2012 elec­tions is outdated—the source com­pared it to the kind of address and phone data one could find on a “lousy inter­net lookup site”—it’s not very valu­able. Even the 2016 data is quick­ly becom­ing stale. “This is a pro­pri­etary dataset based on a mix of pub­lic records, data from com­mer­cial providers, and a vari­ety of pre­dic­tive mod­els of uncer­tain prove­nance and qual­i­ty,” the source said, adding: “Undoubt­ed­ly it took mil­lions of dol­lars to pro­duce.”

Although basic vot­er infor­ma­tion is pub­lic record, Deep Root’s dataset con­tains a swirl of pro­pri­etary infor­ma­tion from the RNC’s data firms. Many of file­names indi­cate they poten­tial­ly con­tain mar­ket research on Demo­c­ra­t­ic can­di­dates and the inde­pen­dent expen­di­ture com­mit­tees that sup­port them. (Up to two ter­abytes of data con­tained on the serv­er was pro­tect­ed by per­mis­sion set­tings.)

One exposed fold­er is labeled “Exxon-Mobile” [sic] and con­tains spread­sheets appar­ent­ly used to pre­dict which vot­ers sup­port the oil and gas indus­try. Divid­ed by state, the files include the vot­ers’ names and address­es, along with a unique RNC iden­ti­fi­ca­tion num­ber assigned to every US cit­i­zen reg­is­tered to vote. Each row indi­cates where vot­ers like­ly fall on issues of inter­est to Exxon­Mo­bil, the country’s biggest nat­ur­al gas pro­duc­er.

The data eval­u­ates, for exam­ple, whether or not a spe­cif­ic vot­er believes drilling for fos­sil fuels is vital to US secu­ri­ty. It also pre­dicts if the vot­er thinks the US should be mov­ing away from fos­sil-fuel use. The Exxon­Mo­bil “nation­al score” doc­u­ment alone con­tains data on 182,746,897 Amer­i­cans spread across 19 fields.

Red­dit analy­sis

Some of the data includ­ed in Deep Root’s dataset veers into down­right bizarre ter­ri­to­ry. A fold­er titled sim­ply ‘red­dit’ hous­es 170 GBs of data appar­ent­ly scraped from sev­er­al sub­red­dits, includ­ing the con­tro­ver­sial r/fatpeoplehate that was home to a com­mu­ni­ty of peo­ple who post­ed pic­tures of peo­ple and mocked them for their weight before it was banned from Reddit’s plat­form in 2015 [71]. Oth­er sub­red­dits that appear to have been scraped by Deep Root or a part­ner orga­ni­za­tion focused on more benign top­ics, like moun­tain bik­ing and the Span­ish lan­guage.

The Red­dit data could’ve been used as train­ing data for an arti­fi­cial intel­li­gence algo­rithm focused on nat­ur­al lan­guage pro­cess­ing, or it might have been har­vest­ed as part of an effort to match up Red­dit users with their vot­er reg­is­tra­tion records. Dur­ing the 2012 elec­tion cycle, Barack Obama’s cam­paign data team relied on infor­ma­tion gleaned from Face­book pro­files [72] and matched pro­files to vot­er records [73].

Dur­ing the 2016 elec­tion sea­son, Red­dit played host to a legion of Trump sup­port­ers who gath­ered in sub­red­dits like r/The_Donald to comb through leaked Demo­c­ra­t­ic Nation­al Com­mit­tee emails and craft pro-Trump memes. Trump him­self par­tic­i­pat­ed in an “Ask Me Any­thing” ses­sion on r/The_Donald dur­ing his cam­paign.

Giv­en how active some Trump sup­port­ers are on Reddit—r/The_Donald cur­rent­ly boasts more than 430,000 members—it makes sense that Trump’s data team might be inter­est­ed in ana­lyz­ing data from the site.

FiveThir­tyEight analy­sis [74] that looked at where r/The_Donald mem­bers spend their time when they’re not talk­ing pol­i­tics might shed some light onto why Deep Root col­lect­ed r/fatpeoplehate data. FiveThir­tyEight found that, when Red­di­tors weren’t com­ment­ing in polit­i­cal sub­red­dits, they most often fre­quent­ed r/fatpeoplehate.

It’s pos­si­ble that Deep Root intend­ed to use data from r/fatpeoplehate to build a more com­pre­hen­sive pro­file of Trump vot­ers. (Lundry declined to com­ment beyond his ini­tial state­ment on any of infor­ma­tion includ­ed in the Deep Root dataset.)

How­ev­er, FiveThirtyEight’s inves­ti­ga­tion doesn’t account for Deep Root’s col­lec­tion of data from moun­tain-bik­ing and Span­ish-speak­ing sub­red­dits that weren’t as pop­u­lar with r/The_Donald members—and data from these sub­red­dits that are not so close­ly linked to Trump’s diehard sup­port­ers might be more use­ful for his campaign’s goal of pur­su­ing swing vot­ers.

“My guess is that they were scrap­ing Red­dit posts to match to the vot­er file as anoth­er input for indi­vid­ual mod­el­ing,” a source famil­iar with cam­paign data oper­a­tions told Giz­mo­do. “Giv­en the num­ber of ran­dom forums, my guess is they start­ed with a list of accounts to scrape from, rather than scrap­ing from all forums then try­ing to match from there (in which case you’d start with the polit­i­cal ones).”

Match­ing vot­er records with Red­dit user­names would be com­pli­cat­ed and any large-scale effort would like­ly result in many inac­cu­ra­cies, the source said. How­ev­er, cam­paigns have attempt­ed to match vot­er files with social media pro­files in the past. Such an effort by Deep Root wouldn’t be entire­ly sur­pris­ing, and would like­ly yield rich data on the small por­tion of users it was able to match with their vot­er pro­files, the source explained.

Data expos­es sen­si­tive vot­er info

The Deep Root inci­dent rep­re­sents the largest known leak of Amer­i­cans’ vot­er records, out­strip­ping past expo­sures by sev­er­al mil­lion records. Five vot­er-file leaks over the past 18 months exposed between 350,000 [75] and 191 mil­lion [76] files, some of which paired vot­er data—name, race, gen­der, birth­date, address, phone num­ber, par­ty affil­i­a­tion, etc.—with email accounts, social media pro­files, and records of gun own­er­ship [77].

Cam­paigns and the data analy­sis firms they employ are a par­tic­u­lar­ly weak point for data expo­sure, secu­ri­ty experts say. Cor­po­ra­tions that don’t prop­er­ly secure cus­tomer data can face sig­nif­i­cant finan­cial repercussions—just ask Tar­get [78] or Yahoo [79]. But because cam­paigns are short-term oper­a­tions, there’s not much incen­tive for them to take data secu­ri­ty seri­ous­ly, and valu­able data is often left out to rust after an elec­tion.

“Cam­paigns are very nar­row­ly focused. They are shoe­string oper­a­tions, even pres­i­den­tial cam­paigns. So they don’t think of this as an asset they need to pro­tect,” the Cen­ter for Democ­ra­cy and Technology’s Hall told Giz­mo­do.

Even though vot­er rolls are pub­lic record and are easy to access—Ohio, for instance, makes its vot­er rolls avail­able to down­load online—their expo­sure can still be harm­ful.

Vot­er reg­is­tra­tion records include ZIP codes, birth­dates, and oth­er per­son­al infor­ma­tion that have been cru­cial in research efforts to re-iden­ti­fy anony­mous med­ical data [80]. Latanya Sweeney, a pro­fes­sor of gov­ern­ment and tech­nol­o­gy at Har­vard Uni­ver­si­ty, famous­ly used vot­er data to re-iden­ti­fy Mass­a­chu­setts Gov­er­nor William Weld from infor­ma­tion in anony­mous hos­pi­tal dis­charge records.

Because of the per­son­al infor­ma­tion they con­tain, vot­er reg­is­tra­tion data­bas­es can also be use­ful in iden­ti­ty theft schemes.

Even though expo­sure of Deep Root’s data has the poten­tial to harm vot­ers, it’s exact­ly the kind of data that cam­paigns lust after and will spend mil­lions of dol­lars to obtain. Cam­paigns are moti­vat­ed to accu­mu­late as much deeply per­son­al infor­ma­tion about vot­ers as pos­si­ble, so they can spend their ad dol­lars in the right swing dis­tricts where they’re like­ly to sway the great­est num­ber of vot­ers. But vot­er data rapid­ly goes stale and cam­paigns close up shop quick­ly, so data is seen as dis­pos­able and often isn’t well-pro­tect­ed.

“I can think of no avenues for pun­ish­ing polit­i­cal data breach­es or oth­er­wise prop­er­ly align­ing the incen­tives. I wor­ry that if there’s no way to pun­ish cam­paigns for leak­ing this stuff, it’s going to con­tin­ue to hap­pen until some­thing bad hap­pens,” Hall said. The data left behind by cam­paigns can pose a lin­ger­ing secu­ri­ty issue, he added. “None of these moth­er­fuck­ers were ever Boy Scouts or Girl Scouts, they don’t pack out what they pack in.”

7. Where’s Cam­bridge Ana­lyt­i­ca? Did they get access to that data too? They were Trump’s pri­ma­ry Big Data secret weapon. So as this data redun­dant for them? If not and this data real­ly is of use to Cam­bridge Ana­lyt­i­ca, then if we’re try­ing to think of a like­ly intend­ed recip­i­ent for those terrabytes of data it’s hard to think of a like­li­er recip­i­ent than Cam­bridge Ana­lyt­i­ca. Espe­cial­ly after was announced back in Jan­u­ary that the RNC’s Big Data guru was head­ing over to Cam­bridge Ana­lyt­i­ca as part of a bid to turn the firm into the RNC’s Big Data firm of choice [18]:

“Trump’s Data Firm Snags RNC Tech Guru Dar­ren Bold­ing” by Issie Lapowsky; Wired; 01/16/17 [18]

British new­com­ers Cam­bridge Ana­lyt­i­ca earned seri­ous brag­ging rights—and more than a few ene­mies [81]—as the data firm that helped engi­neer Don­ald Trump’s vic­to­ry in its first US pres­i­den­tial elec­tion. Now it’s poach­ing the Repub­li­can Nation­al Committee’s chief tech­nol­o­gy offi­cer, Dar­ren Bold­ing, in a quest to become the ana­lyt­ics out­fit of record for the GOP.

Bold­ing, who in Novem­ber, 2015, became the RNC’s third CTO in as many years after build­ing his career as an engi­neer in Sil­i­con Val­ley, will assume the title of CTO at Cam­bridge, where he will build prod­ucts for com­mer­cial and polit­i­cal clients. “We want to be able to scale up what we’re already doing, since there’s been quite a lot of inter­est from the com­mer­cial and polit­i­cal space,” he says.

Cambridge’s pitch is that it divides audi­ences into “psy­cho­graph­ic groups” to tar­get them with the kinds of mes­sages that, like most ads, are based on demo­graph­ic fac­tors but also are most like­ly to appeal to their emo­tion­al and psy­cho­log­i­cal pro­files. The effec­tive­ness of, and method­ol­o­gy behind, these tac­tics remain the sub­ject of great debate among the Beltway’s tra­di­tion­al data minds, who express skep­ti­cism about Cambridge’s abil­i­ty to deliv­er on its promis­es. But Trump’s vic­to­ry in Novem­ber was a blow to the firm’s detrac­tors [82].

Though Cam­bridge is now pur­su­ing com­mer­cial clients through its new office in New York, it’s also expand­ing its DC oper­a­tion and hopes to secure gov­ern­ment and defense con­tracts under the Trump admin­is­tra­tion. Cam­bridge already has the req­ui­site ties. Not only did it work for the Trump cam­paign, but Steve Ban­non, Trump’s chief strate­gist, serves on the firm’s board.

Cam­bridge also is fund­ed by Robert Mer­cer, the bil­lion­aire donor who gave mil­lions to Trump Super PACs and whose daugh­ter Rebekah Mer­cer serves on the Trump tran­si­tion team. She report­ed­ly [83]is involved in shap­ing the non-prof­it orga­ni­za­tion that will serve as a fundrais­ing and mes­sag­ing vehi­cle for the Trump admin­is­tra­tion. That could give Cam­bridge an advan­tage in secur­ing its busi­ness. Cam­bridge Ana­lyt­i­ca declined to com­ment on these poten­tial deals, and the Trump tran­si­tion team has not yet respond­ed to WIRED’s request for com­ment.

Bolding’s depar­ture from the RNC comes as Repub­li­cans and Democ­rats alike grap­ple with the threat of cyber attacks in the wake of the breach, attrib­uted to Russ­ian hack­ers, of the Demo­c­ra­t­ic Nation­al Com­mit­tee dur­ing the 2016 elec­tion. Dur­ing his press con­fer­ence this week, pres­i­dent-elect Trump scold­ed the DNC for allow­ing such an attack and claimed that hack­ers were foiled in their attempt to pen­e­trate the Repub­li­can Nation­al Com­mit­tee. Bold­ing con­firms the RNC expe­ri­enced fre­quent attacks through­out the elec­tion cycle. “We were very vig­or­ous­ly attacked,” Bold­ing says. “I’ve done this for large com­mer­cial com­pa­nies that have had sig­nif­i­cant threats, but this was real­ly intense.”

While there may have been no breach­es of recent RNC data, in a hear­ing before the Sen­ate Select Com­mit­tee on Intel­li­gence Tues­day, FBI direc­tor James Comey said [84] that “infor­ma­tion was har­vest­ed” from old RNC email domains that are no longer in use, though none of that infor­ma­tion was released.

———-

“British new­com­ers Cam­bridge Ana­lyt­i­ca earned seri­ous brag­ging rights—and more than a few ene­mies [81]—as the data firm that helped engi­neer Don­ald Trump’s vic­to­ry in its first US pres­i­den­tial elec­tion. Now it’s poach­ing the Repub­li­can Nation­al Committee’s chief tech­nol­o­gy offi­cer, Dar­ren Bold­ing, in a quest to become the ana­lyt­ics out­fit of record for the GOP.

8. Sey­mour Hersh has a piece in Die Welt about the intel­li­gence that went into the Trump administration’s deci­sion to launch a cruise mis­sile strike against a Syr­i­an air­base fol­low­ing the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.

So what did the intel­li­gence com­mu­ni­ty know about the attack? Well, the Russ­ian and Syr­i­an air force had in fact informed the US in advance of that airstrike that they had intel­li­gence that top lev­el lead­ers of Ahrar al-Sham and Jab­hat al-Nus­ra were meet­ing in that build­ing and they informed of the US of the attack plan in advance of the attack and that it was on a “high-val­ue” tar­get. And the attack involved the unusu­al use of a guid­ed bomb and Syria’s top pilots. Fol­low­ing the attack, US intel­li­gence con­clud­ed that there was no sarin gas attack, Assad wouldn’t have been that polit­i­cal­ly sui­ci­dal, and the symp­toms of chem­i­cal poi­son­ing fol­low­ing the bomb­ing was like­ly due to a mix­ture of chlo­rine, fer­til­iz­ers, and oth­er chem­i­cals stored in the build­ing that was tar­get­ed by the Syr­i­an air­force cre­at­ed by sec­ondary explo­sions from the ini­tial bomb­ing.

Key por­tions of Her­sh’s sto­ry:

“. . . . The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

‘The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,’ a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. ‘It was an estab­lished meet­ing place,’ the senior advis­er said. ‘A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.’ The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. “It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,” the senior advis­er told me. “Every oper­a­tions offi­cer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.” The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin.

A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. . . .

” . . . . The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. ‘The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,’ the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. ‘The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.’ . . .”

“Trump‘s Red Line” by Sey­mour M. Hersh; Welt.de; 06/25/2017 [15]

On April 6, Unit­ed States Pres­i­dent Don­ald Trump autho­rized an ear­ly morn­ing Tom­a­hawk mis­sile strike on Shayrat Air Base in cen­tral Syr­ia in retal­i­a­tion for what he said was a dead­ly nerve agent attack car­ried out by the Syr­i­an gov­ern­ment two days ear­li­er in the rebel-held town of Khan Sheikhoun. Trump issued the order despite hav­ing been warned by the U.S. intel­li­gence com­mu­ni­ty that it had found no evi­dence that the Syr­i­ans had used a chem­i­cal weapon.

The avail­able intel­li­gence made clear that the Syr­i­ans had tar­get­ed a jihadist meet­ing site on April 4 using a Russ­ian-sup­plied guid­ed bomb equipped with con­ven­tion­al explo­sives. Details of the attack, includ­ing infor­ma­tion on its so-called high-val­ue tar­gets, had been pro­vid­ed by the Rus­sians days in advance to Amer­i­can and allied mil­i­tary offi­cials in Doha, whose mis­sion is to coor­di­nate all U.S., allied, Syr­i­an and Russ­ian Air Force oper­a­tions in the region.

Some Amer­i­can mil­i­tary and intel­li­gence offi­cials were espe­cial­ly dis­tressed by the president’s deter­mi­na­tion to ignore the evi­dence. “None of this makes any sense,” one offi­cer told col­leagues upon learn­ing of the deci­sion to bomb. “We KNOW that there was no chem­i­cal attack … the Rus­sians are furi­ous. Claim­ing we have the real intel and know the truth … I guess it didn’t mat­ter whether we elect­ed Clin­ton or Trump.“

With­in hours of the April 4 bomb­ing, the world’s media was sat­u­rat­ed with pho­tographs and videos from Khan Sheikhoun. Pic­tures of dead and dying vic­tims, alleged­ly suf­fer­ing from the symp­toms of nerve gas poi­son­ing, were uploaded to social media by local activists, includ­ing the White Hel­mets, a first respon­der group known for its close asso­ci­a­tion with the Syr­i­an oppo­si­tion.

The prove­nance of the pho­tos was not clear and no inter­na­tion­al observers have yet inspect­ed the site, but the imme­di­ate pop­u­lar assump­tion world­wide was that this was a delib­er­ate use of the nerve agent sarin, autho­rized by Pres­i­dent Bashar Assad of Syr­ia. Trump endorsed that assump­tion by issu­ing a state­ment with­in hours of the attack, describ­ing Assad’s “heinous actions” as being a con­se­quence of the Oba­ma administration’s “weak­ness and irres­o­lu­tion” in address­ing what he said was Syria’s past use of chem­i­cal weapons.

To the dis­may of many senior mem­bers of his nation­al secu­ri­ty team, Trump could not be swayed over the next 48 hours of intense brief­in­gs and deci­sion-mak­ing. In a series of inter­views, I learned of the total dis­con­nect between the pres­i­dent and many of his mil­i­tary advis­ers and intel­li­gence offi­cials, as well as offi­cers on the ground in the region who had an entire­ly dif­fer­ent under­stand­ing of the nature of Syria’s attack on Khan Sheikhoun. I was pro­vid­ed with evi­dence of that dis­con­nect, in the form of tran­scripts of real-time com­mu­ni­ca­tions, imme­di­ate­ly fol­low­ing the Syr­i­an attack on April 4. In an impor­tant pre-strike process known as decon­flic­tion, U.S. and Russ­ian offi­cers rou­tine­ly sup­ply one anoth­er with advance details of planned flight paths and tar­get coor­di­nates, to ensure that there is no risk of col­li­sion or acci­den­tal encounter (the Rus­sians speak on behalf of the Syr­i­an mil­i­tary). This infor­ma­tion is sup­plied dai­ly to the Amer­i­can AWACS sur­veil­lance planes that mon­i­tor the flights once air­borne. Deconfliction’s suc­cess and impor­tance can be mea­sured by the fact that there has yet to be one col­li­sion, or even a near miss, among the high-pow­ered super­son­ic Amer­i­can, Allied, Russ­ian and Syr­i­an fight­er bombers.

Russ­ian and Syr­i­an Air Force offi­cers gave details of the care­ful­ly planned flight path to and from Khan Shiekhoun on April 4 direct­ly, in Eng­lish, to the decon­flic­tion mon­i­tors aboard the AWACS plane, which was on patrol near the Turk­ish bor­der, 60 miles or more to the north.

The Syr­i­an tar­get at Khan Sheikhoun, as shared with the Amer­i­cans at Doha, was depict­ed as a two-sto­ry cin­der-block build­ing in the north­ern part of town. Russ­ian intel­li­gence, which is shared when nec­es­sary with Syr­ia and the U.S. as part of their joint fight against jihadist groups, had estab­lished that a high-lev­el meet­ing of jihadist lead­ers was to take place in the build­ing, includ­ing rep­re­sen­ta­tives of Ahrar al-Sham and the al-Qai­da-affil­i­at­ed group for­mer­ly known as Jab­hat al-Nus­ra. The two groups had recent­ly joined forces, and con­trolled the town and sur­round­ing area. Russ­ian intel­li­gence depict­ed the cin­der-block build­ing as a com­mand and con­trol cen­ter that housed a gro­cery and oth­er com­mer­cial premis­es on its ground floor with oth­er essen­tial shops near­by, includ­ing a fab­ric shop and an elec­tron­ics store.

“The rebels con­trol the pop­u­la­tion by con­trol­ling the dis­tri­b­u­tion of goods that peo­ple need to live – food, water, cook­ing oil, propane gas, fer­til­iz­ers for grow­ing their crops, and insec­ti­cides to pro­tect the crops,” a senior advis­er to the Amer­i­can intel­li­gence com­mu­ni­ty, who has served in senior posi­tions in the Defense Depart­ment and Cen­tral Intel­li­gence Agency, told me. The base­ment was used as stor­age for rock­ets, weapons and ammu­ni­tion, as well as prod­ucts that could be dis­trib­uted for free to the com­mu­ni­ty, among them med­i­cines and chlo­rine-based decon­t­a­m­i­nants for cleans­ing the bod­ies of the dead before bur­ial. The meet­ing place – a region­al head­quar­ters – was on the floor above. “It was an estab­lished meet­ing place,” the senior advis­er said. “A long-time facil­i­ty that would have had secu­ri­ty, weapons, com­mu­ni­ca­tions, files and a map cen­ter.” The Rus­sians were intent on con­firm­ing their intel­li­gence and deployed a drone for days above the site to mon­i­tor com­mu­ni­ca­tions and devel­op what is known in the intel­li­gence com­mu­ni­ty as a POL – a pat­tern of life. The goal was to take note of those going in and out of the build­ing, and to track weapons being moved back and forth, includ­ing rock­ets and ammu­ni­tion.

One rea­son for the Russ­ian mes­sage to Wash­ing­ton about the intend­ed tar­get was to ensure that any CIA asset or infor­mant who had man­aged to work his way into the jihadist lead­er­ship was fore­warned not to attend the meet­ing.I was told that the Rus­sians passed the warn­ing direct­ly to the CIA. “They were play­ing the game right,” the senior advis­er said. The Russ­ian guid­ance not­ed that the jihadist meet­ing was com­ing at a time of acute pres­sure for the insur­gents: Pre­sum­ably Jab­hat al-Nus­ra and Ahrar al-Sham were des­per­ate­ly seek­ing a path for­ward in the new polit­i­cal cli­mate. In the last few days of March, Trump and two of his key nation­al secu­ri­ty aides – Sec­re­tary of State Rex Tiller­son and UN Ambas­sador Nik­ki Haley – had made state­ments acknowl­edg­ing that, as the New York Times put it, the White House “has aban­doned the goal” of pres­sur­ing Assad “to leave pow­er, mark­ing a sharp depar­ture from the Mid­dle East pol­i­cy that guid­ed the Oba­ma admin­is­tra­tion for more than five years.” White House Press Sec­re­tary Sean Spicer told a press brief­ing on March 31 that “there is a polit­i­cal real­i­ty that we have to accept,” imply­ing that Assad was there to stay.

Russ­ian and Syr­i­an intel­li­gence offi­cials, who coor­di­nate oper­a­tions close­ly with the Amer­i­can com­mand posts, made it clear that the planned strike on Khan Sheikhoun was spe­cial because of the high-val­ue tar­get. “It was a red-hot change. The mis­sion was out of the ordi­nary – scrub the sked,” the senior advis­er told me. “Every oper­a­tions offi­cer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was some­thing going on. The Rus­sians gave the Syr­i­an Air Force a guid­ed bomb and that was a rar­i­ty. They’re skimpy with their guid­ed bombs and rarely share them with the Syr­i­an Air Force. And the Syr­i­ans assigned their best pilot to the mis­sion, with the best wing­man.” The advance intel­li­gence on the tar­get, as sup­plied by the Rus­sians, was giv­en the high­est pos­si­ble score inside the Amer­i­can com­mu­ni­ty.

The Exe­cute Order gov­ern­ing U.S. mil­i­tary oper­a­tions in the­ater, which was issued by the Chair­man of the Joint Chiefs of Staff, pro­vide instruc­tions that demar­cate the rela­tion­ship between the Amer­i­can and Russ­ian forces oper­at­ing in Syr­ia. “It’s like an ops order – ‘Here’s what you are autho­rized to do,’” the advis­er said. “We do not share oper­a­tional con­trol with the Rus­sians. We don’t do com­bined oper­a­tions with them, or activ­i­ties direct­ly in sup­port of one of their oper­a­tions. But coor­di­na­tion is per­mit­ted. We keep each oth­er apprised of what’s hap­pen­ing and with­in this pack­age is the mutu­al exchange of intel­li­gence. If we get a hot tip that could help the Rus­sians do their mis­sion, that’s coor­di­na­tion; and the Rus­sians do the same for us. When we get a hot tip about a com­mand and con­trol facil­i­ty,” the advis­er added, refer­ring to the tar­get in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chem­i­cal weapons strike,” the advis­er said. “That’s a fairy tale. If so, every­one involved in trans­fer­ring, load­ing and arm­ing the weapon – you’ve got to make it appear like a reg­u­lar 500-pound con­ven­tion­al bomb – would be wear­ing Haz­mat pro­tec­tive cloth­ing in case of a leak. There would be very lit­tle chance of sur­vival with­out such gear. Mil­i­tary grade sarin includes addi­tives designed to increase tox­i­c­i­ty and lethal­i­ty. Every batch that comes out is max­i­mized for death. That is why it is made. It is odor­less and invis­i­ble and death can come with­in a minute. No cloud. Why pro­duce a weapon that peo­ple can run away from?”

The tar­get was struck at 6:55 a.m. on April 4, just before mid­night in Wash­ing­ton. A Bomb Dam­age Assess­ment (BDA) by the U.S. mil­i­tary lat­er deter­mined that the heat and force of the 500-pound Syr­i­an bomb trig­gered a series of sec­ondary explo­sions that could have gen­er­at­ed a huge tox­ic cloud that began to spread over the town, formed by the release of the fer­til­iz­ers, dis­in­fec­tants and oth­er goods stored in the base­ment, its effect mag­ni­fied by the dense morn­ing air, which trapped the fumes close to the ground. Accord­ing to intel­li­gence esti­mates, the senior advis­er said, the strike itself killed up to four jihadist lead­ers, and an unknown num­ber of dri­vers and secu­ri­ty aides. There is no con­firmed count of the num­ber of civil­ians killed by the poi­so­nous gas­es that were released by the sec­ondary explo­sions, although oppo­si­tion activists report­ed that there were more than 80 dead, and out­lets such as CNN have put the fig­ure as high as 92. A team from Médecins Sans Fron­tières, treat­ing vic­tims from Khan Sheikhoun at a clin­ic 60 miles to the north, report­ed that “eight patients showed symp­toms – includ­ing con­strict­ed pupils, mus­cle spasms and invol­un­tary defe­ca­tion – which are con­sis­tent with expo­sure to a neu­ro­tox­ic agent such as sarin gas or sim­i­lar com­pounds.” MSF also vis­it­ed oth­er hos­pi­tals that had received vic­tims and found that patients there “smelled of bleach, sug­gest­ing that they had been exposed to chlo­rine.” In oth­er words, evi­dence sug­gest­ed that there was more than one chem­i­cal respon­si­ble for the symp­toms observed, which would not have been the case if the Syr­i­an Air Force – as oppo­si­tion activists insist­ed – had dropped a sarin bomb, which has no per­cus­sive or igni­tion pow­er to trig­ger sec­ondary explo­sions. The range of symp­toms is, how­ev­er, con­sis­tent with the release of a mix­ture of chem­i­cals, includ­ing chlo­rine and the organophos­phates used in many fer­til­iz­ers, which can cause neu­ro­tox­ic effects sim­i­lar to those of sarin.

The inter­net swung into action with­in hours, and grue­some pho­tographs of the vic­tims flood­ed tele­vi­sion net­works and YouTube. U.S. intel­li­gence was tasked with estab­lish­ing what had hap­pened. Among the pieces of infor­ma­tion received was an inter­cept of Syr­i­an com­mu­ni­ca­tions col­lect­ed before the attack by an allied nation. The inter­cept, which had a par­tic­u­lar­ly strong effect on some of Trump’s aides, did not men­tion nerve gas or sarin, but it did quote a Syr­i­an gen­er­al dis­cussing a “spe­cial” weapon and the need for a high­ly skilled pilot to man the attack plane. The ref­er­ence, as those in the Amer­i­can intel­li­gence com­mu­ni­ty under­stood, and many of the inex­pe­ri­enced aides and fam­i­ly mem­bers close to Trump may not have, was to a Russ­ian-sup­plied bomb with its built-in guid­ance sys­tem. “If you’ve already decid­ed it was a gas attack, you will then inevitably read the talk about a spe­cial weapon as involv­ing a sarin bomb,” the advis­er said. “Did the Syr­i­ans plan the attack on Khan Sheikhoun? Absolute­ly. Do we have inter­cepts to prove it? Absolute­ly. Did they plan to use sarin? No. But the pres­i­dent did not say: ‘We have a prob­lem and let’s look into it.’ He want­ed to bomb the shit out of Syr­ia.”

At the UN the next day, Ambas­sador Haley cre­at­ed a media sen­sa­tion when she dis­played pho­tographs of the dead and accused Rus­sia of being com­plic­it. “How many more chil­dren have to die before Rus­sia cares?” she asked. NBC News, in a typ­i­cal report that day, quot­ed Amer­i­can offi­cials as con­firm­ing that nerve gas had been used and Haley tied the attack direct­ly to Syr­i­an Pres­i­dent Assad. “We know that yesterday’s attack was a new low even for the bar­bar­ic Assad regime,” she said. There was irony in America’s rush to blame Syr­ia and crit­i­cize Rus­sia for its sup­port of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambas­sador Haley and oth­ers in Wash­ing­ton did. “What doesn’t occur to most Amer­i­cans” the advis­er said, “is if there had been a Syr­i­an nerve gas attack autho­rized by Bashar, the Rus­sians would be 10 times as upset as any­one in the West. Russia’s strat­e­gy against ISIS, which involves get­ting Amer­i­can coop­er­a­tion, would have been destroyed and Bashar would be respon­si­ble for piss­ing off Rus­sia, with unknown con­se­quences for him. Bashar would do that? When he’s on the verge of win­ning the war? Are you kid­ding me?”

Trump, a con­stant watch­er of tele­vi­sion news, said, while King Abdul­lah of Jor­dan was sit­ting next to him in the Oval Office, that what had hap­pened was “hor­ri­ble, hor­ri­ble” and a “ter­ri­ble affront to human­i­ty.” Asked if his admin­is­tra­tion would change its pol­i­cy toward the Assad gov­ern­ment, he said: “You will see.” He gave a hint of the response to come at the sub­se­quent news con­fer­ence with King Abdul­lah: “When you kill inno­cent chil­dren, inno­cent babies – babies, lit­tle babies – with a chem­i­cal gas that is so lethal … that cross­es many, many lines, beyond a red line . … That attack on chil­dren yes­ter­day had a big impact on me. Big impact … It’s very, very pos­si­ble … that my atti­tude toward Syr­ia and Assad has changed very much.”

With­in hours of view­ing the pho­tos, the advis­er said, Trump instruct­ed the nation­al defense appa­ra­tus to plan for retal­i­a­tion against Syr­ia. “He did this before he talked to any­body about it. The plan­ners then asked the CIA and DIA if there was any evi­dence that Syr­ia had sarin stored at a near­by air­port or some­where in the area. Their mil­i­tary had to have it some­where in the area in order to bomb with it.” “The answer was, ‘We have no evi­dence that Syr­ia had sarin or used it,’” the advis­er said. “The CIA also told them that there was no resid­ual deliv­ery for sarin at Sheyrat [the air­field from which the Syr­i­an SU-24 bombers had tak­en off on April 4] and Assad had no motive to com­mit polit­i­cal sui­cide.”Every­one involved, except per­haps the pres­i­dent, also under­stood that a high­ly skilled Unit­ed Nations team had spent more than a year in the after­math of an alleged sarin attack in 2013 by Syr­ia, remov­ing what was said to be all chem­i­cal weapons from a dozen Syr­i­an chem­i­cal weapons depots.

At this point, the advis­er said, the president’s nation­al secu­ri­ty plan­ners were more than a lit­tle rat­tled: “No one knew the prove­nance of the pho­tographs. We didn’t know who the chil­dren were or how they got hurt. Sarin actu­al­ly is very easy to detect because it pen­e­trates paint, and all one would have to do is get a paint sam­ple. We knew there was a cloud and we knew it hurt peo­ple. But you can­not jump from there to cer­tain­ty that Assad had hid­den sarin from the UN because he want­ed to use it in Khan Sheikhoun.” The intel­li­gence made clear that a Syr­i­an Air Force SU-24 fight­er bomber had used a con­ven­tion­al weapon to hit its tar­get: There had been no chem­i­cal war­head. And yet it was impos­si­ble for the experts to per­suade the pres­i­dent of this once he had made up his mind. “The pres­i­dent saw the pho­tographs of poi­soned lit­tle girls and said it was an Assad atroc­i­ty,” the senior advis­er said. “It’s typ­i­cal of human nature. You jump to the con­clu­sion you want. Intel­li­gence ana­lysts do not argue with a pres­i­dent. They’re not going to tell the pres­i­dent, ‘if you inter­pret the data this way, I quit.’”

The nation­al secu­ri­ty advis­ers under­stood their dilem­ma: Trump want­ed to respond to the affront to human­i­ty com­mit­ted by Syr­ia and he did not want to be dis­suad­ed. They were deal­ing with a man they con­sid­ered to be not unkind and not stu­pid, but his lim­i­ta­tions when it came to nation­al secu­ri­ty deci­sions were severe. “Every­one close to him knows his pro­cliv­i­ty for act­ing pre­cip­i­tous­ly when he does not know the facts,” the advis­er said. “He doesn’t read any­thing and has no real his­tor­i­cal knowl­edge. He wants ver­bal brief­in­gs and pho­tographs. He’s a risk-tak­er. He can accept the con­se­quences of a bad deci­sion in the busi­ness world; he will just lose mon­ey. But in our world, lives will be lost and there will be long-term dam­age to our nation­al secu­ri­ty if he guess­es wrong. He was told we did not have evi­dence of Syr­i­an involve­ment and yet Trump says: ‘Do it.”’

On April 6, Trump con­vened a meet­ing of nation­al secu­ri­ty offi­cials at his Mar-a-Lago resort in Flori­da. The meet­ing was not to decide what to do, but how best to do it – or, as some want­ed, how to do the least and keep Trump hap­py. “The boss knew before the meet­ing that they didn’t have the intel­li­gence, but that was not the issue,” the advis­er said. “The meet­ing was about, ‘Here’s what I’m going to do,’ and then he gets the options.”

The avail­able intel­li­gence was not rel­e­vant. The most expe­ri­enced man at the table was Sec­re­tary of Defense James Mat­tis, a retired Marine Corps gen­er­al who had the president’s respect and under­stood, per­haps, how quick­ly that could evap­o­rate. Mike Pom­peo, the CIA direc­tor whose agency had con­sis­tent­ly report­ed that it had no evi­dence of a Syr­i­an chem­i­cal bomb, was not present. Sec­re­tary of State Tiller­son was admired on the inside for his will­ing­ness to work long hours and his avid read­ing of diplo­mat­ic cables and reports, but he knew lit­tle about wag­ing war and the man­age­ment of a bomb­ing raid. Those present were in a bind, the advis­er said. “The pres­i­dent was emo­tion­al­ly ener­gized by the dis­as­ter and he want­ed options.” He got four of them, in order of extrem­i­ty. Option one was to do noth­ing. All involved, the advis­er said, under­stood that was a non-starter. Option two was a slap on the wrist: to bomb an air­field in Syr­ia, but only after alert­ing the Rus­sians and, through them, the Syr­i­ans, to avoid too many casu­al­ties. A few of the plan­ners called this the “goril­la option”: Amer­i­ca would glow­er and beat its chest to pro­voke fear and demon­strate resolve, but cause lit­tle sig­nif­i­cant dam­age. The third option was to adopt the strike pack­age that had been pre­sent­ed to Oba­ma in 2013, and which he ulti­mate­ly chose not to pur­sue. The plan called for the mas­sive bomb­ing of the main Syr­i­an air­fields and com­mand and con­trol cen­ters using B1 and B52 air­craft launched from their bases in the U.S. Option four was “decap­i­ta­tion”: to remove Assad by bomb­ing his palace in Dam­as­cus, as well as his com­mand and con­trol net­work and all of the under­ground bunkers he could pos­si­bly retreat to in a cri­sis.

“Trump ruled out option one off the bat,” the senior advis­er said, and the assas­si­na­tion of Assad was nev­er con­sid­ered. “But he said, in essence: ‘You’re the mil­i­tary and I want mil­i­tary action.’” The pres­i­dent was also ini­tial­ly opposed to the idea of giv­ing the Rus­sians advance warn­ing before the strike, but reluc­tant­ly accept­ed it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The dis­cus­sion had its bizarre moments. Tiller­son won­dered at the Mar-a-Lago meet­ing why the pres­i­dent could not sim­ply call in the B52 bombers and pul­ver­ize the air base. He was told that B52s were very vul­ner­a­ble to sur­face-to-air mis­siles (SAMs) in the area and using such planes would require sup­pres­sion fire that could kill some Russ­ian defend­ers. “What is that?” Tiller­son asked. Well, sir, he was told, that means we would have to destroy the upgrad­ed SAM sites along the B52 flight path, and those are manned by Rus­sians, and we pos­si­bly would be con­front­ed with a much more dif­fi­cult sit­u­a­tion. “The les­son here was: Thank God for the mil­i­tary men at the meet­ing,” the advis­er said. “They did the best they could when con­front­ed with a deci­sion that had already been made.”

Fifty-nine Tom­a­hawk mis­siles were fired from two U.S. Navy destroy­ers on duty in the Mediter­ranean, the Ross and the Porter, at Shayrat Air Base near the gov­ern­ment-con­trolled city of Homs. The strike was as suc­cess­ful as hoped, in terms of doing min­i­mal dam­age. The mis­siles have a light pay­load – rough­ly 220 pounds of HBX, the military’s mod­ern ver­sion of TNT. The airfield’s gaso­line stor­age tanks, a pri­ma­ry tar­get, were pul­ver­ized, the senior advis­er said, trig­ger­ing a huge fire and clouds of smoke that inter­fered with the guid­ance sys­tem of fol­low­ing mis­siles. As many as 24 mis­siles missed their tar­gets and only a few of the Tom­a­hawks actu­al­ly pen­e­trat­ed into hangars, destroy­ing nine Syr­i­an air­craft, many few­er than claimed by the Trump admin­is­tra­tion. I was told that none of the nine was oper­a­tional: such dam­aged air­craft are what the Air Force calls hangar queens. “They were sac­ri­fi­cial lambs,” the senior advis­er said. Most of the impor­tant per­son­nel and oper­a­tional fight­er planes had been flown to near­by bases hours before the raid began. The two run­ways and park­ing places for air­craft, which had also been tar­get­ed, were repaired and back in oper­a­tion with­in eight hours or so. All in all, it was lit­tle more than an expen­sive fire­works dis­play.

“It was a total­ly Trump show from begin­ning to end,” the senior advis­er said. “A few of the president’s senior nation­al secu­ri­ty advis­ers viewed the mis­sion as a min­i­mized bad pres­i­den­tial deci­sion, and one that they had an oblig­a­tion to car­ry out. But I don’t think our nation­al secu­ri­ty peo­ple are going to allow them­selves to be hus­tled into a bad deci­sion again. If Trump had gone for option three, there might have been some imme­di­ate res­ig­na­tions.”

After the meet­ing, with the Tom­a­hawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of help­less men, women and chil­dren. It was a slow and bru­tal death for so many … No child of God should ever suf­fer such hor­ror.” The next few days were his most suc­cess­ful as pres­i­dent. Amer­i­ca ral­lied around its com­man­der in chief, as it always does in times of war. Trump, who had cam­paigned as some­one who advo­cat­ed mak­ing peace with Assad, was bomb­ing Syr­ia 11 weeks after tak­ing office, and was hailed for doing so by Repub­li­cans, Democ­rats and the media alike. One promi­nent TV anchor­man, Bri­an Williams of MSNBC, used the word “beau­ti­ful” to describe the images of the Tom­a­hawks being launched at sea. Speak­ing on CNN, Fareed Zakaria said: “I think Don­ald Trump became pres­i­dent of the Unit­ed States.” A review of the top 100 Amer­i­can news­pa­pers showed that 39 of them pub­lished edi­to­ri­als sup­port­ing the bomb­ing in its after­math, includ­ing the New York TimesWash­ing­ton Post and Wall Street Jour­nal.

Five days lat­er, the Trump admin­is­tra­tion gath­ered the nation­al media for a back­ground brief­ing on the Syr­i­an oper­a­tion that was con­duct­ed by a senior White House offi­cial who was not to be iden­ti­fied. The gist of the brief­ing was that Russia’s heat­ed and per­sis­tent denial of any sarin use in the Khan Sheikhoun bomb­ing was a lie because Pres­i­dent Trump had said sarin had been used. That asser­tion, which was not chal­lenged or dis­put­ed by any of the reporters present, became the basis for a series of fur­ther crit­i­cisms:

– The con­tin­ued lying by the Trump admin­is­tra­tion about Syria’s use of sarin led to wide­spread belief in the Amer­i­can media and pub­lic that Rus­sia had cho­sen to be involved in a cor­rupt dis­in­for­ma­tion and cov­er-up cam­paign on the part of Syr­ia.

– Russia’s mil­i­tary forces had been co-locat­ed with Syria’s at the Shayrat air­field (as they are through­out Syr­ia), rais­ing the pos­si­bil­i­ty that Rus­sia had advance notice of Syria’s deter­mi­na­tion to use sarin at Khan Sheikhoun and did noth­ing to stop it.

– Syria’s use of sarin and Russia’s defense of that use strong­ly sug­gest­ed that Syr­ia with­held stocks of the nerve agent from the UN dis­ar­ma­ment team that spent much of 2014 inspect­ing and remov­ing all declared chem­i­cal war­fare agents from 12 Syr­i­an chem­i­cal weapons depots, pur­suant to the agree­ment worked out by the Oba­ma admin­is­tra­tion and Rus­sia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a sub­urb of Dam­as­cus.

The briefer, to his cred­it, was care­ful to use the words “think,” “sug­gest” and “believe” at least 10 times dur­ing the 30-minute event. But he also said that his brief­ing was based on data that had been declas­si­fied by “our col­leagues in the intel­li­gence com­mu­ni­ty.” What the briefer did not say, and may not have known, was that much of the clas­si­fied infor­ma­tion in the com­mu­ni­ty made the point that Syr­ia had not used sarin in the April 4 bomb­ing attack.

The cri­sis slid into the back­ground by the end of April, as Rus­sia, Syr­ia and the Unit­ed States remained focused on anni­hi­lat­ing ISIS and the mili­tias of al-Qai­da. Some of those who had worked through the cri­sis, how­ev­er, were left with lin­ger­ing con­cerns. “The Salafists and jihadists got every­thing they want­ed out of their hyped-up Syr­i­an nerve gas ploy,” the senior advis­er to the U.S. intel­li­gence com­mu­ni­ty told me, refer­ring to the flare up of ten­sions between Syr­ia, Rus­sia and Amer­i­ca. “The issue is, what if there’s anoth­er false flag sarin attack cred­it­ed to hat­ed Syr­ia? Trump has upped the ante and paint­ed him­self into a cor­ner with his deci­sion to bomb. And do not think these guys are not plan­ning the next faked attack. Trump will have no choice but to bomb again, and hard­er. He’s inca­pable of say­ing he made a mis­take.”

———-

9. That’s omi­nous: So you know that poten­tial bomb­shell report by Sy Hersh in Die Welt about how Don­ald Trump’s intel­li­gence and mil­i­tary advi­sors has con­clud­ed that Bashar Assad’s regime was not in fact respon­si­ble for a sarin gas attack but instead the cloud of chem­i­cals was a con­se­quence of sec­ondary explo­sions of stored chlo­rine and fer­til­iz­er in build­ing by the Syr­i­an air force [85]? That report has been almost entire­ly ignored by Amer­i­can news out­lets? Well, it’s going to be a lot hard­er to ignore that report now that the White House just issued an omi­nous mes­sage indi­cat­ing it has evi­dence that Assad’s forces were plan­ning a chem­i­cal attack and if that hap­pens the con­se­quences will be severe and Russ­ian and Iran will be held respon­si­ble [16]:

“White House says Syria’s Assad prepar­ing anoth­er chem­i­cal attack, warns of ‘heavy’ penal­ty” by Abby Phillip and Dan Lamothe; The Wash­ing­ton Post; 06/26/2017 [16]

The White House issued an omi­nous warn­ing to Syr­i­an Pres­i­dent Bashar al-Assad on Mon­day night, pledg­ing that his regime would pay a “heavy price” if it car­ried out anoth­er chem­i­cal attack this year.

In a state­ment, White House press sec­re­tary Sean Spicer said that the Unit­ed States had detect­ed evi­dence of prepa­ra­tions for a chem­i­cal attack, sim­i­lar to the prepa­ra­tions that occurred before an attack in April.

“The Unit­ed States has iden­ti­fied poten­tial prepa­ra­tions for anoth­er chem­i­cal weapons attack by the Assad regime that would like­ly result in the mass mur­der of civil­ians, includ­ing inno­cent chil­dren,” Spicer said in the state­ment. “The activ­i­ties are sim­i­lar to prepa­ra­tions the regime made before its April 4, 2017 chem­i­cal weapons attack.

“As we have pre­vi­ous­ly stat­ed, the Unit­ed States is in Syr­ia to elim­i­nate the Islam­ic State of Iraq and Syr­ia,” he con­tin­ued. “If, how­ev­er, Mr. Assad con­ducts anoth­er mass mur­der attack using chem­i­cal weapons, he and his mil­i­tary will pay a heavy price.”

Fol­low­ing the April attack [86], Pres­i­dent Trump ordered an air strike against the Assad-con­trolled air field where the attack was believed to have been car­ried out.

At the time, Trump said that Assad’s use of chem­i­cal weapons against inno­cent women and chil­dren made action inevitable.

“When you kill inno­cent chil­dren, inno­cent babies, babies, lit­tle babies, with a chem­i­cal gas that is so lethal — peo­ple were shocked to hear what gas it was,” Trump said after the attack. “That cross­es many, many lines, beyond a red line, many, many lines.”

Fol­low­ing Spicer’s state­ment on Mon­day night, Nik­ki Haley, the U.S. Ambas­sador to the Unit­ed Nations said Assad and its allies would be square­ly blamed if such an attack occurred.

“Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple,”Haley wrote.

Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple.— Nik­ki Haley (@nikkihaley) June 27, 2017 [87]

The U.S. mil­i­tary main­tains a vari­ety of weapons in the region that could be used in the event of anoth­er strike, includ­ing manned and unmanned air­craft in sev­er­al Mid­dle East­ern coun­tries. But the most like­ly sce­nario is prob­a­bly a strike using naval assets, which can be launched with few­er diplo­mat­ic issues than using bases in allied coun­tries such as Turkey or the Unit­ed Arab Emi­rates.

The Navy launched Tom­a­hawk mis­siles at a Syr­i­an mil­i­tary air­field April 6 in response to a pre­vi­ous alleged chem­i­cal weapons attack, using two guid­ed-mis­sile destroy­ers in the east­ern Mediter­ranean Sea, the USS Ross and USS Porter, to do so.

A point of con­tention for the Pen­ta­gon after the last strike was the Syr­i­an regime’s alleged use of a nerve agent, like sarin. It is far dead­lier than some oth­er chem­i­cals that U.S. mil­i­tary and intel­li­gence offi­cials say that the regime has used, such as chlo­rine.

———-

“”The Unit­ed States has iden­ti­fied poten­tial prepa­ra­tions for anoth­er chem­i­cal weapons attack by the Assad regime that would like­ly result in the mass mur­der of civil­ians, includ­ing inno­cent chil­dren,” Spicer said in the state­ment. “The activ­i­ties are sim­i­lar to prepa­ra­tions the regime made before its April 4, 2017 chem­i­cal weapons attack.”

That was the mes­sage from Sean Spicer, fol­lowed by this warn­ing to Iran and Rus­sia from UN Ambas­sador Nik­ki Haley:


Fol­low­ing Spicer’s state­ment on Mon­day night, Nik­ki Haley, the U.S. Ambas­sador to the Unit­ed Nations said Assad and its allies would be square­ly blamed if such an attack occurred.

“Any fur­ther attacks done to the peo­ple of Syr­ia will be blamed on Assad, but also on Rus­sia & Iran who sup­port him killing his own peo­ple,” Haley wrote.