Dave Emory’s entire lifetime of work is available on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by early winter of 2016. The new drive (available for a tax-deductible contribution of $65.00 or more.) (The previous flash drive was current through the end of May of 2012.)
WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.
This broadcast was recorded in one, 60-minute segment.
Introduction: In past discussion of “Eddie the Friendly Spook,” we have characterized him as “the Obverse Oswald.
Supplementing and summing up the exhaustive “Eddie the Friendly Spook” series, this program sets forth the Snowden “psy-op” and the high-profile hacks against the background of Lee Harvey Oswald, the U.S. spy infiltrated into the Soviet Union and then into leftist organizations in the United States. Oswald was framed for JFK’s assassination and then killed before he could defend himself.
Whereas Oswald was portrayed as a villain, Eddie the Friendly Spook’s operation is the obverse, with Snowden decamping first to China and then to Russia and being portrayed as a hero. Snowden is not only a spy but a fascist, who advocates the elimination of Social Security and the return to the gold standard.
Snowden’s Russian sojourn appears to have been arranged by WikiLeaks, which also appears to have arranged his flight to China from Hawaii. (Snowden’s journey to Hawaii appears to have been facilitated by Jacob Applebaum, who may be behind the “Shadow Brokers” alleged hack of NSA cyberweapons.) It was Snowden’s journey to Moscow that threw Obama’s “reboot” with Russia under the bus.
In this program, we examine information indicating that Russia has been framed for the “Shadow Brokers” alleged hack of the NSA, much as it appears to have been framed for the DNC hack. Indeed, with both the DNC hack and the “Shadow Brokers” non-hack of the NSA, the evidence points increasingly toward “Team Snowden” and Eddie the Friendly Spook himself.
In that context, we again point to “The Obverse Oswald.” We strongly suspect that “Team Snowden” may have had something to do with this. Snowden is in Russia and working for a computer firm. The (frankly lame) framing of Russia for the DNC hack and the “Shadow Brokers” non-hack of the NSA reminds us of the process of “painting Oswald Red.”
We have covered this in numerous broadcasts, including The Guns of November, Part 1, AFA #15 and FTR #‘s 777 and 876. (An excellent book on the JFK assassination that presents an excellent breakdown of “the painting of Oswald Red” is JFK and the Unspeakable: Why He Died and Why It Matters.)
In a transitional element from FTR #922, the last of our programs dealing with the Trumpenkampfverbande, we note that Donald Trump’s ideology and rhetoric are a development and amplification of what we termed “The Paulistinian Libertarian Organization.” In FTR #‘s 755, 758 and 759, we have further developed the relationship between the Ron Paul milieu and WikiLeaks/Team Snowden. Trump supporter David Duke is inextricably linked with this milieu.
” . . . Trump’s style and positions — endorsing and consorting with 9/11 truthers, promoting online racists, using fake statistics— draw on a now-obscure political strategy called “paleolibertarianism,” which was once quite popular among some Republicans, especially former presidential candidate Ron Paul. . . .The figure whose ideas unify Pauline libertarians and today’s Trumpists is the late Murray Rothbard, an economist who co-founded the Cato Institute and is widely regarded as the creator of libertarianism. . . . Almost immediately after its creation [by Murray Rothbard, the Mises Institute (headquartered in Auburn, Ala.) began publishing criticism of “compulsory integration,” attacks on Abraham Lincoln and apologia for Confederate leaders. Institute scholars have also spoken to racist groups such as the League of the South. Rothbard even published a chapter in his book “The Ethics of Liberty” in which he said that “the purely free society will have a flourishing free market in children,” although he didn’t specify the races of the children who might be sold. . . . All of these paleolibertarian positions were offered in Duke’s 1990 Senate campaign and 1991 gubernatorial campaign. But they were also offered by another politician Rothbard admired: Ron Paul, the Libertarian Party’s presidential candidate in 1988. . . .”
It should come as no surprise to see Snowden and WikiLeaks working for Trump, and that, indeed appears to underlie the false attribution of the DNC hack and the Shadow Brokers affair on Russia.
Understanding the process of “painting Oswald red” gives us perspective on the crude deception involved with the “Shadow Brokers” non-hack, as well as giving us an understanding of the DNC hack. Reviewing why Russia is an unlikely culprit in the DNC hack: ” . . . A critical look exposes the significant flaws in the attribution. First, all of the technical evidence can be spoofed. Although some argue that spoofing the mound of uncovered evidence is too much work, it can easily be done by a small team of good attackers in three or four days. Second, the tools used by Cozy Bear appeared on the black market when they were first discovered years ago and have been recycled and used against many other targets, including against German industry. The reuse and fine-tuning of existing malware happens all the time. Third, the language, location settings, and compilation metadata can easily be altered by changing basic settings on the attacker’s computer in five minutes without the need of special knowledge. None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.
The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence. . . . Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better?. . . ”
The apparent “non-hack” of the NSA by “The Shadow Brokers” also makes no sense. Note also, the clumsy, Boris and Natasha-like broken English used to try and portray this as a “Russian” operation. In addition, as we will see, that this doesn’t appear to be a “hack” at all.
“. . . Their claim to have ‘hacked’ a server belonging to the NSA is fishy. According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick. . . . When hackers gain access to a server, they keep quiet about it so they can stay there. . . .One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them. . . .
. . . If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find. . . . Instead, the group wrote on Pastebin, a website where you can store text, that “we follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons,” which immediately signals to this alleged NSA hacker group that they have a big problem. [Note the remarkable broken English used in the post, reminiscent of Boris and Natasha–D.E.] . . . People sell exploits all the time, but they hardly ever talk about it. . . . Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market. So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange. . . .”
Notice, however, that Edward Snowden not only opined that this was, indeed, a hack, whereas the evidence points in a different direction, but that “Russia was behind the hack.” Do not fail to take stock of the fact that Snowden is foreshadowing a possible controversy over the hacking of voting machines, echoing the pronouncements of Donald Trump, the successor to Eddie the Friendly Spook’s Presidential candidate of choice, Ron Paul. “ . . . If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.
“That could have significant foreign policy consequences,” Snowden wrote on Twitter. “Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections.” . . . .”
The dating of the code used in connection with the cyberweapons dates to 2013, when Snowden downloaded NSA files onto USB sticks and went to Hong Kong from Hawaii. Note, again, that Snowden points to hacking, rather than the much more likely scenario of someone downloading information onto USB sticks, as Snowden did. ” . . . . Snowden also noted that the released files end in 2013. ‘When I came forward, NSA would have migrated offensive operations to new servers as a precaution,’ he suggested — a move that would have cut off the hackers’ access to the server. . . .”
There is an important legal principle that is worth considering, the concept of “consciousness of guilt.” If someone can be proved to have taken steps to cover up the commission of a crime, that is considered sufficient evidence to indict the person for the original crime. Here, we have Snowden saying “Yup, Russia did it” in spite of indications that such was not the case and “Yup, it was a hack” whereas that appears unlikely.
Evidence points in the direction of “Team Snowden,” the WikiLeaks/Snowden/Greenwald milieu we have been researching for years.
Perhaps no other author/investigator has done as much writing about NSA as James Bamford. In his observations about “The Shadow Brokers” non-hack, he highlights the actions of Jacob Applebaum, the WikiLeaker who appears to have been deeply involved with getting Snowden from Hawaii to Hong Kong. Applebaum is also a fierce opponent of Hillary Clinton.
“ . . . . Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents. . . . There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”
In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .
. . . . Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It’s a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News. . . .”
The “Shadow Brokers” also went after Hillary Clinton in the Boris and Natasha-like broken English: ” . . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message” against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . . .”
Another piece of circumstantial evidence pointing in the direction of “Team Snowden” concerns the fact that the “Shadow Brokers” used a German e‑mail provider.
Since Appelbaum is currently living in Berlin it’s worth noting that the email address that appears to be used by the Shadow Brokers is a German email provider with a policy of cooperating with legal authorities as little as possible and only handing over encrypted data when given a court order.
In addition to Applebaum (who appears to have assisted Snowden in getting from Hawaii to Hong Kong), Laura Poitras (Glenn Greenwald’s associate), Sarah Harrison (Assange’s ex-girlfriend who assisted Snowden in his flight from Hong Kong to Moscow) and Peter Sunde (who founded the Pirate Bay website on which WikiLeaks held forth) are all resident in Germany at this time.
“ . . . He said Tutanota had only ever been forced to hand over encrypted data of its users a few times and it has a transparency report where it discloses those cases. ‘However, we release data only in very, very few cases … And when we have to provide the data due to a court order, it is still encrypted,’ Pfau added, going on to explain the company’s stance on surveillance. . . .”
Against this background, we again take stock of the fact that Roger Stone, the Trump campaign’s veteran GOP dirty-tricks specialist, has reiterated that he is working directly with Julian Assange to torpedo the Clinton campaign. “. . . . On the C‑SPAN show, Stone told Politico’s Alex Isenstadt of his communication to Assange ‘through an intermediary—somebody who is a mutual friend’ —regarding the 30,000 emails the Clinton staff deleted before turning over the contents of the server to Justice Department investigators. [Who might that “mutual friend” be–D.E.]. . .
‘Well, first of all, I think Julian Assange is a hero; I think he’s taking on the deep state, both Republican and Democrat,’ Stone began. He went on to say, ‘I believe that he is in possession of all of those emails that Huma Abedin and Cheryl Mills, the Clinton aides, believe they deleted. That and a lot more. These are like the Watergate tapes…’ (Video below: Go to timestamp 15:15.)
Stone knows a thing or two about the Watergate scandal, in which he played a minor role before moving on to bigger operations, such as the 2000 ‘Brooks Brothers riot’ in Florida, when Stone organized dozens of Republican congressional staffers to storm the election board in Miami-Dade County, Florida, where a recount of presidential election ballots was taking place.
‘I don’t know that this is going to happen in October,’ Stone said of a potential WikiLeaks dump of Clinton correspondence. ‘There is an enormous amount of material here. Mr. Assange could, theoretically, drop a tranche of documents before each one of [the presidential] debates.’ . . . .”
Program Highlights Include:
- Review of Jacob Applebaum’s links to the Broadcasting Board of Governors and his financial support from this CIA derivative.
- Review of Snowden’s work for CIA when he decided to leak NSA documents.
1. In a transitional element from FTR #922, the last of our programs dealing with the Trumpenkampfverbande, we note that Donald Trump’s ideology and rhetoric are a development and amplification of what we termed “The Paulistinian Libertarian Organization.” In FTR #‘s 755, 758 and 759, we have further developed the relationship between the Ron Paul milieu and WikiLeaks/Team Snowden.
The intersection of white nationalism, the alt-right and Ron Paul
Hillary Clinton and her campaign have been going out of their way to make a surprising argument about Donald Trump: He’s not really a Republican.
At the Democratic convention, several speakers said Trump represented a complete break from the conservative traditions of the GOP. Last month, Clinton delivered a similar message in a speech linking Trump to the white-nationalist political movement known as the “alt-right.” “This is not conservatism as we have known it,” she asserted.
According to Clinton — and many conservative intellectuals who oppose Trump — the conspiratorial, winking-at-racists campaign he has been running represents a novel departure from Republican politics.
That’s not quite true, though. Trump’s style and positions — endorsing and consorting with 9/11 truthers, promoting online racists, using fake statistics— draw on a now-obscure political strategy called “paleolibertarianism,” which was once quite popular among some Republicans, especially former presidential candidate Ron Paul.
Formally, Sen. Rand Paul (R‑Ky.) may be his father’s political heir. But there’s no question that the paranoid and semi-racialist mien frequently favored by Trump originates in the fevered swamps that the elder Paul dwelled in for decades. Most people who back Trump don’t do so for racist reasons, but it’s incredible how many of the same white nationalists and conspiracy theorists to whom Ron Paul once catered are now ardent Trump supporters. It’s because Trump and Paul speak the same language.
Mainstream libertarians have been agonizing over this legacy among themselves for some time, hoping that either the elder or younger Paul would definitively denounce the movement’s racialist past, but no such speech has ever come. Instead, the paleolibertarian strategy concocted decades ago as a way to push for minimal government threatens to replace right-wing libertarianism with white nationalism.
* * *
The figure whose ideas unify Pauline libertarians and today’s Trumpists is the late Murray Rothbard, an economist who co-founded the Cato Institute and is widely regarded as the creator of libertarianism.
Nowadays, many libertarians like to portray their ideology as one that somehow transcends the left-right divide, but to Rothbard, this was nonsense. Libertarianism, he argued, was nothing more than a restatement of the beliefs of the “Old Right,” which resolutely opposed the New Deal and any sort of foreign intervention in the early 20th century. Many of its adherents, such as essayist H.L. Mencken, espoused racist viewpoints, as well.
As moderate Republicans such as Dwight Eisenhower and “New Right” Christian conservatives such as William F. Buckley became more influential within the Republican Party in the 1950s and ’60s, the future creators of libertarianism gravitated instead toward the work of secular anti-communist thinkers such as economist Ludwig von Mises and novelist Ayn Rand.
There had always been some sympathy for racism and anti-Semitism among libertarians — the movement’s house magazine, Reason, dedicated an entire issue in 1976 to “historical revisionism,” including Holocaust revisionism. It also repeatedly ran articles in defense of South Africa’s then-segregationist government (though by 2016, the magazine was running articles like “Donald Trump Enables Racism”). But it was Rothbard’s founding of the Ludwig von Mises Institute in 1982 that enabled the fledgling political movement to establish affinity with the neo-Confederate Lost Cause movement.
Almost immediately after its creation, the Mises Institute (headquartered in Auburn, Ala.) began publishing criticism of “compulsory integration,” attacks on Abraham Lincoln and apologia for Confederate leaders. Institute scholars have also spoken to racist groups such as the League of the South. Rothbard even published a chapter in his book “The Ethics of Liberty” in which he said that “the purely free society will have a flourishing free market in children,” although he didn’t specify the races of the children who might be sold.
These and many other controversial views advocated by Mises writers make sense from a fanatical libertarian viewpoint. But they also originate in a political calculation Rothbard revealed in a 1992 essay lamenting the defeat of Republican white nationalist and former Ku Klux Klan leader David Duke in the 1991 Louisiana governor’s race by a bipartisan coalition.
Expanding on themes raised two years earlier by his longtime partner and friend Llewellyn “Lew” Rockwell, an editor and fundraiser for libertarian causes, Rothbard argued that Duke’s candidacy was vitally important because it made clear that the “old America” had been overthrown by “an updated, twentieth-century coalition of Throne and Altar” and its “State Church” of government officials, journalists and social scientists.
Besides commending Duke as an exemplar of the kind of candidate he was looking to support, Rothbard also invoked the “exciting” former senator Joe McCarthy of Wisconsin — not because of his economic views but because he was a brash populist prone to doing erratic things. Rothbard’s description of McCarthy seems eerily similar to the campaign that Trump has been running:
“The fascinating, the exciting, thing about Joe McCarthy was precisely his ‘means’ — his right-wing populism: his willingness and ability to reach out, to short-circuit the power elite: liberals, centrists, the media, the intellectuals, the Pentagon, Rockefeller Republicans, and reach out and whip up the masses directly. … With Joe McCarthy there was a sense of dynamism, of fearlessness, and of open-endedness, as if, whom would he subpoena next?”
To solve the problem that few Americans are interested in small government, Rothbard argued that libertarians needed to align themselves with people they might not like much in order to expand their numbers. “Outreach to the Rednecks” was needed to make common cause with far-right Christian conservatives who hated the federal government, disliked drugs and wanted to crack down on crime.
All of these paleolibertarian positions were offered in Duke’s 1990 Senate campaign and 1991 gubernatorial campaign. But they were also offered by another politician Rothbard admired: Ron Paul, the Libertarian Party’s presidential candidate in 1988.
Rothbard and Paul had known and worked with each other in the 1970s, when they came to know Rockwell. Rockwell would work closely with both men, serving as Paul’s congressional chief of staff until he left to found the Mises Institute with Rothbard.
Rockwell also was the editor of a series of printed newsletters for both men in the ensuing decades. Paul’s publications became famous during his Republican presidential campaigns. Their controversial nature is no surprise, given that Paul had coyly endorsed the paleolibertarian strategy shortly after it was devised.
Sold under various titles, the highly lucrative newsletters frequently stoked racial fears, similar to what Trump has been doing this year, though they went further — one even gave advice on using an unregistered gun to shoot “urban youth.” Another issue mocked black Americans by proposing alternative names for New York City such as “Zooville” and “Rapetown,” while urging black political demonstrators to hold their protests “at a food stamp bureau or a crack house.”
The publications also repeatedly promoted the work of Jared Taylor, a white nationalist writer and editor who is today one of Trump’s most prominent alt-right backers. Articles also featured anti-Semitic conspiracy theories and frequent rants against gay men.
Paul later said he didn’t write the newsletters. But regardless of their authorship, the image they created made him attractive to white nationalists. Those supporters weren’t numerous enough to get Paul the GOP presidential nomination, however, and paleolibertarianism began fizzling out.
In the past few years, however, it’s been reborn as the alt-right, as a new generation of libertarians discovered their hidden heritage and began embracing racism and conspiracy theories. Many alt-right writers trace their roots to Rothbard. As one of them, Gregory Hood, put it, paleolibertarian theories about race and democracy “helped lead to the emergence [of the] Alternative Right.” Rothbard’s call for “sovereign nations based on race and ethnicity” is very similar to beliefs Trump’s alt-right supporters express today.
In 2016, many, if not most, of the extremists who formerly supported Paul have rallied to Trump’s side. In 2007, Paul won an endorsement and a $500 campaign contribution from Don Black, the owner of Stormfront, a self-described “white pride” Web forum. Despite a torrent of criticism, Paul refused to return the money. This March, Black encouraged his radio listeners to vote for Trump, even if he wasn’t perfect.
…
After Rand Paul came to the Senate in 2011, and as he eventually began planning his own presidential campaign, there was some speculation that conservatives might be entering a “libertarian moment.” Things didn’t turn out that way. Instead, the American right seems to have entered a paleolibertarian moment.
2. Roger Stone recently gave another interview where he repeated his claim that he’s in contact with Julian Assange and hinted at the likely nature of a possible Wikileaks “October Surprise”, although he noted that it might happen sooner than October and Assange might just do strategic dumps before the three presidential debates.
Stone also briefly mentioned one topic that is likely going to be in at least one of those leaks: “I believe that he is in possession of all of those emails that Huma Abedin and Cheryl Mills, the Clinton aides, believe they deleted. That and a lot more. These are like the Watergate tapes.” Keep in mind that the right-wing has long tried to smear Huma Abedin with Muslim Brotherhood ties and Roger Stone recently suggested she’s a terrorist agent. While there may very well be a number of leaks over the next couple of months, at least one of them may to try to suggest that Hillary is a terrorist agent:
The conspiracist reveals he’s been in touch with the WikiLeaks founder regarding Clinton emails—and when to dump them on the media.
In an interview that aired Sunday on C‑SPAN’s “Newsmakers” program, Roger Stone, the off-the-books Trump adviser, reiterated his claim that he has been in touch with WikiLeaks founder Julian Assange.
Assange posted the hacked emails of the Democratic National Committee to his site, as well as a database of emails from Hillary Clinton’s private email server, which the former secretary of state used to communicate with State Department aides during her tenure in the Cabinet.
Stone, a longtime Republican political operative and dirty trickster, purportedly either resigned or was fired from the presidential campaign of Donald Trump last year but continues to be deeply involved with the campaign, especially the elements of its messaging that advance the conspiracy theories of the right. In the interview, he described his relationship to the Trump campaign this way: “I count myself as a Trump friend—kind of like Sidney Blumenthal [is to the Clintons]; I have no formal nor informal role, but I do have access to all the right people.”
On the C‑SPAN show, Stone told Politico’s Alex Isenstadt of his communication to Assange “through an intermediary—somebody who is a mutual friend”—regarding the 30,000 emails the Clinton staff deleted before turning over the contents of the server to Justice Department investigators. (Clinton maintains that only emails of a personal nature were deleted.) Asked to corroborate Assange’s threat of “an October surprise” to stem from that trove, Stone offered a suggestion he clearly deemed to be more helpful to the Trump campaign.
“Well, first of all, I think Julian Assange is a hero; I think he’s taking on the deep state, both Republican and Democrat,” Stone began. He went on to say, “I believe that he is in possession of all of those emails that Huma Abedin and Cheryl Mills, the Clinton aides, believe they deleted. That and a lot more. These are like the Watergate tapes…” (Video below: Go to timestamp 15:15.)
Stone knows a thing or two about the Watergate scandal, in which he played a minor role before moving on to bigger operations, such as the 2000 “Brooks Brothers riot” in Florida, when Stone organized dozens of Republican congressional staffers to storm the election board in Miami-Dade County, Florida, where a recount of presidential election ballots was taking place.
“I don’t know that this is going to happen in October,” Stone said of a potential WikiLeaks dump of Clinton correspondence. “There is an enormous amount of material here. Mr. Assange could, theoretically, drop a tranche of documents before each one of [the presidential] debates.” . . . .
3. Next, we review information presented in FTR #917. An interesting piece by Dr. Sandro Gaycken, a Berlin-based former ‘hacktivist’ who now advises NATO and the German government on cyber-security matters, makes the case that the evidence implicating Russia was very much the type of evidence a talented team could spoof. He also notes that some of the tools used in the hack were the same used last year when Angela Merkel’s computer was hacked and used to infect other computers at the Bundestag. That hack was also blamed on Russian hackers. But, again, as the article below points out, when the evidence for who is responsible is highly spoofable, confidently assigning blame is almost too easy:
Dr. Sandro Gaycken is the Director of the Digital Society Institute, a former hacktivist, and a strategic advisor to NATO, some German DAX-companies and the German government on cyber matters.
The hack of the Democratic National Committee (DNC) definitely looks Russian. The evidence is compelling. The tools used in the incident appeared in previous cases of alleged Russian espionage, some of which appeared in the German Bundestag hack. The attackers, dubbed Cozy Bear and Fancy Bear, have been known for years and have long been rumored to have a Russian connection. Other indicators such as IP addresses, language and location settings in the documents’ metadata and code compilation point to Russia. The Kremlin is also known to practice influence operations, and a leak before the Democrats’ convention fits that profile as does laundering the information through a third party like Wikileaks. Finally, the cui bono makes sense as well; Russia may favor Donald Trump given his Putin-friendly statements and his views on NATO.
Altogether, it looks like a clean-cut case. But before accusing a nuclear power like Russia of interfering in a U.S. election, these arguments should be thoroughly and skeptically scrutinized.
A critical look exposes the significant flaws in the attribution. First, all of the technical evidence can be spoofed. Although some argue that spoofing the mound of uncovered evidence is too much work, it can easily be done by a small team of good attackers in three or four days. Second, the tools used by Cozy Bear appeared on the black market when they were first discovered years ago and have been recycled and used against many other targets, including against German industry. The reuse and fine-tuning of existing malware happens all the time. Third, the language, location settings, and compilation metadata can easily be altered by changing basic settings on the attacker’s computer in five minutes without the need of special knowledge. None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.
The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence.
The claim that Guccifer 2.0 is a Russian false flag operation may not hold up either. If Russia wanted to cover up the fact it had hacked the DNC, why create a pseudonym that could only attract more attention and publish emails? Dumping a trove of documents all at once is less valuable than cherry picking the most damaging information and strategically leaking it in a crafted and targeted fashion, as the FSB, SVR or GRU have probably done in the past. Also, leaking to Wikileaks isn’t hard. They have a submission form.
Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better? Lastly, how does Russia benefit from publicly backing Donald Trump given that Republicans have been skeptical of improving relations?
The evidence and information in the public domain strongly suggests Russia was behind the DNC hack, even though Russian intelligence services would have had the choice of not making it so clear cut given what we know about their tools, tactics, procedures, and thinking.
The DNC hack leads to at least four “what if” questions, each with its own significant policy consequences. First, if Russia had poor operational security and misjudged its target, it needs to be educated about the sensitivity of certain targets in its favorite adversary countries to avoid a repeat of this disaster. Second, if Russia deliberately hacked the DNC to leak confidential information, it would represent a strategic escalation on behalf of the Kremlin and the world would need to prepare for difficult times ahead. Third, if the breach and leak were perpetrated by a bunch of random activists using the pseudonym “Guccifer 2.0“, it would be the first instance of non-state actors succeeding in creating a global incident with severe strategic implications, demanding more control of such entities and a much better design of escalatory processes among nations. Finally, it is entirely possible that this was a false flag operation by an unknown third party to escalate tensions between nuclear superpowers. If this is the case, this party has to be uncovered. . . .
4. More about cyber-security experts who view the “Russian intelligence” hacking of DNC computers as suspiciously transparent:
. . . . But security expert Jeff Carr thought the smoke off this smoking-gun was a bit too thick. In his minority report, he asks: what kind of spy ring tags their stolen docs before releasing them under a cover?
“Raise your hand if you think that a GRU or FSB officer would add Iron Felix’s name to the metadata of a stolen document before he released it to the world while pretending to be a Romanian hacker. Someone clearly had a wicked sense of humor,” he wrote. . . . .
. . . . Crowdstrike president Shawn Henry is dubious. “I don’t know what kind of foreign intelligence service conducting a covert operation wants to be found,” he said on Thursday, but added that CrowdStrike picked up the DNC hack within 48 hours and that it “wasn’t difficult.” . . . .
5. The high-profile hack attacks of 2016 heated up again with the release of cyberweapons apparently belonging to the NSA.
Note the attempt at pinning the blame on Russia, despite the fact that this operation, like the DNC hack does not fit the profile of a Russian cyber-espionage operation. Note also, the clumsy, Boris and Natasha-like broken English used to try and portray this as a “Russian” operation.
Note, also, as we will see, that this doesn’t appear to be a “hack” at all.
Security experts doubt previously unknown hackers have access to NSA-linked cyberweapons
A previously unknown hacking group claims to have broken into a cyberespionage organization linked to the National Security Agency and is offering to sell what it says are U.S. government hacking tools.
The group, calling itself the “Shadow Brokers,” said in an internet post on Saturday that it had access to a “full state sponsor tool set” of cyberweapons. To back up its claims, the group posted what appears to be attack code that targets security software on routers that direct computer traffic around the internet.
In a post written in broken English, the Shadow Brokers offered to sell a complete trove of tools to the highest bidder. The group said if it is paid one million bitcoin, valued at roughly $568 million, it will release the tools publicly.
Security experts doubt the group has access to the hacking treasure trove that it boasts, but several said the code it released appears to be legitimate. It affects routers built by three U.S. firms— Cisco Systems Inc., Juniper Networks Inc. and Fortinet Inc.—and two Chinese companies—Shaanxi Networkcloud Information Technology Co. and Beijing Topsec Network Security Technology Co.
A Cisco spokeswoman said her company was investigating the incident, but “so far, we have not found any new vulnerabilities.”
A Fortinet representative didn’t have a comment. Juniper, Topsec and Shaanxi Networkcloud didn’t immediately respond to requests for comment.
The Shadow Brokers’ claims are still being analyzed by security experts. If true, they would reflect an unprecedented breach of a computer-espionage outfit dubbed the “Equation Group.”
In a report last year, Russian computer security firm Kaspersky Lab ZAO said the Equation Group launched hacking efforts against governments, telecommunications companies and other organizations in countries such as Russia, Iraq and Iran. Kaspersky didn’t name any U.S. agencies in its report, but it appeared to detail the kind of work typically conducted by the NSA.
The NSA didn’t return messages seeking comment. In the past, the agency has neither confirmed nor denied involvement with the Equation Group.
In an internet post, the Shadow Brokers rail against “wealthy elites.” The Shadow Brokers didn’t respond to email and Twitter messages seeking comment.
Security experts who have examined the code published by the hackers said it appears to contain genuine NSA programs that could manipulate or redirect computer traffic as it passes through a router.
“The more we look at it…it looks more and more like a tool kit from the NSA,” said Matt Suiche, the founder of Comae Technologies FZE, a computer-security startup based in the United Arab Emirates.
“It looks genuine,” said Nicholas Weaver, a researcher with the International Computer Science Institute, a nonprofit research center affiliated with the University of California, Berkeley. Mr. Weaver said that, in addition to the router-attack programs, the code includes tools that would be available only to someone with access to NSA computers and tools that appear to interact with NSA software described in documents leaked by former NSA contractor Edward Snowden.
However, security experts questioned the ransom demand, saying it was unlikely anyone would pay millions for the promised tools, sight unseen. Mr. Weaver believes the bitcoin auction scheme was most likely a distraction to obscure whoever obtained the documents.
“Whoever stole the data wants the world to know that they stole it,” he said in an email message. “The suspect list is almost certainly short—Russia or China, and given the recent espionage troubles between the U.S. and Russia, probably the former.”
…
Ben Johnson, co-founder of Carbon Black Inc. and a former NSA computer scientist, cautioned that the Equation Group hasn’t been definitively linked to the NSA and that it is unclear how much data was taken.
“People should not be thinking that the NSA has been hacked,” he said. “Certainly there’s been some effort put into [the Shadow Brokers’ data], but I’m by no means convinced that this is a full toolset of a nation state.”
6. At the same time, as with the DNC email hacks, this latest “hack” is both conspicuously high profile and appears to involve conspicuously atypical hacking behaviors. For instance, as the article below points out, the phenomenon of hackers selling exploits they discover is quite commonplace. It isn’t commonplace to sell the exploit to the entire world with an absurdly high price tag.
Another reason to assume the million bitcoin price is just a theatrics is the fact that Wikileaks announced they’re going to be releasing the entire alleged NSA toolkit. So the hackers asking for half a billion dollars also apparently decided to give their toolkit to Wikileaks so it could leak it to the world for free. That’s a bit odd.
Still, the notion that there’s a group out there hacking NSA servers should raise some eyebrows whether it’s the Russians like everyone is assuming (and the hackers clearly want us to assume) or some other group. It’s worth noting that, as the article below points out, a number of researchers looking over the hack are raising the possibility that the server wasn’t hacked at all. Instead, it could have been a case of classic espionage. Someone with a USB stick. It’s also worth noting that Edward Snowden, someone who knows how easy it is to steal from the NSA with a USB stick, is declaring that Russia is likely behind it.
Earlier this week, a group calling itself the “Shadow Brokers” announced that it was selling a number of cyber weapons – auction-style – that it claimed were hacked and stolen from an alleged NSA hacking group dubbed “The Equation Group.”
Beside the fact that the National Security Agency getting hacked is eyebrow-raising in itself, the leak of the data and the claim from this mystery group that it’s just trying to make money doesn’t seem to add up.
Here’s why.
Their claim to have ‘hacked’ a server belonging to the NSA is fishy.According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick.
Instead of a “hack,” Aitel believes, it’s much more likely that this was a more classic spy operation that involved human intelligence.
“This idea that a group of unknown hackers are going to take on the NSA seems unlikely as well,” Aitel told Business Insider. “There’s a long arm and a long memory to the US intelligence community, and I don’t think anyone wants to be on the other end of that without good reason. I don’t necessarily think a million bitcoin is a good-enough reason.”
When hackers gain access to a server, they keep quiet about it so they can stay there
One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them.
The same is true for the NSA.
If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find.
Instead, the group wrote on Pastebin, a website where you can store text, that “we follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons,” which immediately signals to this alleged NSA hacker group that they have a big problem.
Though this seems problematic, it’s probable that the group no longer has access to the server, so it no longer cares about getting back on it. Since the files are years old, this could be the case. But it’s still out of the ordinary since any claim like this can be later investigated by the victim, which will be going through everything trying to figure out who they are.
If this was some random hacking group, then it would’ve been better to keep their mouth shut, especially when their victim is the NSA.
People sell exploits all the time, but they hardly ever talk about it.
Software exploits are digital gold for hackers, since they often give a key inside a system or network that no one has ever noticed before, and thus, hasn’t fixed. Which is why the marketplace for these “zero-day” exploits is so lucrative. We’re talking hundreds of thousands to millions of dollars for this kind of code.
Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market.
So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange.
“From my perspective, its extremely bizarre behavior,” an ex-NSA hacker who spoke on condition of anonymity told Business Insider. “Most groups who either identify or trade in exploits do one of two things. If you identify, like a security research firm [does] … they’ll typically publish their findings. They’re really in the best interest of the companies and users who use these products.”
The source added: “In the other scenarios, folks who sort of deal in the exploit markets. They quietly sell these things. To come out with this public auction is the more bizarre variance of that that I’ve ever seen. So it’s not clear what the intent here is.”
So what is the intent?
If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.
“That could have significant foreign policy consequences,” Snowden wrote on Twitter. “Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections.”
Aitel seems to agree, though he criticized Snowden as being, at some level, a “voice piece” for Russian intelligence now, since he lives in asylum in Moscow.
“He has the same theory – the DNC hack happened. The US political people got upset. They probably made the NSA do a covert response,” Aitel speculated. “This is another response to the NSA’s covert response. There’s a lot of sort of very public messages here going back and forth, which is interesting to look at.”
Aitel also doesn’t think that anyone is going to actually pony up the money required to win the auction. And that prediction is probably going to be right, since WikiLeaks claims that it already has the archive.
“We had already obtained the archive of NSA cyber weapons released earlier today,” its official Twitter account wrote, “and will release our own pristine copy in due course.” . . . .
6. Snowden’s pronouncement: this is all part of a Russian messaging/propaganda war. Note that the journalistic “spin” that this is “Russia.” Snowden has to know that this ISN’T Russia. His fingering of Russia is, in and of itself, suspicious.
There is a principle of law known as “consciousness of guilt.” If one can be proven to have taken actions that covered up the commission of a crime, that is considered evidence sufficient to indict that individual for the original crime. Snowden’s fingering of “Russia” falls into that category.
Consider suspicions that this could have been an inside job, someone with a USB stick. Keep in mind that if there was someone who has had contact with Russia’s intelligence community and who would have been very well positioned to pull off such a spy operation, it’s Edward Snowden. Especially since the latest files released in the hack are from the same year Snowden fled to Russia:
“‘Shadow Brokers’ Claim To Have Hacked The NSA’s Hackers”; National Public Radio ; 8/17/2016.
The “Shadow Brokers” are in the spotlight.
The mysterious group has seized the attention of the cybersecurity world with its claim to have stolen code from the Equation Group — a team of hackers who have been tied to the National Security Agency.
On a website written in broken English, the Shadow Brokers revealed some files and promised “better” ones available, for sale to the highest bidder. One caveat: By “bidding,” they mean sending bitcoins, and losing bidders don’t get them back. (“Sorry lose bidding war lose bitcoin and files. Lose Lose. Bid to win!”)
The group also said it would make a new batch of files public if it received 1 million bitcoins to a specified address. That’s more than half a billion dollars, and nearly 1/15th of all the bitcoins in circulation.
As of Wednesday afternoon, the Shadow Brokers appear to have received 1.6 bitcoins, or less than $1,000, based on the public ledger showing funds sent to that bitcoin address.
The auction is “absurd” and “weird,” as Wired puts it, but the magazine notes that there’s a “growing consensus” that the files themselves — at least the ones released so far — are legitimate.
Matt Suiche, a security researcher who analyzed the code that has been publicly released by the Shadow Brokers, tells NPR’s Aarti Shahani that it does appear to be a compilation of tools used by the NSA.
But the “teaser” files don’t include any very valuable information, he says — and the question now is whether the hackers actually have more files.
“The sample files … are complete, but they are not extremely significant enough to shut down the Internet,” Suiche told Aarti. “If that would be the best of what they had, it would be disappointing. It’s like Pokémon Go. You hear the hype, it’s interesting. Then you pay for more — but you get bored.”
Other experts say they, too, believe the files contain actual NSA code.
The Washington Post reportsthat the hacking tools released in the teaser file — with names such as Epicbanana, Buzzdirection and Egregiousblunder — are highly sophisticated.
“The file contained 300 megabytes of information, including several ‘exploits,’ or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.
“The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used ‘in the largest and most critical commercial, educational and government agencies around the world,’ said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.”
(TAO stands for Tailored Access Operations, the NSA’s hacking division, the newspaper explains.)
The New York Times writes that the NSA could have used the code to “get inside the computer systems of competitors like Russia, China and Iran,” with the exploits, and “lurk unseen for years” with the implants.
“Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files,” the Times writes.
The code released by the Shadow Brokers dates most recently to 2013, the same year Edward Snowden leaked classified information about the NSA’s surveillance programs.
Via Twitter, Snowden commented on the apparent hack, saying the most notable thing wasn’t that NSA servers were breached but that the hack has now been publicized.
“Why did they do it?” Snowden asked. “No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack.”
The hackers could be advertising that they have the ability to identify actions the NSA took on the compromised server, Snowden suggests — a warning of sorts.
…
Snowden also noted that the released files end in 2013. “When I came forward, NSA would have migrated offensive operations to new servers as a precaution,” he suggested — a move that would have cut off the hackers’ access to the server.
“You’re welcome,” he tweeted.
7. One possible explanation for why the “hacked” material is no newer than 2013 was presented in the previous story: the hackers presumably lost access to their hacked server after the Snowden affair forced the NSA to move their offensive operations to different servers.
However, that explanation also assumes this server was actually remotely hacked, as opposed to a USB-stick classic spy operation.
That raises a big question that could potentially be answered, although it’s unclear who could answer it: were these tools part of the giant Snowden “Doomsday” cache of technical documents? The documents that Glenn Greenwald threatened would be released if anything happened to Snowden and that Greenwald described as the NSA “blueprints”? There were apparently only three unknown people who had the keys to Snowden’s Doomsday cache.
Was this latest leak is really an extension of the Snowden leak?
James Bamford weighed in on the release of the NSA’s “Tailored Access Operations” (TAO) super hacking tools by the allegedly Russian “Shadow Brokers”. Bamford’s conclusion? It was most likely another Snowden-like inside job, but Bamford doesn’t think the source of this leak was Snowden or someone with access to the full Snowden cache. Bamford actually traveled to Russia, interviewed Snowden, and got to examine and search what Snowden claimed was the full cache and didn’t see anything indicating TAO hacking tools (although who knows if what he saw was the full “dead-man’s switch” Doomsday cache).
No, the person Bamford has in mind in none other than Jacob Appelbaum, the Berlin-based hackivist/Tor developer (ex-Tor developer)/Wikileaks hacker/avowed enemy of Hillary Clinton. Why Appelbaum? Well, because when Jacob Appelbaum gave his big speech in December 2013 at the Chaos Communications Congress and wrote a bunch of Der Spiegel articles describing an array of of NSA TAO hacking tools, everyone assumed he was grabbing that info from the Snowden cache. But Bamford never saw those tools when he examined the cache and there was never an explanation of where Appelbaum got that TAO data.
So are Appelbaum, or possibly Appelbaum’s unidentified NSA inside source, the real “Shadow Brokers”? That’s what Bamford appears to suspect:
Note that Applebaum appears to have been deeply involved with getting Snowden from Hawaii to Hong Kong. It was WikiLeaker Sarah Harrison who got Snowden from Hong Kong to Moscow.
In the summer of 1972, state-of-the-art campaign spying consisted of amateur burglars, armed with duct tape and microphones, penetrating the headquarters of the Democratic National Committee. Today, amateur burglars have been replaced by cyberspies, who penetrated the DNC armed with computers and sophisticated hacking tools.
Where the Watergate burglars came away empty-handed and in handcuffs, the modern- day cyber thieves walked away with tens of thousands of sensitive political documents and are still unidentified.
Now, in the latest twist, hacking tools themselves, likely stolen from the National Security Agency, are on the digital auction block. Once again, the usual suspects start with Russia – though there seems little evidence backing up the accusation.
In addition, if Russia had stolen the hacking tools, it would be senseless to publicize the theft, let alone put them up for sale. It would be like a safecracker stealing the combination to a bank vault and putting it on Facebook. Once revealed, companies and governments would patch their firewalls, just as the bank would change its combination.
A more logical explanation could also be insider theft. If that’s the case, it’s one more reason to question the usefulness of an agency that secretly collects private information on millions of Americans but can’t keep its most valuable data from being stolen, or as it appears in this case, being used against us.
In what appeared more like a Saturday Night Live skit than an act of cybercrime, a group calling itself the Shadow Brokers put up for bid on the Internet what it called a “full state-sponsored toolset” of “cyberweapons.” “!!! Attention government sponsors of cyberwarfare and those who profit from it !!!! How much would you pay for enemies cyberweapons?” said the announcement.
The group said it was releasing some NSA files for “free” and promised “better” ones to the highest bidder. However, those with loosing bids “Lose Lose,” it said, because they would not receive their money back. And should the total sum of the bids, in bitcoins, reach the equivalent of half a billion dollars, the group would make the whole lot public.
While the “auction” seemed tongue in cheek, more like hacktivists than Russian high command, the sample documents were almost certainly real. The draft of a top-secret NSA manual for implanting offensive malware, released by Edward Snowden, contains code for a program codenamed SECONDDATE. That same 16-character string of numbers and characters is in the code released by the Shadow Brokers. The details from the manual were first released by The Intercept last Friday.
The authenticity of the NSA hacking tools were also confirmed by several ex-NSA officials who spoke to the media, including former members of the agency’s Tailored Access Operations (TAO) unit, the home of hacking specialists.
“Without a doubt, they’re the keys to the kingdom,” one former TAO employee told the Washington Post. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.” Another added, “From what I saw, there was no doubt in my mind that it was legitimate.”
Like a bank robber’s tool kit for breaking into a vault, cyber exploitation tools, with codenames like EPICBANANA and BUZZDIRECTION, are designed to break into computer systems and networks. Just as the bank robber hopes to find a crack in the vault that has never been discovered, hackers search for digital cracks, or “exploits,” in computer programs like Windows.
The most valuable are “zero day” exploits, meaning there have been zero days since Windows has discovered the “crack” in their programs. Through this crack, the hacker would be able to get into a system and exploit it, by stealing information, until the breach is eventually discovered and patched. According to the former NSA officials who viewed the Shadow Broker files, they contained a number of exploits, including zero-day exploits that the NSA often pays thousands of dollars for to private hacking groups.
The reasons given for laying the blame on Russia appear less convincing, however. “This is probably some Russian mind game, down to the bogus accent,” James A. Lewis, a computer expert at the Center for Strategic and International Studies, a Washington think tank, told the New York Times. Why the Russians would engage in such a mind game, he never explained.
Rather than the NSA hacking tools being snatched as a result of a sophisticated cyber operation by Russia or some other nation, it seems more likely that an employee stole them. Experts who have analyzed the files suspect that they date to October 2013, five months after Edward Snowden left his contractor position with the NSA and fled to Hong Kong carrying flash drives containing hundreds of thousands of pages of NSA documents.
So, if Snowden could not have stolen the hacking tools, there are indications that after he departed in May 2013, someone else did, possibly someone assigned to the agency’s highly sensitive Tailored Access Operations.
In December 2013, another highly secret NSA document quietly became public. It was a top secret TAO catalog of NSA hacking tools. Known as the Advanced Network Technology (ANT) catalog, it consisted of 50 pages of extensive pictures, diagrams and descriptions of tools for every kind of hack, mostly targeted at devices manufactured by U.S. companies, including Apple, Cisco, Dell and many others.
Like the hacking tools, the catalog used similar codenames. Among the tools targeting Apple was one codenamed DROPOUTJEEP, which gives NSA total control of iPhones. “A software implant for the Apple iPhone,” says the ANT catalog, “includes the ability to remotely push/pull files from the device. SMS retrieval, contact-list retrieval, voicemail, geolocation, hot mic, camera capture, cell-tower location, etc.”
Another, codenamed IRATEMONK, is, “Technology that can infiltrate the firmware of hard drives manufactured by Maxtor, Samsung, Seagate and Western Digital.”
In 2014, I spent three days in Moscow with Snowden for a magazine assignment and a PBS documentary. During our on-the-record conversations, he would not talk about the ANT catalog, perhaps not wanting to bring attention to another possible NSA whistleblower.
I was, however, given unrestricted access to his cache of documents. These included both the entire British, or GCHQ, files and the entire NSA files.
But going through this archive using a sophisticated digital search tool, I could not find a single reference to the ANT catalog. This confirmed for me that it had likely been released by a second leaker. And if that person could have downloaded and removed the catalog of hacking tools, it’s also likely he or she could have also downloaded and removed the digital tools now being leaked.
In fact, a number of the same hacking implants and tools released by the Shadow Brokers are also in the ANT catalog, including those with codenames BANANAGLEE and JETPLOW. These can be used to create “a persistent back-door capability” into widely used Cisco firewalls, says the catalog.
Consisting of about 300 megabytes of code, the tools could easily and quickly be transferred to a flash drive. But unlike the catalog, the tools themselves – thousands of ones and zeros – would have been useless if leaked to a publication. This could be one reason why they have not emerged until now.
Enter WikiLeaks. Just two days after the first Shadow Brokers message, Julian Assange, the founder of WikiLeaks, sent out a Twitter message. “We had already obtained the archive of NSA cyberweapons released earlier today,” Assange wrote, “and will release our own pristine copy in due course.”
The month before, Assange was responsible for releasing the tens of thousands of hacked DNC emails that led to the resignation of the four top committee officials.
There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”
In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden.
In addition to WikiLeaks, for years Appelbaum worked for Tor, an organization focused on providing its customers anonymity on the Internet. But last May, he stepped down as a result of “serious, public allegations of sexual mistreatment” made by unnamed victims, according to a statement put out by Tor. Appelbaum has denied the charges.
Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It’s a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News.
It was only a few months later that Assange released the 20,000 DNC emails. Intelligence agencies have again pointed the finger at Russia for hacking into these emails.
Yet there has been no explanation as to how Assange obtained them. He told NBC News, “There is no proof whatsoever” that he obtained the emails from Russian intelligence. Moscow has also denied involvement.
There are, of course, many sophisticated hackers in Russia, some with close government ties and some without. And planting false and misleading indicators in messages is an old trick. Now Assange has promised to release many more emails before the election, while apparently ignoring email involving Trump. (Trump opposition research was also stolen.)
In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry “final message” against “Wealthy Elites . . . breaking laws” but “Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?”
Then after what they call the “fun Cyber Weapons Auction” comes the real message, a serious threat. “We want make sure Wealthy Elite recognizes the danger [of] cyberweapons. Let us spell out for Elites. Your wealth and control depends on electronic data.” Now, they warned, they have control of the NSA’s cyber hacking tools that can take that wealth away. “You see attacks on banks and SWIFT [a worldwide network for financial services] in news. If electronic data go bye-bye where leave Wealthy Elites? Maybe with dumb cattle?” . . .
There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”
In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden.
In addition to WikiLeaks, for years Appelbaum worked for Tor, an organization focused on providing its customers anonymity on the Internet. But last May, he stepped down as a result of “serious, public allegations of sexual mistreatment” made by unnamed victims, according to a statement put out by Tor. Appelbaum has denied the charges.
Shortly thereafter, he turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. “It’s a situation that will possibly get worse” if she is elected to the White House, he said, according to Yahoo News.
…
8. There is abundant circumstantial evidence pointing in the direction of Appelbaum.
Since Appelbaum is currently living in Berlin it’s worth noting that the email address that appears to be used by the Shadow Brokers is a German email provider with a policy of cooperating with legal authorities as little as possible and only handing over encrypted data when given a court order.
Note that, in addition to Applebaum (who appears to have assisted Snowden in getting from Hawaii to Hong Kong), Laura Poitras (Glenn Greenwald’s associate), Sarah Harrison (Assange’s ex-girlfriend who assisted Snowden in his flight from Hong Kong to Moscow) and Peter Sunde (who founded the Pirate Bay website on which WikiLeaks held forth) are all resident in Germany at this time.
“ . . . He said Tutanota had only ever been forced to hand over encrypted data of its users a few times and it has a transparency report where it discloses those cases. ‘However, we release data only in very, very few cases … And when we have to provide the data due to a court order, it is still encrypted,’ Pfau added, going on to explain the company’s stance on surveillance. . . .”
It will be interesting to see if there are any followup reports on German authorities asking for the encrypted account data. It would be odd if such a request were not made.
In FTR #‘s 918, 919, 920, 921 and 922, we noted that the Trumenkampfverbande gives every indication of being the transitional element of the Underground Reich in its metamorphosis into an above-ground movement. Trump’s personal and political heritage, commercial creditors (Deutsche Bank is chief among them) and geopolitics are German in nature.
If there’s anyone who knows how and why anyone would hack the NSA, and can talk about it openly, it’s former contractor Edward Snowden. After all, the exile-in-Russia siphoned off masses of information from the intelligence agency before helping journalists publish the documents, which together have exposed mass surveillance by US and international snoops.
…
Who are the Shadow Brokers?
Very little is known about the Shadow Brokers. They used Github, Tumblr and Mega to disseminate their files. When they released the data on August 13, they used broken English to launch a Bitcoin auction for the remaining 40 per cent of data they hand’t released from their alleged Equation Group attack. For instance: “If you want know your networks hacked, you send bitcoin. If you want hack networks as like equation group, you send bitcoin. If you want reverse, write many words, make big name for self, get many customers, you send bitcoin. If want to know what we take, you send bitcoin.”
Of the little information available, it’s clear the hackers used an email address belonging to Tutanota, a German provider focused on security, to upload the data to Github.
Founder of Tutanota Matthias Pfau told FORBES the company had not been contacted by law enforcement regarding the alleged breach of the NSA. “If our accounts are misused … a German judge can force us to deliver the encrypted data,” Pfau said.
He said Tutanota had only ever been forced to hand over encrypted data of its users a few times and it has a transparency report where it discloses those cases. “However, we release data only in very, very few cases … And when we have to provide the data due to a court order, it is still encrypted,” Pfau added, going on to explain the company’s stance on surveillance.
“Fantasies of omnipotence and total surveillance are threatening our fundamental rights. That is not acceptable and that is why we stand up and fight for privacy.” . . . .
This artilcle by JOSEPH MARKS | NEXTGOV | DECEMBER 30, 2016 states the following:
Robert M. Lee, a former Air Force cyber operations officer, criticized the report in a blog post for winking at attribution in its written portion, but not standing it up in the technical section. Lee is founder of the cybersecurity firm Dragos.
Dmitri Alperovitch, co-founder of CrowdStrike, stood up that assessment in a tweet noting “lots of problems here.”
CrowdStrike is the cybersecurity firm that investigated the Democratic National Committee data breach and first attributed it to Russian government-linked hacking groups dubbed “Fancy Bear” and “Cozy Bear.” Alperovitch also claimed the DHS report includes incorrect information.
RM NOTE***** I think it is extremely unlikely a hacker of a Russsian intelligence operation would give themselves a handle with the word “Bear”. A CIA hacker would never use a handle with the word “Eagle” because they would want to disguise the source. Also note how “Crowdstrike” employee is now contradicting the original conclusion of the company. If the hack was done by Ukrainian Fascists, then Donald Trump could legitimately discredit US intelligence and gain credibility. Was this one of the purposes of this plot?
http://m.nextgov.com/cybersecurity/2016/12/trump-praises-putin-not-hitting-back-after-obama-hacking-sanctions/134264/
HERE IS THE ENTIRE ARTICLE:
President-elect Donald Trump on Friday praised Vladimir Putin’s decision to not immediately retaliate against U.S. sanctions, raising the likelihood he may reverse or weaken the Obama administration’s attempt to punish its former Cold War adversary for meddling in the 2016 election.
Putin declared in a Thursday statement he will not immediately retaliate for the U.S. sanctions or expel any U.S. diplomats in Russia, saying the Russian government “will plan our further steps to restore Russian‑U.S. relations based on the policies of the Trump administration.”
Trump responded in a Friday tweet: “Great move on delay (by V. Putin) — I always knew he was very smart!”
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Trump could reverse many of the U.S. retaliatory actions, which include sanctions against Russian intelligence agencies and their leaders and the expulsion of 35 Russian diplomats who the State Department says are actually spies.
Senior Obama administration officials expressed hope Thursday he would not do so.
“If a future president decided he wanted to allow in a large tranche of Russian intelligence agents, he could,” one senior administration official said during a conference call with reporters, adding, “we think that would be inadvisable.”
The retaliatory actions also include covert actions against the Russian government that may have already begun, officials said.
Trump has repeatedly said he does not believe intelligence agencies’ conclusion that the Russian government was responsible for data breaches at Democratic political organizations that wreaked havoc on Democratic nominee Hillary Clinton’s campaign. He has called the conclusion politically motivated.
Trump said shortly after the sanctions announcement Thursday he will meet with intelligence agencies to discuss the attribution next week “in order to be updated on the facts.” He also said, however, “it’s time for our country to move on to bigger and better things.”
If Trump chooses to roll back any of Obama’s public actions against Russia, he will likely face tough opposition from some members of his own party.
The Senate Armed Services Committee will hold a hearing Thursday focused on “foreign cyber threats to the United States,” the first of several hearings Chairman John McCain, R‑Ariz., has promised on Russia’s election meddling.
McCain vowed to impose stronger sanctions on Russia in a joint statement Thursday with Sen. Lindsey Graham, R‑S.C.
McCain and Graham called Obama’s retaliatory measures “long overdue” and “a small price for Russia to pay for its brazen attack on American democracy.”
The main source of conflict between the Trump and Obama administrations is whether data breaches at Democratic political organizations can be confidently tied to Russia intelligence agencies or if there’s not enough evidence for a firm attribution.
U.S. intelligence agencies and the Homeland Security Department called the case conclusive in an October statement. DHS and the FBI released additional technical information Thursday aimed, in part, at bolstering that case.
Trump and his team, however, have repeatedly cast doubt on that attribution.
Trump’s future White House Press Secretary Sean Spicer said before the sanctions and information release Wednesday intelligence agencies needed to provide more information to make their case for attribution, adding that many Democrats want to undermine “how big [Trump’s] win was.”
Attribution is notoriously difficult in cyberspace, but far from impossible.
The DHS and FBI “joint analysis report” released Thursday is unlikely to convince many Russian attribution skeptics, analysts told Nextgov.
That document is officially aimed at helping the public sector identify and combat similar attacks. In addition to breaches at Democratic political organizations, it discusses breaches at private firms and think tanks.
The document spends much of its introduction, however, discussing the attribution to Russian intelligence and describes itself as an expansion of the intelligence community’s October attribution.
Robert M. Lee, a former Air Force cyber operations officer, criticized the report in a blog post for winking at attribution in its written portion, but not standing it up in the technical section. Lee is founder of the cybersecurity firm Dragos.
Dmitri Alperovitch, co-founder of CrowdStrike, stood up that assessment in a tweet noting “lots of problems here.”
CrowdStrike is the cybersecurity firm that investigated the Democratic National Committee data breach and first attributed it to Russian government-linked hacking groups dubbed “Fancy Bear” and “Cozy Bear.” Alperovitch also claimed the DHS report includes incorrect information.
Gregory Carpenter, a senior consultant with the Cybersecurity Consulting Group, described the report as “excessively devoid of any real information” and said it “won’t help network defenders do their jobs.”
Carpenter previously served at Army Cyber Command and the National Security Agency.
“I look at [this report] and, I hate to say it, but it looks like a propaganda piece to support a political decision,” Carpenter said.
Looks who’s back! Everyone’s favorite broken English hacking group, The Shadow Brokers, just released some more NSA hacking tools. Along with a list of IP addresses the NSA was targeting. All apparently in response to a sense of betrayal. Betrayal by Donald Trump. Yes, when Donald Trump launched a cruise missile attack against Syria this so upset The Shadow Brokers that they wrote another long broken English rant (with a white nationalist theme) about Trump living up to his promises and then released some more hacking tools:
“In its statement, Shadow Brokers said the latest leak, following one eight months ago, “is our form of protest” to goad President Donald Trump into staying loyal to his followers and promoting anti-globalism. The screed included profanity, some white supremacist commentary and a password to the cache of tools.”
A screed containing white supremacist commentary and a new hacking tool dump to protest Donald Trump’s Syrian bombing. It’s as if the Shadow Brokers decided to channel Ann Coulter to scare Trump.
And note that when you read the claim by folks at Rendition Infosec that there is “little doubt that Russia and the Shadow Brokers group were connected”:
keep in mind that there’s actually been a lot of doubt that the Russians hacked the NSA for the very beginning:
“The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking).”
And that was the assessment just days after the Shadow Brokers emerged back in August. And it’s not like suspicions that it was an NSA insider ever went away. So keep in mind that when you read about how there’s “little doubt” that Russia and the Shadow Brokers group were connected, that’s undoubtedly true for many analysts since attributing any and all hacks involving the US to Russia is now the norm, but there should actually be some doubt.
Will we ever discover who the Shadow Brokers really is/are? Only time will tell, but one thing we can say for sure at this point after the release of their angry rant against Trump: given that they are now claiming to be NSA insiders who voted for Trump, it’s worth noting that, whoever they are, they are very adept at writing angry rants from the perspective of a white nationalist Trump supporter using broken English:
“TheShadowBrokers doesn’t want this to be happening to you, Mr. Trump. TheShadowBrokers is wanting to see you succeed. TheShadowBrokers is wanting America to be great again. TheShadowBrokers acknowledging, we don’t be having all the inside information you do, things might look different inside the bubble. TheShadowBrokers is having suggestion. Maybe you be making YouTube video is in order, to be explaining to your voters, your supporters, you didn’t fu ck them all over. Because from theshadowbrokers seat is looking really bad. If you made deal(s) be telling the peoples about them, peoples is appreciating transparency. But what kind of deal can be resulting in chemical weapons used in Syria, Mr. Bannon’s removal from the NSC, US military strike on Syria, and successful vote for SCOTUS without change rules? Mr. Trump whose war are you fighting? Israeli Nationalists’ (Zionist) and Goldman Sachs’ war? Chinese Globalists’ and Goldman Sachs war? Is not looking like you fighting the domestic wars, the movement elected you to be fighting. You not being in office three months and already you looking like the MIIC’s bitch with John McCain and Chuck Schumer double dutch ruddering each other in the corner over dead corpses.”
Hmm...maybe it wasn’t Ann Coulter they were channeling. This all seemed a little more Alex Jones-ish. Or maybe Steve Bannon. Regardless, whoever wrote that rant has a pretty good sense of what a disillusioned Libertarian who listens to Alex Jones and buys Ann Coulter’s books would say to Donald Trump if they had to say it in a weird broken English that comes across as an American trying to hide their identity. And based on linguist analysis alone we can conclude...nothing. Because that’s weak, highly spoofable evidence on its own. Much like most of the spoofable technical evidence that ends up getting used to assign attribution for major hacks. And yet as we saw above, some evidence that points towards the Shadow Brokers’ haul coming from an insider isn’t spoofable. Like how “some of the scripts in the dump are only accessible internally” isn’t so easily spoofable, and that evidence pointed towards it being an insider. At this point we don’t know.
We also don’t know if this release combined with an angry message to Trump is intended to serve as a kind of hacker threat directed at Trump by the hackers who assisted him during the election. Whoever did those hacks presumably has the capacity to gather all sorts of unpleasant information on Trump and his entourage so the possibility that this was intended to signal the capacity to digitally embarrass Trump if he doesn’t follow through on a Bannon/Coulter/Jones agenda. Who knows.
But there is one thing we know pretty confidently at this point given the Shadow Brokers’ decision to channel of Steve Bannon and do this leak at this point in time: If Hal Martin — the NSA contractor found to be stealing NSA hacking tools for decades shortly after the initial Shadow Brokers leak — really was involved with the Shadow Brokers as has been suspected but never established, he wasn’t working alone. Because he’s in custody. Or he has very unsupervised access to a computer while in custody.
Either way, the fact that Hal Martin — an insider who had been pilfering NSA secrets for decades and he was only discovered after the Shadow Brokers leak — exists at all is one of those difficult to spoof facts that certainly lends credence to the idea that the “Shadow Brokers” really are an insider just like they claim in broken English. Not that the ‘outsider hack’ scenario is impossible. But we should definitely not be ruling out the insiders.