- Spitfire List - http://spitfirelist.com -

FTR #964 Lies, Damned Lies and Statistics

WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE [1].

You can subscribe to e-mail alerts from Spitfirelist.com HERE [2].

You can subscribe to RSS feed from Spitfirelist.com HERE [2].

You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE [3].

This broadcast was recorded in one, 60-minute segment [4].

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration. [5]

Trump kept a copy of this by his bedside. Russia is NOT his source of inspiration.

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism. [6]

Waffen SS-clad World War II reenactors, in original photo used by Trump campaign. Russia is NOT the font of Trumpism.

Introduction: As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do.

This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.

Compounding the situation are some recent disclosures and developments:

Following [13] a Bloomberg report about widespread Russian hacking of American elections systems:  “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked. ‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’ She said that some cybersecurity firms were engaging in scare tactics at the state and local levels. ‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’ . . .”

With the high-profile hacks being attributed–almost certainly falsely–to Russia, there are ominous developments [14] taking place that may well lead to a Third World War. During the closing days of his Presidency, Obama authorized the planting of cyber weapons on Russian computer networks. Obama did this after talking with Putin on the Hot Line, established to prevent a Third World War. Putin denied interfering in the U.S. election.

The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.

That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.

Of paramount significance is the fact that IF, on Putin’s orders (and we are to believe such) Russia continued to hack U.S. computer systems to influence the election, Putin would have to have gone utterly mad. Those hacks would have precluded any rapprochement between Russia and the United States under a President Trump. There is not indication that Putin went off the deep end.

Also auguring a Third World War are two developments in Syria. Seymour Hersh published an article in Die Welt [15] revealing that, not only was the April 4 alleged Sarin attack NOT a chemical weapons attack but there was widespread knowledge of this in American military and intelligence circles.

Ominously, the Trump White House is claiming they have advance knowledge [16] of an impending Syrian chemical weapons strike and will punish Syria heavily, and hold Russia accountable.

Program Highlights Include: The fact that the bulk of activity detected by the DHS on U.S. election systems was “scanning”–standard operating procedure for hacking; a former NSA hacking specialist–Jake Williams–said that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off” [17]; the question of whether or not GOP Secretaries of State might have deliberately responded to the spear-phishing e-mails that permitted the “hit” on U.S. election systems; the Russian authorization of the use by the Syrian air force of a smart bomb to eliminate Al-Qaeda-linked jihadists; the release of a chemical cloud as a result of that strike that was caused by secondary explosions; Cambridge Analytica’s [18] hiring of GOP online data-basing kingpin Darren Bolding.

1a. As we have noted in many previous broadcasts and posts, cyber attacks are easily disguised. Perpetrating a “cyber false flag” operation is disturbingly easy to do. In a world where the verifiably false and physically impossible “controlled demolition”/Truther nonsense has gained traction, cyber false flag ops are all the more threatening and sinister.

Now, we learn that the CIA’s hacking tools are specifically crafted to mask CIA authorship of the attacks. Most significantly, for our purposes, is the fact that the Agency’s hacking tools are engineered in such a way as to permit the authors of the event to represent themselves as Russian.

This is of paramount significance in evaluating the increasingly neo-McCarthyite New Cold War propaganda about “Russian interference” in the U.S. election.

“WikiLeaks Vault 7 Part 3 Reveals CIA Tool Might Mask Hacks as Russian, Chinese, Arabic” by Stephanie Dube Dwilson; Heavy; 4/3/2017. [7]

This morning, WikiLeaks released part 3 of its Vault 7 series, called Marble. Marble reveals CIA source code files along with decoy languages that might disguise viruses, trojans, and hacking attacks. These tools could make it more difficult for anti-virus companies and forensic investigators to attribute hacks to the CIA. Could this call the source of previous hacks into question? It appears that yes, this might be used to disguise the CIA’s own hacks to appear as if they were Russian, Chinese, or from specific other countries. These tools were in use in 2016, WikiLeaks reported.

 It’s not known exactly how this Marble tool was actually used. However, according to WikiLeaks, the tool could make it more difficult for investigators and anti-virus companies to attribute viruses and other hacking tools to the CIA. Test examples weren’t just in English, but also Russian, Chinese, Korean, Arabic, and Farsi. This might allow a malware creator to not only look like they were speaking in Russian or Chinese, rather than in English, but to also look like they tried to hide that they were not speaking English, according to WikiLeaks. This might also hide fake error messages or be used for other purposes. . . .

1b. There has been a widely-circulated report about how the election systems of 39 US states were “hit” by ‘Russian hackers’, most of them just a week, before the 2016 November election? [19] Well, the National Association of Secretaries of State, an organization that represents the chief election officials in 40 states, has a rebuttal: They have no idea what this report was talking about and believe it’s a matter of cybersecurity firms being overly aggressive to earn state contracts to protect election systems. [13]

Again, quite a rebuttal–they have no idea what the Bloomberg report was saying:  “ . . . . Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.

‘We cannot verify any information in that report,’ Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.’

Ms. Stimson also noted that cyber security firms appeared to be ramping up the hype in order to further their own commercial agendas.

” . . . Cyber Security Firms Capitalizing On Russian Scare

She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.

‘There are cybersecurity firms making some wild claims,’ she said. ‘It is a very aggressive industry.’

In addition the Department of Homeland Security is also downplaying the significance of the report:

” . . . . Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Homeland Security also issued a report about the Bloomberg report, saying: ‘While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.’. . . .”

“State Election Officials Baffled By Report 39 States ‘Hit’ By Russian Hackers” by Mark Fritz; Benzinga; 06/15/2017 [13]

State election officials are baffled by a Bloomberg report [20] alleging that Russian hackers compromised the voting systems in 39 states, adding that cybersecurity firms were engaging in scare tactics to win state and local contracts to protect election systems.

The June 13 Bloomberg story said that hackers staged incursions last year into voter databases and software systems in almost twice as many states as previously reported.

“In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database,” the report said.

It cited three unnamed sources with direct knowledge of “the U.S. investigation into the matter.”

“In all, the Russian hackers hit systems in a total of 39 states, one of them said,” the report said.

The National Security Agency, the FBI and the U.S. Homeland Security Department all are looking into various aspects of what intelligence officials said was Russian meddling into the U.S. election systems.

Kay Stimson, spokeswoman for the National Association of Secretaries of State, said the members of her group — which represents the chief election officials in 40 states — were taken aback by the allegation that 39 states were hacked.

“We cannot verify any information in that report,” Stimson told Benzinga. “It has some claims that have raised some red flags. I don’t know where they’re getting it. We’re not able to assess to the credibility.”

Cyber Security Firms Capitalizing On Russian Scare

She said that some cybersecurity firms were engaging in scare tactics at the state and local levels.

“There are cybersecurity firms making some wild claims,” she said. “It is a very aggressive industry.”

Bloomberg attributed the number of states “hit” — Stimson questioned the meaning of the word — to the systems in 39 states. “It’s hard to say how they ‘hit’ 39 states,” she said.

Homeland Security also issued a report about the Bloomberg report, saying: “While we are not going to get into specifics of activity at the state level, the vast majority of what we saw was scanning — not attempts to intrude — and unsuccessful attempts to steal data held in voter registration databases.”

Little Doubt Russian Meddling In Election

Despite the reaction to the Bloomberg report, there is little doubt that Russian actors attempted to access U.S. election systems. Special investigator Robert Mueller has been tasked with spearheading the investigation into whether the Trump campaign colluded with Kremlin affiliates to leak damaging emails and rig the election.

2a. The information presented above certainly supports the notion that the “39 states were hacked by the Russians” was, at a minimum, an exaggeration. And when DHS talks about the “vast majority” of what they saw was “scanning”, keep in mind that “scanning” computers connected to the internet is ubiquitous and if they were using IP addresses to attribute this scanning to “Russian hackers”, if the US intelligence report on the evidence for ‘Russian hackers’ in the DNC server hack is any indication of the way IP addresses are being used to assess culpability for these state system scanning attempts, IP addresses aren’t the most compelling evidence in this case [21]:

“Did the Russians Really Hack the DNC?” by Gregory ElichCounter Punch; 1/13/2017. [22]

Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.

How substantial is the evidence backing these assertions?

Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13] [23] Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.

One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] [24] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] [25] The second server is situated in Paris, France, and owned by another server hosting service. [16] [26] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael.[17] [27]

“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.” [18] [28] . . . 

2b. Since digital “signatures” are easily spoofed by hackers and a declaration of cyber war would be an insane move by the Russian government, there’s the very obvious possibility that someone else made all these hacking attempts.

It’s worth noting that in The Intercept report about the leaked NSA document showing the analysis of the hacking of a Florida voting systems company, the article features an interview Jake Williams – a former member of NSA’s elite hacking Tailored Access Operations team – and ask him about the spear-phishing campaign used against those 122 officials in the last week of the campaign. According to Williams, that spear-phishing operation was of “medium sophistication” that “practically any hacker can pull off”. [17]

The spear-phishing attacks used documents from the Florida-based “VR Systems” as the bait. That’s what the alleged Russian hackers did in the last week of the campaign. And how sophisticated was this spear-phishing attack? Almost any hacker could have done it.

“. . . . According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. ‘Once the user opens up that email [attachment],’ Williams explained, ‘the attacker has all the same capabilities that the user does.’ Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the ‘quantity of exfiltrated data is only limited by the controls put in place by network administrators.’ Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added. Overall, the method is one of  ‘medium sophistication,’ Williams said, one that ‘practically any hacker can pull off.’. . . .”

So according to federal investigators, ‘the GRU’ used a spear-phishing technique that any hacker could have pulled off, and did it in a manner that left digital “signatures”, like IP address, that apparently led back to the GRU. The culprits also kept the same digital signatures in the July 2016 hack on the Illinois voting system that were found in the wave of spear-phishing attacks in the last week of the campaign. Even after getting a “cyber Red Phone” call from the White House in for the first time ever in October, thus opening Russia to potential revenge attacks for years to come and poison-pilling the possible utility of having a Russian-friendly President Trump in the White House. It’s as if the cost-benefit analysis didn’t factor in the costs. That’s the story we’re supposed to accept.

And, amazingly, based on the first report, it sounds the bulk of the 39 hacked states got hacked by this spear-phishing campaign in the last week of the campaign despite the intense focus around potential hacking in the prior months. Those must have been some pretty compelling phishing emails.

It raises the question as to whether or not some of the those 122 targeted officials were trying to get their systems hacked. Keep in mind one of the very interesting things about a spear-phishing attack in a scenario like this: one of the hacked parties (the GOP) just might want to get hacked: Spear-phishing a great way for an insider to invite in a hacker while maintaining plausible deniability. Oops! I was tricked!)

“Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election” by Matthew Cole, Richard Esposito, Sam Biddle, Ryan Grim; The Intercept; 06/05/2017 [17]

Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial [29] last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

The Spear-Phishing Attack

As described by the classified NSA report, the Russian plan was simple: pose as an e-voting vendor and trick local government employees into opening Microsoft Word documents invisibly tainted with potent malware that could give hackers full control over the infected computers.

But in order to dupe the local officials, the hackers needed access to an election software vendor’s internal systems to put together a convincing disguise. So on August 24, 2016, the Russian hackers sent spoofed emails purporting to be from Google to employees of an unnamed U.S. election software company, according to the NSA report. Although the document does not directly identify the company in question, it contains references to a product made by VR Systems, a Florida-based vendor of electronic voting services and equipment whose products are used in eight states.

The spear-phishing email contained a link directing the employees to a malicious, faux-Google website that would request their login credentials and then hand them over to the hackers. The NSA identified seven “potential victims” at the company. While malicious emails targeting three of the potential victims were rejected by an email server, at least one of the employee accounts was likely compromised, the agency concluded. The NSA notes in its report that it is “unknown whether the aforementioned spear-phishing deployment successfully compromised all the intended victims, and what potential data from the victim could have been exfiltrated.”

VR Systems declined to respond to a request for comment on the specific hacking operation outlined in the NSA document. Chief Operating Officer Ben Martin replied by email to The Intercept’s request for comment with the following statement:

Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.

Although the NSA report indicates that VR Systems was targeted only with login-stealing trickery, rather than computer-controlling malware, this isn’t necessarily a reassuring sign. Jake Williams, founder of computer security firm Rendition Infosec and formerly of the NSA’s Tailored Access Operations hacking team, said stolen logins can be even more dangerous than an infected computer. “I’ll take credentials most days over malware,” he said, since an employee’s login information can be used to penetrate “corporate VPNs, email, or cloud services,” allowing access to internal corporate data. The risk is particularly heightened given how common it is to use the same password for multiple services. Phishing, as the name implies, doesn’t require everyone to take the bait in order to be a success — though Williams stressed that hackers “never want just one” set of stolen credentials.

In any event, the hackers apparently got what they needed. Two months later, on October 27, they set up an “operational” Gmail account designed to appear as if it belonged to an employee at VR Systems, and used documents obtained from the previous operation to launch a second spear-phishing operation “targeting U.S. local government organizations.” These emails contained a Microsoft Word document that had been “trojanized” so that when it was opened it would send out a beacon to the “malicious infrastructure” set up by the hackers.

The NSA assessed that this phase of the spear-fishing operation was likely launched on either October 31 or November 1 and sent spear-fishing emails to 122 email addresses “associated with named local government organizations,” probably to officials “involved in the management of voter registration systems.” The emails contained Microsoft Word attachments purporting to be benign documentation for VR Systems’ EViD voter database product line, but which were in reality maliciously embedded with automated software commands that are triggered instantly and invisibly when the user opens the document. These particular weaponized files used PowerShell, a Microsoft scripting language designed for system administrators and installed by default on Windows computers, allowing vast control over a system’s settings and functions. If opened, the files “very likely” would have instructed the infected computer to begin downloading in the background a second package of malware from a remote server also controlled by the hackers, which the secret report says could have provided attackers with “persistent access” to the computer or the ability to “survey the victims for items of interest.” Essentially, the weaponized Word document quietly unlocks and opens a target’s back door, allowing virtually any cocktail of malware to be subsequently delivered automatically.

According to Williams, if this type of attack were successful, the perpetrator would possess “unlimited” capacity for siphoning away items of interest. “Once the user opens up that email [attachment],” Williams explained, “the attacker has all the same capabilities that the user does.” Vikram Thakur, a senior research manager at Symantec’s Security Response Team, told The Intercept that in cases like this the “quantity of exfiltrated data is only limited by the controls put in place by network administrators.” Data theft of this variety is typically encrypted, meaning anyone observing an infected network wouldn’t be able to see what exactly was being removed but should certainly be able to tell something was afoot, Williams added.Overall, the method is one of “medium sophistication,” Williams said, one that “practically any hacker can pull off.”

The NSA, however, is uncertain about the results of the attack, according to the report. “It is unknown,” the NSA notes, “whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor.” . . . .

3. The conclusion that Russia hacked the U.S. election on Putin’s orders appears to have been based on a CIA source in the Kremlin. Even when that intelligence was delivered, other agencies weren’t ready to accept the CIA’s conclusion and it took intelligence from another nation (not named) to provide the final intelligence tipping point that led to a broad-based conclusion the not only was the Russian government behind the cyberattacks but that Vladimir Putin himself ordered it.

That ally’s intelligence is described as “the most critical technical intelligence on Russia,” however the NSA still wasn’t convinced based on what sounds like a lack of confidence in that source. Thus, it looks like a CIA Kremlin source and an unnamed foreign intelligence agency with questionable credentials are the basis of what appears to be a likely future full-scale US/Russian cyberwar.

” . . . .Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race. . . .”

We are told that a CIA deep Russian government source is the primary source of the ‘Putin ordered it’ conclusion. Well, at least that’s better than the bad joke technical evidence that’s been provided thus far. But even that source’s claims apparently weren’t enough to convinced other parts of the intelligence community. It took the intelligence from the unnamed ally to do that:

” . . . . But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence. . . .

. . . . In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.” . . . .

 

. . . . Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation. . . . 

. . . .But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command. . . .

. . . . .The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so. . . .”

Keep in mind that such a response from the US would be entirely predictable if the Russian government really did order this hack. Russia would be at a heightened risk for years or decades to come if Putin really did order this attack. There’s no reason to assume that the Russian government wouldn’t be well aware of this consequence.

So if Putin really did order this hack he would have to have gone insane. That’s how stupid this attack was if Putin actually ordered it. According to a CIA spy in the Kremlin, along with a questionable foreign ally, that’s exactly what Putin did.

He apparently went insane and preemptively launched a cyberwar knowing full well how devastating the long-term consequences could be. Because he really, really, really hates Hillary. That’s the narrative we’re being given.

And now, any future attacks on US elections or the US electrical grid that can somehow [30] be [31] pinned [32] on [33] the Russians [34] is going to trigger some sort of painful wave or retaliatory cyberbombs. Which, of course, will likely trigger a way of counter-retaliatory cyberbombs in the US. And a full-scale cyberwar will be born and we’ll just have to hope it stays in the cyber domain. That’s were we are now based on a CIA spy in the Kremlin and an unnamed foreign intelligence agency

“Obama’s Secret Struggle to Punish Russia for Putin’s Election Assault” by Greg Miller, Ellen Nakashima and Adam Entous; The Washington Post; 06/23/2017 [14]

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladimir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

But it went further. The intelligence captured Putin’s specific instructions on the operation’s audacious objectives — defeat or at least damage the Democratic nominee, Hillary Clinton, and help elect her opponent, Donald Trump.

At that point, the outlines of the Russian assault on the U.S. election were increasingly apparent. Hackers with ties to Russian intelligence services had been rummaging through Democratic Party computer networks, as well as some Republican systems, for more than a year. In July, the FBI had opened an investigation of contacts between Russian officials and Trump associates. And on July 22, nearly 20,000 emails stolen from the Democratic National Committee were dumped online by WikiLeaks.

But at the highest levels of government, among those responsible for managing the crisis, the first moment of true foreboding about Russia’s intentions arrived with that CIA intelligence.

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read. To guard against leaks, subsequent meetings in the Situation Room followed the same protocols as planning sessions for the Osama bin Laden raid.

It took time for other parts of the intelligence community to endorse the CIA’s view. Only in the administration’s final weeks in office did it tell the public, in a declassified report, what officials had learned from Brennan in August — that Putin was working to elect Trump.

Over that five-month interval, the Obama administration secretly debated dozens of options for deterring or punishing Russia, including cyberattacks on Russian infrastructure, the release of CIA-gathered material that might embarrass Putin and sanctions that officials said could “crater” the Russian economy.

But in the end, in late December, Obama approved [35]a modest package combining measures that had been drawn up to punish Russia for other issues — expulsions of 35 diplomats and the closure of two Russian compounds — with economic sanctions so narrowly targeted that even those who helped design them describe their impact as largely symbolic.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

In political terms, Russia’s interference was the crime of the century, an unprecedented and largely successful destabilizing attack on American democracy. It was a case that took almost no time to solve, traced to the Kremlin through cyber-forensics and intelligence on Putin’s involvement. And yet, because of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.

Those closest to Obama defend the administration’s response to Russia’s meddling. They note that by August it was too late to prevent the transfer to WikiLeaks and other groups of the troves of emails that would spill out in the ensuing months. They believe that a series of warnings — including one that Obama delivered to Putin in September — prompted Moscow to abandon any plans of further aggression, such as sabotage of U.S. voting systems.

Denis McDonough, who served as Obama’s chief of staff, said that the administration regarded Russia’s interference as an attack on the “heart of our system.”

“We set out from a first-order principle that required us to defend the integrity of the vote,” McDonough said in an interview. “Importantly, we did that. It’s also important to establish what happened and what they attempted to do so as to ensure that we take the steps necessary to stop it from happening again.”

But other administration officials look back on the Russia period with remorse.

“It is the hardest thing about my entire time in government to defend,” said a former senior Obama administration official involved in White House deliberations on Russia. “I feel like we sort of choked.”

This account of the Obama administration’s response to Russia’s interference is based on interviews with more than three dozen current and former U.S. officials in senior positions in government, including at the White House, the State, Defense and Homeland Security departments, and U.S. intelligence services. Most agreed to speak only on the condition of anonymity, citing the sensitivity of the issue.

The White House, the CIA, the FBI, the National Security Agency and the Office of the Director of National Intelligence declined to comment.

‘Deeply concerned’

The CIA breakthrough came at a stage of the presidential campaign when Trump had secured the GOP nomination but was still regarded as a distant long shot. Clinton held comfortable leads in major polls, and Obama expected that he would be transferring power to someone who had served in his Cabinet.

The intelligence on Putin was extraordinary on multiple levels, including as a feat of espionage.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan E. Rice aside after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

Officials described the president’s reaction as grave. Obama “was deeply concerned and wanted as much information as fast as possible,” a former official said. “He wanted the entire intelligence community all over this.”

Concerns about Russian interference had gathered throughout the summer.

Russia experts had begun to see a troubling pattern of propaganda in which fictitious news stories, assumed to be generated by Moscow, proliferated across social-media platforms.

Officials at the State Department and FBI became alarmed by an unusual spike in requests from Russia for temporary visas for officials with technical skills seeking permission to enter the United States for short-term assignments at Russian facilities. At the FBI’s behest, the State Department delayed approving the visas until after the election.

Meanwhile, the FBI was tracking a flurry of hacking activity against U.S. political parties, think tanks and other targets. Russia had gained entry to DNC systems in the summer of 2015 and spring of 2016, but the breaches did not become public until they were disclosed in a June 2016 report by The Post.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen [36], Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

“We don’t know enough … to ascribe motivation,” Clapper said. “Was this just to stir up trouble or was this ultimately to try to influence an election?”

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Don’t make things worse

The secrecy extended into the White House.

Rice, Haines and White House homeland-security adviser Lisa Monaco convened meetings in the Situation Room to weigh the mounting evidence of Russian interference and generate options for how to respond. At first, only four senior security officials were allowed to attend: Brennan, Clapper, Attorney General Loretta E. Lynch and FBI Director James B. Comey. Aides ordinarily allowed entry as “plus-ones” were barred.

Gradually, the circle widened to include Vice President Biden and others. Agendas sent to Cabinet secretaries — including John F. Kerry at the State Department and Ashton B. Carter at the Pentagon — arrived in envelopes that subordinates were not supposed to open. Sometimes the agendas were withheld until participants had taken their seats in the Situation Room.

Throughout his presidency, Obama’s approach to national security challenges was deliberate and cautious. He came into office seeking to end wars in Iraq and Afghanistan. He was loath to act without support from allies overseas and firm political footing at home. He was drawn only reluctantly into foreign crises, such as the civil war in Syria, that presented no clear exit for the United States.

Obama’s approach often seemed reducible to a single imperative: Don’t make things worse. As brazen as the Russian attacks on the election seemed, Obama and his top advisers feared that things could get far worse.

They were concerned that any pre-election response could provoke an escalation from Putin. Moscow’s meddling to that point was seen as deeply concerning but unlikely to materially affect the outcome of the election. Far more worrisome to the Obama team was the prospect of a cyber-assault on voting systems before and on Election Day.

They also worried that any action they took would be perceived as political interference in an already volatile campaign. By August, Trump was predicting that the election would be rigged. Obama officials feared providing fuel to such claims, playing into Russia’s efforts to discredit the outcome and potentially contaminating the expected Clinton triumph.

Before departing for an August vacation to Martha’s Vineyard, Obama instructed aides to pursue ways to deter Moscow and proceed along three main paths: Get a high-confidence assessment from U.S. intelligence agencies on Russia’s role and intent; shore up any vulnerabilities in state-run election systems; and seek bipartisan support from congressional leaders for a statement condemning Moscow and urging states to accept federal help.

The administration encountered obstacles at every turn.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Jeh Johnson, the homeland-security secretary, was responsible for finding out whether the government could quickly shore up the security of the nation’s archaic patchwork of voting systems. He floated the idea of designating state mechanisms “critical infrastructure,” a label that would have entitled states to receive priority in federal cybersecurity assistance, putting them on a par with U.S. defense contractors and financial networks.

On Aug. 15, Johnson arranged a conference call with dozens of state officials, hoping to enlist their support. He ran into a wall of resistance.

The reaction “ranged from neutral to negative,” Johnson said in congressional testimony Wednesday.

Brian Kemp, the Republican secretary of state of Georgia, used the call to denounce Johnson’s proposal as an assault on state rights. “I think it was a politically calculated move by the previous administration,” Kemp said in a recent interview, adding that he remains unconvinced that Russia waged a campaign to disrupt the 2016 race. “I don’t necessarily believe that,” he said.

Stung by the reaction, the White House turned to Congress for help, hoping that a bipartisan appeal to states would be more effective.

In early September, Johnson, Comey and Monaco arrived on Capitol Hill in a caravan of black SUVs for a meeting with 12 key members of Congress, including the leadership of both parties.

The meeting devolved into a partisan squabble.

“The Dems were, ‘Hey, we have to tell the public,’?” recalled one participant. But Republicans resisted, arguing that to warn the public that the election was under attack would further Russia’s aim of sapping confidence in the system.

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

With Obama still determined to avoid any appearance of politics, the statement would not carry his signature.

On Oct. 7, the administration offered its first public comment on Russia’s “active measures,” in a three-paragraph statement issued by Johnson and Clapper. Comey had initially agreed to attach his name, as well, officials said, but changed his mind at the last minute, saying that it was too close to the election for the bureau to be involved.

“The U.S. intelligence community is confident that the Russian government directed the recent compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations,” the statement said. “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.”

Early drafts accused Putin by name, but the reference was removed out of concern that it might endanger intelligence sources and methods.

The statement was issued around 3:30 p.m., timed for maximum media coverage. Instead, it was quickly drowned out. At 4 p.m., The Post published a story about crude comments [37]Trump had made about women that were captured on an “Access Hollywood” tape. Half an hour later, WikiLeaks published its first batch of emails stolen from Clinton campaign chairman John Podesta.

‘Ample time’ after election

The Situation Room is actually a complex of secure spaces in the basement level of the West Wing. A video feed from the main room courses through some National Security Council offices, allowing senior aides sitting at their desks to see — but not hear — when meetings are underway.

As the Russia-related sessions with Cabinet members began in August, the video feed was shut off. The last time that had happened on a sustained basis, officials said, was in the spring of 2011 during the run-up to the U.S. Special Operations raid on bin Laden’s compound in Pakistan.

The blacked-out screens were seen as an ominous sign among lower-level White House officials who were largely kept in the dark about the Russia deliberations even as they were tasked with generating options for retaliation against Moscow.

Much of that work was led by the Cyber Response Group, an NSC unit with representatives from the CIA, NSA, State Department and Pentagon.

The early options they discussed were ambitious. They looked at sectorwide economic sanctions and cyberattacks that would take Russian networks temporarily offline. One official informally suggested — though never formally proposed — moving a U.S. naval carrier group into the Baltic Sea as a symbol of resolve.

What those lower-level officials did not know was that the principals and their deputies had by late September all but ruled out any pre-election retaliation against Moscow. They feared that any action would be seen as political and that Putin, motivated by a seething resentment of Clinton, was prepared to go beyond fake news and email dumps.

The FBI had detected suspected Russian attempts to penetrate election systems in 21 states, and at least one senior White House official assumed that Moscow would try all 50, officials said. Some officials believed the attempts were meant to be detected to unnerve the Americans. The patchwork nature of the United States’ 3,000 or so voting jurisdictions would make it hard for Russia to swing the outcome, but Moscow could still sow chaos.

“We turned to other scenarios” the Russians might attempt, said Michael Daniel, who was cybersecurity coordinator at the White House, “such as disrupting the voter rolls, deleting every 10th voter [from registries] or flipping two digits in everybody’s address.”

The White House also worried that they had not yet seen the worst of Russia’s campaign. WikiLeaks and DCLeaks, a website set up in June 2016 by hackers believed to be Russian operatives, already had troves of emails. But U.S. officials feared that Russia had more explosive material or was willing to fabricate it.

“Our primary interest in August, September and October was to prevent them from doing the max they could do,” said a senior administration official. “We made the judgment that we had ample time after the election, regardless of outcome, for punitive measures.”

The assumption that Clinton would win contributed to the lack of urgency.

Instead, the administration issued a series of warnings.

Brennan delivered the first on Aug. 4 in a blunt phone call with Alexander Bortnikov, the director of the FSB, Russia’s powerful security service.

A month later, Obama confronted Putin directly during a meeting of world leaders in Hangzhou, China. Accompanied only by interpreters, Obama told Putin that “we knew what he was doing and [he] better stop or else,” according to a senior aide who subsequently spoke with Obama. Putin responded by demanding proof and accusing the United States of interfering in Russia’s internal affairs.

In a subsequent news conference, Obama alluded to the exchange and issued a veiled threat. “We’re moving into a new era here where a number of countries have significant capacities,” he said. “Frankly, we’ve got more capacity than anybody both offensively and defensively.”

There were at least two other warnings.

On Oct. 7, the day that the Clapper-Johnson statement was released, Rice summoned Russian Ambassador Sergey Kislyak Sergey Kislyak to the White House and handed him a message to relay to Putin.

Then, on Oct. 31, the administration delivered a final pre-election message via a secure channel to Moscow originally created to avert a nuclear exchange. The message noted that the United States had detected malicious activity, originating from servers in Russia, targeting U.S. election systems and warned that meddling would be regarded as unacceptable interference. Russia confirmed the next day that it had received the message but replied only after the election through the same channel, denying the accusation.

As Election Day approached, proponents of taking action against Russia made final, futile appeals to Obama’s top aides: McDonough, Rice and Haines. Because their offices were part of a suite of spaces in the West Wing, securing their support on any national security issue came to be known as “moving the suite.”

One of the last to try before the election was Kerry. Often perceived as reluctant to confront Russia, in part to preserve his attempts to negotiate a Syria peace deal, Kerry was at critical moments one of the leading hawks.

In October, Kerry’s top aides had produced an “action memo” that included a package of retaliatory measures including economic sanctions. Knowing the White House was not willing to act before the election, the plan called for the measures to be announced almost immediately after votes had been securely cast and counted.

Kerry signed the memo and urged the White House to convene a principals meeting to discuss the plan, officials said. “The response was basically, ‘Not now,’” one official said.

Election Day arrived without penalty for Moscow.

A U.S. cyber-weapon

The most difficult measure to evaluate is one that Obama alluded to in only the most oblique fashion when announcing the U.S. response.

“We will continue to take a variety of actions at a time and place of our choosing, some of which will not be publicized,” he said in a statement released by the White House.

He was referring, in part, to a cyber operation that was designed to be detected by Moscow but not cause significant damage, officials said. The operation, which entailed implanting computer code in sensitive computer systems that Russia was bound to find, served only as a reminder to Moscow of the United States’ cyber reach.

But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.

Obama declined to comment for this article, but a spokesman issued a statement: “This situation was taken extremely seriously, as is evident by President Obama raising this issue directly with President Putin; 17 intelligence agencies issuing an extraordinary public statement; our homeland security officials working relentlessly to bolster the cyber defenses of voting infrastructure around the country; the President directing a comprehensive intelligence review, and ultimately issuing a robust response including shutting down two Russian compounds, sanctioning nine Russian entities and individuals, and ejecting 35 Russian diplomats from the country.”

The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

———-

4a. Well look at that: As investigators explore the more than three dozen companies and individuals that Michael Flynn worked for – as a consultant, adviser, board member, or speaker – while advising the Trump campaign last year. And two of those entities are raising some extra eyebrows. Flynn was an advisory board member of Luxembourg-based OSY Technologies and consulted for the US-based private equity firm Francisco Partners. What’s so questionable about these entities? Well, Francisco Partners owns NSO Group – a secretive Israel-based cyberweapons dealer that sells advanced hacking tools to governments around the world – and OSY Technologies is an NSO Group offshoot. Flynn joined OSY in May of last year Yep, Michael Flynn worked for both the owner of an advanced cyberweapons dealer and one of its offshoots throughout the 2016 campaign. [9]

“The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc. [10], in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.

Yep, not only was Flynn working for NSO Group’s OSY Technologies and its owners at Francisco Partners, but NSO Group was also initiating plans to get more US government contracts…something that would presumably be much likelier to happen if Donald Trump won the White House and brought Flynn into the government.

And note how NSO Group wasn’t the only cybersecurity firm Flynn was working for:
“ . . . .When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.

Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel Group. In addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy [11]. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”) . . .”

In terms of assessing the significance of these business relationships, on the one hand, cybersecurity is one of the areas where one should expect the former head of the US Defense Intelligence Agency to go into after leaving government. On the other hand, we have just been told about the most hack-intensive US campaign in history and all the hacking was done in favor of Donald Trump. It is difficult to shake the notion that one or more of these firms may have been involved in one of the high-profile hacks.

Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails [38] and, allegedly [39], the attempts to hack 39 state election systems a week before the election [19] – it really is the case that almost anyone could have pulled these hacks off if they had adequate hacking skills and wanted to hide their tracks and make it look like ‘the Russians’ did it. And the NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems [40]:

“Michael Flynn Worked With Foreign Cyberweapons Group That Sold Spyware Used Against Political Dissidents” by Paul Blumenthal, Jessica Schulberg; The Huffington Post; 06/19/2017 [9]

While serving as a top campaign aide to Donald Trump, former national security adviser Michael Flynn made tens of thousands of dollars on the side advising a company that sold surveillance technology that repressive governments used to monitor activists and journalists.

Flynn, who resigned [41] in February after mischaracterizing his conversations with the Russian ambassador to the U.S., has already come under scrutiny for taking money from foreign outfits. Federal investigators began probing Flynn’s lobbying efforts [42]on behalf of a Dutch company led by a businessman with ties to the Turkish government earlier this year. Flynn’s moonlighting wasn’t typical: Most people at the top level of major presidential campaigns do not simultaneously lobby for any entity, especially not foreign governments. It’s also unusual for former U.S. intelligence officials to work with foreign cybersecurity outfits.

Nor was Flynn’s work with foreign entities while he was advising Trump limited to his Ankara deal. He earned nearly $1.5 million last year as a consultant, adviser, board member, or speaker for more than three dozen companies and individuals, according to financial disclosure forms released earlier [43] this year [44].

Two of those entities are directly linked to NSO Group, a secretive Israeli cyberweapons dealer founded by Omri Lavie and Shalev Hulio, who are rumored [45]to have served in Unit 8200, the Israeli equivalent of the National Security Agency.

Flynn received $40,280 last year as an advisory board member for OSY Technologies, an NSO Group offshoot based in Luxembourg, a favorite tax haven for major corporations. OSY Technologies is part of a corporate structure that runs from Israel, where NSO Group is located, through Luxembourg, the Cayman Islands, the British Virgin Islands, and the U.S.

Flynn also worked as a consultant last year for Francisco Partners, a U.S.-based private equity firm that owns NSO Group, but he did not disclose how much he was paid. At least two Francisco Partners executives have sat on OSY’s board.

Flynn’s financial disclosure forms do not specify the work he did for companies linked to NSO Group, and his lawyer did not respond to requests for comment. Former colleagues at Flynn’s consulting firm declined to discuss Flynn’s work with NSO Group. Executives at Francisco Partners who also sit on the OSY Technologies board did not respond to emails. Lavie, the NSO Group co-founder, told HuffPost he is “not interested in speaking to the press” and referred questions to a spokesman, who did not respond to queries.

Many government and military officials have moved through the revolving door between government agencies and private cybersecurity companies. The major players in the cybersecurity contracting world – SAIC, Booz Allen Hamilton, CACI Federal and KeyW Corporation – all have former top government officials in leadership roles or on their boards, or have former top executives working in government.

But it’s less common for former U.S. intelligence officials to work with foreign cybersecurity outfits. “There is a lot of opportunity in the U.S. to do this kind of work,” said Ben Johnson, a former NSA employee and the co-founder of Obsidian Security. “It’s a little bit unexpected going overseas, especially when you combine that with the fact that they’re doing things that might end up in hands of enemies of the U.S. government. It does seem questionable.”

What is clear is that during the time Flynn was working for NSO’s Luxembourg affiliate, one of the company’s main products — a spy software sold exclusively to governments and marketed as a tool for law enforcement officials to monitor suspected criminals and terrorists — was being used to surveil political dissidents, reporters, activists, and government officials. The software, called Pegasus, allowed users to remotely break into a target’s cellular phone if the target responded to a text message.

Last year, several people targeted by the spyware contacted Citizen Lab, a cybersecurity research team based out of the University of Toronto. With the help of experts at the computer security firm Lookout, Citizen Lab researchers were able to trace the spyware hidden in the texts [46] back to NSO Group spyware. After Citizen Lab publicized its findings, Apple introduced patches to fix the vulnerability. It is not known how many activists in other countries were targeted and failed to report it to experts.

NSO Group told [47]Forbes in a statement last year that it complies with strict export control laws and only sells to authorized government agencies. “The company does NOT operate any of its systems; it is strictly a technology company,” NSO Group told Forbes.

But once a sale is complete, foreign governments are free to do what they like with the technology.

“The government buys [the technology] and can use it however they want,” Bill Marczak, one of the Citizen Lab researchers, told HuffPost. “They’re basically digital arms merchants.”

The month before Flynn joined the advisory board of OSY Technologies, NSO Group opened up a new arm called WestBridge Technologies, Inc. [10], in the D.C. region. (The company was originally registered in Delaware in 2014, but formed in Maryland in April 2016.) Led by NSO Group co-founder Lavie, WestBridge is vying for federal government contracts for NSO Group’s products. Hiring Flynn would provide NSO Group with a well-connected figure in Washington, to help get its foot in the door of the notoriously insular world of secret intelligence budgeting.

“When you’re trying to build up your business, you need someone who has connections, someone who is seen as an authority and a legitimate presence,” Johnson said. Hiring someone with Flynn’s background in intelligence would “open up doors that they wouldn’t have had access to,” Johnson said.

Throughout 2016, Flynn worked for a number of cybersecurity firms personally and through his consulting firm, Flynn Intel GroupIn addition to his advisory board seat at OSY Technologies, he sat on the board of Adobe Systems, a large software company with Pentagon contracts, and the boards of the cybersecurity companies GreenZone Systems and HALO Privacy [11]. (Though Flynn described himself as an Adobe advisory board member in his financial disclosure paperwork, the group said in a statement that he provided only “periodic counsel to Adobe’s public sector team.”)

Prominent human rights activists and political dissidents have reported being targeted by NSO’s technology. On August 10, 2016, Ahmed Mansoor, an internationally recognized Emirati human rights activist, received a text message prompting him to click a link to read “new secrets” about detainees abused in UAE prisons. He got a similar text the next day. But Mansoor, who had already been repeatedly targeted by hackers, knew better than to click the links. Instead, he forwarded the messages to Citizen Lab.

Citizen Lab soon determined that NSO Group’s malware exploited an undisclosed mobile phone vulnerability, known as a zero-day exploit, that enabled its customers – that is, foreign governments – to surveil a target’s phone after the target clicked the link included in the phishing text message. If Mansoor had clicked that link, his “phone would have become a digital spy in his pocket, capable of employing his phone camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” Citizen Lab wrote [46] in a report.

Across the globe in Mexico, where Coca-Cola and PepsiCo were working to repeal a tax on sodas imposed in 2014, two activists and a government-employed scientist, all of whom supported the soda tax, received a series of suspicious text messages [48]. The texts, which became increasingly aggressive and threatening, came as the scientist and the activists were preparing a public relations campaign in support of raising the soda tax and promoting awareness of the health risks linked to sugary beverages.

Dr. Simón Barquera, researcher at Mexico’s National Institute for Public Health, received a text on July 11, 2016, inviting him to click a link the sender said would lead him to a detailed investigation of his clinic. When Barquera didn’t follow through, the texts escalated. On the 12th, he got a text with a link to a purported court document, which the sender claimed mentioned Barquera by name. On the 13th, yet another text included a link that supposedly contained information about a funeral. The day after that, the sender wrote, “You are an asshole Simon, while you are working I’m fuc king your old lady here is a photo.” The final text Barquera received in August said that his daughter was in “grave condition” after an accident, and included a link that would supposedly tell him where she was being treated.

Alejandro Calvillo, director of the consumer rights nonprofit El Poder del Consumidor, received a text with a link claiming to be from a man who wanted to know if Calvillo could attend the man’s father’s funeral. Another text sent to Calvillo included a link that the sender said was a viral news story that mentioned him. The final target, Luis Encarnación, a coordinator for the obesity prevention group Coalicion ContraPESO, also received a text with a link claiming that he was named in a news article.

The targets quickly got in touch with Citizen Lab and forwarded their text messages to the researchers. In February 2017, Citizen Lab released a new report [46] linking NSO Group’s technology to the phishing attempts targeting the pro-soda tax campaigners.

Citizen Lab researchers have also identified texts sent last summer to Mexican journalist Rafael Cabrera that they believe were an attempt to infect his phone with NSO Group’s Pegasus spyware. Cabrera, who now works for BuzzFeed Mexico, was targeted by hackers after he broke a story [49] revealing a potential conflict of interest with the Mexican first family and a Chinese company.

Citizen Lab believes NSO Group may have also sold its mobile phone spying technology to many governments, including those of Kenya, Mozambique, Yemen, Qatar, Turkey, Saudi Arabia, Uzbekistan, Thailand, Morocco, Hungary, Nigeria and Bahrain.

Working with repressive regimes is standard practice in the cyberweapons industry. The Italian surveillance malware firm Hacking Team has worked with dozens of countries known to jail dissidents, according to emails uploaded to WikiLeaks [50]. The FBI and the Drug Enforcement Agency [51]were among the company’s customers, according to the documents.

Despite recent scrutiny over Mansoor’s case, NSO Group’s value has exploded in recent years. Francisco Partners bought the cyberweapons dealer in 2014 for $120 million. It is now reportedly [52] valued at over $1 billion. . . .

4b. Due to the relative lack of sophistication required to carrying out a spear-phishing – the method behind both the DNC server hack and Podesta’s emails [38] and, allegedly [39], the attempts to hack 39 state election systems a week before the election [19] – almost anyone could have pulled these hacks off if they had adequate hacking skills, hiding their tracks and making appear as though “the Russians” did it. The NSO Group’s software specializes in create spear-phishing campaigns designed to trick people into clicking on the bad links using a variety of different tricks and insert spying malware in the victims’ systems. [40] Their spear-phishing methodology is sophisticated.

“. . . . Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000 [53]to be an advisory board member from May 2016 until January, according to his public financial disclosures. . . .”

Note how even when a phone is known to be hacked by someone using the NSO Group malware after a successful spear-phishing attempt, there’s still no way to know which NSO Group client did it. Even NSO Group claims it can’t determine who did it:

“. . . .The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico [54].

Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.

But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.

‘This is pretty much as good as it gets,’ said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.

Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed. . . .”

Yet for the DNC/Podesta hacks, which were also spear-phishing campaigns but against targets with a wide variety of potential enemies across the globe, the primary evidence we’re given that the Russian government was really behind the hacks was the amazingly sloppy hacker ‘mistakes’ like Cyrillic characters in the hacked document meta-data [21] and leaving the Bitly accounts they were using to create the links used in the spear-phishing emails public so Cyber-security researchers could watch their entire hacking campaign list of targets [55]. In other words, ‘evidence’ that could have easily be left to be found.

All of this adds to the mystery of Michael Flynn and the potential role he played in the Trump campaign: The former head of the US military’s spy agency worked for a company that makes advanced software designed to first conduct a successful spear-phishing campaign and then gives the victim NSO Group’s special spying malware, the same kind of campaign that attacked the DNC, John Podesta, and the 39 state election systems.

Yet almost no one seems to raise the question as to whether or not Flynn and his deep ties to the hacking world could have had anything to do with those high-profile hacks. Only consideration of Russian hackers is allowed. It’s a pretty mysterious mystery, although perhaps not as mysterious as the investigation.

“Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families” by Azam Ahmed and Nicole Perlroth; The New York Times; 06/19/2017 [40]

 Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students [56], a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.

The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups that have long kidnapped and killed Mexicans.

But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families, in what many view as an unprecedented effort to thwart the fight against the corruption infecting every limb of Mexican society.

“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness [57], who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.

The deployment of sophisticated cyberweaponry against citizens is a snapshot of the struggle for Mexico [58] itself, raising profound legal and ethical questions for a government already facing severe criticism [59]for its human rights record. Under Mexican law, only a federal judge can authorize the surveillance of private communications, and only when officials can demonstrate a sound basis for the request.

It is highly unlikely that the government received judicial approval to hack the phones, according to several former Mexican intelligence officials. Instead, they said, illegal surveillance is standard practice.

“Mexican security agencies wouldn’t ask for a court order, because they know they wouldn’t get one,” said Eduardo Guerrero, a former analyst at the Center for Investigation and National Security, Mexico’s intelligence agency and one of the government agencies that use the Pegasus spyware. “I mean, how could a judge authorize surveillance of someone dedicated to the protection of human rights?”

“There, of course, is no basis for that intervention, but that is besides the point,” he added. “No one in Mexico ever asks for permission to do so.”

The hacking attempts were highly personalized, striking critics with messages designed to inspire fear — and get them to click on a link that would provide unfettered access to their cellphones.

Carmen Aristegui, one of Mexico’s most famous journalists, was targeted by a spyware operator posing as the United States Embassy in Mexico, instructing her to click on a link to resolve an issue with her visa. The wife of Mr. Pardinas, the anti-corruption activist, was targeted with a message claiming to offer proof that he was having an extramarital affair.

For others, imminent danger was the entry point, like a message warning that a truck filled with armed men was parked outside Mr. Pardinas’s home.

“I think that any company that sells a product like this to a government would be horrified by the targets, of course, which don’t seem to fall into the traditional role of criminality,” said John Scott-Railton, a senior researcher at Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which examined [60] the hacking attempts.

The Mexican government acknowledges gathering intelligence against legitimate suspects in accordance with the law. “As in any democratic government, to combat crime and threats against national security the Mexican government carries out intelligence operations,” it said in a statement.

But the government “categorically denies that any of its members engages in surveillance or communications operations against defenders of human rights, journalists, anti-corruption activists or any other person without prior judicial authorization.”

The Mexican government’s deployment of spyware has come under suspicion before, including hacking attempts on political opponents and activists fighting corporate interests in Mexico [54].

Still, there is no ironclad proof that the Mexican government is responsible. The Pegasus software does not leave behind the hacker’s individual fingerprints. Even the software maker, the NSO Group, says it cannot determine who, exactly, is behind specific hacking attempts.

But cyberexperts can verify when the software has been used on a target’s phone, leaving them with few doubts that the Mexican government, or some rogue actor within it, was involved.

“This is pretty much as good as it gets,” said Bill Marczak, another senior researcher at Citizen Lab, who confirmed the presence of NSO code on several phones belonging to Mexican journalists and activists.

Moreover, it is extremely unlikely that cybercriminals somehow got their hands on the software, the NSO Group says, because the technology can be used only by the government agency where it is installed.

The company is part of a growing number of digital spying businesses that operate in a loosely regulated space. The market has picked up in recent years, particularly as companies like Apple and Facebook start encrypting their customers’ communications, making it harder for government agencies to conduct surveillance.

Increasingly, governments have found that the only way to monitor mobile phones is by using private businesses like the NSO Group that exploit little-known vulnerabilities in smartphone software. The company has, at times, operated its businesses under different names. One of them, OSY Technologies, paid Michael T. Flynn, President Trump’s former national security adviser, more than $40,000 [53] to be an advisory board member from May 2016 until January, according to his public financial disclosures.

Before selling to governments, the NSO Group says, it vets their human rights records. But once the company licenses the software and installs its hardware inside intelligence and law enforcement agencies, the company says, it has no way of knowing how its spy tools are used — or whom they are used against.

The company simply bills governments based on the total number of surveillance targets. To spy on 10 iPhone users, for example, the company charges $650,000 on top of a flat $500,000 installation fee, according to NSO marketing proposals reviewed by The New York Times [61].

Even when the NSO Group learns that its software has been abused, there is only so much it can do, the company says, arguing that it cannot simply march into intelligence agencies, remove its hardware and take back its spyware.

“When you’re selling AK-47s, you can’t control how they’ll be used once they leave the loading docks,” said Kevin Mahaffey, chief technology officer at Lookout, a mobile security company.

Rather, the NSO Group relies on its customers to cooperate in a review, then turns over the findings to the appropriate governmental authority — in effect, leaving governments to police themselves.

Typically, the company’s only recourse is to slowly cut off a government’s access to the spy tools over the course of months, or even years, by ceasing to provide new software patches, features and updates. But in the case of Mexico, the NSO Group has not condemned or even acknowledged any abuse, despite repeated evidence that its spy tools have been deployed against ordinary citizens and their families.

5. GOP-affiliated data analytics firm Deep Root has quite a data-privacy violation. A cybersecurity researcher discovered a Deep Root server with public access to their proprietary database of the voting habits/political views on over 198 million Americans on June 12th. Deep Root claims this was all due to an accident.

We wonder if there might be a link between the Deep Root data basing and other GOP cyber tactics and the alleged “Russian hacking” of U.S. election systems?

” . . . . To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.

Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.

TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys. . . .”

“GOP Data Firm Accidentally Leaks Personal Details of Nearly 200 Million American Voters” by Dell Cameron and Kate Conger, Gizmodo; 06/19/2017 [12]

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server.

The data leak contains a wealth of personal information on roughly 61 percent of the US population. Along with home addresses, birthdates, and phone numbers, the records include advanced sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity. The data was amassed from a variety of sources—from the banned subreddit r/fatpeoplehate [62] to American Crossroads, the super PAC co-founded by former White House strategist Karl Rove.

Deep Root Analytics, a conservative data firm that identifies audiences for political ads, confirmed ownership of the data to Gizmodo on Friday.

UpGuard [63] cyber risk analyst Chris Vickery discovered Deep Root’s data [63] online last week. More than a terabyte was stored on the cloud server without the protection of a password and could be accessed by anyone who found the URL. Many of the files did not originate at Deep Root, but are instead the aggregate of outside data firms and Republican super PACs, shedding light onto the increasingly advanced data ecosystem that helped propel President Donald Trump’s slim margins in key swing states.

Although files possessed by Deep Root would be typical in any campaign, Republican or Democratic, experts say its exposure in a single open database raises significant privacy concerns. “This is valuable for people who have nefarious purposes,” Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.

The RNC paid Deep Root $983,000 last year, according to Federal Election Commission reports, but its server contained records from a variety of other conservative sources paid millions more, including The Data Trust [64] (also known as GOP Data Trust), the Republican party’s primary voter file provider. Data Trust received over $6.7 million from the RNC during the 2016 cycle, according to OpenSecrets.org [65], and its president, Johnny DeStefano [66], now serves as Trump’s director of presidential personnel.

The Koch brothers’ political group Americans for Prosperity, which had a data-swapping agreement [67] with Data Trust during the 2016 election cycle, contributed heavily to the exposed files, as did the market research firm TargetPoint, whose co-founder previously served as director of Mitt Romney’s strategy team. (The Koch brothers also subsidized a data company known as i360, which began exchanging voter files [68] with Data Trust in 2014.) Furthermore, the files provided by Rove’s American Crossroads contain strategic voter data used to target, among others, disaffected Democrats and undecideds in Nevada, New Hampshire, Ohio, and other key battleground states.

Deep Root further obtained hundreds of files (at least) from The Kantar Group, a leading media and market research company with offices in New York, Beijing, Moscow, and more than a hundred other cities on six continents. Each file offers rich details about political ads—estimated cost, audience demographics, reach, and more—by and about figures and groups spanning the political spectrum. There are files on the Democratic Senatorial Campaign Committee, Planned Parenthood, and the American Civil Liberties Union, as well as files on every 2016 presidential candidate, Republicans included.

What’s more, the Kantar files each contain video links to related political ads stored on Kantar’s servers.

Spreadsheets acquired from TargetPoint, which partnered with Deep Root and GOP Data Trust during the 2016 election, include the home addresses, birthdates, and party affiliations of nearly 200 million registered voters in the 2008 and 2012 presidential elections, as well as some 2016 voters. TargetPoint’s data seeks to resolve questions about where individual voters stand on dozens of political issues. For example: Is the voter eco-friendly? Do they favor lowering taxes? Do they believe the Democrats should stand up to Trump? Do they agree with Trump’s “America First” economic stance? Pharmaceutical companies do great damage: Agree or Disagree?

The details of voters’ likely preferences for issues like stem cell research and gun control were likely drawn from a variety of sources according to a Democratic strategist who spoke with Gizmodo.

“Data like that would be a combination of polling data, real world data from door-knocking and phone-calling and other canvassing activities, coupled with modeling using the data we already have to extrapolate what the voters we don’t know about would think,” the strategist said. “The campaigns that do it right combine all the available data together to make the most robust model for every single voter in the target universe.”

Deep Root’s data was exposed after the company updated its security settings on June 1, Lundry said. Deep Root has retained Stroz Friedberg, a cybersecurity and digital forensics firm, to investigate. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked,” Lundry added.

So far, Deep Root doesn’t believe its proprietary data was accessed by any malicious third parties during the 12 days that the data was exposed on the open web.

Deep Root’s server was discovered by UpGuard’s Vickery on the night of June 12 as he was searching for data publicly accessible on Amazon’s cloud service. He used the same process last month to detect sensitive files tied to a US Defense Department project and exposed by an employee of a top defense contractor [69].

This is not the first leak of voter files uncovered by Vickery, who told Gizmodo that he was alarmed over how the data was apparently being used—some states, for instance, prohibit the commercial use of voter records. Moreover, it was not immediately clear to whom the data belonged. “It was decided that law enforcement should be contacted before attempting any contact with the entity responsible,” said Vickery, who reported that the server was secured two days later on June 14.

A web of data firms funnel research into campaigns

Deep Root’s data sheds light onto the increasingly sophisticated data operation that has fed recent Republican campaigns and lays bare the intricate network of political organizations, PACs, and analysis firms that trade in bulk voter data. In an email to Gizmodo, Deep Root said that its voter models are used to enhance the understanding of TV viewership for political ad buyers. “The data accessed was not built for or used by any specific client,” Lundry said. “It is our proprietary analysis to help inform local television ad buying.”

However, the presence of data on the server from several political organizations, including TargetPoint and Data Trust, suggests that it was used for Republican political campaigns. Deep Root also works primarily with GOP customers (although similar vendors, such as NationBuilder, service the Democrats as well).

Deep Root is one of three data firms hired by the Republican National Committee in the run-up to the 2016 presidential election. Founded by Lundry, a data scientist on the Jeb Bush and Mitt Romney campaigns, the firm was one of three analytics teams that worked on the Trump campaign following the party’s national convention in the summer of 2016.

Lundry’s work brought him into Trump’s campaign war room, according to a post-election AdAge article [70] that charted the GOP’s 2016 data efforts. Deep Root was hand-picked by the RNC’s then-chief of staff, Katie Walsh, in September of last year and joined two other data shops—TargetPoint Consulting and Causeway Solutions—in the effort to win Trump the presidency.

To appeal to the three crucial categories, it appears that Trump’s team relied on voter data provided by Data Trust. Complete voter rolls for 2008 and 2012, as well as partial 2016 voter rolls for Florida and Ohio, apparently compiled by Data Trust are contained in the dataset exposed by Deep Root.

Data Trust acquires voter rolls from state officials and then standardizes the voter data to create a clean, manageable record of all registered US voters, a source familiar with the firm’s operations told Gizmodo. Voter data itself is public record and therefore not particularly sensitive, the source added, but the tools Data Trust uses to standardize that data are considered proprietary. That data is then provided to political clients, including analytics firms like Deep Root. While Data Trust requires its clients to protect the data, it has to take clients at their word that industry-standard encryption and security protocols are in place.

TargetPoint and Causeway, the two firms employed by the RNC in addition to Deep Root, apparently layered their own analytics atop the information provided by Data Trust. TargetPoint conducted thousands of surveys per week in 22 states, according to AdAge, gauging voter sentiment on a variety of topics. While Causeway helped manage the data, Deep Root used it to perfect its TV advertising targets—producing voter turnout estimates by county and using that intelligence to target its ad buys.

A source with years of experience working on political campaign data operations told Gizmodo that the data exposed by Deep Root appeared to be customized for the RNC and had apparently been used to create models for turnout and voter preferences. Metadata in the files suggested that the database wasn’t Deep Root’s working copy, but rather a post-election version of its data, the source said, adding that it was somewhat surprising the files hadn’t been discarded.

Because the data from the 2008 and 2012 elections is outdated—the source compared it to the kind of address and phone data one could find on a “lousy internet lookup site”—it’s not very valuable. Even the 2016 data is quickly becoming stale. “This is a proprietary dataset based on a mix of public records, data from commercial providers, and a variety of predictive models of uncertain provenance and quality,” the source said, adding: “Undoubtedly it took millions of dollars to produce.”

Although basic voter information is public record, Deep Root’s dataset contains a swirl of proprietary information from the RNC’s data firms. Many of filenames indicate they potentially contain market research on Democratic candidates and the independent expenditure committees that support them. (Up to two terabytes of data contained on the server was protected by permission settings.)

One exposed folder is labeled “Exxon-Mobile” [sic] and contains spreadsheets apparently used to predict which voters support the oil and gas industry. Divided by state, the files include the voters’ names and addresses, along with a unique RNC identification number assigned to every US citizen registered to vote. Each row indicates where voters likely fall on issues of interest to ExxonMobil, the country’s biggest natural gas producer.

The data evaluates, for example, whether or not a specific voter believes drilling for fossil fuels is vital to US security. It also predicts if the voter thinks the US should be moving away from fossil-fuel use. The ExxonMobil “national score” document alone contains data on 182,746,897 Americans spread across 19 fields.

Reddit analysis

Some of the data included in Deep Root’s dataset veers into downright bizarre territory. A folder titled simply ‘reddit’ houses 170 GBs of data apparently scraped from several subreddits, including the controversial r/fatpeoplehate that was home to a community of people who posted pictures of people and mocked them for their weight before it was banned from Reddit’s platform in 2015 [71]. Other subreddits that appear to have been scraped by Deep Root or a partner organization focused on more benign topics, like mountain biking and the Spanish language.

The Reddit data could’ve been used as training data for an artificial intelligence algorithm focused on natural language processing, or it might have been harvested as part of an effort to match up Reddit users with their voter registration records. During the 2012 election cycle, Barack Obama’s campaign data team relied on information gleaned from Facebook profiles [72] and matched profiles to voter records [73].

During the 2016 election season, Reddit played host to a legion of Trump supporters who gathered in subreddits like r/The_Donald to comb through leaked Democratic National Committee emails and craft pro-Trump memes. Trump himself participated in an “Ask Me Anything” session on r/The_Donald during his campaign.

Given how active some Trump supporters are on Reddit—r/The_Donald currently boasts more than 430,000 members—it makes sense that Trump’s data team might be interested in analyzing data from the site.

FiveThirtyEight analysis [74] that looked at where r/The_Donald members spend their time when they’re not talking politics might shed some light onto why Deep Root collected r/fatpeoplehate data. FiveThirtyEight found that, when Redditors weren’t commenting in political subreddits, they most often frequented r/fatpeoplehate.

It’s possible that Deep Root intended to use data from r/fatpeoplehate to build a more comprehensive profile of Trump voters. (Lundry declined to comment beyond his initial statement on any of information included in the Deep Root dataset.)

However, FiveThirtyEight’s investigation doesn’t account for Deep Root’s collection of data from mountain-biking and Spanish-speaking subreddits that weren’t as popular with r/The_Donald members—and data from these subreddits that are not so closely linked to Trump’s diehard supporters might be more useful for his campaign’s goal of pursuing swing voters.

“My guess is that they were scraping Reddit posts to match to the voter file as another input for individual modeling,” a source familiar with campaign data operations told Gizmodo. “Given the number of random forums, my guess is they started with a list of accounts to scrape from, rather than scraping from all forums then trying to match from there (in which case you’d start with the political ones).”

Matching voter records with Reddit usernames would be complicated and any large-scale effort would likely result in many inaccuracies, the source said. However, campaigns have attempted to match voter files with social media profiles in the past. Such an effort by Deep Root wouldn’t be entirely surprising, and would likely yield rich data on the small portion of users it was able to match with their voter profiles, the source explained.

Data exposes sensitive voter info

The Deep Root incident represents the largest known leak of Americans’ voter records, outstripping past exposures by several million records. Five voter-file leaks over the past 18 months exposed between 350,000 [75] and 191 million [76] files, some of which paired voter data—name, race, gender, birthdate, address, phone number, party affiliation, etc.—with email accounts, social media profiles, and records of gun ownership [77].

Campaigns and the data analysis firms they employ are a particularly weak point for data exposure, security experts say. Corporations that don’t properly secure customer data can face significant financial repercussions—just ask Target [78] or Yahoo [79]. But because campaigns are short-term operations, there’s not much incentive for them to take data security seriously, and valuable data is often left out to rust after an election.

“Campaigns are very narrowly focused. They are shoestring operations, even presidential campaigns. So they don’t think of this as an asset they need to protect,” the Center for Democracy and Technology’s Hall told Gizmodo.

Even though voter rolls are public record and are easy to access—Ohio, for instance, makes its voter rolls available to download online—their exposure can still be harmful.

Voter registration records include ZIP codes, birthdates, and other personal information that have been crucial in research efforts to re-identify anonymous medical data [80]. Latanya Sweeney, a professor of government and technology at Harvard University, famously used voter data to re-identify Massachusetts Governor William Weld from information in anonymous hospital discharge records.

Because of the personal information they contain, voter registration databases can also be useful in identity theft schemes.

Even though exposure of Deep Root’s data has the potential to harm voters, it’s exactly the kind of data that campaigns lust after and will spend millions of dollars to obtain. Campaigns are motivated to accumulate as much deeply personal information about voters as possible, so they can spend their ad dollars in the right swing districts where they’re likely to sway the greatest number of voters. But voter data rapidly goes stale and campaigns close up shop quickly, so data is seen as disposable and often isn’t well-protected.

“I can think of no avenues for punishing political data breaches or otherwise properly aligning the incentives. I worry that if there’s no way to punish campaigns for leaking this stuff, it’s going to continue to happen until something bad happens,” Hall said. The data left behind by campaigns can pose a lingering security issue, he added. “None of these motherfuckers were ever Boy Scouts or Girl Scouts, they don’t pack out what they pack in.”

7. Where’s Cambridge Analytica? Did they get access to that data too? They were Trump’s primary Big Data secret weapon. So as this data redundant for them? If not and this data really is of use to Cambridge Analytica, then if we’re trying to think of a likely intended recipient for those terrabytes of data it’s hard to think of a likelier recipient than Cambridge Analytica. Especially after was announced back in January that the RNC’s Big Data guru was heading over to Cambridge Analytica as part of a bid to turn the firm into the RNC’s Big Data firm of choice [18]:

“Trump’s Data Firm Snags RNC Tech Guru Darren Bolding” by Issie Lapowsky; Wired; 01/16/17 [18]

British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies [81]—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.

Bolding, who in November, 2015, became the RNC’s third CTO in as many years after building his career as an engineer in Silicon Valley, will assume the title of CTO at Cambridge, where he will build products for commercial and political clients. “We want to be able to scale up what we’re already doing, since there’s been quite a lot of interest from the commercial and political space,” he says.

Cambridge’s pitch is that it divides audiences into “psychographic groups” to target them with the kinds of messages that, like most ads, are based on demographic factors but also are most likely to appeal to their emotional and psychological profiles. The effectiveness of, and methodology behind, these tactics remain the subject of great debate among the Beltway’s traditional data minds, who express skepticism about Cambridge’s ability to deliver on its promises. But Trump’s victory in November was a blow to the firm’s detractors [82].

Though Cambridge is now pursuing commercial clients through its new office in New York, it’s also expanding its DC operation and hopes to secure government and defense contracts under the Trump administration. Cambridge already has the requisite ties. Not only did it work for the Trump campaign, but Steve Bannon, Trump’s chief strategist, serves on the firm’s board.

Cambridge also is funded by Robert Mercer, the billionaire donor who gave millions to Trump Super PACs and whose daughter Rebekah Mercer serves on the Trump transition team. She reportedly [83]is involved in shaping the non-profit organization that will serve as a fundraising and messaging vehicle for the Trump administration. That could give Cambridge an advantage in securing its business. Cambridge Analytica declined to comment on these potential deals, and the Trump transition team has not yet responded to WIRED’s request for comment.

Bolding’s departure from the RNC comes as Republicans and Democrats alike grapple with the threat of cyber attacks in the wake of the breach, attributed to Russian hackers, of the Democratic National Committee during the 2016 election. During his press conference this week, president-elect Trump scolded the DNC for allowing such an attack and claimed that hackers were foiled in their attempt to penetrate the Republican National Committee. Bolding confirms the RNC experienced frequent attacks throughout the election cycle. “We were very vigorously attacked,” Bolding says. “I’ve done this for large commercial companies that have had significant threats, but this was really intense.”

While there may have been no breaches of recent RNC data, in a hearing before the Senate Select Committee on Intelligence Tuesday, FBI director James Comey said [84] that “information was harvested” from old RNC email domains that are no longer in use, though none of that information was released.

———-

“British newcomers Cambridge Analytica earned serious bragging rights—and more than a few enemies [81]—as the data firm that helped engineer Donald Trump’s victory in its first US presidential election. Now it’s poaching the Republican National Committee’s chief technology officer, Darren Bolding, in a quest to become the analytics outfit of record for the GOP.

8. Seymour Hersh has a piece in Die Welt about the intelligence that went into the Trump administration’s decision to launch a cruise missile strike against a Syrian airbase following the alleged sarin gas attack on the city of Khan Sheikhoun in Idlib.

So what did the intelligence community know about the attack? Well, the Russian and Syrian air force had in fact informed the US in advance of that airstrike that they had intelligence that top level leaders of Ahrar al-Sham and Jabhat al-Nusra were meeting in that building and they informed of the US of the attack plan in advance of the attack and that it was on a “high-value” target. And the attack involved the unusual use of a guided bomb and Syria’s top pilots. Following the attack, US intelligence concluded that there was no sarin gas attack, Assad wouldn’t have been that politically suicidal, and the symptoms of chemical poisoning following the bombing was likely due to a mixture of chlorine, fertilizers, and other chemicals stored in the building that was targeted by the Syrian airforce created by secondary explosions from the initial bombing.

Key portions of Hersh’s story:

“. . . . The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.

‘The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,’ a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. ‘It was an established meeting place,’ the senior adviser said. ‘A long-time facility that would have had security, weapons, communications, files and a map center.’ The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.

Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.

The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”

The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.

A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. . . .

” . . . . The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. ‘The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,’ the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. ‘The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.’ . . .”

“Trump‘s Red Line” by Seymour M. Hersh; Welt.de; 06/25/2017 [15]

On April 6, United States President Donald Trump authorized an early morning Tomahawk missile strike on Shayrat Air Base in central Syria in retaliation for what he said was a deadly nerve agent attack carried out by the Syrian government two days earlier in the rebel-held town of Khan Sheikhoun. Trump issued the order despite having been warned by the U.S. intelligence community that it had found no evidence that the Syrians had used a chemical weapon.

The available intelligence made clear that the Syrians had targeted a jihadist meeting site on April 4 using a Russian-supplied guided bomb equipped with conventional explosives. Details of the attack, including information on its so-called high-value targets, had been provided by the Russians days in advance to American and allied military officials in Doha, whose mission is to coordinate all U.S., allied, Syrian and Russian Air Force operations in the region.

Some American military and intelligence officials were especially distressed by the president’s determination to ignore the evidence. “None of this makes any sense,” one officer told colleagues upon learning of the decision to bomb. “We KNOW that there was no chemical attack … the Russians are furious. Claiming we have the real intel and know the truth … I guess it didn’t matter whether we elected Clinton or Trump.“

Within hours of the April 4 bombing, the world’s media was saturated with photographs and videos from Khan Sheikhoun. Pictures of dead and dying victims, allegedly suffering from the symptoms of nerve gas poisoning, were uploaded to social media by local activists, including the White Helmets, a first responder group known for its close association with the Syrian opposition.

The provenance of the photos was not clear and no international observers have yet inspected the site, but the immediate popular assumption worldwide was that this was a deliberate use of the nerve agent sarin, authorized by President Bashar Assad of Syria. Trump endorsed that assumption by issuing a statement within hours of the attack, describing Assad’s “heinous actions” as being a consequence of the Obama administration’s “weakness and irresolution” in addressing what he said was Syria’s past use of chemical weapons.

To the dismay of many senior members of his national security team, Trump could not be swayed over the next 48 hours of intense briefings and decision-making. In a series of interviews, I learned of the total disconnect between the president and many of his military advisers and intelligence officials, as well as officers on the ground in the region who had an entirely different understanding of the nature of Syria’s attack on Khan Sheikhoun. I was provided with evidence of that disconnect, in the form of transcripts of real-time communications, immediately following the Syrian attack on April 4. In an important pre-strike process known as deconfliction, U.S. and Russian officers routinely supply one another with advance details of planned flight paths and target coordinates, to ensure that there is no risk of collision or accidental encounter (the Russians speak on behalf of the Syrian military). This information is supplied daily to the American AWACS surveillance planes that monitor the flights once airborne. Deconfliction’s success and importance can be measured by the fact that there has yet to be one collision, or even a near miss, among the high-powered supersonic American, Allied, Russian and Syrian fighter bombers.

Russian and Syrian Air Force officers gave details of the carefully planned flight path to and from Khan Shiekhoun on April 4 directly, in English, to the deconfliction monitors aboard the AWACS plane, which was on patrol near the Turkish border, 60 miles or more to the north.

The Syrian target at Khan Sheikhoun, as shared with the Americans at Doha, was depicted as a two-story cinder-block building in the northern part of town. Russian intelligence, which is shared when necessary with Syria and the U.S. as part of their joint fight against jihadist groups, had established that a high-level meeting of jihadist leaders was to take place in the building, including representatives of Ahrar al-Sham and the al-Qaida-affiliated group formerly known as Jabhat al-Nusra. The two groups had recently joined forces, and controlled the town and surrounding area. Russian intelligence depicted the cinder-block building as a command and control center that housed a grocery and other commercial premises on its ground floor with other essential shops nearby, including a fabric shop and an electronics store.

“The rebels control the population by controlling the distribution of goods that people need to live – food, water, cooking oil, propane gas, fertilizers for growing their crops, and insecticides to protect the crops,” a senior adviser to the American intelligence community, who has served in senior positions in the Defense Department and Central Intelligence Agency, told me. The basement was used as storage for rockets, weapons and ammunition, as well as products that could be distributed for free to the community, among them medicines and chlorine-based decontaminants for cleansing the bodies of the dead before burial. The meeting place – a regional headquarters – was on the floor above. “It was an established meeting place,” the senior adviser said. “A long-time facility that would have had security, weapons, communications, files and a map center.” The Russians were intent on confirming their intelligence and deployed a drone for days above the site to monitor communications and develop what is known in the intelligence community as a POL – a pattern of life. The goal was to take note of those going in and out of the building, and to track weapons being moved back and forth, including rockets and ammunition.

One reason for the Russian message to Washington about the intended target was to ensure that any CIA asset or informant who had managed to work his way into the jihadist leadership was forewarned not to attend the meeting.I was told that the Russians passed the warning directly to the CIA. “They were playing the game right,” the senior adviser said. The Russian guidance noted that the jihadist meeting was coming at a time of acute pressure for the insurgents: Presumably Jabhat al-Nusra and Ahrar al-Sham were desperately seeking a path forward in the new political climate. In the last few days of March, Trump and two of his key national security aides – Secretary of State Rex Tillerson and UN Ambassador Nikki Haley – had made statements acknowledging that, as the New York Times put it, the White House “has abandoned the goal” of pressuring Assad “to leave power, marking a sharp departure from the Middle East policy that guided the Obama administration for more than five years.” White House Press Secretary Sean Spicer told a press briefing on March 31 that “there is a political reality that we have to accept,” implying that Assad was there to stay.

Russian and Syrian intelligence officials, who coordinate operations closely with the American command posts, made it clear that the planned strike on Khan Sheikhoun was special because of the high-value target. “It was a red-hot change. The mission was out of the ordinary – scrub the sked,” the senior adviser told me. “Every operations officer in the region” – in the Army, Marine Corps, Air Force, CIA and NSA – “had to know there was something going on. The Russians gave the Syrian Air Force a guided bomb and that was a rarity. They’re skimpy with their guided bombs and rarely share them with the Syrian Air Force. And the Syrians assigned their best pilot to the mission, with the best wingman.” The advance intelligence on the target, as supplied by the Russians, was given the highest possible score inside the American community.

The Execute Order governing U.S. military operations in theater, which was issued by the Chairman of the Joint Chiefs of Staff, provide instructions that demarcate the relationship between the American and Russian forces operating in Syria. “It’s like an ops order – ‘Here’s what you are authorized to do,’” the adviser said. “We do not share operational control with the Russians. We don’t do combined operations with them, or activities directly in support of one of their operations. But coordination is permitted. We keep each other apprised of what’s happening and within this package is the mutual exchange of intelligence. If we get a hot tip that could help the Russians do their mission, that’s coordination; and the Russians do the same for us. When we get a hot tip about a command and control facility,” the adviser added, referring to the target in Khan Sheikhoun, “we do what we can to help them act on it.” “This was not a chemical weapons strike,” the adviser said. “That’s a fairy tale. If so, everyone involved in transferring, loading and arming the weapon – you’ve got to make it appear like a regular 500-pound conventional bomb – would be wearing Hazmat protective clothing in case of a leak. There would be very little chance of survival without such gear. Military grade sarin includes additives designed to increase toxicity and lethality. Every batch that comes out is maximized for death. That is why it is made. It is odorless and invisible and death can come within a minute. No cloud. Why produce a weapon that people can run away from?”

The target was struck at 6:55 a.m. on April 4, just before midnight in Washington. A Bomb Damage Assessment (BDA) by the U.S. military later determined that the heat and force of the 500-pound Syrian bomb triggered a series of secondary explosions that could have generated a huge toxic cloud that began to spread over the town, formed by the release of the fertilizers, disinfectants and other goods stored in the basement, its effect magnified by the dense morning air, which trapped the fumes close to the ground. According to intelligence estimates, the senior adviser said, the strike itself killed up to four jihadist leaders, and an unknown number of drivers and security aides. There is no confirmed count of the number of civilians killed by the poisonous gases that were released by the secondary explosions, although opposition activists reported that there were more than 80 dead, and outlets such as CNN have put the figure as high as 92. A team from Médecins Sans Frontières, treating victims from Khan Sheikhoun at a clinic 60 miles to the north, reported that “eight patients showed symptoms – including constricted pupils, muscle spasms and involuntary defecation – which are consistent with exposure to a neurotoxic agent such as sarin gas or similar compounds.” MSF also visited other hospitals that had received victims and found that patients there “smelled of bleach, suggesting that they had been exposed to chlorine.” In other words, evidence suggested that there was more than one chemical responsible for the symptoms observed, which would not have been the case if the Syrian Air Force – as opposition activists insisted – had dropped a sarin bomb, which has no percussive or ignition power to trigger secondary explosions. The range of symptoms is, however, consistent with the release of a mixture of chemicals, including chlorine and the organophosphates used in many fertilizers, which can cause neurotoxic effects similar to those of sarin.

The internet swung into action within hours, and gruesome photographs of the victims flooded television networks and YouTube. U.S. intelligence was tasked with establishing what had happened. Among the pieces of information received was an intercept of Syrian communications collected before the attack by an allied nation. The intercept, which had a particularly strong effect on some of Trump’s aides, did not mention nerve gas or sarin, but it did quote a Syrian general discussing a “special” weapon and the need for a highly skilled pilot to man the attack plane. The reference, as those in the American intelligence community understood, and many of the inexperienced aides and family members close to Trump may not have, was to a Russian-supplied bomb with its built-in guidance system. “If you’ve already decided it was a gas attack, you will then inevitably read the talk about a special weapon as involving a sarin bomb,” the adviser said. “Did the Syrians plan the attack on Khan Sheikhoun? Absolutely. Do we have intercepts to prove it? Absolutely. Did they plan to use sarin? No. But the president did not say: ‘We have a problem and let’s look into it.’ He wanted to bomb the shit out of Syria.”

At the UN the next day, Ambassador Haley created a media sensation when she displayed photographs of the dead and accused Russia of being complicit. “How many more children have to die before Russia cares?” she asked. NBC News, in a typical report that day, quoted American officials as confirming that nerve gas had been used and Haley tied the attack directly to Syrian President Assad. “We know that yesterday’s attack was a new low even for the barbaric Assad regime,” she said. There was irony in America’s rush to blame Syria and criticize Russia for its support of Syria’s denial of any use of gas in Khan Sheikhoun, as Ambassador Haley and others in Washington did. “What doesn’t occur to most Americans” the adviser said, “is if there had been a Syrian nerve gas attack authorized by Bashar, the Russians would be 10 times as upset as anyone in the West. Russia’s strategy against ISIS, which involves getting American cooperation, would have been destroyed and Bashar would be responsible for pissing off Russia, with unknown consequences for him. Bashar would do that? When he’s on the verge of winning the war? Are you kidding me?”

Trump, a constant watcher of television news, said, while King Abdullah of Jordan was sitting next to him in the Oval Office, that what had happened was “horrible, horrible” and a “terrible affront to humanity.” Asked if his administration would change its policy toward the Assad government, he said: “You will see.” He gave a hint of the response to come at the subsequent news conference with King Abdullah: “When you kill innocent children, innocent babies – babies, little babies – with a chemical gas that is so lethal … that crosses many, many lines, beyond a red line . … That attack on children yesterday had a big impact on me. Big impact … It’s very, very possible … that my attitude toward Syria and Assad has changed very much.”

Within hours of viewing the photos, the adviser said, Trump instructed the national defense apparatus to plan for retaliation against Syria. “He did this before he talked to anybody about it. The planners then asked the CIA and DIA if there was any evidence that Syria had sarin stored at a nearby airport or somewhere in the area. Their military had to have it somewhere in the area in order to bomb with it.” “The answer was, ‘We have no evidence that Syria had sarin or used it,’” the adviser said. “The CIA also told them that there was no residual delivery for sarin at Sheyrat [the airfield from which the Syrian SU-24 bombers had taken off on April 4] and Assad had no motive to commit political suicide.”Everyone involved, except perhaps the president, also understood that a highly skilled United Nations team had spent more than a year in the aftermath of an alleged sarin attack in 2013 by Syria, removing what was said to be all chemical weapons from a dozen Syrian chemical weapons depots.

At this point, the adviser said, the president’s national security planners were more than a little rattled: “No one knew the provenance of the photographs. We didn’t know who the children were or how they got hurt. Sarin actually is very easy to detect because it penetrates paint, and all one would have to do is get a paint sample. We knew there was a cloud and we knew it hurt people. But you cannot jump from there to certainty that Assad had hidden sarin from the UN because he wanted to use it in Khan Sheikhoun.” The intelligence made clear that a Syrian Air Force SU-24 fighter bomber had used a conventional weapon to hit its target: There had been no chemical warhead. And yet it was impossible for the experts to persuade the president of this once he had made up his mind. “The president saw the photographs of poisoned little girls and said it was an Assad atrocity,” the senior adviser said. “It’s typical of human nature. You jump to the conclusion you want. Intelligence analysts do not argue with a president. They’re not going to tell the president, ‘if you interpret the data this way, I quit.’”

The national security advisers understood their dilemma: Trump wanted to respond to the affront to humanity committed by Syria and he did not want to be dissuaded. They were dealing with a man they considered to be not unkind and not stupid, but his limitations when it came to national security decisions were severe. “Everyone close to him knows his proclivity for acting precipitously when he does not know the facts,” the adviser said. “He doesn’t read anything and has no real historical knowledge. He wants verbal briefings and photographs. He’s a risk-taker. He can accept the consequences of a bad decision in the business world; he will just lose money. But in our world, lives will be lost and there will be long-term damage to our national security if he guesses wrong. He was told we did not have evidence of Syrian involvement and yet Trump says: ‘Do it.”’

On April 6, Trump convened a meeting of national security officials at his Mar-a-Lago resort in Florida. The meeting was not to decide what to do, but how best to do it – or, as some wanted, how to do the least and keep Trump happy. “The boss knew before the meeting that they didn’t have the intelligence, but that was not the issue,” the adviser said. “The meeting was about, ‘Here’s what I’m going to do,’ and then he gets the options.”

The available intelligence was not relevant. The most experienced man at the table was Secretary of Defense James Mattis, a retired Marine Corps general who had the president’s respect and understood, perhaps, how quickly that could evaporate. Mike Pompeo, the CIA director whose agency had consistently reported that it had no evidence of a Syrian chemical bomb, was not present. Secretary of State Tillerson was admired on the inside for his willingness to work long hours and his avid reading of diplomatic cables and reports, but he knew little about waging war and the management of a bombing raid. Those present were in a bind, the adviser said. “The president was emotionally energized by the disaster and he wanted options.” He got four of them, in order of extremity. Option one was to do nothing. All involved, the adviser said, understood that was a non-starter. Option two was a slap on the wrist: to bomb an airfield in Syria, but only after alerting the Russians and, through them, the Syrians, to avoid too many casualties. A few of the planners called this the “gorilla option”: America would glower and beat its chest to provoke fear and demonstrate resolve, but cause little significant damage. The third option was to adopt the strike package that had been presented to Obama in 2013, and which he ultimately chose not to pursue. The plan called for the massive bombing of the main Syrian airfields and command and control centers using B1 and B52 aircraft launched from their bases in the U.S. Option four was “decapitation”: to remove Assad by bombing his palace in Damascus, as well as his command and control network and all of the underground bunkers he could possibly retreat to in a crisis.

“Trump ruled out option one off the bat,” the senior adviser said, and the assassination of Assad was never considered. “But he said, in essence: ‘You’re the military and I want military action.’” The president was also initially opposed to the idea of giving the Russians advance warning before the strike, but reluctantly accepted it. “We gave him the Goldilocks option – not too hot, not too cold, but just right.” The discussion had its bizarre moments. Tillerson wondered at the Mar-a-Lago meeting why the president could not simply call in the B52 bombers and pulverize the air base. He was told that B52s were very vulnerable to surface-to-air missiles (SAMs) in the area and using such planes would require suppression fire that could kill some Russian defenders. “What is that?” Tillerson asked. Well, sir, he was told, that means we would have to destroy the upgraded SAM sites along the B52 flight path, and those are manned by Russians, and we possibly would be confronted with a much more difficult situation. “The lesson here was: Thank God for the military men at the meeting,” the adviser said. “They did the best they could when confronted with a decision that had already been made.”

Fifty-nine Tomahawk missiles were fired from two U.S. Navy destroyers on duty in the Mediterranean, the Ross and the Porter, at Shayrat Air Base near the government-controlled city of Homs. The strike was as successful as hoped, in terms of doing minimal damage. The missiles have a light payload – roughly 220 pounds of HBX, the military’s modern version of TNT. The airfield’s gasoline storage tanks, a primary target, were pulverized, the senior adviser said, triggering a huge fire and clouds of smoke that interfered with the guidance system of following missiles. As many as 24 missiles missed their targets and only a few of the Tomahawks actually penetrated into hangars, destroying nine Syrian aircraft, many fewer than claimed by the Trump administration. I was told that none of the nine was operational: such damaged aircraft are what the Air Force calls hangar queens. “They were sacrificial lambs,” the senior adviser said. Most of the important personnel and operational fighter planes had been flown to nearby bases hours before the raid began. The two runways and parking places for aircraft, which had also been targeted, were repaired and back in operation within eight hours or so. All in all, it was little more than an expensive fireworks display.

“It was a totally Trump show from beginning to end,” the senior adviser said. “A few of the president’s senior national security advisers viewed the mission as a minimized bad presidential decision, and one that they had an obligation to carry out. But I don’t think our national security people are going to allow themselves to be hustled into a bad decision again. If Trump had gone for option three, there might have been some immediate resignations.”

After the meeting, with the Tomahawks on their way, Trump spoke to the nation from Mar-a-Lago, and accused Assad of using nerve gas to choke out “the lives of helpless men, women and children. It was a slow and brutal death for so many … No child of God should ever suffer such horror.” The next few days were his most successful as president. America rallied around its commander in chief, as it always does in times of war. Trump, who had campaigned as someone who advocated making peace with Assad, was bombing Syria 11 weeks after taking office, and was hailed for doing so by Republicans, Democrats and the media alike. One prominent TV anchorman, Brian Williams of MSNBC, used the word “beautiful” to describe the images of the Tomahawks being launched at sea. Speaking on CNN, Fareed Zakaria said: “I think Donald Trump became president of the United States.” A review of the top 100 American newspapers showed that 39 of them published editorials supporting the bombing in its aftermath, including the New York TimesWashington Post and Wall Street Journal.

Five days later, the Trump administration gathered the national media for a background briefing on the Syrian operation that was conducted by a senior White House official who was not to be identified. The gist of the briefing was that Russia’s heated and persistent denial of any sarin use in the Khan Sheikhoun bombing was a lie because President Trump had said sarin had been used. That assertion, which was not challenged or disputed by any of the reporters present, became the basis for a series of further criticisms:

– The continued lying by the Trump administration about Syria’s use of sarin led to widespread belief in the American media and public that Russia had chosen to be involved in a corrupt disinformation and cover-up campaign on the part of Syria.

– Russia’s military forces had been co-located with Syria’s at the Shayrat airfield (as they are throughout Syria), raising the possibility that Russia had advance notice of Syria’s determination to use sarin at Khan Sheikhoun and did nothing to stop it.

– Syria’s use of sarin and Russia’s defense of that use strongly suggested that Syria withheld stocks of the nerve agent from the UN disarmament team that spent much of 2014 inspecting and removing all declared chemical warfare agents from 12 Syrian chemical weapons depots, pursuant to the agreement worked out by the Obama administration and Russia after Syria’s alleged, but still unproven, use of sarin the year before against a rebel redoubt in a suburb of Damascus.

The briefer, to his credit, was careful to use the words “think,” “suggest” and “believe” at least 10 times during the 30-minute event. But he also said that his briefing was based on data that had been declassified by “our colleagues in the intelligence community.” What the briefer did not say, and may not have known, was that much of the classified information in the community made the point that Syria had not used sarin in the April 4 bombing attack.

The crisis slid into the background by the end of April, as Russia, Syria and the United States remained focused on annihilating ISIS and the militias of al-Qaida. Some of those who had worked through the crisis, however, were left with lingering concerns. “The Salafists and jihadists got everything they wanted out of their hyped-up Syrian nerve gas ploy,” the senior adviser to the U.S. intelligence community told me, referring to the flare up of tensions between Syria, Russia and America. “The issue is, what if there’s another false flag sarin attack credited to hated Syria? Trump has upped the ante and painted himself into a corner with his decision to bomb. And do not think these guys are not planning the next faked attack. Trump will have no choice but to bomb again, and harder. He’s incapable of saying he made a mistake.”

———-

9. That’s ominous: So you know that potential bombshell report by Sy Hersh in Die Welt about how Donald Trump’s intelligence and military advisors has concluded that Bashar Assad’s regime was not in fact responsible for a sarin gas attack but instead the cloud of chemicals was a consequence of secondary explosions of stored chlorine and fertilizer in building by the Syrian air force [85]? That report has been almost entirely ignored by American news outlets? Well, it’s going to be a lot harder to ignore that report now that the White House just issued an ominous message indicating it has evidence that Assad’s forces were planning a chemical attack and if that happens the consequences will be severe and Russian and Iran will be held responsible [16]:

“White House says Syria’s Assad preparing another chemical attack, warns of ‘heavy’ penalty” by Abby Phillip and Dan Lamothe; The Washington Post; 06/26/2017 [16]

The White House issued an ominous warning to Syrian President Bashar al-Assad on Monday night, pledging that his regime would pay a “heavy price” if it carried out another chemical attack this year.

In a statement, White House press secretary Sean Spicer said that the United States had detected evidence of preparations for a chemical attack, similar to the preparations that occurred before an attack in April.

“The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.

“As we have previously stated, the United States is in Syria to eliminate the Islamic State of Iraq and Syria,” he continued. “If, however, Mr. Assad conducts another mass murder attack using chemical weapons, he and his military will pay a heavy price.”

Following the April attack [86], President Trump ordered an air strike against the Assad-controlled air field where the attack was believed to have been carried out.

At the time, Trump said that Assad’s use of chemical weapons against innocent women and children made action inevitable.

“When you kill innocent children, innocent babies, babies, little babies, with a chemical gas that is so lethal — people were shocked to hear what gas it was,” Trump said after the attack. “That crosses many, many lines, beyond a red line, many, many lines.”

Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.

“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,”Haley wrote.

Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people.— Nikki Haley (@nikkihaley) June 27, 2017 [87]

The U.S. military maintains a variety of weapons in the region that could be used in the event of another strike, including manned and unmanned aircraft in several Middle Eastern countries. But the most likely scenario is probably a strike using naval assets, which can be launched with fewer diplomatic issues than using bases in allied countries such as Turkey or the United Arab Emirates.

The Navy launched Tomahawk missiles at a Syrian military airfield April 6 in response to a previous alleged chemical weapons attack, using two guided-missile destroyers in the eastern Mediterranean Sea, the USS Ross and USS Porter, to do so.

A point of contention for the Pentagon after the last strike was the Syrian regime’s alleged use of a nerve agent, like sarin. It is far deadlier than some other chemicals that U.S. military and intelligence officials say that the regime has used, such as chlorine.

———-

“”The United States has identified potential preparations for another chemical weapons attack by the Assad regime that would likely result in the mass murder of civilians, including innocent children,” Spicer said in the statement. “The activities are similar to preparations the regime made before its April 4, 2017 chemical weapons attack.”

That was the message from Sean Spicer, followed by this warning to Iran and Russia from UN Ambassador Nikki Haley:


Following Spicer’s statement on Monday night, Nikki Haley, the U.S. Ambassador to the United Nations said Assad and its allies would be squarely blamed if such an attack occurred.

“Any further attacks done to the people of Syria will be blamed on Assad, but also on Russia & Iran who support him killing his own people,” Haley wrote.