Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

For The Record  

FTR #924 Technocratic Fascism, the High-Profile Hacks and The Obverse Oswald: Update on the Adventures of Eddie the Friendly Spook

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained HERE. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by ear­ly win­ter of 2016. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more.) (The pre­vi­ous flash dri­ve was cur­rent through the end of May of 2012.)

WFMU-FM is pod­cast­ing For The Record–You can sub­scribe to the pod­cast HERE.

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE.

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE.

This broad­cast was record­ed in one, 60-minute seg­ment.

Intro­duc­tion: On Novem­ber 22, 1963, Pres­i­dent Kennedy’s assas­si­na­tion fun­da­men­tal­ly altered the Amer­i­can polit­i­cal land­scape, neu­tral­iz­ing JFK’s peace ini­tia­tives in Europe, South­east Asia and Cuba. Fur­ther­more, LBJ was manip­u­lat­ed into pur­su­ing the open-end­ed Viet­nam com­mit­ment JFK had stu­dious­ly avoid­ed.

With the high-pro­file hacks and the clum­sy (though well-accept­ed) dis­in­for­ma­tion fin­ger­ing Rus­sia as the author of the crimes, we are wit­ness­ing “Team Snow­den” man­i­fest­ing what we have termed “Tech­no­crat­ic Fas­cism.” The sup­port for Don­ald Trump com­ing from Julian Assange/WikiLeaks/Snowden/Applebaum exem­pli­fies what David Golum­bia ana­lyzed in a sem­i­nal post: “. . . . Such tech­no­cratic beliefs are wide­spread in our world today, espe­cially in the enclaves of dig­i­tal enthu­si­asts, whether or not they are part of the giant cor­po­rate-dig­i­tal leviathanHack­ers (“civic,” “eth­i­cal,” “white” and “black” hat alike), hack­tivists, Wik­iLeaks fans [and Julian Assange et al–D. E.], Anony­mous “mem­bers,” even Edward Snow­den him­self walk hand-in-hand with Face­book and Google in telling us that coders don’t just have good things to con­tribute to the polit­i­cal world, but that the polit­i­cal world is theirs to do with what they want, and the rest of us should stay out of it: the polit­i­cal world is bro­ken, they appear to think (right­ly, at least in part), and the solu­tion to that, they think (wrong­ly, at least for the most part), is for pro­gram­mers to take polit­i­cal mat­ters into their own hands. . .”

In past dis­cus­sion of “Eddie the Friend­ly Spook,” we have char­ac­ter­ized him as “the Obverse Oswald.” With their exer­cise of “Tech­no­crat­ic Fas­cism,” “Team Snow­den” is destroy­ing Amer­i­can democ­ra­cy as defin­i­tive­ly and effec­tive­ly as the bul­lets in Dealy Plaza did on 11/22/1963.

Sup­ple­ment­ing and sum­ming up the exhaus­tive “Eddie the Friend­ly Spook” series, this pro­gram sets forth the Snow­den “psy-op” and the high-pro­file hacks against the back­ground of Lee Har­vey Oswald, the U.S. spy infil­trat­ed into the Sovi­et Union and then into left­ist orga­ni­za­tions in the Unit­ed States. Oswald was framed for JFK’s assas­si­na­tion and then killed before he could defend him­self.

Where­as Oswald was por­trayed as a vil­lain, Eddie the Friend­ly Spook’s oper­a­tion is the obverse, with Snow­den por­trayed as a hero, while decamp­ing first to Chi­na and then to Rus­sia. Snow­den is not only a spy but a fas­cist, who advo­cates the elim­i­na­tion of Social Secu­ri­ty and the return to the gold stan­dard.

Snow­den’s Russ­ian sojourn appears to have been arranged by Wik­iLeaks, which also appears to have arranged his flight to Chi­na from Hawaii. (Snow­den’s jour­ney to Hawaii appears to have been facil­i­tat­ed by Jacob Apple­baum, who may be behind the “Shad­ow Bro­kers” alleged hack of NSA cyber­weapons.) It was Snow­den’s jour­ney to Moscow that threw Oba­ma’s “reboot” with Rus­sia under the bus.

In that con­text, we again point to “The Obverse Oswald.”  We strong­ly sus­pect that “Team Snow­den” may have had some­thing to do with this. Snow­den in Rus­sia and work­ing for a com­put­er firm. The (frankly lame) fram­ing of Rus­sia for the DNC hack and the “Shad­ow Bro­kers” non-hack of the NSA reminds us of the process of “paint­ing Oswald Red.”

The pro­gram begins with analy­sis of some enig­mat­ic tweets that Snow­den issued, short­ly before the “Shad­ow Bro­kers” leaked the ANT and TAO cyber­weapons. The mys­te­ri­ous tweets may well have sig­naled the release of the “Shad­ow Bro­kers” files. ” . . . . In any case, since the post­ing Snowden’s own Twit­ter pres­ence has been eeri­ly mut­ed. . . . [Bar­ton] Gell­man, who is cur­rent­ly writ­ing a book about the Edward Snow­den leaks, was pre­vi­ous­ly embroiled in anoth­er recent post that sparked con­tro­ver­sy after the for­mer NSA con­trac­tor mys­te­ri­ous­ly tweet­ed: ‘It’s time.’ . . . .

Next, we review infor­ma­tion indi­cat­ing that Rus­sia has been framed for the “Shad­ow Bro­kers” alleged hack of the NSA, much as it appears to have been framed for the DNC hack. Indeed, with both the DNC hack and the “Shad­ow Bro­kers” non-hack of the NSA, the evi­dence points increas­ing­ly toward “Team Snow­den” and Eddie the Friend­ly Spook him­self.

Points of infor­ma­tion reviewed include:

  • Evi­dence sug­gest­ing that Rus­sia was NOT behind the DNC hacks. ” . . . . None of the tech­ni­cal evi­dence is con­vinc­ing. It would only be con­vinc­ing if the attack­ers used entire­ly nov­el, unique, and sophis­ti­cat­ed tools with unmis­tak­able indi­ca­tors point­ing to Rus­sia sup­port­ed by human intel­li­gence, not by mal­ware analy­sis.The DNC attack­ers also had very poor, almost com­i­cal, oper­a­tional secu­ri­ty (OPSEC). State actors tend to have a qual­i­ty assur­ance review when devel­op­ing cyber­at­tack tools to min­i­mize the risk of dis­cov­ery and leav­ing obvi­ous crumbs behind. Russ­ian intel­li­gence ser­vices are espe­cial­ly good. They are high­ly capa­ble, tac­ti­cal­ly and strate­gi­cal­ly agile, and ratio­nal. They ensure that offen­sive tools are tai­lored and pro­por­tion­ate to the sig­nal they want to send, the pos­si­bil­i­ty of dis­clo­sure and pub­lic per­cep­tion, and the odds of esca­la­tion. The shod­dy OPSEC just doesn’t fit what we know about Russ­ian intel­li­gence. . . . Giv­en these argu­ments, blam­ing Rus­sia is not a slam dunk. Why would a coun­try with some of the best intel­li­gence ser­vices in the world com­mit a whole series of real­ly stu­pid mis­takes in a high­ly sen­si­tive oper­a­tion? Why pick a tar­get that has a strong chance of lead­ing to esca­la­to­ry activ­i­ty when Rus­sia is known to pre­fer incre­men­tal actions over dras­tic ones? Why go through the trou­ble of a false flag when doing noth­ing would have been arguably bet­ter?. . . .”
  • Infor­ma­tion indi­cat­ing that the NSA “hack” may well not have been a hack at all, but the work of an insid­er down­load­ing the infor­ma­tion onto a USB dri­ve. “. . . Their claim to have ‘hacked’ a serv­er belong­ing to the NSA is fishy. Accord­ing to ex-NSA insid­ers who spoke with Busi­ness Insid­er, the agency’s hack­ers don’t just put their exploits and toolk­its online where they can poten­tial­ly be pil­fered. The more like­ly sce­nario for where the data came from, says ex-NSA research sci­en­tist Dave Aitel, is an insid­er who down­loaded it onto a USB stick. . . . When hack­ers gain access to a serv­er, they keep qui­et about it so they can stay there. . . .One of the many strange things about this inci­dent is the very pub­lic nature of what tran­spired. When a hack­er takes over your com­put­er, they don’t start acti­vat­ing your web­cam or run­ning weird pro­grams because you’d fig­ure out pret­ty quick­ly that some­thing was up and you’d try to get rid of them. . . . . . . If the Shad­ow Bro­kers owned the NSA’s com­mand and con­trol serv­er, then it would prob­a­bly be a much bet­ter approach to just sit back, watch, and try to piv­ot to oth­er inter­est­ing things that they might be able to find. . . Peo­ple sell exploits all the time, but they hard­ly ever talk about it. . . . Most of the time, an exploit is either found by a secu­ri­ty research firm, which then writes about it and reports it to the com­pa­ny so it can fix the prob­lem. Or, a hack­er look­ing for cash will take that found exploit and sell it on the black mar­ket. So it would make sense for a group like Shad­ow Bro­kers to want to sell their trea­sure trove, but going pub­lic with it is beyond strange. . . .”
  • Eddie the Friend­ly Spook endorsed the cov­er sto­ry of the Shad­ow Bro­kers’ NSA “hack”–that the event was a hack (despite indi­ca­tors to the con­trary) and that Rus­sia did it.  . . . If you ask ex-NSA con­trac­tor Edward Snow­den, the pub­lic leak and claims of the Shad­ow Bro­kers seem to have Russ­ian fin­ger­prints all over them, and it serves as a warn­ing from Moscow to Wash­ing­ton. The mes­sage: If your pol­i­cy­mak­ers keep blam­ing us for the DNC hack, then we can use this hack to impli­cate you in much more.‘That could have sig­nif­i­cant for­eign pol­i­cy con­se­quences,’ Snow­den wrote on Twit­ter. ‘Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed US allies. Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed elec­tions. . . .” 
  • The code in the files was from 2013, when Snow­den under­took his “op.”  “. . . . The code released by the Shad­ow Bro­kers dates most recent­ly to 2013, the same year Edward Snow­den leaked clas­si­fied infor­ma­tion about the NSA’s sur­veil­lance pro­grams.. . . Snow­den also not­ed that the released files end in 2013. ‘When I came for­ward, NSA would have migrat­ed offen­sive oper­a­tions to new servers as a pre­cau­tion,’ he sug­gest­ed — a move that would have cut off the hack­ers’ access to the serv­er. . . . ”
  • Author James Bam­ford high­light­ed cir­cum­stan­tial evi­dence that Wik­iLeak­er Jacob Applebaum–who appears to have facil­i­tat­ed Snow­den’s jour­ney from Hawaii to Hong Kong–may have been behind the Shad­ow Bro­kers non-hack. “. . . . There also seems to be a link between Assange and the leak­er who stole the ANT cat­a­log, and the pos­si­ble hack­ing tools. Among Assange’s close asso­ciates is Jacob Appel­baum, a cel­e­brat­ed hack­tivist and the only pub­licly known Wik­iLeaks staffer in the Unit­ed States – until he moved to Berlin in 2013 in what he called a “polit­i­cal exile” because of what he said was repeat­ed harass­ment by U.S. law enforce­ment per­son­nel. In 2010, a Rolling Stone mag­a­zine pro­file labeled him “the most dan­ger­ous man in cyber­space.”In Decem­ber 2013, Appel­baum was the first per­son to reveal the exis­tence of the ANT cat­a­log, at a con­fer­ence in Berlin, with­out iden­ti­fy­ing the source. That same month he said he sus­pect­ed the U.S. gov­ern­ment of break­ing into his Berlin apart­ment. He also co-wrote an arti­cle about the cat­a­log in Der Spiegel. But again, he nev­er named a source, which led many to assume, mis­tak­en­ly, that it was Snow­den. . . .”
  • Apple­baum was anti-Clin­ton, sen­ti­ments expressed in the clum­sy Boris and Natasha-like bro­ken Eng­lish that accom­pa­nied announce­ment of the Shad­ow Bro­kers’ gam­bit. . . . . Short­ly there­after, he [Apple­baum] turned his atten­tion to Hillary Clin­ton. At a screen­ing of a doc­u­men­tary about Assange in Cannes, France, Appel­baum accused her of hav­ing a grudge against him and Assange, and that if she were elect­ed pres­i­dent, she would make their lives dif­fi­cult. ‘It’s a sit­u­a­tion that will pos­si­bly get worse’ if she is elect­ed to the White House, he said, accord­ing to Yahoo News. . . .. . . . In hack­tivist style, and in what appears to be pho­ny bro­ken Eng­lish, this new release of cyber­weapons also seems to be tar­get­ing Clin­ton. It ends with a long and angry ‘final mes­sage” against ‘Wealthy Elites . . . break­ing laws’ but ‘Elites top friends announce, no law bro­ken, no crime commit[ed]. . . Then Elites run for pres­i­dent. Why run for pres­i­dent when already con­trol coun­try like dic­ta­tor­ship?’ . . .” 
  • The e‑mail account used by the Shad­ow Bro­kers is in Ger­many and is resis­tant to attempts at dis­clos­ing users’ infor­ma­tion. Apple­baum, Lau­ra Poitras, Sarah Har­ri­son and Peter Sunde are in Ger­many.  “. . . He said Tutan­o­ta had only ever been forced to hand over encrypt­ed data of its users a few times and it has a trans­paren­cy report where it dis­clos­es those cas­es. ‘How­ev­er, we release data only in very, very few cas­es … And when we have to pro­vide the data due to a court order, it is still encrypt­ed,’ Pfau added, going on to explain the company’s stance on sur­veil­lance. . . .”
  • Recall that, in FTR #‘s 891 and 895, we not­ed that Snow­den was work­ing for the CIA in the sum­mer of 2009 when he decid­ed to infil­trate NSA and leak its infor­ma­tion. NSA “non-hack” sus­pect Apple­baum and much of the so-called “pri­va­cy” advo­cates have received fund­ing from CIA-derived orga­ni­za­tions such as the Broad­cast­ing Board of Gov­er­nors, Radio Free Asia and the Open Tech­nol­o­gy Fund. What role is the CIA play­ing in this? “. . . Jacob Appelbaum’s will­ing­ness to work direct­ly for an old CIA cutout like Radio Free Asia in a nation long tar­geted for regime-change is cer­tainly odd, to say the least. Par­tic­u­larly since Appel­baum made a big pub­lic show recent­ly claim­ing that, though it pains him that Tor takes so much mon­ey from the US mil­i­tary, he would nev­er take mon­ey from some­thing as evil as the CIA. . . .. . . Appelbaum’s finan­cial rela­tion­ships with var­i­ous CIA spin­offs like Radio Free Asia and the BBG go fur­ther. From 2012 through 2013, Radio Free Asia trans­ferred about $1.1 mil­lion to Tor in the form of grants and con­tracts. This mil­lion dol­lars comes on top of anoth­er $3.4 mil­lion Tor received from Radio Free Asia’s par­ent agency, the BBG, start­ing from 2007. . . . . . . . Though many of the apps and tech backed by Radio Free Asia’s OTF are unknown to the gen­eral pub­lic, they are high­ly respect­ed and extreme­ly pop­u­lar among the anti-sur­veil­lance Inter­net activist crowd. OTF-fund­ed apps have been rec­om­mended by Edward Snow­den, cov­ered favor­ably by ProP­ub­lica and The New York Times’ tech­nol­ogy reporters, and repeat­edly pro­moted by the Elec­tronic Fron­tier Foun­da­tion. Every­one seems to agree that OTF-fund­ed pri­vacy apps offer some of the best pro­tec­tion from gov­ern­ment sur­veil­lance you can getIn fact, just about all the fea­tured open-source apps on EFF’s recent “Secure Mes­sag­ing Score­card” were fund­ed by OTF. . . .. . . . You’d think that anti-sur­veil­lance activists like Chris Soghoian, Jacob Appel­baum, Cory Doc­torow and Jil­lian York would be staunch­ly against out­fits like BBG and Radio Free Asia, and the role they have played — and con­tinue to play — in work­ing with defense and cor­po­rate inter­ests to project and impose U.S. pow­er abroad. Instead, these rad­i­cal activists have know­ingly joined the club, and in doing so, have become will­ing pitch­men for a wing of the very same U.S. Nation­al Secu­rity State they so adamant­ly oppose. . . .”

The pro­gram con­cludes with an exam­i­na­tion of Don­ald Trump Jr. Many young peo­ple have come to see Assange and Snow­den as heroes. With “Team Snow­den” work­ing for Trump, those young peo­ple may find them­selves seduced by the younger Don­ald.

Pro­gram High­lights Include:

1.  The pro­gram opens with dis­cus­sion of some cryp­tic, mys­te­ri­ous tweets that Snow­den issued, short­ly before the so-called “Shad­ow Bro­kers” released their sup­pos­ed­ly “hacked” NSA cyber­weapons.

Although none of the tweets was the “dead man’s switch” some feared, the pos­si­bil­i­ty that the tweets (or one of them) may have been a sig­nal to release the ANT and TAO files in the “Shad­ow Bro­kers” “hack.”

Con­sid­er the pos­si­bil­i­ty the leaked NSA hack­ing tools real­ly were part of the Snow­den dooms­day cache (a cache to which Bam­ford pre­sum­ably nev­er had full access). Note that since Edward Snow­den sent out a cryp­tic tweet one week before the leak that could very eas­i­ly be inter­pret­ed as a metaphor­i­cal push of the Dead Man’s Switch.

“Gell­man, who is cur­rent­ly writ­ing a book about the Edward Snow­den leaks, was pre­vi­ous­ly embroiled in anoth­er recent post that sparked con­tro­ver­sy after the for­mer NSA con­trac­tor mys­te­ri­ous­ly tweet­ed: “It’s time.”

Tak­ing stock: Snow­den first cryp­ti­cal­ly tweets on August 3, “Did you work with me? Have we talked since 2013? Please recon­tact me secure­ly, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ

Snow­den then tweets a very long cryp­to­graph­ic key of some sort. He then goes silent for a cou­ple days and some start assum­ing he’s dead. And then a week lat­er we get the Shad­ow Bro­ker leak of NSA TAO hack­ing tools.

We have cir­cum­stan­tial evi­dence sug­gest­ing that the Shad­ow Bro­kers leak may be a con­se­quence of Snow­den issu­ing his cryp­tic tweets, along with cir­cum­stan­tial evi­dence that Appel­baum already had his hands on the kinds of NSA hack­ing tools that actu­al­ly got leaked but those tools prob­a­bly didn’t come from Snow­den but a dif­fer­ent, still uniden­ti­fied, NSA leak­er. Curi­ouser and curi­ouser…

Recall that, in FTR #‘s 891 and 895, we not­ed that Snow­den was work­ing for the CIA in the sum­mer of 2009 when he decid­ed to infil­trate NSA and leak its infor­ma­tion. As will be reviewed below, Apple­baum and much of the so-called “pri­va­cy” advo­cates have received fund­ing from CIA-derived orga­ni­za­tions such as the Broad­cast­ing Board of Gov­er­nors, Radio Free Asia and the Open Tech­nol­o­gy Fund.

“Is Edward Snow­den Dead? Con­spir­a­cy The­o­ry Claims Whistle­blow­er Killed After Cryp­tic Tweet” by Jason Mur­dock; Inter­na­tion­al Busi­ness Times; 8/8/2016.

Rumours of his demise have been denied by con­fi­dante Glenn Green­wald.

Exiled NSA whistle­blow­er Edward Snow­den sparked intrigue on 5 August after tweet­ing a 64-dig­it code to his two mil­lion-strong Twit­ter fol­low­ing, which con­spir­a­cy the­o­rists quick­ly assumed meant he had met his untime­ly demise. The fears were sparked by a Russ­ian news web­site called Sput­nik, which report­ed the now-delet­ed tweet could have been a “dead man’s switch” – an insur­ance code set up to aid the release of anoth­er trove of doc­u­men­ta­tion “if he did not check in to the com­put­er at a cer­tain time.”

How­ev­er, the rumours of his death or kid­nap­ping have been denied by Snowden’s close con­fi­dante Glenn Green­wald, who replied to one con­cerned tweet with: “He’s fine.”

In any case, since the post­ing Snowden’s own Twit­ter pres­ence has been eeri­ly mut­ed.

Pre­vi­ous­ly, Snow­den has indi­cat­ed he has such an insur­ance tac­tic in place should some­thing hap­pen to him while he is liv­ing under asy­lum in Rus­sia.

In one report by Wired, pub­lished in 2013 after the ini­tial NSA dis­clo­sures hit the head­lines, Green­wald described the sys­tem in place. “It’s real­ly just a way to pro­tect him­self against extreme­ly rogue behav­iour on the part of the Unit­ed States, by which I mean vio­lent actions toward him, designed to end his life, and it’s just a way to ensure that nobody feels incen­tivised to do that,” he said.

In response to the code, which appears on the sur­face to be a form of hash, jour­nal­ist Bar­ton Gell­man also took to social media to note the tweet had a “pri­vate mean­ing” and was not intend­ed for the gen­er­al audi­ence. “Every­one request­ing proof of life for me and @Snowden, take a deep breath. Some tweets have pri­vate mean­ing,” he wrote on 6 August.

Based on this, it is like­ly the long code is a form of ver­i­fi­ca­tion used to prove to a con­tact of Snow­den that he is the legit­i­mate sender or recip­i­ent of a com­mu­ni­ca­tion. Using a direct mail to mes­sage, for exam­ple, would leave meta­da­ta, and there­fore a record of the con­ver­sa­tion tak­ing place.

Gell­man, who is cur­rent­ly writ­ing a book about the Edward Snow­den leaks, was pre­vi­ous­ly embroiled in anoth­er recent post that sparked con­tro­ver­sy after the for­mer NSA con­trac­tor mys­te­ri­ous­ly tweet­ed: “It’s time.”

In light of this, the use of a so-called dead man’s switch was used to pro­tect his well­be­ing. Addi­tion­al­ly, whistle­blow­ing out­fit Wik­iLeaks, which has released sen­si­tive files from the US gov­ern­ment, also uses the tech­nique. Most recent­ly, the group’s founder, Julian Assange, uploaded a fresh 88GB file to the inter­net – just pri­or to the leaks from the Demo­c­ra­t­ic Nation­al Com­mit­tee (DNC).

2. Under­stand­ing the process of “paint­ing Oswald red” gives us per­spec­tive on the crude decep­tion involved with the “Shad­ow Bro­kers” non-hack, as well as giv­ing us an under­stand­ing of the DNC hack. Review­ing why Rus­sia is an unlike­ly cul­prit in the DNC hack:

“Blam­ing Rus­sia For the DNC Hack Is Almost Too Easy” by Dr. San­dro Gay­ck­en; Coun­cil on For­eign Rela­tions Blog; 8/01/2016.

 . . . A crit­i­cal look expos­es the sig­nif­i­cant flaws in the attri­bu­tion. First, all of the tech­ni­cal evi­dence can be spoofed. Although some argue that spoof­ing the mound of uncov­ered evi­dence is too much work, it can eas­i­ly be done by a small team of good attack­ers in three or four days. Sec­ond, the tools used by Cozy Bear appeared on the black mar­ket when they were first dis­cov­ered years ago and have been recy­cled and used against many oth­er tar­gets, includ­ing against Ger­man indus­try. The reuse and fine-tun­ing of exist­ing mal­ware hap­pens all the time. Third, the lan­guage, loca­tion set­tings, and com­pi­la­tion meta­da­ta can eas­i­ly be altered by chang­ing basic set­tings on the attacker’s com­put­er in five min­utes with­out the need of spe­cial knowl­edge. None of the tech­ni­cal evi­dence is con­vinc­ing. It would only be con­vinc­ing if the attack­ers used entire­ly nov­el, unique, and sophis­ti­cat­ed tools with unmis­tak­able indi­ca­tors point­ing to Rus­sia sup­port­ed by human intel­li­gence, not by mal­ware analy­sis.

The DNC attack­ers also had very poor, almost com­i­cal, oper­a­tional secu­ri­ty (OPSEC). State actors tend to have a qual­i­ty assur­ance review when devel­op­ing cyber­at­tack tools to min­i­mize the risk of dis­cov­ery and leav­ing obvi­ous crumbs behind. Russ­ian intel­li­gence ser­vices are espe­cial­ly good. They are high­ly capa­ble, tac­ti­cal­ly and strate­gi­cal­ly agile, and ratio­nal. They ensure that offen­sive tools are tai­lored and pro­por­tion­ate to the sig­nal they want to send, the pos­si­bil­i­ty of dis­clo­sure and pub­lic per­cep­tion, and the odds of esca­la­tion. The shod­dy OPSEC just doesn’t fit what we know about Russ­ian intel­li­gence. . . . Giv­en these argu­ments, blam­ing Rus­sia is not a slam dunk. Why would a coun­try with some of the best intel­li­gence ser­vices in the world com­mit a whole series of real­ly stu­pid mis­takes in a high­ly sen­si­tive oper­a­tion? Why pick a tar­get that has a strong chance of lead­ing to esca­la­to­ry activ­i­ty when Rus­sia is known to pre­fer incre­men­tal actions over dras­tic ones? Why go through the trou­ble of a false flag when doing noth­ing would have been arguably bet­ter?. . . 

3. The appar­ent “non-hack” of the NSA by “The Shad­ow Bro­kers” also makes no sense. Note also, the clum­sy, Boris and Natasha-like bro­ken Eng­lish used to try and por­tray this as a “Russ­ian” oper­a­tion. In addi­tion, as we will see, this does­n’t appear to be a “hack” at all. A skilled hack­er would not sig­nal his or her activ­i­ties in the man­ner that the “Shad­ow Bro­kers” did, nor would they be like­ly to put the infor­ma­tion obtained through their “exploits” up for auc­tion.

“Here’s Why the Sup­posed NSA ‘Hack’ Is Unlike Any­thing We’ve Ever Seen Before” by Paul Szol­dra; Busi­ness Insid­er Nordic; 8/16/2016.

. . . Their claim to have ‘hacked’ a serv­er belong­ing to the NSA is fishy. Accord­ing to ex-NSA insid­ers who spoke with Busi­ness Insid­er, the agency’s hack­ers don’t just put their exploits and toolk­its online where they can poten­tial­ly be pil­fered. The more like­ly sce­nario for where the data came from, says ex-NSA research sci­en­tist Dave Aitel, is an insid­er who down­loaded it onto a USB stick. . . . When hack­ers gain access to a serv­er, they keep qui­et about it so they can stay there. . . .One of the many strange things about this inci­dent is the very pub­lic nature of what tran­spired. When a hack­er takes over your com­put­er, they don’t start acti­vat­ing your web­cam or run­ning weird pro­grams because you’d fig­ure out pret­ty quick­ly that some­thing was up and you’d try to get rid of them. . . .

 . . . If the Shad­ow Bro­kers owned the NSA’s com­mand and con­trol serv­er, then it would prob­a­bly be a much bet­ter approach to just sit back, watch, and try to piv­ot to oth­er inter­est­ing things that they might be able to find. . . . Instead, the group wrote on Paste­bin, a web­site where you can store text, that “we fol­low Equa­tion Group traf­fic. We find Equa­tion Group source range. We hack Equa­tion Group. We find many many Equa­tion Group cyber weapons,” which imme­di­ate­ly sig­nals to this alleged NSA hack­er group that they have a big prob­lem. [Note the remark­able bro­ken Eng­lish used in the post, rem­i­nis­cent of Boris and Natasha–D.E.] . . . Peo­ple sell exploits all the time, but they hard­ly ever talk about it. . . . Most of the time, an exploit is either found by a secu­ri­ty research firm, which then writes about it and reports it to the com­pa­ny so it can fix the prob­lem. Or, a hack­er look­ing for cash will take that found exploit and sell it on the black mar­ket. So it would make sense for a group like Shad­ow Bro­kers to want to sell their trea­sure trove, but going pub­lic with it is beyond strange. . . .

4. Notice, how­ev­er, that Edward Snow­den not only opined that this was, indeed, a hack, where­as the evi­dence points in a dif­fer­ent direc­tion, but that “Rus­sia was behind the hack.” Do not fail to take stock of the fact that Snow­den is fore­shad­ow­ing a pos­si­ble con­tro­ver­sy over the hack­ing of vot­ing machines, echo­ing the pro­nounce­ments of Don­ald Trump, the suc­ces­sor to Eddie the Friend­ly Spook’s Pres­i­den­tial can­di­date of choice, Ron Paul.

“Here’s Why the Sup­posed NSA ‘Hack’ Is Unlike Any­thing We’ve Ever Seen Before” by Paul Szol­dra; Busi­ness Insid­er Nordic; 8/16/2016.

 . . . If you ask ex-NSA con­trac­tor Edward Snow­den, the pub­lic leak and claims of the Shad­ow Bro­kers seem to have Russ­ian fin­ger­prints all over them, and it serves as a warn­ing from Moscow to Wash­ing­ton. The mes­sage: If your pol­i­cy­mak­ers keep blam­ing us for the DNC hack, then we can use this hack to impli­cate you in much more.

“That could have sig­nif­i­cant for­eign pol­i­cy con­se­quences,” Snow­den wrote on Twit­ter. “Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed US allies. Par­tic­u­lar­ly if any of those oper­a­tions tar­get­ed elec­tions.” . . . .

5. The dat­ing of the code used in con­nec­tion with the cyber­weapons dates to 2013, when Snow­den down­loaded NSA files onto USB sticks and went to Hong Kong from Hawaii. Note, again, that Snow­den points to hack­ing, rather than the much more like­ly sce­nario of some­one down­load­ing infor­ma­tion onto USB sticks, as Snow­den did.

There is an impor­tant legal prin­ci­ple that is worth con­sid­er­ing, the con­cept of “con­scious­ness of guilt.” If some­one can be proved to have tak­en steps to cov­er up the com­mis­sion of a crime, that is con­sid­ered suf­fi­cient evi­dence to indict the per­son for the orig­i­nal crime. Here, we have Snow­den say­ing “Yup, Rus­sia did it” in spite of indi­ca­tions that such was not the case and “Yup, it was a hack” where­as that appears unlike­ly.

Evi­dence points in the direc­tion of “Team Snow­den,” the WikiLeaks/Snowden/Greenwald milieu we have been research­ing for years.

“‘Shad­ow Bro­kers’ Claim To Have Hacked The NSA’s Hack­ers”; Nation­al Pub­lic Radio ; 8/17/2016.

 . . . . The code released by the Shad­ow Bro­kers dates most recent­ly to 2013, the same year Edward Snow­den leaked clas­si­fied infor­ma­tion about the NSA’s sur­veil­lance pro­grams.. . . Snow­den also not­ed that the released files end in 2013. ‘When I came for­ward, NSA would have migrat­ed offen­sive oper­a­tions to new servers as a pre­cau­tion,’ he sug­gest­ed — a move that would have cut off the hack­ers’ access to the serv­er. . . . 

6. Per­haps no oth­er author/investigator has done as much writ­ing about NSA as James Bam­ford. In his obser­va­tions about “The Shad­ow Bro­kers” non-hack, he high­lights the actions of Jacob Apple­baum, the Wik­iLeak­er who appears to have been deeply involved with get­ting Snow­den from Hawaii to Hong Kong. Apple­baum is also a fierce oppo­nent of Hillary Clin­ton. Of par­tic­u­lar sig­nif­i­cance is the fact that Wik­iLeaks already had a copy of the ANT and TAO cyber­weapons.

The “Shad­ow Bro­kers” also went after Hillary Clin­ton in the Boris and Natasha-like bro­ken Eng­lish:

“Com­men­tary: Evi­dence Points to Anoth­er Snow­den at the NSA” by James Bam­ford; Reuters; 8/24/2016.

 . . . . Experts who have ana­lyzed the files sus­pect that they date to Octo­ber 2013, five months after Edward Snow­den left his con­trac­tor posi­tion with the NSA and fled to Hong Kong car­ry­ing flash dri­ves con­tain­ing hun­dreds of thou­sands of pages of NSA doc­u­ments. . . .

. . . . Enter Wik­iLeaks. Just two days after the first Shad­ow Bro­kers mes­sage, Julian Assange, the founder of Wik­iLeaks, sent out a Twit­ter mes­sage. “We had already obtained the archive of NSA cyber­weapons released ear­li­er today,” Assange wrote, “and will release our own pris­tine copy in due course.”

The month before, Assange was respon­si­ble for releas­ing the tens of thou­sands of hacked DNC emails that led to the res­ig­na­tion of the four top com­mit­tee offi­cials.

There also seems to be a link between Assange and the leak­er who stole the ANT cat­a­log, and the pos­si­ble hack­ing tools. Among Assange’s close asso­ciates is Jacob Appel­baum, a cel­e­brat­ed hack­tivist and the only pub­licly known Wik­iLeaks staffer in the Unit­ed States – until he moved to Berlin in 2013 in what he called a “polit­i­cal exile” because of what he said was repeat­ed harass­ment by U.S. law enforce­ment per­son­nel. In 2010, a Rolling Stone mag­a­zine pro­file labeled him “the most dan­ger­ous man in cyber­space.”

In Decem­ber 2013, Appel­baum was the first per­son to reveal the exis­tence of the ANT cat­a­log, at a con­fer­ence in Berlin, with­out iden­ti­fy­ing the source. That same month he said he sus­pect­ed the U.S. gov­ern­ment of break­ing into his Berlin apart­ment. He also co-wrote an arti­cle about the cat­a­log in Der Spiegel. But again, he nev­er named a source, which led many to assume, mis­tak­en­ly, that it was Snow­den. . . .

. . . . Short­ly there­after, he turned his atten­tion to Hillary Clin­ton. At a screen­ing of a doc­u­men­tary about Assange in Cannes, France, Appel­baum accused her of hav­ing a grudge against him and Assange, and that if she were elect­ed pres­i­dent, she would make their lives dif­fi­cult. “It’s a sit­u­a­tion that will pos­si­bly get worse” if she is elect­ed to the White House, he said, accord­ing to Yahoo News. . . .

. . . . In hack­tivist style, and in what appears to be pho­ny bro­ken Eng­lish, this new release of cyber­weapons also seems to be tar­get­ing Clin­ton. It ends with a long and angry ‘final mes­sage” against ‘Wealthy Elites . . . break­ing laws’ but ‘Elites top friends announce, no law bro­ken, no crime commit[ed]. . . Then Elites run for pres­i­dent. Why run for pres­i­dent when already con­trol coun­try like dic­ta­tor­ship?’ . . . .

7. Anoth­er piece of cir­cum­stan­tial evi­dence point­ing in the direc­tion of “Team Snow­den” con­cerns the fact that the “Shad­ow Bro­kers” used a Ger­man e‑mail provider.

Since Appel­baum is cur­rent­ly liv­ing in Berlin it’s worth not­ing that the email address that appears to be used by the Shad­ow Bro­kers is a Ger­man email provider with a pol­i­cy of coop­er­at­ing with legal author­i­ties as lit­tle as pos­si­ble and only hand­ing over encrypt­ed data when giv­en a court order.

In addi­tion to Apple­baum (who appears to have assist­ed Snow­den in get­ting from Hawaii to Hong Kong), Lau­ra Poitras (Glenn Green­wald’s asso­ciate), Sarah Har­ri­son (Assange’s ex-girl­friend who assist­ed Snow­den in his flight from Hong Kong to Moscow) and Peter Sunde (who found­ed the Pirate Bay web­site on which Wik­iLeaks held forth) are all res­i­dent in Ger­many at this time.

“Edward Snow­den: Rus­sia Is Chief Sus­pect In NSA Hack” by Thomas Fox-Brew­ster; Forbes ; 8/16/2016.

 . . . He said Tutan­o­ta had only ever been forced to hand over encrypt­ed data of its users a few times and it has a trans­paren­cy report where it dis­clos­es those cas­es. ‘How­ev­er, we release data only in very, very few cas­es … And when we have to pro­vide the data due to a court order, it is still encrypt­ed,’ Pfau added, going on to explain the company’s stance on sur­veil­lance. . . .

 

8. Recall that, in FTR #‘s 891 and 895, we not­ed that Snow­den was work­ing for the CIA in the sum­mer of 2009 when he decid­ed to infil­trate NSA and leak its infor­ma­tion. NSA “non-hack” sus­pect Apple­baum and much of the so-called “pri­va­cy” advo­cates have received fund­ing from CIA-derived orga­ni­za­tions such as the Broad­cast­ing Board of Gov­er­nors, Radio Free Asia and the Open Tech­nol­o­gy Fund.

“Inter­net Pri­vacy, Fund­ed by Spooks: A Brief His­tory of the BBG” by Yasha Levine; Pan­do Dai­ly; 3/01/2015. 

. . . Jacob Appelbaum’s will­ing­ness to work direct­ly for an old CIA cutout like Radio Free Asia in a nation long tar­geted for regime-change is cer­tainly odd, to say the least. Par­tic­u­larly since Appel­baum made a big pub­lic show recent­ly claim­ing that, though it pains him that Tor takes so much mon­ey from the US mil­i­tary, he would nev­er take mon­ey from some­thing as evil as the CIA. . . .

. . . Appelbaum’s finan­cial rela­tion­ships with var­i­ous CIA spin­offs like Radio Free Asia and the BBG go fur­ther. From 2012 through 2013, Radio Free Asia trans­ferred about $1.1 mil­lion to Tor in the form of grants and con­tracts. This mil­lion dol­lars comes on top of anoth­er $3.4 mil­lion Tor received from Radio Free Asia’s par­ent agency, the BBG, start­ing from 2007. . . .

9. More about CIA-derived BBG, Radio Free Asia and Open Tech­nol­o­gy Fund and their finan­cial back­ing for much of the so-called “pri­va­cy” advo­cates and the tools they rec­om­mend:

“Inter­net Pri­vacy, Fund­ed by Spooks: A Brief His­tory of the BBG” by Yasha Levine; Pan­do Dai­ly; 3/01/2015. 

. . . . Though many of the apps and tech backed by Radio Free Asia’s OTF are unknown to the gen­eral pub­lic, they are high­ly respect­ed and extreme­ly pop­u­lar among the anti-sur­veil­lance Inter­net activist crowd. OTF-fund­ed apps have been rec­om­mended by Edward Snow­den, cov­ered favor­ably by ProP­ub­lica and The New York Times’ tech­nol­ogy reporters, and repeat­edly pro­moted by the Elec­tronic Fron­tier Foun­da­tion. Every­one seems to agree that OTF-fund­ed pri­vacy apps offer some of the best pro­tec­tion from gov­ern­ment sur­veil­lance you can getIn fact, just about all the fea­tured open-source apps on EFF’s recent “Secure Mes­sag­ing Score­card” were fund­ed by OTF. . . .

. . . . You’d think that anti-sur­veil­lance activists like Chris Soghoian, Jacob Appel­baum, Cory Doc­torow and Jil­lian York would be staunch­ly against out­fits like BBG and Radio Free Asia, and the role they have played — and con­tinue to play — in work­ing with defense and cor­po­rate inter­ests to project and impose U.S. pow­er abroad. Instead, these rad­i­cal activists have know­ingly joined the club, and in doing so, have become will­ing pitch­men for a wing of the very same U.S. Nation­al Secu­rity State they so adamant­ly oppose. . . .

10. Quot­ing from a sem­i­nal arti­cle by David Golum­bia, THIS is what Julian Assange, Wik­iLeaks and “Team Snow­den” are doing!

“Tor, Tech­noc­ra­cy, Democ­ra­cy” by David Golum­bia; Uncomputing.org; 4/23/2015.

. . . . Such tech­no­cratic beliefs are wide­spread in our world today, espe­cially in the enclaves of dig­i­tal enthu­si­asts, whether or not they are part of the giant cor­po­rate-dig­i­tal leviathanHack­ers (“civic,” “eth­i­cal,” “white” and “black” hat alike), hack­tivists, Wik­iLeaks fans [and Julian Assange et al–D. E.], Anony­mous “mem­bers,” even Edward Snow­den him­self walk hand-in-hand with Face­book and Google in telling us that coders don’t just have good things to con­tribute to the polit­i­cal world, but that the polit­i­cal world is theirs to do with what they want, and the rest of us should stay out of it: the polit­i­cal world is bro­ken, they appear to think (right­ly, at least in part), and the solu­tion to that, they think (wrong­ly, at least for the most part), is for pro­gram­mers to take polit­i­cal mat­ters into their own hands. . .

11. Both Wik­iLeaks and Snow­den are heroes to many young peo­ple. As we have seen, the “Alt.right” forces embod­ied in Don­ald Trump are the same embod­ied in Julian Assange, Wik­iLeaks and Eddie the Friend­ly Spook.  We con­clude the pro­gram with brief dis­cus­sion of Don­ald Trump, Jr.‘s role in tweet­ing and re-tweet­ing Nazi dog-whis­tles.

“Trump Jr’s ‘Skit­tles’ Tweet Is Based on Two Dif­fer­ent White Suprema­cist Memes — and Nazi Pro­pa­gan­da” by Travis Get­tys; Raw Sto­ry ; 9/20/2016.

Don­ald Trump Jr. drew wide­spread con­dem­na­tionfor com­par­ing Syr­i­an refugees to poi­soned can­dy — but his anal­o­gy isn’t a new one, and it’s based on two sep­a­rate white suprema­cist memes with roots in Nazi pro­pa­gan­da.

Trump — the Repub­li­can pres­i­den­tial candidate’s eldest son and a top cam­paign sur­ro­gate — tweet­ed the image Mon­day evening in an appar­ent response to the dump­ster bomb­ing over the week­end in New York City, which his dad inapt­ly linked to the refugee cri­sis.

“This image says it all,” reads the text. “Let’s end the polit­i­cal­ly cor­rect agen­da that doesn’t put Amer­i­ca first. #trump2016,” accom­pa­nied by the offi­cial Don­ald Trump/Mike Pence cam­paign logo and slo­gan. The anal­o­gy isn’t new, and has been used for years by white suprema­cists to over­gen­er­al­ize about var­i­ous minor­i­ty groups. “It is often deployed as a way to prop up inde­fen­si­ble stereo­types by tak­ing advan­tage of human igno­rance about base rates, risk assess­ment and crim­i­nol­o­gy,” wrote Emil Karls­son on the blog Debunk­ing Denial­ism. “In the end, it tries to divert atten­tion from the inher­ent big­otry in mak­ing flawed gen­er­al­iza­tions.” A spokes­woman for Wrigley Amer­i­c­as, which makes Skit­tles, whacked Trump’s dehu­man­iz­ing com­par­i­son. “Skit­tles are can­dy. Refugees are peo­ple. We don’t feel it’s an appro­pri­ate anal­o­gy,” said Denise Young, vice pres­i­dent of cor­po­rate affairs. “We will respect­ful­ly refrain from fur­ther com­men­tary as any­thing we say could be mis­in­ter­pret­ed as mar­ket­ing.”

Joe Walsh, a sin­gle-term con­gress­man from Illi­nois and now a right-wing talk radio host who’s been boot­ed from the air­waves for using racial slurs, bragged that Trump’s meme was near­ly iden­ti­cal to one he had tweet­ed a month ear­li­er.

The anal­o­gy, which has been used on mes­sage boards and shared as social media memes, orig­i­nal­ly used M&Ms as the can­dy in ques­tion — but that changed after George Zim­mer­man gunned down Trayvon Mar­tin while the unarmed black teen was walk­ing home from buy­ing a drink and some Skit­tles.

A Google image search of “skit­tles trayvon meme”reveals a hor­ri­ble boun­ty of cap­tioned images mock­ing the slain teenag­er, whose killer was acquit­ted after claim­ing self-defense under Florida’s “stand your ground” law.

But the poi­soned can­dy anal­o­gy goes back even fur­ther, to an anti-Semit­ic children’s book pub­lished by Julius Stre­ich­er, the pub­lish­er of the Nazi news­pa­per Der Stürmer who was exe­cut­ed in 1946 as a war crim­i­nal.

The book tells the tale of “the poi­so­nous mush­room,” and was used to indoc­tri­nate chil­dren in hate.

“Just as poi­so­nous mush­rooms spring up every­where, so the Jew is found in every coun­try in the world,” the story’s moth­er explains to her son. “Just as poi­so­nous mush­rooms often lead to the most dread­ful calami­ty, so the Jew is the cause of mis­ery and dis­tress, ill­ness and death.”

So Trump’s appalling anal­o­gy isn’t just uno­rig­i­nal and demean­ing — it’s actu­al­ly racist in four dif­fer­ent ways.

12. Roger Stone and Trump, Jr. were por­trayed in an Alt.right tweet endorsed by the Trumpenkampfver­bande. Do not lose sight of the fact that Stone is now net­work­ing with Julian Assange and Wik­iLeaks.

“Trump Ally, Son Share Meme Fea­tur­ing Sym­bol Of White Nation­al­ist Alt-Right” by Alle­gra Kirk­land; Talk­ing Points Memo Livewire; 9/12/2016.

Two mem­bers of Don­ald Trump’s inner cir­cle shared memes on social media over the week­end fea­tur­ing a sym­bol pop­u­lar with the white nation­al­ist alt-right.

Riff­ing off of Hillary Clinton’s remark that some of Trump’s sup­port­ers are racists, misog­y­nists, and xeno­phobes who belong in a “bas­ket of deplorables,” the meme shared by Don­ald Trump Jr. and Trump ally Roger Stone showed key Trump allies pho­to­shopped onto a poster from the move “The Expend­ables.” In the edit­ed poster for “The Deplorables,” those armed staffers and Trump boost­ers are shown along­side Pepe the Frog, a car­toon fig­ure that first cropped up on the 4chan web­site and has since become asso­ci­at­ed with the white suprema­cist move­ment online.

Trump, Indi­ana Gov. Mike Pence ®, New Jer­sey Gov. Chris Christie ®, Ben Car­son, con­spir­a­cy the­o­rist Alex Jones, and alt-right fig­ure­head Milo Yiannopou­los were among those in includ­ed in the image.

“Appar­ent­ly I made the cut as one of the Deplorables,” Trump Jr. wrote on Insta­gram in a cap­tion accom­pa­ny­ing the meme, say­ing he was “hon­ored” to be grouped among Trump’s sup­port­ers.

Infor­mal Trump advi­sor Roger Stone shared the same image on Twit­ter, say­ing he was “so proud to be one of the Deplorables.”

Pepe the Frog has emerged as an unof­fi­cial mas­cotof the alt-right, a loose­ly defined group of white nation­al­ists who con­gre­gate online to debate IQ dif­fer­ences between the races and joke about burn­ing Jew­ish jour­nal­ists in ovens.

Last fall, Trump him­self shared a meme fea­tur­ing him­self as pres­i­dent Pepe. He has retweet­ed users with han­dles like @WhiteGenocideTM on mul­ti­ple occa­sions.

@codyave: @drudgereport@BreitbartNews@Writeintrump “You Can’t Stump the Trump“https://t.co/0xITB7XeJVpic.twitter.com/iF6S05se2w”— Don­ald J. Trump (@realDonaldTrump) Octo­ber 13, 2015

Trump has dis­avowed sup­port from the alt-right and white suprema­cists like for­mer KKK Grand Wiz­ard David Duke, though he hired Steve Ban­non, chair­man of the alt-right pro­mot­ing Bre­it­bart News, as his cam­paign CEO in August.

13. Trump, Jr. has polit­i­cal aspi­ra­tions. The grav­i­tas that Snow­den and Wik­iLeaks have with young Amer­i­cans may bear very bit­ter fruit, indeed.

“A Chip off the Old Block” by Dig­by; Hul­la­baloo; 9/21/2016.

I wrote about Trump Jr for Salon this morning:In the begin­ning of the 2016 cam­paign the only one of Don­ald Trump’s five chil­dren with a high pub­lic pro­file was his daugh­ter Ivan­ka who has her own celebri­ty brand just like her father’s. The two old­er sons were unknown to the gen­er­al pub­lic but they made quite a good first impres­sion when the whole fam­i­ly appeared on a CNN fam­i­ly spe­cial. They are all so attrac­tive and glam­orous that many peo­ple came to believe they were Don­ald Trump’s best fea­ture. Indeed, it was said that the fact he’d raised such an admirable fam­i­ly spoke so well of him that it smoothed some of the rough edges of his own per­son­al­i­ty. Unfor­tu­nate­ly, as peo­ple have got­ten to know them bet­ter, they’ve revealed them­selves to be as rough edged as dear old Dad, par­tic­u­lar­ly his name­sake, Don­ald Jr.

For most of the pri­maries Trump proud­ly evoke his two old­er sons when he talked about the 2nd amend­ment, tout­ing their NRA mem­ber­ship and love of guns. It was a lit­tle bit shock­ing to see the ghast­ly pic­tures of their African big game kills includ­ing a hor­rif­ic shot of Trump Jr hold­ing a sev­ered ele­phant tail, but they seemed to oth­er­wise be pret­ty ordi­nary hard-work­ing busi­ness­men devot­ed to their fam­i­ly. For the most part they kept a low pro­file, serv­ing as the usu­al fam­i­ly props in a polit­i­cal cam­paign.

When Don­ald Jr spoke to a white suprema­cist radio host in March it set off a few alarm bells sim­ply because his father’s extreme immi­gra­tion poli­cies had been so ecsta­t­i­cal­ly received by white nation­al­ist groups. But most chalked it up to inex­pe­ri­ence and let it go. Sure­ly Junior wasn’t as crude­ly racist as the old man who was report­ed to keep a book of Hitler speech­es next to the bed. But just a few days lat­er he retweet­ed a racist sci­ence fic­tion writer named Theodore Beale who goes by the han­dle of “Vox Day” claim­ing that a famous pic­ture of a Trump sup­port­er giv­ing a Nazi salute was actu­al­ly a fol­low­er of Bernie Sanders. The apple didn’t fall far from the tree after all.

At the GOP con­ven­tion in July, all four of the grown kids gave heart­felt speech­es about their Dad, even as they made clear through their child­hood anec­dotes that the only time they ever spent with him was at the office and it seemed that Junior in par­tic­u­lar had tak­en a more active role and was seen in a more seri­ous light. peo­ple were talk­ing about him as a mod­er­at­ing voice in the cam­paign.

Right after the con­ven­tion, how­ev­er, he let out a deaf­en­ing dog­whis­tle that left no doubt as to his per­son­al affil­i­a­tion with the far right. He went to the Nesho­ba Coun­ty Fair in Philadel­phia Mis­sis­sip­pi, best remem­bered as the place where three civ­il rights work­ers were mur­dered in 1964. But it has spe­cial polit­i­cal sig­nif­i­cance as the site of Ronald Reagan’s famous “states’ rights” speech in 1980 where he sig­naled his sym­pa­thy for white suprema­cy by deliv­er­ing it at the scene of that hor­ren­dous racist crime. (The man who coined the term “wel­fare queen” was always a cham­pi­on dog­whistler.) Trump Jr went there to rep­re­sent and rep­re­sent he did. When asked what he thought about the con­fed­er­ate flag he said, “I believe in tra­di­tion. I don’t see a lot of the non­sense that’s been cre­at­ed about that.”

Since then it’s been revealed that he fol­lows a num­ber of white nation­al­ists on twit­ter and he’s retweet­ed sev­er­al includ­ing a a psy­chol­o­gist who believes Jews manip­u­late soci­ety. And in the last cou­ple of weeks Junior has let his alt-right freak flag fly. First he got excit­ed about Hillary Clinton’s “deplorable” com­ment and proud­ly retweet­ed a pic­ture with the title “The Deplorables” that had been mak­ing the rounds fea­tur­ing Trump, Mike Pence, Rudy Giu­liani, Chris Christie, Ben Car­son, Eric Trump and Don­ald Jr along with con­spir­a­cy the­o­rist Alex Jones, right wing hit man Roger Stone, alt-right leader Milo Yia­nop­o­lis and white suprema­cist sym­bol Pepe the Frog. There’s no indi­ca­tion that any of them had a prob­lem with that but a lot of oth­er peo­ple found it to be reveal­ing, to say the least.

A cou­ple of days lat­er Trump Jr stepped in it again, say­ing the media would be “warm­ing up the gas cham­ber” for Repub­li­cans if they lied and cheat­ed the way Hillary Clin­ton does. He claimed he was talk­ing about cap­i­tal pun­ish­ment but his asso­ci­a­tion with vir­u­lent anti-Semi­tes makes that claim ring a lit­tle bit hol­low.

And then there was the Skit­tles inci­dent. Don­ald Jr tweet­ed out a deeply offen­sive image of a bowl of skit­tles with the words “If I had a bowl of Skit­tles and I told you three would kill you would you take a hand­ful? That’s our Syr­i­an refugee prob­lem.” It’s a ter­ri­ble metaphor, wrong in every way and Don­ald Jr took some heat for it. But it’s yet anoth­er win­dow into his asso­ci­a­tion with alt-right white nation­al­ism. That bad metaphor has been around in var­i­ous forms for a long time. In this coun­try it was usu­al­ly a bowl of M&Ms rep­re­sent­ing black peo­ple.. The peo­ple who traf­fic in this garbage fair­ly recent­ly changed it to Skit­tles because that was the can­dy Trayvon Mar­tin had bought on the night he was mur­dered by vig­i­lante George Zim­mer­man. Yes, it’s that sick.

You hear pun­dits and com­men­ta­tors say­ing that Don­ald Trump is sui gener­is and his phe­nom­e­non won’t be recre­at­ed. They’re prob­a­bly right. But per­haps they are not aware that his son also has polit­i­cal ambi­tions and he is sim­ply a younger, bet­ter look­ing ver­sion of his father with much more hair. If alt-right white nation­al­ism is going to be an ongo­ing fea­ture of Amer­i­can polit­i­cal life, they have their leader. He is one of them.

14. More about Trump, Jr. and his polit­i­cal aspi­ra­tions:

“Yikes! Now Don­ald Trump Jr. Says He Would “Love” to Run for Office ‘as a Patri­ot’ ” by Sophia Tes­faye; Salon; 7/20/2016.

After his ques­tion­able speech to the RNC, Trump Jr. said he “would con­sid­er” run­ning once his kids fin­ish school

Call­ing it “one of the most thrilling moments of my life,” Don­ald Trump Jr. brushed aside bur­geon­ing con­tro­ver­sy sur­round­ing the sec­ond Trump fam­i­ly speech at the RNC in as many days while speak­ing with the Wall Street Jour­nal Wednes­day morn­ing.

The old­est son of the Repub­li­can pres­i­den­tial nom­i­nee said that while he still has “a lot to do in my own career,” he would seri­ous­ly con­sid­er fol­low­ing in his father’s foot­steps out of real estate and into polit­i­cal life.

The 38-year-old New York­er said that “maybe when the kids get out of school I would con­sid­er it.” The father of five explained that he’d “love to be able to do it, as a patri­ot.”

His seem­ing­ly pre­ma­ture flir­ta­tion with polit­i­cal office comes hours after he deliv­ered a major address to the RNC Tues­day evening — a speech that has already been flagged as a poten­tial sec­ond case of Trump fam­i­ly pla­gia­rism.

https://twitter.com/TheDailyShow/status/755601024908300288

While Trump Jr. told Fox News’ Sean Han­ni­ty that “We [the Trump kids] all took a lot of pride. We all wrote the speech­es our­selves,” Amer­i­can Con­ser­v­a­tive colum­nist told Vox News that the appar­ent­ly lift­ed por­tions can’t be con­sid­ered pla­gia­rism because he wrote both the orig­i­nal col­umn and the Trump’s speech.

So while he may not be a pla­gia­riz­er in the new con­ser­v­a­tive def­i­n­i­tion of the word (my col­lege pro­fes­sors always warned against recy­cling my own work for new cours­es) it looks like we may have anoth­er Don­ald Trump pop­ping up on the polit­i­cal land­scape very soon.

 

Discussion

17 comments for “FTR #924 Technocratic Fascism, the High-Profile Hacks and The Obverse Oswald: Update on the Adventures of Eddie the Friendly Spook”

  1. Oh great, just what the world needs. Anoth­er Sil­i­con Val­ley Alt-Right sug­ar dad­dy. Specif­i­cal­ly, a Sil­i­con Val­ley Alt-Right sug­ar dad­dy who cre­at­ed a 501©4 non-prof­it orga­ni­za­tion to finance the pro­mo­tion of Alt-Right “shit­post­ing” memes:

    The Dai­ly Beast

    Palmer Luck­ey: The Face­book Near-Bil­lion­aire Secret­ly Fund­ing Trump’s Meme Machine
    Palmer Luckey—founder of Oculus—is fund­ing a Trump group that cir­cu­lates dirty memes about Hillary Clin­ton.

    Gideon Resnick
    Ben Collins
    09.22.16 8:00 PM ET

    A Sil­i­con Val­ley titan is putting mon­ey behind an unof­fi­cial Don­ald Trump group ded­i­cat­ed to “shit­post­ing” and cir­cu­lat­ing inter­net memes malign­ing Hillary Clin­ton.

    Ocu­lus founder Palmer Luck­ey finan­cial­ly backed a pro-Trump polit­i­cal orga­ni­za­tion called Nim­ble Amer­i­ca, a self-described “social wel­fare 501©4 non-prof­it” in sup­port of the Repub­li­can nom­i­nee.

    Luck­ey sold his vir­tu­al real­i­ty com­pa­ny Ocu­lus to Face­book for $2 bil­lion in 2014, and Forbes esti­mates his cur­rent net worth to be $700 mil­lion. The 24-year-old told The Dai­ly Beast that he had used the pseu­do­nym “Nim­b­leRich­Man” on Red­dit with a pass­word giv­en to him by the organization’s founders.

    Nim­ble Amer­i­ca says it’s ded­i­cat­ed to prov­ing that “shit­post­ing is pow­er­ful and meme mag­ic is real,” accord­ing to the company’s intro­duc­to­ry state­ment, and has tak­en cred­it for a bill­board its founders say was post­ed out­side of Pitts­burgh with a car­toon­ish­ly large image of Clinton’s face along­side the words “Too Big to Jail.”

    “We con­quered Red­dit and dri­ve nar­ra­tive on social media, con­quered the [main­stream media], now it’s time to get our most deli­cious memes in front of Amer­i­cans whether they like it or not,” a rep­re­sen­ta­tive for the group wrote in an intro­duc­to­ry post on Red­dit.

    Poten­tial donors from Don­ald Trump’s biggest online community—Reddit’s r/The_Donald, where one of the rules is “no dissenters”—turned on the orga­ni­za­tion this week­end, refus­ing to believe “Nim­b­leRich­Man” was the anony­mous “near-bil­lion­aire” he claimed to be and caus­ing a rift on one of the alt-right’s most pow­er­ful orga­ni­za­tion­al tools.

    Luck­ey insists he’s just the group’s mon­ey man—a wealthy boost­er who thought the med­dle­some idea was fun­ny. But he is also list­ed as the vice pres­i­dent of the group on its web­site.

    “It’s some­thing that no cam­paign is going to run,” Luck­ey said of the pro­posed bill­boards for the project.

    “I’ve got plen­ty of mon­ey,” Luck­ey added. “Mon­ey is not my issue. I thought it sound­ed like a real jol­ly good time.”

    But in anoth­er post writ­ten under Luckey’s Red­dit pseu­do­nym, there are echoes of a sim­i­lar tech bil­lion­aire, Peter Thiel, who used his deep pock­ets to secret­ly fund a cam­paign against Gawk­er.

    “The Amer­i­can Rev­o­lu­tion was fund­ed by wealthy indi­vid­u­als,” Nim­b­leRich­Man wrote on Sat­ur­day. Luck­ey con­firmed to The Dai­ly Beast he penned the posts under his Red­dit pseu­do­nym. “The same has been true of many move­ments for free­dom in his­to­ry. You can’t fight the Amer­i­can elite with­out seri­ous fire­pow­er. They will out­spend you and destroy you by any and all means.”

    Before becom­ing direct­ly involved in the process, Luck­ey met the man who would serve as the liai­son for the nascent polit­i­cal action group, and pro­vide legit­i­ma­cy to a Red­dit audi­ence for lat­er dona­tions with­out hav­ing to reveal Luckey’s iden­ti­ty: Bre­it­bart tech edi­tor and Trump boost­er Milo Yiannopou­los. The bleached-blonde polit­i­cal agi­ta­tor is most notable for being per­ma­nent­ly sus­pend­ed from Twit­ter for harass­ment after a series of abu­sive mes­sages to actress Leslie Jones.

    Luck­ey first met the alt-right provo­ca­teur in Los Ange­les about a year and a half ago, before Yiannopou­los began work­ing on a char­i­ty to send white men to col­lege. The Dai­ly Beast lat­er report­ed that the schol­ar­ship fund had result­ed in zero finan­cial dis­tri­b­u­tion of the dona­tions that had been made direct­ly to Yiannopoulos’s bank account.

    “I came into touch with them over Face­book,” Luck­ey said of the band of trolls behind the oper­a­tion. “It went along the lines of ‘hey, I have a bunch of mon­ey. I would love to see more of this stuff.’ They want­ed to build buzz and do fundrais­ing.”

    And that’s when the trou­ble began.

    Along with Luck­ey, Nim­ble Amer­i­ca was found­ed by two mod­er­a­tors of Reddit’s r/The_Donald, which helped pop­u­lar­ize Trump-themed white suprema­cist and anti-Semit­ic memes along with 4Chan and 8Chan. A ques­tion­naire to become a mod­er­a­tor at r/The_Donald post­ed in March had appli­cants answer the ques­tions “Is there a dif­fer­ence between white nation­al­ism and white suprema­cy?” and “Was 9/11 an inside job?”

    On Sat­ur­day, the orga­ni­za­tion held a fundrais­ing dri­ve on r/The_Donald, stat­ing that all dona­tions to Nim­ble America’s web­site or its boost.com fundrais­ing site would be matched by Luck­ey with­in 48 hours. This sparked a heat­ed exchange on the site as var­i­ous users expressed con­cern about mak­ing finan­cial con­tri­bu­tions to some­thing that wasn’t the offi­cial Trump cam­paign site. (Some even spec­u­lat­ed that this was an under­cov­er oper­a­tion orches­trat­ed by the Clin­ton cam­paign.)

    “Stop try­ing to mon­e­tize this com­mu­ni­ty. Stop try­ing to make any­thing offi­cial. Stop try­ing to make this more than what it is. You’re becom­ing too self-impor­tant,” wrote IncomingTrump720 in the high­est ranked reply to a post called “About what hap­pened tonight.”

    Nim­ble Amer­i­ca boost­ers swore that there was an anony­mous “near-bil­lion­aire” back­ing the effort. Red­di­tors imme­di­ate­ly doubt­ed the mon­ey man was real.

    “Anony­mous ‘obscene­ly wealthy’ donors are shady as fu ck,” Trump720 added. The user then post­ed alleged tran­scripts of the community’s mod­er­a­tors that pur­port any­one ques­tion­ing the legit­i­ma­cy of the fundrais­ing posts was imme­di­ate­ly banned from the sub­red­dit. (Mod­er­a­tors did not respond to requests to con­firm the verac­i­ty of the tran­scripts from The Dai­ly Beast at press time.)

    Despite vouch­ing for the valid­i­ty of the orga­ni­za­tion, not even Yiannopoulos’s word was tak­en at face val­ue. Now Luck­ey, the mon­ey man behind this effort, is wait­ing to see what comes of his invest­ment.

    “I’m not going to keep throw­ing mon­ey after some­thing if I don’t see any results,” Luck­ey said after sug­gest­ing that the fundrais­ing push was not a good idea. “I think these guys are pret­ty legit. The sums of mon­ey are so small, I don’t think they’re out to scam any­body. If they dis­ap­pear with the mon­ey, I wouldn’t throw any more mon­ey at them.”

    No one with­in the group answered how much mon­ey the group cur­rent­ly has on hand. And with­out an offi­cial account­ing with the Fed­er­al Elec­tion Com­mis­sion, there’s no way for the pub­lic to know.

    “Pri­or to our launch, we raised over $11,000 in order to launch Nim­ble Amer­i­ca,” Dustin Ward, a mod­er­a­tor at r/The_Donald and one of Nim­ble America’s founders, told The Dai­ly Beast. He said that most of the mon­ey had gone toward secur­ing the “ser­vices of our Nim­ble attor­neys,” and that they have “in-kind pledges from our donors to be used on the ads and events we’re plan­ning.”

    The group filled out paper­work for an Arti­cle of Incor­po­ra­tion for “Nim­ble Amer­i­ca Inc” in Wis­con­sin and, accord­ing to the doc­u­ments on their own web­site (PDF), only paid $60 for this ser­vice. The lawyer whose name is on the doc­u­ment, Mike B. Wit­ten­wyler, con­firmed that he had signed it, but did not answer fur­ther ques­tions about pay­ments.

    A finan­cial state­ment doc­u­ment avail­able on Nim­ble America’s accounts for $9,333 in spend­ing for Face­book ads, bill­boards and “web­site ops.” The last trans­ac­tion occurred on Aug. 21.

    Luck­ey said that the group had already put up a bill­board, which accord­ing to their web­site was placed on a dig­i­tal dis­play near Pitts­burgh. Oth­er details about it are not entire­ly clear.

    Ward said “We’re pur­chas­ing bill­board space near the site of the first debate, to run simul­ta­ne­ous­ly and pro­mote a can­di­date we feel rep­re­sents our inter­ests.”

    Accord­ing to Paul Ryan, deputy exec­u­tive direc­tor of the The Cam­paign Legal Cen­ter, Nim­ble Amer­i­ca can still exist as a 501(c)(4) so long as it does oth­er things besides sup­port­ing Trump.

    “Fed­er­al tax law pro­hibits 501(c)(3) orga­ni­za­tions from spend­ing any mon­ey to inter­vene in (i.e., influ­ence) a can­di­date elec­tion,” Ryan said in an email to The Dai­ly Beast. “By con­trast, fed­er­al tax law per­mits 501(c)(4) orga­ni­za­tions to spend mon­ey advo­cat­ing the elec­tion or defeat of can­di­dates, so long as such activ­i­ty isn’t the 501(c)(4) organization’s ‘pri­ma­ry’ activ­i­ty. And for any group that DOES have can­di­date advo­ca­cy as its pri­ma­ry activ­i­ty, the appro­pri­ate tax exempt sta­tus is under Sec­tion 527 of the tax code.”

    So Nim­ble Amer­i­ca is allowed to do what it’s doing up to a cer­tain point.

    “The group knows that it can do some can­di­date elec­tion work, but that such work can’t be its pri­ma­ry activity—i.e., it has to spend more than half of its bud­get on non-can­di­date-elec­tion work,” Ryan told The Dai­ly Beast when pro­vid­ed doc­u­men­ta­tion about the orga­ni­za­tion.

    How­ev­er, it’s not clear whether or not the bud­get would be used for such pur­pos­es.

    ...

    ““The Amer­i­can Rev­o­lu­tion was fund­ed by wealthy indi­vid­u­als,” Nim­b­leRich­Man wrote on Sat­ur­day. Luck­ey con­firmed to The Dai­ly Beast he penned the posts under his Red­dit pseu­do­nym. “The same has been true of many move­ments for free­dom in his­to­ry. You can’t fight the Amer­i­can elite with­out seri­ous fire­pow­er. They will out­spend you and destroy you by any and all means.””

    So near bil­lion­aires like Luck­ey and Peter Thiel appar­ent aren’t “Amer­i­can elite” but actu­al­ly noble pop­ulist rev­o­lu­tion­ar­ies. Aha. So all the arti­cle about right-wing paid online trolling oper­a­tions over the years have actu­al­ly be sto­ries of a mod­ern Amer­i­can Rev­o­lu­tion. And Luck­ey pay­ing lead trolls at the white suprema­cist, anti­se­mit­ic r/The_Donald Red­dit sub­fo­rum is just one part wealthy indi­vid­ual fight­ing that sec­ond rev­o­lu­tion against “the Amer­i­can elite”. Now we know.

    What we still don’t know is what exact­ly Luck­ey’s 501©4 is going to do oth­er than pro­mote Don­ald Trump. But it legal­ly has to do some­thing in order to main­tain its non-prof­it sta­tus. So what’s the oth­er mis­sion of “Nim­ble Amer­i­ca” going to be? Just gener­ic Alt-Right “shit­post­ing”? A whole bunch of gener­i­cal­ly pro-big­otry bill­boards?

    What­ev­er that non-Trump ori­ent­ed activ­i­ty of Nim­ble Amer­i­ca ends up being, it’s pret­ty obvi­ous that it’s going to be awful. Espe­cial­ly if Trump wins and the US gets over­whelmed with far-right memes not just ema­nat­ing for inter­net forums like Red­dit but also the White House and Con­gress. The num­ber of poten­tial hor­ri­ble ideas that are going to need pro­mot­ing dur­ing a Trump pres­i­den­cy is basi­cal­ly end­less . Why using nukes is a great idea? A Trump admin­is­tra­tion could real­ly use memes like that. Let­ting poor peo­ple die from a lack of med­ical care? There’s going to be a big need for those memes. A cam­paign for abus­ing pup­pies? That def­i­nite­ly seems very pos­si­ble. How about replac­ing the bald eagle with a racist frog as the nation­al emblem? That one’s a giv­en.

    As we can see, while Luck­ey’s Nim­ble Amer­i­ca 501©4 might need to get a lit­tle more nim­ble and var­ied in its activ­i­ties if it’s going to remain a legal far-right troll meme sug­ar dad­dy, it’s not like there’s a short­age of non-Trump-relat­ed far-right memes in dire need of trolling. It isn’t always easy to get a nation to com­mit nation­al sui­cide in the form of some sort of Alt-Right rev­o­lu­tion. Lots and lots of bad ideas are required.

    Posted by Pterrafractyl | September 23, 2016, 5:43 pm
  2. While the pres­i­den­tial debate last night undoubt­ed­ly helped Hillary Clin­ton giv­en Don­ald Trump’s errat­ic and unhinged debate per­for­mance, one of the unfor­tu­nate ques­tions we have to ask now is whether or not it would make a mean­ing­ful dif­fer­ence to his base of sup­port­ers. After all, ’tis the Sea­son of Trump. If the Trumpian fac­tion of the elec­torate cares about things like errat­i­cal­ly unhinged lead­er­ship it’s not at all obvi­ous at this point.

    Well, if the fol­low­ing arti­cle is accu­rate­ly reflect­ing the response of one of key ele­ments of Trump’s base, Alt Right online trolls, it does appear that Trump’s errat­ic per­for­mance left them a lit­tle rat­tled. And not only rat­tled but a lit­tle pissed too. Why pissed? Because, iron­i­cal­ly, when Trump actu­al­ly made a semi-valid point (one of just a hand­ful for him dur­ing the debate) that it’s entire­ly pos­si­ble the DNC hack­ers were some oth­er for­eign gov­ern­ment oth­er than Rus­sia, or maybe “some­one sit­ting on their bed that weighs 400 pounds”, he end­ed up insult­ing that key Trumpian base of 4Chan/8Chan online Alt Right trolls. A base known for its abun­dance of hack­ers.

    So hey, maybe Trump was right. Maybe the DNC hacks real­ly were car­ried out by one or more hack­er sit­ting in their beds. After all, there’s a troll army of Trumpian super­fans who take the image of hack­ers in bed very seri­ous­ly:

    The Dai­ly Beast

    Don­ald Trump’s Online Trolls Turn on Their ‘God Emper­or’
    The alt-right diehards of 4chan, who’ve helped pow­er the GOP nominee’s cam­paign with racist memes, were none too thrilled about his ‘400-pound’ hack­er com­ment at the first debate.

    Ben Collins
    09.27.16 12:30 AM ET

    One of Don­ald Trump’s most ardent fringe mes­sage boards appeared to turn on its can­di­date of choice dur­ing Mon­day night’s debate, say­ing he “got played” and that “this was not sup­posed to hap­pen.”

    4chan, the alt-right forum that Trump and his cam­paign sur­ro­gates have mined for memes and image macros to repur­pose on cam­paign Twit­ter accounts as recent­ly as two weeks ago, devolved into argu­ments about whether the usu­al­ly uni­form­ly pro-Trump web­site had been over­run by “shills” or if the can­di­date had sim­ply lost the debate.

    “I watched it with fam­i­ly mixed Democrat/Republican,” wrote one user. “Every sin­gle per­son on both sides thought Trump looked hor­ri­ble.”

    Still, some users took time to attempt to game online polls solic­it­ing opin­ions on who won the debate, implor­ing users to “abuse air­plane mode tog­gling” to allow for more votes for Trump on web­sites like CNBC, Time, ABC News, and CNN.

    Trump then spent the night point­ing his Twit­ter users to those same poll num­bers, which had been brigad­ed by 4chan and Trump’s Red­dit com­mu­ni­ty r/The_Donald. “Great debate poll num­bers — I will be on @foxandfriends at 7:00 to dis­cuss,” he wrote. “Enjoy!”

    “OK guys, let’s cut the bull­shit. Trump actu­al­ly sucked tonight,” wrote post ID 3h7UYcU0. (All posts are anony­mous on 4chan.) “Let’s talk about where we go from here. What does Trump need to do bet­ter next debate?”

    A few users appeared to have an answer to that ques­tion. They took issue with Trump’s deci­sion dur­ing the debate to blame the Demo­c­ra­t­ic Nation­al Com­mit­tee hack, which U.S. offi­cials believe was per­pe­trat­ed by Rus­sia, on “some­one sit­ting on their bed that weighs 400 pounds.”

    “[Your face when] Trump calls you out for being a 400 pound hack­er,” wrote one user, along­side an image titled fat-computer-guy.gif.

    “Which one of you 400lb ass holes hacked the DNC,” asked anoth­er.

    4chan—and its sis­ter site 8chan, which was spawned because founder Fred­er­ick Bren­nan believed 4chan had become too “author­i­tar­i­an”—has served as a breed­ing ground for some of the racist and anti-Semit­ic memes that have made their way onto Trump’s Twit­ter feed. Both sites have seen mas­sive spikes in traf­fic since Trump locked up the nom­i­na­tion, with 4chan jump­ing to about 140 mil­lion August vis­i­tors from 110 mil­lion vis­i­tors in April 2016.

    Trump infa­mous­ly tweet­ed of a Star of David next to Hillary Clinton’s face over a pile of mon­ey in a Pho­to­shopped image that was wide­ly dis­trib­uted by 8chan back in July.

    But on Mon­day night, even 8chan’s users noticed that 4chan was reel­ing.

    “They’re actu­al­ly com­plain­ing about him los­ing, and describ­ing how they feel let down,” wrote one user. “Amid some chirps of Hillary Clin­ton super PAC Cor­rect the Record.”

    4chan’s de fac­to white-nation­al­ist mas­cot Pepe, a car­toon frog that has come to rep­re­sent both pro-Trump and anti-Semit­ic users on the site over the last year, even had its hand Pho­to­shopped onto a smil­ing Clin­ton. Anoth­er meme showed Pepe point­ing a machine gun at the back of its head.

    A third showed the mas­cot drink­ing wine, along with the cap­tion “Just for Pre­dic­tItthe record I nev­er actu­al­ly sup­port­ed Trump. I just did it for the memes.”

    4chan’s sen­ti­ment tend­ed to coin­cide with anony­mous mon­ey being gam­bled on the web.

    Accord­ing to the web­site Pre­dic­tIt, which allows Amer­i­can users to bet on who will win the elec­tion, Clin­ton at one point net­ted a 15-per­cent­age point swing between the start and end of the debate.

    ...

    “4chan’s de fac­to white-nation­al­ist mas­cot Pepe, a car­toon frog that has come to rep­re­sent both pro-Trump and anti-Semit­ic users on the site over the last year, even had its hand Pho­to­shopped onto a smil­ing Clin­ton. Anoth­er meme showed Pepe point­ing a machine gun at the back of its head.”

    Wow. It turns out a den of white suprema­cist trolls can be rather fick­le. Imag­ine that. Although not too fick­le, since they still rigged all the online post-debate polls for Trump any­way:

    Van­i­ty Fair

    Trump Acci­den­tal­ly Insults His Own Alt-Right Meme Army
    But they manip­u­lat­ed online poll results in his favor any­way.
    by

    Maya Kosoff

    Sep­tem­ber 27, 2016 3:57 pm

    Every­one has feel­ings, even the dig­i­tal denizens of the Internet’s anar­chic heart, and on Mon­day night, Don­ald Trump hit them where it hurts. The Repub­li­can nom­i­nee, who has found enthu­si­as­tic sup­port among the many anony­mous alt-right trolls, hack­ers, white suprema­cists, and oth­er mis­chief-mak­ers who inhab­it the Web’s dark cor­ners, was engaged in a ram­bling dia­tribe about “cyber” dur­ing the first pres­i­den­tial debate with Hillary Clin­ton when he acci­den­tal­ly crossed the line.

    “I don’t think any­body knows that it was Rus­sia that broke into the D.N.C.,” Trump assert­ed, bristling at an accu­sa­tion by Clin­ton that he “invit­ed Putin” to hack the U.S. gov­ern­ment by applaud­ing the recent cyber­at­tack on the Demo­c­ra­t­ic Nation­al Com­mit­tee this sum­mer. “I don’t—maybe it was. I mean, it could be Rus­sia, but it could also be Chi­na, it could also be lots of oth­er peo­ple. It also could be some­body sit­ting on their bed who weighs 400 pounds, O.K.?” Trump said.

    The stereo­type of an obese, pos­si­bly bedrid­den hack­er did not go over well with some mem­bers of 4chan, the any­thing-goes online forum that has orig­i­nat­ed many of the white-suprema­cist memes that have suf­fused the Trump cam­paign. “OK guys, let’s cut the bull­shit. Trump actu­al­ly sucked tonight,” one user wrote, accord­ing to the Dai­ly Beast. “Let’s talk about where we go from here. What does Trump need to do bet­ter next debate?” Anoth­er post­ed an image of a large man clutch­ing a com­put­er key­board with the cap­tion: “YFW [Your Feel­ings When] trump calls you out for being a 400 lb hack­er.” The crit­i­cism con­tin­ued. “Trump did ter­ri­bly,” anoth­er user said. “There was so much gold to go after, like her emails, how she sold ura­ni­um to Rus­sia, the DNC leaks, etc. and he said maybe 1 or 2 sen­tences about it while spend­ing 20 min­utes rant­i­ng and rav­ing try­ing to defend him­self over triv­ial things while Hillary just sat there look­ing pleased with her­self. God­damnit Don­ald, there was so much you could have hit her on. . . . I’m pissed as fu ck.”

    Despite dis­ap­point­ing, anger­ing, and alien­at­ing a por­tion of his typ­i­cal­ly devout mes­sage-board fan base, 4chan and Red­dit users still man­aged to find it in their hearts to mobi­lize online for Trump on Mon­day night. Users on the unof­fi­cial pro-Trump sub­red­dit R/The_Donald and 4chan post­ed links to dozens of unsci­en­tif­ic polls from news orga­ni­za­tions, includ­ing Wired, The Tele­graph, USA Today, NBC Night­ly News, and CNBC, which were ask­ing read­ers to vote on who they thought won the first debate. Trump sup­port­ers bom­bard­ed the eas­i­ly manip­u­lat­ed polls, cre­at­ing a false sense that Trump had out­per­formed his oppo­nent. “Abuse Air­plane Mode tog­gling,” one 4chan user wrote, explain­ing how Trump sup­port­ers could vote again and again in var­i­ous online polls. And it was suc­cess­ful: Trump end­ed up win­ning in the unof­fi­cial polls, and then spent the evening tweet­ing out the poll results, which showed he had won. “Great debate poll num­bers — I will be on @foxandfriends at 7:00 to dis­cuss,” he wrote Tues­day morn­ing. “Enjoy!” For Trump, it was the per­fect result for a cam­paign not ground­ed in facts or real­i­ty.

    “Despite dis­ap­point­ing, anger­ing, and alien­at­ing a por­tion of his typ­i­cal­ly devout mes­sage-board fan base, 4chan and Red­dit users still man­aged to find it in their hearts to mobi­lize online for Trump on Mon­day night. Users on the unof­fi­cial pro-Trump sub­red­dit R/The_Donald and 4chan post­ed links to dozens of unsci­en­tif­ic polls from news orga­ni­za­tions, includ­ing Wired, The Tele­graph, USA Today, NBC Night­ly News, and CNBC, which were ask­ing read­ers to vote on who they thought won the first debate. Trump sup­port­ers bom­bard­ed the eas­i­ly manip­u­lat­ed polls, cre­at­ing a false sense that Trump had out­per­formed his oppo­nent. “Abuse Air­plane Mode tog­gling,” one 4chan user wrote, explain­ing how Trump sup­port­ers could vote again and again in var­i­ous online polls. And it was suc­cess­ful: Trump end­ed up win­ning in the unof­fi­cial polls, and then spent the evening tweet­ing out the poll results, which showed he had won. “Great debate poll num­bers — I will be on @foxandfriends at 7:00 to dis­cuss,” he wrote Tues­day morn­ing. “Enjoy!” For Trump, it was the per­fect result for a cam­paign not ground­ed in facts or real­i­ty.”

    As we can see, when the Troll King trolls his den of trolls the trolls respond by trolling the rest of the world. It’s one rea­son why, whether or not the DNC hack­er real­ly was a Trump super­fan, that does­n’t mean the next par­ti­san hack won’t be Trump super­fan. Heck, if any­thing it’s more like­ly now that’s the Troll King trolled his trolls. That seems to be how they oper­ate.

    Troll world is weird.

    Posted by Pterrafractyl | September 27, 2016, 3:00 pm
  3. An arti­cle from Canada’s Nation­al Post Sept. 28 2016 by Tristin Hop­per enti­tled “Hitler was on cocaine and his troops were on meth:
    Author reveals deep influ­ence of drugs in Nazi Ger­many.”
    “Ohler’s book Blitzed will be released in Cana­da on Octo­ber 6. Pub­lished in the orig­i­nal Ger­man as The Total Rush. it tells the sto­ry
    of how Nazi Ger­many fought a sur­pris­ing amount of the Sec­ond World War in a drug-fueled haze.”
    Dur­ing Mon­day’s tele­vised pres­i­den­tial debate many view­ers were left won­der­ing if the Trumpen­fuhrer was fight­ing Hilary Clin­ton
    through a sim­i­lar drug-fueled haze. Trump’s typ­i­cal Il Duce facial con­tor­tions were accom­pa­nied by a lot of deep sniff­ing.
    “I call it the Fuhrer-high; it makes you feel on top of the world even if the world is col­laps­ing around” said Ger­man author Nor­man Ohler speak­ing to the Nation­al Post by phone.
    It should be not­ed Ohler was describ­ing Hitler, not Trump, lest there be any con­fu­sion.

    Posted by Dennis | September 28, 2016, 12:05 pm
  4. Did the FBI arrest an NSA con­trac­tor respon­si­ble for the Shad­ow Bro­kers leak? That’s not clear at this point, but it sure looks like it:

    The New York Times

    N.S.A. Con­trac­tor Arrest­ed in Pos­si­ble New Theft of Secrets

    By JO BECKER, ADAM GOLDMAN, MICHAEL S. SCHMIDT and MATT APUZZO
    OCT. 5, 2016

    WASHINGTON — The F.B.I. secret­ly arrest­ed a Nation­al Secu­ri­ty Agency con­trac­tor in recent weeks and is inves­ti­gat­ing whether he stole and dis­closed high­ly clas­si­fied com­put­er code devel­oped to hack into the net­works of for­eign gov­ern­ments, accord­ing to sev­er­al senior law enforce­ment and intel­li­gence offi­cials.

    The theft rais­es the embar­rass­ing prospect that for the sec­ond time in three years, an insid­er has man­aged to steal high­ly dam­ag­ing secret infor­ma­tion from the N.S.A. In 2013, Edward J. Snow­den, who was also a con­trac­tor for the agency, took a vast trove of doc­u­ments that were lat­er passed to jour­nal­ists, expos­ing N.S.A. sur­veil­lance pro­grams in the Unit­ed States and abroad.

    The con­trac­tor was iden­ti­fied as Harold T. Mar­tin III, 51, of Glen Burnie, Md., accord­ing to a crim­i­nal com­plaint filed in late August. He was charged with theft of gov­ern­ment prop­er­ty, and unau­tho­rized removal or reten­tion of clas­si­fied doc­u­ments. Dur­ing an F.B.I. raid of his house, agents seized doc­u­ments and dig­i­tal infor­ma­tion stored on elec­tron­ic devices. A large per­cent­age of the mate­ri­als found in his house and car con­tained high­ly clas­si­fied infor­ma­tion.

    At the time, F.B.I. agents inter­viewed Mr. Mar­tin, and he ini­tial­ly denied hav­ing tak­en the doc­u­ments and dig­i­tal files. The agency lat­er said he had stat­ed that he knew he was not autho­rized to have the mate­ri­als. Accord­ing to the com­plaint, he told the agency that “he knew what he had done was wrong and that he should not have done it because he knew it was unau­tho­rized.”

    In a brief state­ment issued on Wednes­day, lawyers for Mr. Mar­tin said: “We have not seen any evi­dence. But what we know is that Hal Mar­tin loves his fam­i­ly and his coun­try. There is no evi­dence that he intend­ed to betray his coun­try.”

    The infor­ma­tion believed stolen by Mr. Mar­tin — who like Mr. Snow­den worked for the con­sult­ing firm Booz Allen Hamil­ton, which is respon­si­ble for build­ing and oper­at­ing many of the agency’s most sen­si­tive cyber­op­er­a­tions — appears to be dif­fer­ent in nature from Mr. Snowden’s theft.

    Mr. Mar­tin is sus­pect­ed of tak­ing the high­ly clas­si­fied com­put­er code devel­oped by the agency to break into com­put­er sys­tems of adver­saries like Rus­sia, Chi­na, Iran and North Korea. Two offi­cials said that some of the infor­ma­tion the con­trac­tor is sus­pect­ed of tak­ing was dat­ed.

    Offi­cials said Mr. Mar­tin did not fit any of the usu­al pro­files of an “insid­er threat,” and it is unclear whether he had polit­i­cal motives, as Mr. Snow­den did when he exposed pro­grams that he said vio­lat­ed the pri­va­cy of Amer­i­can cit­i­zens.

    An admin­is­tra­tion offi­cial said the case had been han­dled secre­tive­ly not in order “to keep this guy from becom­ing anoth­er N.S.A. mar­tyr,” but because it was a con­tin­u­ing law enforce­ment case and the hope was that Mr. Mar­tin would coop­er­ate. The offi­cial said inves­ti­ga­tors sus­pect­ed that Mr. Mar­tin might have tak­en the mate­r­i­al before Mr. Snowden’s actions became pub­lic.

    The offi­cial said that at the moment it did not look like an espi­onage case, but added the caveat that it is a con­tin­u­ing inves­ti­ga­tion. At the same time, the offi­cial said that inves­ti­ga­tors think Mr. Mar­tin is not polit­i­cal­ly moti­vat­ed — “not like a Snow­den or some­one who believes that what we were doing was ille­gal and want­ed to pub­li­cize that.”

    Moti­va­tion is one of many unan­swered ques­tions about the case. It is not clear when and how the author­i­ties first learned the contractor’s iden­ti­ty, when they believe he began tak­ing infor­ma­tion, or whether he passed it to peo­ple out­side the gov­ern­ment. It is also not known whether he is believed to be respon­si­ble for a leak of clas­si­fied N.S.A. code attrib­uted to a group call­ing itself the Shad­ow Bro­kers, or whether he had any role in a series of leaks of N.S.A. inter­cepts involv­ing Japan, Ger­many and oth­er coun­tries that Wik­iLeaks has pub­lished since last year.

    “We’re strug­gling to fig­ure him out,” the offi­cial said, speak­ing on the con­di­tion of anonymi­ty because no indict­ment has been pub­licly released.

    Mr. Mar­tin was charged in Unit­ed States Dis­trict Court in Bal­ti­more. The gov­ern­ment is allowed to charge peo­ple and bring them before a court in secret. That hap­pens most often when defen­dants are coop­er­at­ing or nego­ti­at­ing plea deals, or out of fear for their safe­ty. But the secre­cy could also indi­cate that the Jus­tice Depart­ment request­ed it while ana­lyz­ing the evi­dence, and that defense lawyers agreed.

    For the N.S.A., which spent two years and hun­dreds of mil­lions, if not bil­lions, of dol­lars repair­ing the dam­age done by Mr. Snow­den, a sec­ond insid­er leak­ing the agency’s infor­ma­tion would be a dev­as­tat­ing blow. The agency’s direc­tor, Adm. Michael Rogers, who pre­vi­ous­ly ran the Navy’s Fleet Cyber Com­mand, was brought in to restore the agency’s cred­i­bil­i­ty, open it to more scruti­ny and fix the prob­lems that allowed Mr. Snow­den to sweep up hun­dreds of thou­sands of doc­u­ments.

    Offi­cials said Mr. Mar­tin did not fit any of the usu­al pro­files of an “insid­er threat,” and it is unclear whether he had polit­i­cal motives, as Mr. Snow­den did when he exposed pro­grams that he said vio­lat­ed the pri­va­cy of Amer­i­can cit­i­zens.

    It is also a poten­tial set­back for the Oba­ma admin­is­tra­tion, which has sus­tained a series of huge dis­clo­sures of clas­si­fied infor­ma­tion. Along with Mr. Snowden’s rev­e­la­tions, the anti­se­cre­cy group Wik­iLeaks in 2010 dis­closed hun­dreds of thou­sands of State and Defense Depart­ment doc­u­ments.

    In response to those leaks, the admin­is­tra­tion has said it will crack down on the dis­clo­sures of clas­si­fied infor­ma­tion and that it has pur­sued more leak cas­es than all pre­vi­ous admin­is­tra­tions com­bined.

    The admin­is­tra­tion has pros­e­cut­ed eight peo­ple for dis­clos­ing clas­si­fied infor­ma­tion to the news media, com­pared with three under all pre­vi­ous admin­is­tra­tions. But the crack­down has some­times back­fired. Mr. Snow­den, for exam­ple, has said he was inspired by the exam­ple of two pre­vi­ous leak­ers, Thomas Drake and Chelsea Man­ning, who claimed to have made dis­clo­sures to reveal gov­ern­ment wrong­do­ing. The lat­est leak sug­gests again that the unprece­dent­ed string of pros­e­cu­tions has not deterred all leaks.

    Two for­mer agency offi­cials said that even as the Media Leaks Task Force, as the Snow­den cleanup oper­a­tion was called, was under­way, there were rumors that a sec­ond insid­er was har­vest­ing the agency’s most secret data. But many inside the agency thought the leaks were left­overs from the Snow­den episode. Some C.I.A. offi­cials, mean­while, qui­et­ly spec­u­lat­ed that the N.S.A. had a “mole,” which many inside the N.S.A. doubt­ed.

    It is also poten­tial­ly dev­as­tat­ing for Booz Allen, which has built much of its busi­ness on pro­vid­ing high­ly tech­ni­cal ser­vices to the N.S.A. and oth­er intel­li­gence agen­cies.

    A spokesman for Booz Allen declined to com­ment on Wednes­day.

    As inves­ti­ga­tors look into Mr. Martin’s case, it is almost cer­tain that they will focus on whether the con­trac­tor was behind a leak in August that exposed a col­lec­tion of elec­tron­ic tools used by the N.S.A. to break into net­works around the world. That mate­r­i­al, released by a group call­ing itself the Shad­ow Bro­kers, was thought by out­side experts to have been obtained by hack­ing rather than from an insid­er. Now, in light of the arrest, that assump­tion may have to be revised. The code released by the Shad­ow Bro­kers was dat­ed from 2013, mean­ing that it almost cer­tain­ly has been over­tak­en by more recent code.

    At the time of the Shad­ow Bro­kers release, many experts spec­u­lat­ed that an N.S.A. oper­a­tor had acci­den­tal­ly left some of the code on a com­put­er serv­er in a for­eign nation — such servers are often used to hide the con­nec­tion to the agency and to facil­i­tate net­work break-ins — and that the code had been obtained by Rus­sia.

    Mr. Snow­den, in exile in Rus­sia, wrote on Twit­ter that “cir­cum­stan­tial evi­dence and con­ven­tion­al wis­dom indi­cates Russ­ian respon­si­bil­i­ty” for pub­lish­ing the code. He inter­pret­ed it as a warn­ing shot to the Amer­i­can gov­ern­ment in case it was think­ing of impos­ing sanc­tions against Rus­sia in the cybertheft of doc­u­ments from the Demo­c­ra­t­ic Nation­al Com­mit­tee.

    At the time, the agency would not even return phone calls inquir­ing about the leak of the code, and froze out for­mer employ­ees with deep con­tacts in the agency. But in recent days offi­cials said it was not clear that Rus­sia was involved.

    Bruce Schneier, an author on infor­ma­tion secu­ri­ty and fel­low at Harvard’s Kennedy School, has tracked post-Snow­den leaks from the N.S.A. and spec­u­lat­ed about their pos­si­ble source. But he had not heard that the gov­ern­ment had iden­ti­fied any leak­er.

    Mr. Schneier not­ed that the agency has aggres­sive­ly recruit­ed in recent years at gath­er­ings of young, tech-savvy pro­gram­mers, includ­ing those who spe­cial­ize in hack­ing. But offi­cials have wor­ried that the inno­v­a­tive free spir­its they need to pen­e­trate for­eign com­put­er sys­tems may also include at least a few who are moti­vat­ed by Mr. Snowden’s exam­ple. The cur­rent sus­pect, how­ev­er, does not appear to fit that pro­file.

    “I wouldn’t call it an epi­dem­ic,” Mr. Schneier said. “But there’s a hand­ful of leaks that clear­ly did not come from Snow­den.” He said events in recent years might both encour­age and intim­i­date would-be leak­ers.

    “On one side, there’s the inspi­ra­tion of Snow­den,” he said. “On the oth­er, there’s the coun­ter­bal­anc­ing force of an agency com­ing down on you like a ton of bricks. Snow­den is in exile. Man­ning is in prison.”

    ...

    While the agency pre­vi­ous­ly saw a few mem­os made pub­lic — in 2003, a lin­guist with its British equiv­a­lent was arrest­ed after leak­ing to the news media a sin­gle N.S.A. memo call­ing for a “surge” of inter­cepts at the Unit­ed Nations — it had not expe­ri­enced a mass leak until Mr. Snowden’s dis­clo­sures. He used an inex­pen­sive bit of soft­ware to sweep up data in the agency’s Hawaii net­works, unde­tect­ed. At the time, offi­cials said that would not have been pos­si­ble at Fort Meade, where data is far more pro­tect­ed. That claim will now come under far more scruti­ny.

    “As inves­ti­ga­tors look into Mr. Martin’s case, it is almost cer­tain that they will focus on whether the con­trac­tor was behind a leak in August that exposed a col­lec­tion of elec­tron­ic tools used by the N.S.A. to break into net­works around the world. That mate­r­i­al, released by a group call­ing itself the Shad­ow Bro­kers, was thought by out­side experts to have been obtained by hack­ing rather than from an insid­er. Now, in light of the arrest, that assump­tion may have to be revised. The code released by the Shad­ow Bro­kers was dat­ed from 2013, mean­ing that it almost cer­tain­ly has been over­tak­en by more recent code.”

    Well, assum­ing Harold T. Mar­tin III was the guy behind the Shad­ow Bro­kers leak that would indi­cate the Shad­ow Bro­kers leak prob­a­bly was­n’t part of the orig­i­nal Snow­den “Dead Man’s switch” cache of doc­u­ments and was­n’t some sort of Russ­ian hack. Still, if that ends up being the case it does add a lay­er of intrigue to Edward Snow­den’s mys­tery tweets in ear­ly August short­ly before the Shad­ow Bro­ker leak. After all, the files stolen by Mar­tin report­ed­ly come from before the Snow­den leak, or at least might have accord­ing to the report:

    ...

    Offi­cials said Mr. Mar­tin did not fit any of the usu­al pro­files of an “insid­er threat,” and it is unclear whether he had polit­i­cal motives, as Mr. Snow­den did when he exposed pro­grams that he said vio­lat­ed the pri­va­cy of Amer­i­can cit­i­zens.

    An admin­is­tra­tion offi­cial said the case had been han­dled secre­tive­ly not in order “to keep this guy from becom­ing anoth­er N.S.A. mar­tyr,” but because it was a con­tin­u­ing law enforce­ment case and the hope was that Mr. Mar­tin would coop­er­ate. The offi­cial said inves­ti­ga­tors sus­pect­ed that Mr. Mar­tin might have tak­en the mate­r­i­al before Mr. Snowden’s actions became pub­lic.

    The offi­cial said that at the moment it did not look like an espi­onage case, but added the caveat that it is a con­tin­u­ing inves­ti­ga­tion. At the same time, the offi­cial said that inves­ti­ga­tors think Mr. Mar­tin is not polit­i­cal­ly moti­vat­ed — “not like a Snow­den or some­one who believes that what we were doing was ille­gal and want­ed to pub­li­cize that.”

    ...

    So if these files were tak­en before Snow­den went pub­lic, we can rea­son­ably assume that Mar­tin worked for Snow­den’s old con­trac­tor, Booz Allen, prob­a­bly dur­ing the same time Snow­den was there. That does­n’t mean Snow­den would­n’t have actu­al­ly met this per­son, but it’s still worth not­ing that Snow­den’s mys­tery tweet in ear­ly August explic­it­ly ref­er­enced some­one he used to work with:

    Busi­ness Insid­er

    ‘It’s time’: Edward Snow­den just issued a call to his for­mer col­leagues on Twit­ter

    Michelle Mark

    Aug. 3, 2016, 2:21 PM

    Edward Snow­den, the for­mer Nation­al Secu­ri­ty Agency con­trac­tor turned whistle­blow­er, issued a mys­te­ri­ous call for for­mer col­leagues to recon­nect with him on Wednes­day, tweet­ing “It’s time” to his more than 2 mil­lion fol­low­ers:

    Did you work with me? Have we talked since 2013? Please recon­tact me secure­ly, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ
    — Edward Snow­den (@Snowden) August 3, 2016

    Snow­den also quot­ed a tweet by jour­nal­ist and author Bar­ton Gell­man, who said that he is seek­ing infor­ma­tion on Snow­den’s work in the intel­li­gence com­mu­ni­ty so he can write Snow­den’s biog­ra­phy, and “tell it truth­ful­ly.” Gell­man elab­o­rat­ed in an encrypt­ed mes­sage:

    I’m writ­ing a book for Pen­guin Press called DARK MIRROR: Edward Snow­den and the Amer­i­can Sur­veil­lance State. I want to hear from any­one who has first-hand infor­ma­tion on either. It need not be some deep dark secret. I’m inter­est­ed in your obser­va­tions about Snow­den’s work and work habits at CIA, Dell, NSA and Booz; or his time in the Army; or in com­put­er train­ing cours­es; or the sur­veil­lance pro­grams and prac­tices he described. Agree with him or not, I’d like to hear from you.

    ...

    “Did you work with me? Have we talked since 2013? Please recon­tact me secure­ly, or talk to @bartongellman. It’s time. https://t.co/AKmgF5AIDJ

    Now, it’s cer­tain­ly pos­si­ble that Snow­den was sim­ply try­ing to get in con­tact with one of his old co-work­ers to be a kind of char­ac­ter wit­ness. Maybe relat­ed to Oliv­er Stone’s movie Snow­den that pre­miered in Sep­tem­ber or some­thing. Still, the tim­ing sure is inter­est­ing.

    You also have to won­der how the Krem­lin will respond if it turns out Shad­ow Bro­ker leak not only was­n’t a Russ­ian hack but actu­al­ly one of Snow­den’s old co-work­ers con­sid­er­ing Snow­den’s pub­lic sug­ges­tions that Rus­sia was behind the hack. 2017 could be a sur­pris­ing­ly event­ful year for the Snow­den Affair.

    Posted by Pterrafractyl | October 5, 2016, 3:11 pm
  5. @Pterrafractyl–

    In eval­u­at­ing Harold Mar­tin, we want to recall two things that appear to point in a dif­fer­ent direc­tion:

    Jacob Apple­baum’s pub­lic disclosure–the first–of the ANT cat­a­logue in Decem­ber of 2013.

    Also the anti-Hillary bro­ken Eng­lish of the “Shad­ow Bro­kers.”

    This does­n’t appear to me to fit in to the Mar­tin sit­u­a­tion, at least on the basis of what has sur­faced so far.

    From FTR #924: Author James Bam­ford high­light­ed cir­cum­stan­tial evi­dence that Wik­iLeak­er Jacob Applebaum–who appears to have facil­i­tat­ed Snowden’s jour­ney from Hawaii to Hong Kong–may have been behind the Shad­ow Bro­kers non-hack. “. . . . There also seems to be a link between Assange and the leak­er who stole the ANT cat­a­log, and the pos­si­ble hack­ing tools. Among Assange’s close asso­ciates is Jacob Appel­baum, a cel­e­brat­ed hack­tivist and the only pub­licly known Wik­iLeaks staffer in the Unit­ed States – until he moved to Berlin in 2013 in what he called a “polit­i­cal exile” because of what he said was repeat­ed harass­ment by U.S. law enforce­ment per­son­nel. In 2010, a Rolling Stone mag­a­zine pro­file labeled him ‘the most dan­ger­ous man in cyberspace.‘In Decem­ber 2013, Appel­baum was the first per­son to reveal the exis­tence of the ANT cat­a­log, at a con­fer­ence in Berlin, with­out iden­ti­fy­ing the source. That same month he said he sus­pect­ed the U.S. gov­ern­ment of break­ing into his Berlin apart­ment. He also co-wrote an arti­cle about the cat­a­log in Der Spiegel. But again, he nev­er named a source, which led many to assume, mis­tak­en­ly, that it was Snow­den. . . .”
    Apple­baum was anti-Clin­ton, sen­ti­ments expressed in the clum­sy Boris and Natasha-like bro­ken Eng­lish that accom­pa­nied announce­ment of the Shad­ow Bro­kers’ gam­bit. “. . . . Short­ly there­after, he [Apple­baum] turned his atten­tion to Hillary Clin­ton. At a screen­ing of a doc­u­men­tary about Assange in Cannes, France, Appel­baum accused her of hav­ing a grudge against him and Assange, and that if she were elect­ed pres­i­dent, she would make their lives dif­fi­cult. ‘It’s a sit­u­a­tion that will pos­si­bly get worse’ if she is elect­ed to the White House, he said, accord­ing to Yahoo News. . . .. . . . In hack­tivist style, and in what appears to be pho­ny bro­ken Eng­lish, this new release of cyber­weapons also seems to be tar­get­ing Clin­ton. It ends with a long and angry ‘final mes­sage” against ‘Wealthy Elites . . . break­ing laws’ but ‘Elites top friends announce, no law bro­ken, no crime commit[ed]. . . Then Elites run for pres­i­dent. Why run for pres­i­dent when already con­trol coun­try like dic­ta­tor­ship?’ . . .”

    IF Apple­baum, Mar­tin and–perhaps–Snowden and Wik­iLeaks (which also had the cyber­weapons in ques­tion) are linked, it sug­gests a net­work and prob­a­bly a broad one at work here.

    Best,

    Dave

    Posted by Dave Emory | October 5, 2016, 5:43 pm
  6. @Dave: The Dai­ly Beast has a report on Harold ‘Hal’ Mar­t­in’s back­ground that would appear to pro­vide an expla­na­tion that has noth­ing to do with Edward Snow­den or Jacob Appel­baum: Mar­tin took the code to help him with his PhD the­sis. And giv­en the guy’s the­sis work and back­ground, it’s not incon­ceiv­able since he was work­ing with the NSA’s elite hack­er squad and his the­sis was on “new meth­ods for remote analy­sis of het­ero­ge­neous & cloud com­put­ing archi­tec­tures.” The arti­cle also notes the the NSA elite hack­ing team Mar­tin worked with was the “Tai­lored Access Oper­a­tions” team that was ini­tial­ly exposed by Appel­baum and leaked by the “Shad­ow Bro­kers”.

    So whwile Mar­tin was indeed work­ing close­ly with the kinds of tools that the “Shad­ow Bro­kers” released and could have con­ceiv­ably passed some code along to who­ev­er did the actu­al Shad­ow Bro­ker leak (with the bro­ken-Russ­ian lan­guage and all), there’s noth­ing else that we’ve seen thus far that’s sug­ges­tive that this guy would have had the same ide­o­log­i­cal moti­va­tions that Snow­den and Appel­baum have to leak the data and a plau­si­ble expla­na­tion for the theft that has noth­ing to do with the Snow­den Affair. And he has­n’t actu­al­ly been charged with leak­ing, but instead the “mis­han­dling of clas­si­fied infor­ma­tion”.

    If he was part of a larg­er Snow­den-affil­i­at­ed net­work and pass­ing (or passed in the past) TAO infor­ma­tion along that net­work, inves­ti­ga­tors either haven’t found evi­dence of it or aren’t reveal­ing that yet. It’s the kind of sit­u­a­tion that’s a reminder that cir­cum­stan­tial ambi­gu­i­ty is an effec­tive form of moti­va­tion­al encryp­tion:

    The Dai­ly Beast

    NSA Thief Worked With Elite Hack­er Squad
    He was billed as a ‘Sec­ond Snow­den’ and worked with the NSA’s most skilled hack­ers. But Hal Mar­tin may have tak­en clas­si­fied infor­ma­tion just to help him get through school.

    Shane Har­ris
    Katie Zavad­s­ki
    Nan­cy A. Youssef
    10.05.16 4:25 PM ET

    The retired Navy offi­cer arrest­ed for alleged­ly remov­ing high­ly clas­si­fied infor­ma­tion from the Nation­al Secu­ri­ty Agency worked with the orga­ni­za­tion’s elite com­put­er hack­ers, who spe­cial­ize in using com­put­er code to pen­e­trate the sys­tems of for­eign nations, accord­ing to a for­mer col­league and the man’s online resume.

    Harold Thomas Mar­tin, III, who goes by Hal, was also enrolled in a PhD pro­gram at the Uni­ver­si­ty of Mary­land Bal­ti­more Coun­ty. The uni­ver­si­ty has a part­ner­ship with the NSA, in which the agency helps devel­op cur­ricu­lum for the school and agency employ­ees can take class­es there.

    Mar­tin worked with NSA’s Tai­lored Access Oper­a­tions unit, sources with knowl­edge of his back­ground told The Dai­ly Beast. In his LinkedIn resume, Mar­tin says he worked as a “cyber engi­neer­ing advi­sor” sup­port­ing “var­i­ous cyber relat­ed ini­tia­tives” in the Defense Depart­ment and intel­li­gence com­mu­ni­ty.

    Allen was employed by NSA con­trac­tor Booz Allen Hamil­ton. “When Booz Allen learned of the arrest of one of its employ­ees by the FBI, we imme­di­ate­ly reached out to the author­i­ties to offer our total coop­er­a­tion in their inves­ti­ga­tion, and we fired the employ­ee,” Craig Vei­th, a vice pres­i­dent with the com­pa­ny, said in a state­ment. “We con­tin­ue to coop­er­ate ful­ly with the gov­ern­ment on its inves­ti­ga­tion into this seri­ous mat­ter.”

    Mar­tin was charged with two counts of mis­han­dling clas­si­fied infor­ma­tion and theft of gov­ern­ment prop­er­ty. Accord­ing to the New York Times, which first report­ed his arrest, the FBI is inves­ti­gat­ing whether Mar­tin stole clas­si­fied com­put­er codes that the NSA uses to break into for­eign net­works. The FBI dis­cov­ered the mate­r­i­al at Martin’s home in Mary­land.

    Martin’s case imme­di­ate­ly drew com­par­isons to that of Edward Snow­den, who was also work­ing as a con­trac­tor for Booz Allen Hamil­ton when he stole clas­si­fied doc­u­ments that he gave to jour­nal­ists. The NSA put in place so-called insid­er-threat detec­tion pro­grams after Snowden’s leaks to catch future unau­tho­rized dis­clo­sures. But it wasn’t imme­di­ate­ly clear whether those sys­tems failed to spot Mar­tin or if he removed the clas­si­fied mate­r­i­al before they were put in place.

    Martin’s lawyer told the Wall Street Jour­nal “There is no evi­dence that Hal Mar­tin intend­ed to betray his coun­try.” He has also not been charged yet with espi­onage or attempt­ing to pro­vide the clas­si­fied infor­ma­tion to a third par­ty or a for­eign gov­ern­ment.

    For­mer intel­li­gence offi­cials, who said they aren’t famil­iar with Martin’s case, sug­gest­ed he may have brought the mate­r­i­al home to use as research for his PhD stud­ies. “It’s con­ceiv­able giv­en what he was work­ing on that he might have used the [clas­si­fied] mate­r­i­al for research,” a for­mer offi­cial said, speak­ing on con­di­tion of anonymi­ty.

    The university’s direc­tor of com­mu­ni­ca­tions, Dinah Win­nick, con­firmed to The Dai­ly Beast that Mar­tin, 51, is a PhD stu­dent in the Infor­ma­tion Sys­tems pro­gram but said the school had no fur­ther com­ment.

    It’s not known whether Martin’s PhD work relat­ed to his work at NSA, which focused on offen­sive cyber oper­a­tions. But his descrip­tion at the school’s Inter­ac­tive Sys­tems Research Cen­ter said Mar­tin was look­ing at “new meth­ods for remote analy­sis of het­ero­ge­neous & cloud com­put­ing archi­tec­tures.” He pre­sent­ed a paper on the top­ic with his dis­ser­ta­tion com­mit­tee chair at a con­fer­ence in Seat­tle in 2014.

    His dis­ser­ta­tion, cur­rent­ly in its fourth draft, accord­ing to a file on his per­son­al home­page, is not pub­licly avail­able. Mem­bers of Martin’s dis­ser­ta­tion com­mit­tee did not return The Dai­ly Beast’s requests for com­ment.

    Accord­ing to Navy records, Mar­tin served for twelve years — four of them in the active com­po­nent and the rest as a reservist. The high­light of his career appears to be his ser­vice on the USS Seat­tle, from April 1989 to July 1992. The Seat­tle, a fast com­bat sup­port ship, was one of the first ships to arrive after Iraqi leader Sad­dam Hussein’s forces invad­ed Kuwait in 1990.

    Wilbur Trafton, the com­man­der of the Seat­tle dur­ing the war to lib­er­ate Kuwait, told The Dai­ly Beast that he doesn’t remem­ber the then-Lt. Mar­tin. A sec­ond ship­mate also said he couldn’t recall Mar­tin.

    ...

    Martin’s ex-wife, Mari­na, declined to dis­cuss her for­mer hus­band.

    Mar­tin worked with NSA’s Tai­lored Access Oper­a­tions unit, sources with knowl­edge of his back­ground told The Dai­ly Beast. In his LinkedIn resume, Mar­tin says he worked as a “cyber engi­neer­ing advi­sor” sup­port­ing “var­i­ous cyber relat­ed ini­tia­tives” in the Defense Depart­ment and intel­li­gence com­mu­ni­ty.”

    This will be a sto­ry to watch, if only for even­tu­al res­o­lu­tion on what was pos­si­bly one of the worst-timed instances of work­place theft in the his­to­ry. Imag­ine being some­one who stole cov­et­ed NSA code for rel­a­tive­ly inno­cent rea­son right around the time of Snow­den’s grand heist. This had to be a long three years for Hal Mar­tin if he had noth­ing to do with Snow­den.

    On the plus side for Mar­tin, his the­sis prob­a­bly kicked extra ass with all that TAO code. That said, if he has just wait­ed about three years for the Shad­ow Bro­ker leak he might not have need­ed to lift the code at all. Ouch. Which rais­es the ques­tion: since Mar­tin was appar­ent­ly tempt­ed enough to steal top secret TAO code to write his PhD the­sis — a the­sis that isn’t avail­able for pub­lic con­sump­tion pre­sum­ably due ot the sen­si­tive nature of its con­tents — you can bet PhD the­ses in areas relat­ed to hack­ing are going to include some pret­ty advanced hack­ing tech­niques care­ful­ly described in detail in pub­licly avail­able the­sis for the next few years until that code becomes too out­dat­ed to be use­ful.

    So if you’re run­ning an IT sys­tem involv­ing some­thing like, say, a cloud com­put­ing, it might be a good idea to keep an eye out for reports on the­ses involv­ing things like “new meth­ods for remote analy­sis of het­ero­ge­neous & cloud com­put­ing archi­tec­tures”. For exam­ple.

    Posted by Pterrafractyl | October 5, 2016, 8:24 pm
  7. So the NYT is report­ing “Some CIA offi­cials, mean­while, qui­et­ly spec­u­lat­ed that the
    NSA had a mole…” Might that be because Snow­den always was and per­haps still is
    CIA?
    New Sci­en­tist report­ed on August 24 2016, in con­nec­tion to deter­min­ing the iden­ti­ty
    of Shad­ow Bro­kers, “Cer­tain nam­ing con­ven­tions in the files point to scripts only
    acces­si­ble on a machine phys­i­cal­ly iso­lat­ed from the net­work and there­fore
    inac­ces­si­ble to any­one not phys­i­cal­ly present in the NSA build­ing”.
    Amer­i­can Mil­i­tary News report­ed that Harold Mar­tin served as a “Sur­face War­fare
    Offi­cer on the USS Seat­tle dur­ing the ear­ly ’90s”.
    Dai­ly Beast acknowl­edges Mar­tin “the retired Navy officer…worked with NSA’s Tai­lored
    Access Oper­a­tions unit..” This would be the TAO that James Bam­ford said was behind
    the ANT cat­a­log of hack­ing tools.
    Mar­tin could be a pat­sy, a Snow­den stand-in offered up as a con­so­la­tion prize by a
    sub­rosa divi­sion of CIA that oper­ates on behalf of the Under­ground Reich, there­by
    leav­ing oth­er assets like Jakob Apple­baum free to oper­ate for Team Snow­den.

    Posted by Dennis | October 6, 2016, 11:29 am
  8. Here’s an inter­est­ing mys­tery relat­ed to the big Yahoo 2014 hack that was recent­ly dis­close: How on earth did InfoAr­mor, the cyber­se­cu­ri­ty firm hired to inves­ti­gate the hack, have two reports about its con­clu­sions get report­ed on the same day that arrived at oppo­site con­clu­sions regard­ing whether or not the hack was state-spon­sored. Yep, that hap­pened. It’s kind of mys­te­ri­ous.

    So, here’s the first part of the mys­tery: An inter­view with InfoAr­mor’s chief intel­li­gence offi­cer Andrew Koramov, about how the Yahoo hack did­n’t appear to be state-spon­sored at all:

    The Wall Street Jour­nal

    Yahoo Hack­ers Were Crim­i­nals Rather Than State-Spon­sored, Secu­ri­ty Firm Says
    InfoAr­mor says the hack­ers sold Yahoo data­base at least three times, includ­ing once to a state-spon­sored actor

    By Robert McMil­lan
    Sept. 28, 2016 12:44 p.m. ET

    An infor­ma­tion-secu­ri­ty firm says the hack­ers who stole at least 500 mil­lion records from Yahoo Inc. two years ago are crim­i­nals who are sell­ing access to the data­base, and not a state-spon­sored group as Yahoo con­tends.

    The firm, InfoAr­mor Inc., appears to have access to por­tions of the Yahoo data­base. It suc­cess­ful­ly decrypt­ed the pass­words for eight Yahoo accounts pro­vid­ed by The Wall Street Jour­nal, and pro­vid­ed the date of birth, phone num­ber and ZIP Code infor­ma­tion asso­ci­at­ed with the accounts.

    InfoAr­mor said the hack­ers, whom it calls “Group E,” have sold the entire Yahoo data­base at least three times, includ­ing one sale to a state-spon­sored actor. But the hack­ers are engaged in a mon­ey­mak­ing enter­prise and have “a sig­nif­i­cant crim­i­nal track record,” sell­ing data to oth­er crim­i­nals for spam or to affil­i­ate mar­keters who aren’t act­ing on behalf of any gov­ern­ment, said Andrew Komarov, chief intel­li­gence offi­cer with InfoAr­mor Inc.

    That is not the pro­file of a state-spon­sored hack­er, Mr. Komarov said. “We don’t see any rea­son to say that it’s state spon­sored,” he said. “Their clients are state spon­sored, but not the actu­al hack­ers.”

    Mr. Komarov’s assess­ment con­flicts with Yahoo’s state­ment last week that its users’ account infor­ma­tion was stolen by “what it believes is a state-spon­sored actor.”

    Yahoo didn’t imme­di­ate­ly respond to requests for com­ment.

    Mr. Komarov said InfoAr­mor has been track­ing Group E for three years. It believes the hack­ers are East­ern Euro­pean, but declined to spec­i­fy why. InfoAr­mor has linked the group to hacks that stole more than two bil­lion records from about a dozen web­sites, includ­ing LinkedIn Corp. , Drop­box Inc. and Myspace.

    In a report pub­lished Wednes­day, InfoAr­mor offered some new details on the Yahoo breach and Group E. The analy­sis still leaves many ques­tions unan­swered, includ­ing how InfoAr­mor obtained access to the data­base and why Yahoo didn’t uncov­er the mag­ni­tude of the breach for near­ly two years. InfoAr­mor declined to say whether it has a copy of the data­base or accessed it through a third par­ty.

    Yahoo has said it began its inves­ti­ga­tion in July, around the time the com­pa­ny was final­iz­ing plans to sell its core assets to Ver­i­zon Com­mu­ni­ca­tions Inc. for $4.8 bil­lion. In a Sept. 9 secu­ri­ties fil­ing, Yahoo said it wasn’t aware of any “secu­ri­ty breach­es” or “loss, theft, unau­tho­rized access or acqui­si­tion” of user data.

    The Wall Street Jour­nal report­ed last week that Yahoo in fall 2014 detect­ed what it believed was a small breach involv­ing 30 to 40 accounts, car­ried out by hack­ers work­ing on behalf of the Russ­ian gov­ern­ment. Yahoo report­ed the inci­dent to the Fed­er­al Bureau of Inves­ti­ga­tion in late 2014 and noti­fied affect­ed users.

    InfoAr­mor began track­ing Group E in 2013, not long after hack­ers broke into servers at LinkedIn and stole more than 100 mil­lion records.

    After sell­ing the Yahoo data­base three times, start­ing in ear­ly 2015, the hack­ers have shift­ed tac­tics, Mr. Komarov said. He said the hack­ers are no longer offer­ing to sell the full data­base, but are seek­ing “to extract some­thing from the dump for sig­nif­i­cant amounts of mon­ey.” Prices vary based on the val­ue of the tar­get, Mr. Komarov said.

    Yahoo has said that the stolen data include cryp­to­graph­i­cal­ly pro­tect­ed pass­words. After The Wall Street Jour­nal pro­vid­ed InfoAr­mor with 10 Yahoo account names, the com­pa­ny was able to crack the cryp­to­graph­ic pass­word pro­tec­tion on eight of them with­in a day and pro­duce the pass­words and oth­er user infor­ma­tion for these accounts. The two account pass­words that it could­n’t read like­ly had com­plex pass­words, mean­ing they would take more time to crack, Mr. Komarov said. Based on the pass­words recov­ered by InfoAr­mor, the data­base was tak­en from Yahoo some­time before Dec. 4, 2014.

    Accord­ing to InfoArmor’s inves­ti­ga­tion, Group E was the source of some data­bas­es sold by two oth­er hack­ers, named Tessa88 and Peace of Mind. They offered a smor­gas­bord of data dumps—some of them legit­i­mate data, oth­ers not, but ulti­mate­ly part­ed ways with Group E, InfoAr­mor said.

    Ear­li­er this year, both Tessa88 and Peace of Mind offered for sale what they said were Yahoo account cre­den­tials. Those offers prompt­ed Yahoo’s inves­ti­ga­tion. But nei­ther Peace of Mind nor Tessa88 ever pro­duced data that was tak­en from Yahoo.

    “InfoAr­mor said the hack­ers, whom it calls “Group E,” have sold the entire Yahoo data­base at least three times, includ­ing one sale to a state-spon­sored actor. But the hack­ers are engaged in a mon­ey­mak­ing enter­prise and have “a sig­nif­i­cant crim­i­nal track record,” sell­ing data to oth­er crim­i­nals for spam or to affil­i­ate mar­keters who aren’t act­ing on behalf of any gov­ern­ment, said Andrew Komarov, chief intel­li­gence offi­cer with InfoAr­mor Inc.”

    As we can see, InforAr­mor’s chief intel­li­gence offi­cer, Andrew Koramov, con­clud­ed that the hack­ers may have sold the hacked data­base to a state-spon­sored actor, but it was­n’t exclu­sive­ly sold to that state and the hack­er them­selves have the kind of track record that points towards them just be crim­i­nal actors. Maybe one of the clients of the hack was a state, but the hack itself appears to be pri­ma­ry crim­i­nal­ly moti­vat­ed in nature:

    ...
    That is not the pro­file of a state-spon­sored hack­er, Mr. Komarov said. “We don’t see any rea­son to say that it’s state spon­sored,” he said. “Their clients are state spon­sored, but not the actu­al hack­ers.”
    ...

    That was one of the inter­views of Mr. Koramov pub­lished Sep­tem­ber 28. And then there was this report based on an inter­view of Koramov con­duct­ed a week ear­li­er, but pub­lished on the same day as the above report, where Koramov asserts that the hack was con­duct­ed by crim­i­nal hack­ers and com­mis­sioned by an unknown state, pos­si­bly Rus­sia (because the hack­ers-for-hire were East­ern Euro­pean and Rus­sia likes to hire East­ern Euro­pean hack­ers):

    NBC News

    Were the Rus­sians Behind the Mas­sive Yahoo Email Hack?

    by Chris Frances­cani
    Sep 28 2016, 11:58 am ET

    The hack of more than a half bil­lion Yahoo email accounts was moti­vat­ed by espi­onage, not prof­it, accord­ing to an inde­pen­dent cyber­se­cu­ri­ty firm report released Wednes­day, which con­tends that an East­ern Euro­pean state-spon­sored actor appears to have ordered the mas­sive hack as part of a coor­di­nat­ed effort to infil­trate the email accounts of U.S. mil­i­tary, diplo­mat­ic and polit­i­cal fig­ures.

    The find­ings by the cyber secu­ri­ty firm InfoAr­mor are con­sis­tent with Yahoo offi­cials’ claim last week that a state-spon­sored actor was behind one of the largest cor­po­rate breach­es in U.S. his­to­ry.

    Yet InfoAr­mor’s ver­sion of events, if accu­rate, pro­vides sig­nif­i­cant new details about how and why the com­pa­ny was hacked. Minor league hack­ers who were ped­dling Yahoo users’ per­son­al infor­ma­tion for cash in “dark web” mar­ket­places were also part of a for­eign gov­ern­ment espi­onage cam­paign dat­ing back to 2014. And the find­ings also sug­gest that hacks of LinkedIn, Drop­box, MySpace and oth­er firms — breach­es affect­ing bil­lions of cus­tomers world­wide — might’ve been part of the same state-spon­sored effort.

    In an inter­view with NBC News pri­or to the release of his fir­m’s find­ings, InfoAr­mor’s chief intel­li­gence offi­cer Andrew Komarov described the Yahoo breach as part of a larg­er, ongo­ing cam­paign to break in to the email accounts of promi­nent offi­cials from the U.S. and across the globe.

    He said that his ana­lysts have uncov­ered a pre­vi­ous­ly uniden­ti­fied col­lec­tive of elite black hat hack­ers-for-hire from East­ern Europe — a group that InfoAr­mor ana­lysts now con­tend was also respon­si­ble for hacks of the oth­er social media com­pa­nies.

    Komarov said that a state-spon­sored actor from East­ern Europe com­mis­sioned and lat­er paid the hack­er col­lec­tive $300,000 for the Yahoo data trove. He said he did­n’t know if the hacks of the oth­er social media com­pa­nies were also com­mis­sioned by a state-spon­sored actor, but believed it was like­ly. He also said he did­n’t know if the state that direct­ed the hacks was Rus­sia, or if the state-spon­sored actor that paid the hack­ers was a Russ­ian intel­li­gence agency or some oth­er arm of the Russ­ian gov­ern­ment, but that East­ern Euro­pean hack­ers often have links to the Russ­ian gov­ern­ment.

    East­ern Euro­pean oper­a­tives tied to Rus­si­a’s intel­li­gence agen­cies have been wide­ly sus­pect­ed by cyber­se­cu­ri­ty researchers of mul­ti­ple efforts to hack U.S. gov­ern­ment offi­cials’ email accounts and the accounts of Demo­c­ra­t­ic par­ty oper­a­tives.

    Komarov said that InfoAr­mor’s con­clu­sions that the hack­ers who attacked Linkedin and oth­er com­pa­nies were also respon­si­ble for the Yahoo breach are based on an exten­sive intel­li­gence analy­sis, under­ground con­tacts and infor­ma­tion gleaned from mul­ti­ple sources sur­round­ing the Yahoo hack. His firm went into dark web cha­t­rooms and made con­tact with hack­ers adver­tis­ing Yahoo address­es for sale who said they were involved in the breach, and accessed and val­i­dat­ed what Komarov described as a “large sam­ple” of the stolen Yahoo data.

    Yahoo’s con­fir­ma­tion last week of the mas­sive breach has placed the tech giant at the cen­ter of a storm of con­tro­ver­sy and unan­swered ques­tions, and could jeop­ar­dize the com­pa­ny’s immi­nent $4.8 bil­lion sale of its core busi­ness to the tele­com giant Ver­i­zon.

    It remains unclear how long and how much Yahoo offi­cials knew about the breach before pub­licly acknowl­edg­ing it. Com­pa­ny offi­cials have said that Yahoo became aware of the breach in August, and began to inves­ti­gate. Experts have said that it’s not uncom­mon for a com­pa­ny of Yahoo’s size to with­hold dis­clo­sure of a sus­pect­ed breach until an inter­nal foren­sic inves­ti­ga­tion has been com­plete.

    Last week, Yahoo’s chief infor­ma­tion secu­ri­ty offi­cer, Bob Lord, said that an inter­nal probe had deter­mined that user­names, email address­es, tele­phone num­bers, dates of birth, secu­ri­ty ques­tions and answers, and in some cas­es pass­words were har­vest­ed from more than 500 mil­lion com­pro­mised Yahoo accounts.

    Lord said in a blog post that the com­pa­ny does not believe that bank­ing or pay­ment infor­ma­tion was stolen, and has found no evi­dence to indi­cate that the hack­ers remain inside Yahoo’s sys­tems.

    Yahoo declined to com­ment.

    “Island-Hop­ping” To Reach U.S. Offi­cials

    Komarov said that the appar­ent­ly state-spon­sored actor involved in the heist was using an indi­rect but increas­ing­ly com­mon strat­e­gy known as “island-hop­ping” or “leap-frog­ging” to reach its ulti­mate tar­gets. Rather than going after U.S. and oth­er gov­ern­ment offi­cials direct­ly, the aggres­sors used the data from the hired black-hat hack­ers to breach the Yahoo accounts of friends, fam­i­ly and asso­ciates of their ulti­mate tar­gets.

    Once inside com­pro­mised Yahoo accounts, hack­ers can email or respond to their tar­gets direct­ly with seem­ing­ly legit­i­mate Yahoo emails that are vir­tu­al­ly indis­tin­guish­able from real ones.

    “The tar­get will receive the exact same email from the Yahoo user and, for him, it will look legit­i­mate,” Komarov said.

    He said that while it’s extreme­ly dif­fi­cult to direct­ly infil­trate a Google Gmail account, for instance, all you real­ly need to get into it is a com­pro­mised account of a Yahoo email user who cor­re­sponds with the Gmail user.

    “Then you sim­ply hack the Yahoo accoun­t’s con­tacts, and then ana­lyze the [emails] sent from the real object of inter­est. At some point you replace [a legit­i­mate Yahoo email sent to a tar­get] and fill it with mal­ware,” he said. Once the end tar­get clicks on a link or an attach­ment in the infect­ed Yahoo email, hack­ers can get inside the tar­get’s account.

    From For­eign Espi­onage to Dark Web Mar­ket­places

    Komarov said that the state-spon­sored actor appears to have been work­ing with the black hat hack­er col­lec­tive — which the InfoAr­mor team has dubbed “Group E” — for at least sev­er­al years.

    He said that his ana­lysts have deter­mined that Group E was also respon­si­ble for ear­li­er, high-pro­file hacks of LinkedIn, MySpace, Drop­box, the music-stream­ing ser­vice Last.fm, the microblog­ging site Tum­blr and oth­ers — like­ly for the same pur­pose of iden­ti­fy­ing trust­ed third par­ties sur­round­ing their real tar­gets. Tum­blr was pur­chased by Yahoo in 2013.

    “If you cal­cu­late all the vic­tims for all these hacks by the same group, it will be sev­er­al bil­lion vic­tims,” Komarov said.

    InfoAr­mor has deter­mined that at least some of the hacks of the oth­er tech firms “were request­ed of Group E…so we assume that the Yahoo breach was one of the tools used for suc­cess­ful attacks against U.S. gov­ern­ment offi­cials.”

    Komarov said that in recent years the state spon­sored actor approached Group E and asked them to hack mil­lions of Yahoo email users’ accounts. They pro­vid­ed Group E with spe­cif­ic email address­es they were seek­ing, and when they were turned over and ver­i­fied, the for­eign agent agreed to pur­chase the entire trove, he said.

    The agent had ini­tial­ly sought exclu­sive access to the stolen Yahoo data set, but balked at Group E’s $500,000 price. Instead, Group E brought the price for the Yahoo trove down to $300,000, and retained the right to ped­dle the hacked emails else­where.

    Komarov told NBC News that the Yahoo trove was lat­er sold off to two well-known spam­mers, who exploit­ed it for prof­it.

    After it had been sold off and mined for months, Group E appears to have pro­vid­ed a low-lev­el but well-known hack­er named Tessa88 with most­ly use­less left­overs from the Yahoo trove to fur­ther dis­tance the for­eign agent from the Yahoo hack, Komarov said.

    Tessa88 began adver­tis­ing Yahoo data for sale on a Russ­ian-speak­ing dark web mar­ket­place, and appears to have part­nered with a hack­er who goes by the han­dle “Peace,” or “Peace of Mind,” to do the same in an Eng­lish-speak­ing online mar­ket­place called The Real Deal, accord­ing to InfoAr­mor.

    It was only when Peace began adver­tis­ing the Yahoo trove for sale that the com­pa­ny appar­ent­ly became aware that they had been breached.

    InfoAr­mor’s report describes the entire enter­prise as “care­ful­ly orches­trat­ed in order to mask the actu­al sources of the hacks.”

    ...

    Komarov said that a state-spon­sored actor from East­ern Europe com­mis­sioned and lat­er paid the hack­er col­lec­tive $300,000 for the Yahoo data trove. He said he did­n’t know if the hacks of the oth­er social media com­pa­nies were also com­mis­sioned by a state-spon­sored actor, but believed it was like­ly. He also said he did­n’t know if the state that direct­ed the hacks was Rus­sia, or if the state-spon­sored actor that paid the hack­ers was a Russ­ian intel­li­gence agency or some oth­er arm of the Russ­ian gov­ern­ment, but that East­ern Euro­pean hack­ers often have links to the Russ­ian gov­ern­ment.

    Wow, ok, it would appear that Mr. Koramov’s con­clu­sions changed rather dra­mat­i­cal­ly in the week between his inter­view with NBC and the pub­li­ca­tion of InfoAr­mor’s report. There’s noth­ing wrong with chang­ing con­clu­sions but it’s still a pret­ty notable coin­ci­dence that both ver­sions of Koramov’s report were pub­lished on the same day.

    So is there an expla­na­tion for this odd jux­ta­po­si­tion? Sort of. There’s still no expla­na­tion for what caused the dra­mat­ic change in con­clu­sions in just a week, but accord­ing to the report below it sounds like InfoAr­mor dis­putes the NBC inter­view and is stand­ing by its asser­tion that the hack was not state-spon­sored:

    Busi­ness Insid­er

    A cyber­se­cu­ri­ty firm is telling two very dif­fer­ent sto­ries of the Yahoo hack to news orga­ni­za­tions

    Paul Szol­dra

    Sep. 29, 2016, 3:31 PM

    A cyber­se­cu­ri­ty firm that ana­lyzed the Yahoo data breach affect­ing at least 500 mil­lion user accounts has told com­pet­ing news orga­ni­za­tions two very dif­fer­ent sto­ries of who actu­al­ly car­ried out the hack.

    In an analy­sis post­ed on its web­site, InfoAr­mor says “tessa88” — an anony­mous but promi­nent fig­ure in under­ground forums who sells stolen data­bas­es — was the first to men­tion Yahoo cre­den­tials for sale in Feb. 2016. The firm said that tessa88 and anoth­er dark web bro­ker called “Peace of Mind” were not the hack­ers, but act­ed as prox­ies for those who car­ried out the attack.

    The hack­er group “used these two guys to bro­ker that data out,” Bry­on Rashed, senior direc­tor of mar­ket­ing at InfoAr­mor, said in a phone inter­view.

    The post itself did not actu­al­ly say much about the hack­er group behind the theft, except to say they were “pro­fes­sion­al black­hats who were hired to com­pro­mise” dif­fer­ent orga­ni­za­tions, to include Yahoo.

    InfoAr­mor Chief Intel­li­gence Offi­cer Andrew Komarov told NBC News “that a state-spon­sored actor from East­ern Europe com­mis­sioned and lat­er paid the hack­er col­lec­tive $300,000 for the Yahoo data trove. He said he did­n’t know if the hacks of the oth­er social media com­pa­nies were also com­mis­sioned by a state-spon­sored actor, but believed it was like­ly,” accord­ing to an arti­cle pub­lished Wednes­day morn­ing. (An InfoAr­mor rep lat­er dis­put­ed NBC’s account to Busi­ness Insid­er, and said that InfoAr­mor does not think the attack­ers were state spon­sored. NBC has not updat­ed its sto­ry.).

    Then, just a few hours lat­er, Komarov was quot­ed in the Wall Street Jour­nal seem­ing­ly dis­put­ing that asser­tion:

    “We don’t see any rea­son to say that it’s state spon­sored. Their clients are state spon­sored, but not the actu­al hack­ers.”

    The com­pet­ing nar­ra­tives add to the con­fu­sion sur­round­ing the Yahoo hack, which result­ed in the theft of at least 500 mil­lion user accounts by what the com­pa­ny said was a “state-spon­sored” actor.

    A per­son famil­iar with the mat­ter told Busi­ness Insid­er that “Yahoo stands 100% behind its asser­tion” of a state-spon­sored actor, but declined to offer fur­ther evi­dence in sup­port of that claim.

    ...

    “InfoAr­mor Chief Intel­li­gence Offi­cer Andrew Komarov told NBC News “that a state-spon­sored actor from East­ern Europe com­mis­sioned and lat­er paid the hack­er col­lec­tive $300,000 for the Yahoo data trove. He said he did­n’t know if the hacks of the oth­er social media com­pa­nies were also com­mis­sioned by a state-spon­sored actor, but believed it was like­ly,” accord­ing to an arti­cle pub­lished Wednes­day morn­ing. (An InfoAr­mor rep lat­er dis­put­ed NBC’s account to Busi­ness Insid­er, and said that InfoAr­mor does not think the attack­ers were state spon­sored. NBC has not updat­ed its sto­ry.)”

    Well, at least we have a con­clu­sive answer from InfoAr­mor: they real­ly do not think “Group E” was state-spon­sored. They do believe a state pur­chased the hacked mate­r­i­al, but they don’t think it was done on behalf of a state actor and they don’t claim to know which state pur­chased the mate­r­i­al and while Koramov believes that the hack­ers were East­ern Euro­pean that’s about as far as InfoAr­mor’s con­clu­sions go.

    It’s a rel­a­tive­ly incon­clu­sive set of con­clu­sions and based on InfoAr­mor’s analy­sis that’s the most that could rea­son­ably be con­clud­ed. What can we con­clude from all this? Prob­a­bly that we should­n’t be con­clud­ing that all the con­clu­sions in reports about these mega hacks are actu­al­ly con­clu­sions and not infer­ences designed to fit a nar­ra­tive. For top­ics as neb­u­lous as elite hack­ing in the mid­dle of high­ly polar­ized polit­i­cal envi­ron­ment, it’s not so much that ‘less is more’ but that ‘less is less inac­cu­rate and/or mis­lead­ing’.

    We can also con­clude that you should prob­a­bly change your pass­words.

    Posted by Pterrafractyl | October 6, 2016, 9:17 pm
  9. @Pterrafractyl–

    “Tessa88”? That has an eerie, dis­turbing­ly famil­iar feel to it.

    Might Dar­ling Tes­sa be Nazi?

    Best,

    Dave

    Posted by Dave Emory | October 7, 2016, 9:43 am
  10. @Dave: It’s also not­ing that, accord­ing to the report below, Tessa88 is pre­sumed by ana­lysts who have com­mu­ni­cat­ed with Tessa88 to actu­al­ly be two peo­ple and only one of them is a native Russ­ian speak­er. The inter­view was done fol­low­ing their sale of the LinkedIn and MySpace hacks back in June. So Tessa88 appears to be at least two peo­ple who are inten­tion­al­ly putting up a “I’m Russ­ian” pub­lic face as they go about grab­bing the world’s atten­tion:

    Vice Moth­er­board

    This Is The Hack­er Alleged­ly Behind The LinkedIn and MySpace Megabreach­es

    Writ­ten by Loren­zo Franceschi-Bic­chierai
    June 17, 2016 // 12:37 PM EST

    In the last few weeks, more than half a bil­lion pass­words stolen from some of the biggest social media web­sites in the world have been trad­ed and sold in the internet’s under­ground.

    The data, tak­en years ago from sites such as LinkedIn, MySpace, Tum­blr, and oth­ers, has already led to count­less account takeovers, hit­ting reg­u­lar peo­ple as well as celebri­ties and big names such as Mark Zucker­berg, Katy Per­ry, Lana Del Rey, and Twit­ter cofounder Biz Stone.

    For weeks, no one knew who was behind these hacks and leaked data. The only name that sur­faced was that of Peace, or Peace of Mind, a cyber­crim­i­nal who was sell­ing the hacked data on a dark web mar­ket. But when a web­site that serves as a repos­i­to­ry of hacked cre­den­tials announced the MySpace hack, anoth­er name came out: Tessa88.

    Until now, Tessa88 has act­ed most­ly in the shad­ows, talk­ing briefly with a few reporters. No one real­ly knows for sure who they are, or what their role is in all these megabreach­es. But now, thanks to an inter­view with Tessa88, as well as inter­views with mul­ti­ple sources who have been track­ing them, Moth­er­board has been able to piece togeth­er a rough sketch.

    “I am a very old inhab­i­tant of the net­work :)),” Tessa88 told us in a chat con­duct­ed in Russ­ian, when asked who they are. They added that their real name isn’t Tes­sa, because that’s just the name of “a whore from Aus­tralia.”

    The han­dle Tessa88, how­ev­er, appar­ent­ly first sur­faced in the web’s dark­est cor­ners only around April 2016, per­haps a few weeks ear­li­er, when the cyber­crim­i­nal start­ed sell­ing hacked data­bas­es on Russ­ian cyber­crime forums.

    Since then, Tessa88 has made between $50,000 and $60,000 worth of bit­coin, accord­ing to Andrei Bary­se­vich, the direc­tor of East­ern Euro­pean research and analy­sis for the secu­ri­ty firm Flash­point Intel, who claimed to have found Tessa88’s bit­coin address.

    Bary­se­vich said “it’s very like­ly” that behind the alias Tessa88 there are actu­al­ly two peo­ple, per­haps a female and a male, and only one who’s a native Russ­ian speak­er, judg­ing from how they por­tray them­selves and how they speak. (Our inter­preter, who trans­lat­ed our chat with Tessa88, also said she thought we were talk­ing to two dif­fer­ent peo­ple.)

    Tessa88 isn’t just sell­ing the data. They might also be the one (or one of a group) who stole it a few years ago from the com­pa­nies’ servers.

    Sev­er­al peo­ple who’ve been study­ing Tessa88 and lurk­ing in hack­ing forums con­firmed that the hack­er was like­ly part of the orig­i­nal team of cyber­crim­i­nals, most like­ly Russ­ian or East­ern Euro­pean, who hacked LinkedIn, MySpace, and the oth­er com­pa­nies.

    What hap­pened between that time and now is a lit­tle unclear. But some spec­u­late that the hack­ers used the cre­den­tials for years with­out ever pub­li­ciz­ing the hack.

    “The inten­tion was not to have the infor­ma­tion released or sold online but to used by the group,” said Mark Are­na, the CEO of Intel 471, a secu­ri­ty firm that mon­i­tors the dark web.

    The idea, Bary­se­vich said, was to see if the pass­words and user­name com­bi­na­tions from LinkedIn or MySpace would also work on oth­er ser­vices, espe­cial­ly those where the crim­i­nals could steal mon­ey, such as Pay­Pal, for exam­ple. Crim­i­nals have cre­at­ed auto­mat­ed tools that can take hun­dreds if not thou­sands of cre­den­tials and test them on a tar­get site of choice, accord­ing to Bary­se­vich.

    After doing this for a few years, Tessa88 and the oth­ers had no more use for the data, and decid­ed to try to make “the final dol­lar,” as Bary­se­vich put it, by sell­ing the data­bas­es on the open mar­ket.

    Tessa88 said that they start­ed sell­ing the data now because they are “severe­ly” ill, and need mon­ey “to recov­er,” although the hack­er declined to spec­i­fy the exact ail­ment.

    This is where the sto­ry gets a bit mud­dy. A cou­ple of months after Tessa88 start­ed sell­ing data­bas­es in Russ­ian under­ground forums, the data sur­faced also on the data breach noti­fi­ca­tion site Leaked­Source, as well on The Real Deal, a dark web mar­ket that spe­cial­izes not only in drugs and oth­er illic­it phys­i­cal goods, but also hack­ing tools and stolen data.

    But it wasn’t Tessa88 sell­ing data on The Real Deal. It was anoth­er hack­er, this one iden­ti­fy­ing him­self as male and using the pseu­do­nym Peace Of Mind. The two hack­ers appar­ent­ly have some sort of rival­ry going on, as ZDnet explained in a recent arti­cle.

    “Peace_of_mind [is] a fagot who takes undue cred­it,” Tessa88 told Moth­er­board, adding that Peace was not part of the team that orig­i­nal­ly hacked the com­pa­nies. “I shared a dump for analy­sis! And he start­ed sell­ing it.”

    Peace said some­thing sim­i­lar about Tessa88.

    “He stole [the hacked data­bas­es] from an old bud­dy,” Peace said in an online chat. “Long ago. And he start­ed to sell them.”

    The two don’t appear to be done. For a cou­ple of weeks, there have been rumors of an impend­ing dump of hun­dreds of mil­lions of Face­book accounts. Ear­li­er this week, in their chat sta­tus, Tessa88 was adver­tis­ing 500 mil­lion Face­book accounts for 5 bit­coin, or around $3700 at the time of writ­ing. But in a chat, the hack­er said they actu­al­ly have more than 800 mil­lion accounts.

    Despite promis­es to share a sam­ple, how­ev­er, nei­ther Tessa88 nor Peace have pro­duced any data yet. Whether the Face­book data is legit­i­mate or not, there’s a good chance there’s more to come.

    ...

    “The whole world will get to see some good stuff soon. :-),” Tessa88 said, before van­ish­ing for days. “I’m just warm­ing up the audi­ence:-) I’m good at it, am I not?”

    “Bary­se­vich said “it’s very like­ly” that behind the alias Tessa88 there are actu­al­ly two peo­ple, per­haps a female and a male, and only one who’s a native Russ­ian speak­er, judg­ing from how they por­tray them­selves and how they speak. (Our inter­preter, who trans­lat­ed our chat with Tessa88, also said she thought we were talk­ing to two dif­fer­ent peo­ple.)”

    So it sounds like Tessa88 is at least two peo­ple, only one of which is a native Russ­ian speak­er. While it’s not real­ly sur­pris­ing that mul­ti­ple peo­ple would be oper­at­ing under the same han­dle for some­thing like this, it’s still pret­ty notable giv­en that Tessa88’s activ­i­ty appeared to be as much about gain­ing pub­lic­i­ty and cre­at­ing a sen­sa­tion as it was about mak­ing mon­ey. As Tessa88 put it:

    “The whole world will get to see some good stuff soon. :-),” Tessa88 said, before van­ish­ing for days. “I’m just warm­ing up the audi­ence:-) I’m good at it, am I not?”

    It’s also worth not­ing that “Peace of Mind”, also gave an inter­view fol­low­ing the where he said he was Russ­ian. And when asked where he got the data, he said a ‘team’ did it. A team of Rus­sians. He also sug­gests that Tessa88 was part of this team. So both Tessa88 and Peace of Mind REALLY want the world to assume they are Russ­ian hack­ers:

    Wired

    An Inter­view With the Hack­er Prob­a­bly Sell­ing Your Pass­word Right Now

    Andy Green­berg

    Date of Pub­li­ca­tion: 06.09.16.
    Time of Pub­li­ca­tion: 6:01 pm.

    For the last two weeks, the tech world’s secu­ri­ty teams have been prac­ti­cal­ly under siege. On an almost dai­ly basis, new col­lec­tions of data from hun­dreds of mil­lions of stolen accounts have appeared on the dark web, ripped from major web firms and sold for as lit­tle as a few hun­dred dol­lars each worth of bit­coins. And behind each of those clear­ance sales has been one pseu­do­nym: “Peace_of_mind.”

    “Peace_of_mind,” or “Peace,” sells data on the dark web black mar­ket The­Re­alDeal. His or her “store” page has a 100-per­cent sat­is­fac­tion rat­ing and feed­back like “A+++,” and “fol­lows up with your ques­tions and deliv­ers prompt­ly.” And Peace’s grow­ing selec­tion of mer­chan­dise includes 167 mil­lion user accounts from LinkedIn, 360 mil­lion from MySpace, 68 mil­lion from Tum­blr, 100 mil­lion from the Russ­ian social media site VK.com, and most recent­ly anoth­er 71 mil­lion from Twit­ter, adding up to more than 800 mil­lion accounts and grow­ing.

    Just how Peace obtained that data is far from clear. Much of it is from old­er breach­es, dat­ing back to as ear­ly as 2012. But the con­se­quences have already been serious—likely due in part to vic­tims reusing pass­words between sites—and include hack­ers com­pro­mis­ing the Twit­ter accounts of Mark Zucker­berg, Twit­ter founder Ev Williams, a mul­ti­tude of celebri­ties includ­ing Drake and Katie Per­ry and like­ly many more less-vis­i­ble attacks. In fact, these breach­es are so large it’s hard to imag­ine any­one with a dig­i­tal life who is not in some way affect­ed.

    Ear­li­er this week, WIRED approached Peace through the RealDeal mar­ket mes­sag­ing sys­tem and inter­viewed him or her via encrypt­ed, anony­mous IM. Almost none of Peace’s claims could be con­firmed. Take them only as the unver­i­fied state­ments of a mys­te­ri­ous, pseu­do­ny­mous, brazen­ly crim­i­nal hack­er. Here, with some edit­ing for clar­i­ty, is our con­ver­sa­tion, which took place on Mon­day, June 6.

    [Edi­tors’ note: After some ini­tial back-and-forth to ver­i­fy Peace is the same per­son WIRED con­tact­ed on the RealDeal black mar­ket…]

    WIRED: My first ques­tion, how have you got your hands on all these col­lec­tions of breached user cre­den­tials?

    Peace: Well, all these have been hacked through [a] ‘team,’ if you want to call it that, of Rus­sians. Some have been my work, oth­ers by anoth­er per­son.

    Are you Russ­ian, your­self?

    Yes.

    Can you tell me where you’re based?

    At this point due to mul­ti­ple inves­ti­ga­tions I would not want to say.

    Is there a name for your “team”?

    At this time I can not give out details like that, sor­ry.

    It seems like much of the data you’re sell­ing is old (though still clear­ly use­ful for hack­ers.) The Linkedin data is from 2012, for instance, and the MySpace data also seems to be from 2013. How did it hap­pen that you came to pos­sess this old data and are only sell­ing it now?

    It’s fun f**king around with these people—MySpace, Tum­blr, LinkedIn—as they threat­en to inves­ti­gate and coop­er­ate with law enforce­ment. Peace

    Well, these breach­es were shared between the team and used for our own pur­pos­es. Dur­ing this time, some of the mem­bers start­ed sell­ing to oth­er peo­ple. The peo­ple who we sold to [were] selec­tive, not ran­dom or in pub­lic forums and such, but peo­ple who would use [the data] for their own pur­pos­es and not resell or trade. Although [after] long enough, cer­tain indi­vid­u­als obtained the data and start­ed to sell [it] in bulk ($100/100k accounts, etc.) in the pub­lic. After notic­ing this, I decid­ed for myself to start mak­ing a lit­tle extra cash to start sell­ing pub­licly, as well.

    So you’re doing this sep­a­rate­ly from the rest of your crew? Are they OK with you sell­ing this data on your own?

    Well, this crew is no longer togeth­er. The leader “retired” if you want to call it that, a long time ago, how­ev­er a cer­tain some one (Tes­sa) start­ed sell­ing with­out per­mis­sion. Most of the mem­bers went on to do oth­er things and a lot aren’t in con­tact, so there wasn’t any “con­se­quence” for his actions. For me per­son­al­ly giv­en the fact that it was long ago I thought I’d join in and start sell­ing, too. [Edi­tors’ note: Some­one using the han­dle “Tes­sa” has in fact pro­vid­ed 32 mil­lion Twit­ter users’ data to the breach track­ing web­site LeakedSource.com.]

    Why didn’t the crew want to sell the whole col­lec­tion ear­li­er?

    It is not of val­ue if data is made pub­lic. We had our own use for it and oth­er buy­ers did as well. In addi­tion buy­ers expect this type of data to remain pri­vate for as long as pos­si­ble. There are many [data­bas­es] not made pub­lic for that rea­son and [in] use for many years to come.

    What was your “own use” for it? How were you able to make more by sell­ing the data pri­vate­ly?

    Well, [the] main use is for spam­ming. There is a lot of mon­ey to be made there, as [well as] in sell­ing to pri­vate buy­ers look­ing for spe­cif­ic tar­gets. As well, pass­word reuse—as seen in recent head­lines of account takeovers of high pro­file peo­ple. Many sim­ply don’t care to use dif­fer­ent pass­words which allows you to com­pile lists of Net­flix, Pay­pal, Ama­zon, etc. to sell in bulk. (50K/100K/etc)

    How much would you say the crew made sell­ing parts of the LinkedIn data­base pri­vate­ly, for instance, before you start­ed sell­ing the whole col­lec­tion?

    I don’t think that would be in my best inter­est to dis­close that infor­ma­tion. How­ev­er I can say for me per­son­al­ly, sell­ing pub­licly, [I’ve made] $15K for LinkedIn.

    How much for the MySpace and Tum­blr data?

    For both, almost $20K.

    Like, $10,000 each?

    More for Myspace. For Tum­blr a cou­ple Gs in total…but most­ly myspace due to the fact that Tum­blr had salt for the hash­es.

    The Myspace data was also hashed, wasn’t it? But not salt­ed?

    Yes, it was hashed, how­ev­er no salt. [Edi­tors’ note: For more infor­ma­tion on hash­ing and salt­ing, read tthis explain­er.]

    How much for the Fling data?

    That was about $1,200 or some­thing like that, can’t remem­ber exact amount.

    Do you have more col­lec­tions that you haven’t put up for sale yet?

    Yes, about anoth­er 1B users or so, again in the same time­frame: 2012–2013.

    ...

    I hope this doesn’t sound rude, but why did you agree to talk to me?

    No, well, it’s fun fu cking around with these people—MySpace, Tum­blr, LinkedIn—as they threat­en to inves­ti­gate and coop­er­ate with law enforce­ment. I’d rather give them a bone to chew on, so to speak, make them feel like they can catch me or oth­ers.

    And you’re sure you can evade law enforce­ment?

    Haha, yes, where I am at.

    It seems like a lot of risk for the $25K or so you say you’ve made so far.

    Well, that is pub­licly. And in less than a month. It is no risk for me, as they can’t do any­thing. Like I said, quick easy cash in about a month. [I] should have enough to go buy a nice car.

    Are you con­fi­dent you won’t be caught because you’re in Rus­sia? Don’t the Russ­ian police occa­sion­al­ly extra­dite hack­ers? A bil­lion-plus pass­words might be enough to get some atten­tion.

    Well, it is a lit­tle more com­pli­cat­ed than that, but I have plans in case some­thing hap­pens.

    ...

    “Peace: Well, all these have been hacked through [a] ‘team,’ if you want to call it that, of Rus­sians. Some have been my work, oth­ers by anoth­er per­son.”

    That was “Peace of Mind“ ‘s blan­ket state­ment about where the data came from and what his rela­tion­ship was with it: it was a team of Rus­sians, includ­ing Peace of Mind. And here’s what he said about Tessa88:

    ...
    Well, this crew is no longer togeth­er. The leader “retired” if you want to call it that, a long time ago, how­ev­er a cer­tain some one (Tes­sa) start­ed sell­ing with­out per­mis­sion. Most of the mem­bers went on to do oth­er things and a lot aren’t in con­tact, so there wasn’t any “con­se­quence” for his actions. For me per­son­al­ly giv­en the fact that it was long ago I thought I’d join in and start sell­ing, too. [Edi­tors’ note: Some­one using the han­dle “Tes­sa” has in fact pro­vid­ed 32 mil­lion Twit­ter users’ data to the breach track­ing web­site LeakedSource.com.]
    ...

    That sure sounds like Peace of Mind was assert­ing that Tessa88 was part of the orig­i­nal team of alleged Rus­sians.

    And look at Peace of Mind’s alleged moti­va­tion for tak­ing such a big risk for a rel­a­tive­ly small amount of mon­ey: he just liked mess­ing with web­sites who are will­ing to work with law enforce­ment. Also, he is safe from law enforce­ment where he is locat­ed:

    ...
    I hope this doesn’t sound rude, but why did you agree to talk to me?

    No, well, it’s fun fu cking around with these people—MySpace, Tum­blr, LinkedIn—as they threat­en to inves­ti­gate and coop­er­ate with law enforce­ment. I’d rather give them a bone to chew on, so to speak, make them feel like they can catch me or oth­ers.

    And you’re sure you can evade law enforce­ment?

    Haha, yes, where I am at.

    It seems like a lot of risk for the $25K or so you say you’ve made so far.

    Well, that is pub­licly. And in less than a month. It is no risk for me, as they can’t do any­thing. Like I said, quick easy cash in about a month. [I] should have enough to go buy a nice car.

    Are you con­fi­dent you won’t be caught because you’re in Rus­sia? Don’t the Russ­ian police occa­sion­al­ly extra­dite hack­ers? A bil­lion-plus pass­words might be enough to get some atten­tion.

    Well, it is a lit­tle more com­pli­cat­ed than that, but I have plans in case some­thing hap­pens.

    ...

    So “Peace of Mind” is basi­cal­ly try­ing to tell the world that he is part of some Russ­ian hack­ing team who can hack with impuni­ty because he is in Rus­sia. If that was the case, telling the world about that prob­a­bly isn’t the best way to main­tain that impuni­ty.

    Also keep in mind that that above inter­view was done before we had InfoAr­mor’s report describ­ing how a “Group E” appears to be the orig­i­nal hack­er in the Yahoo hack and “Tessa88” and “Peace of Mind” pur­chased or some­how acquired the info only recent­ly to make a big high pro­file splash. And as we saw in the WSJ arti­cle about the InfoAr­mor report InfoAr­mor viewed Tessa88 and Peace of Mind as sep­a­rate from “Group E”:

    The Wall Street Jour­nal

    Yahoo Hack­ers Were Crim­i­nals Rather Than State-Spon­sored, Secu­ri­ty Firm Says
    InfoAr­mor says the hack­ers sold Yahoo data­base at least three times, includ­ing once to a state-spon­sored actor

    By Robert McMil­lan
    Sept. 28, 2016 12:44 p.m. ET

    An infor­ma­tion-secu­ri­ty firm says the hack­ers who stole at least 500 mil­lion records from Yahoo Inc. two years ago are crim­i­nals who are sell­ing access to the data­base, and not a state-spon­sored group as Yahoo con­tends.

    ...

    Accord­ing to InfoArmor’s inves­ti­ga­tion, Group E was the source of some data­bas­es sold by two oth­er hack­ers, named Tessa88 and Peace of Mind. They offered a smor­gas­bord of data dumps—some of them legit­i­mate data, oth­ers not, but ulti­mate­ly part­ed ways with Group E, InfoAr­mor said.

    Ear­li­er this year, both Tessa88 and Peace of Mind offered for sale what they said were Yahoo account cre­den­tials. Those offers prompt­ed Yahoo’s inves­ti­ga­tion. But nei­ther Peace of Mind nor Tessa88 ever pro­duced data that was tak­en from Yahoo.
    ...

    And in the above inter­view it notes that Tessa88 only start­ed show­ing up in April of this year. So while it’s cur­rent­ly assumed that Tessa88 was part of the orig­i­nal team that hacked LinkedIn and MySpace, that’s pure spec­u­la­tion. We’re basi­cal­ly assum­ing Tessa88 and Peace of Mind are telling the truth.

    Addi­tion­al­ly, when you read the actu­al InfoAr­mor report, they describe Tessa88 as as not even being ful­ly aware of what they were actu­al­ly sell­ing. And Tessa88 is described as being part of a care­ful­ly orches­trat­ed effort to pub­licly sell the hacked data in a man­ner that obscured the orig­i­nal source:

    InfoAr­mor

    InfoAr­mor: Yahoo Data Breach Inves­ti­ga­tion

    Sep­tem­ber 28, 2016

    Back­ground

    Yahoo was com­pro­mised in 2014 by a group of pro­fes­sion­al black­hats who were hired to com­pro­mise cus­tomer data­bas­es from a vari­ety of dif­fer­ent tar­get­ed orga­ni­za­tions. Some of their ini­tial tar­gets, which occurred in 2012 and 2013, are linked direct­ly with the recent large scale data breach­es of social media net­works and online-ser­vices such as MySpace, Tum­blr and LinkedIn. Oth­er well-known brands have been impact­ed by this group but the data stolen from them is not cur­rent­ly avail­able for sale or val­i­da­tion in the under­ground, as of the writ­ing of this report.

    Accord­ing to Andrew Komarov, Chief Intel­li­gence Offi­cer of InfoAr­mor, the nature of the iden­ti­fied data breach has a more “closed” char­ac­ter, due to the specifics of cus­tomers asso­ci­at­ed with this spe­cif­ic data and the moti­va­tions of the bad actors involved. Of sig­nif­i­cant impor­tance, the Yahoo data leak as well as the oth­er notable expo­sures, opens the door to sig­nif­i­cant oppor­tu­ni­ties for cyber espi­onage and tar­get­ed attacks to occur.

    InfoAr­mor per­formed exten­sive analy­sis of col­lect­ed intel­li­gence sur­round­ing the hack from a vari­ety of sources in order to clar­i­fy the moti­va­tion and attri­bu­tion of the key threat actors. As a result, it is clear that many recent press reports and pub­lished arti­cles have sig­nif­i­cant inac­cu­ra­cies.

    Time­line Analy­sis

    The first men­tion of Yahoo and a poten­tial data breach appeared on cyber­crim­i­nal forums imme­di­ate­ly after the LinkedIn data was pub­lished for sale by the threat actor nick­named “tessa88.”

    03.04.2016 (3 April 2016)

    tessa88, reg­is­tered on sev­er­al under­ground com­mu­ni­ties, was the first to men­tion that Yahoo account cre­den­tials were avail­able for sale. Accord­ing to oper­a­tive sources and long term analy­sis, tessa88 act­ed as a proxy between the actu­al bad actors respon­si­ble for one of the largest hacks in his­to­ry and poten­tial buy­ers from var­i­ous under­ground com­mu­ni­ties.

    This approach was “care­ful­ly” orches­trat­ed in order to mask the actu­al sources of the hacks and to com­mer­cial­ize the data in an anony­mous man­ner, due to the fact that this data had been used by the threat actors for their own pur­pos­es, name­ly, tar­get­ed account takeover (ATO) and spam. Ini­tial­ly tessa88 pro­posed sev­er­al data­bas­es for sale, includ­ing VK, MySpace, Fling and oth­er notable e‑mail providers and some instant mes­sag­ing ser­vices from East­ern Europe. He ini­tial­ly men­tions this data in a post, dat­ed 11.02.2016 (Feb­ru­ary 2016), coin­cid­ing with the time frame when the data asso­ci­at­ed with the 2012 hacks was actu­al­ly acquired.

    In the inter­ac­tion below, a record of the con­tact who engaged with tessa88 through oper­a­tive chan­nels, it is clear that tessa88 was not ful­ly aware of the details sur­round­ing the data he was sell­ing. In some cas­es, this caused sig­nif­i­cant delays in data sam­ples being shared.

    ...

    01.05.2016 (01 May 2016)

    The actor “Peace_of_Mind” (PoM), well known for his activ­i­ties at “The Real Deal Mar­ket” (TRDM) and “The Hell” forum, after iden­ti­fy­ing his post regard­ing the stolen data at one of the under­ground forums, con­tacts tessa88 and pro­pos­es some sort of coop­er­a­tion [part­ner­ship] in exchange for some of his data.

    Sub­se­quent to this engage­ment, the data­bas­es ini­tial­ly pub­lished for sale by tessa88 are then resold by Peace_of_Mind in TOR net­work at TRDM. This is an inter­est­ing exam­ple of coop­er­a­tion between a Russ­ian speak­ing threat actor and an Eng­lish speak­ing actor, demon­strat­ing that cyber­crime is an entire­ly transna­tion­al issue.

    14.05.2016 (14 May 2016)

    Peace_of_Mind out­lines that he will share the data dumps of Mate1.com, Zooks.com, Lbsg.net, r2games.com and sev­er­al oth­er hacked WEB-resources, all hav­ing large user pop­u­la­tions, with tessa88. At this point, tessa88 updat­ed his ini­tial thread on the under­ground forums with these resources and adds LinkedIn for the first time in the list of the stolen data­bas­es avail­able for sale.

    ...

    This approach was “care­ful­ly” orches­trat­ed in order to mask the actu­al sources of the hacks and to com­mer­cial­ize the data in an anony­mous man­ner, due to the fact that this data had been used by the threat actors for their own pur­pos­es, name­ly, tar­get­ed account takeover (ATO) and spam. Ini­tial­ly tessa88 pro­posed sev­er­al data­bas­es for sale, includ­ing VK, MySpace, Fling and oth­er notable e‑mail providers and some instant mes­sag­ing ser­vices from East­ern Europe. He ini­tial­ly men­tions this data in a post, dat­ed 11.02.2016 (Feb­ru­ary 2016), coin­cid­ing with the time frame when the data asso­ci­at­ed with the 2012 hacks was actu­al­ly acquired.”

    Giv­en all that, it sure looks like “Tessa88” and “Peace of Mind” are play­ing out the ‘Boris and Natasha’ role a glob­al audi­ence to, at a min­i­mum, cov­er the tracks of “Group E”, an elite black hat for hire hack­ing crew that’s assumed to be East­ern Euro­pean. And maybe they real­ly are East­ern Euro­pean. Maybe some of them are Russ­ian. We don’t know. What we do know is that they real­ly want the world to think they’re Russ­ian.

    Posted by Pterrafractyl | October 7, 2016, 6:15 pm
  11. Accord­ing to US intel­li­gence sources briefed on the inves­ti­ga­tion of Hal Mar­tin, it looks like they aren’t see­ing any con­nec­tion to the “Shad­ow Bro­kers” leak and inves­ti­ga­tors are still try­ing to deter­mine both what Mar­tin was doing with that data and who the actu­al source is for the Shad­ow Bro­kers leak. And there’s still no hint that inves­ti­ga­tors are even con­sid­er­ing the pos­si­bil­i­ty that Jacob Appel­baum was the Shad­ow Bro­kers source, like James Bam­ford sug­gests they should. Instead, it’s look­ing like the offi­cial expla­na­tion is going to be that it was code acci­den­tal­ly left on a serv­er by NSA staff and picked up by Russ­ian hack­ers. They haven’t entire­ly arrived at that con­clu­sion quite yet, but that’s clear­ly the answer they’re going to arrive at:

    NBC News

    NSA Leak Mys­tery Not Solved With Arrest of Hal Mar­tin

    by Ken Dilan­ian
    Oct 7 2016, 4:57 pm ET

    U.S. intel­li­gence offi­cials are inves­ti­gat­ing the pos­si­bil­i­ty that recent leaks of sen­si­tive Nation­al Secu­ri­ty Agency hack­ing tools did not stem from the alleged theft of clas­si­fied mate­ri­als by a Pen­ta­gon con­trac­tor whose arrest was made pub­lic this week.

    Cur­rent and for­mer U.S. offi­cials briefed on the mat­ter told NBC News that inves­ti­ga­tors so far have found no evi­dence that Harold T. Mar­tin III, a Mary­land res­i­dent who was charged with tak­ing home reams of doc­u­ments from his Top Secret job inside the NSA, sold or dis­trib­uted the mate­r­i­al. They haven’t ruled it out, how­ev­er, and they are look­ing into whether his home com­put­ers could have been hacked.

    Still, offi­cials say they are exam­in­ing oth­er pos­si­bil­i­ties to explain the recent leaks, which seem to have orig­i­nat­ed well after Edward Snow­den began his forced exile in Rus­sia three years ago. One is that there could be a third, still uniden­ti­fied gov­ern­ment insid­er steal­ing clas­si­fied infor­ma­tion. Anoth­er is that the leaks were the result of one of the NSA’s own hack­ers being slop­py or care­less about hid­ing his tools, which were then swiped by an out­side par­ty.

    “There prob­a­bly is anoth­er per­son, but it’s prob­a­bly more innocu­ous than the oth­er two cas­es,” one for­mer senior offi­cial told NBC News. He added that it like­ly stemmed from “incom­pe­tence and com­pla­cen­cy.” The mate­r­i­al leaked, he said, was “not the Holy Grail — it was a byprod­uct of the Holy Grail.”

    Near­ly all NSA hack­ing tools are on the inter­net, the offi­cial said, if you know where to look. “We hide in the noise,” he said. The the­o­ry, he added, is that a gov­ern­ment hack­er left his tools in a place where oth­ers could find them — for exam­ple, on a non-NSA serv­er.

    The cur­rent and for­mer offi­cials say the leaks in ques­tion include a suite of NSA hack­ing tools put up for sale in August by a group iden­ti­fy­ing itself as the Shad­ow Bro­kers. Snow­den him­self tweet­ed in August that Rus­sia may have had a hand in that dis­clo­sure.

    The inves­ti­ga­tion into the leaks led the FBI to Mar­tin, who had been tak­ing home clas­si­fied doc­u­ments for many years, offi­cials say. His motives have not been estab­lished.

    ...

    “The inves­ti­ga­tion into the leaks led the FBI to Mar­tin, who had been tak­ing home clas­si­fied doc­u­ments for many years, offi­cials say. His motives have not been estab­lished.”

    Note that, accord­ing to a report in the Guardian, the NSA now believes that Mar­tin has been tak­ing NSA doc­u­ments home “since the 1990s” but can’t tie him to any known leaks. So either this guy is amaz­ing at smug­gling out doc­u­ments from the NSA or it’s not actu­al­ly very dif­fi­cult.

    Also note that, accord­ing to the report below that’s from late Sep­tem­ber, before the Hal Mar­tin arrest was pub­licly dis­close, NSA inves­ti­ga­tors have basi­cal­ly already con­clud­ed that the Shad­ow Bro­kers leak was a result of some­one leav­ing NSA code on a serv­er. What’s the evi­dence? NSA offi­cials gold inves­ti­ga­tors about an inci­dent where an employ­ee or con­trac­tor left the hack­ing tools on the serv­er years ago, then told the NSA about it short­ly there­after, and then the NSA went search­ing for signs that some­one else was using the tools and con­clud­ed that no one had found the tools and noth­ing more need­ed to be done. That’s quite an admis­sion tucked away in the Reuters arti­cle below.

    They’re also pret­ty sure Rus­sia did even­tu­al­ly hack this serv­er and is now behind the Shad­ow Bro­kers leak. Why Rus­sia? One rea­son giv­en is that the Shad­ow Bro­kers decid­ed to reveal the code to the world instead of sell­ing it like reg­u­lar crim­i­nals. It does­n’t seem like par­tic­u­lar­ly con­clu­sive proof of specif­i­cal­ly Russ­ian involve­ment, but that’s the the­o­ry they’re going with:

    Reuters

    Exclu­sive: Probe of leaked U.S. NSA hack­ing tools exam­ines oper­a­tive’s ‘mis­take’

    By Joseph Menn and John Wal­cott | SAN FRANCISCO/WASHINGTON
    Thu Sep 22, 2016 | 10:44pm EDT

    A U.S. inves­ti­ga­tion into a leak of hack­ing tools used by the Nation­al Secu­ri­ty Agency is focus­ing on a the­o­ry that one of its oper­a­tives care­less­ly left them avail­able on a remote com­put­er and Russ­ian hack­ers found them, four peo­ple with direct knowl­edge of the probe told Reuters.

    The tools, which enable hack­ers to exploit soft­ware flaws in com­put­er and com­mu­ni­ca­tions sys­tems from ven­dors such as Cis­co Sys­tems and Fortinet Inc, were dumped onto pub­lic web­sites last month by a group call­ing itself Shad­ow Bro­kers.

    The pub­lic release of the tools coin­cid­ed with U.S. offi­cials say­ing they had con­clud­ed that Rus­sia or its prox­ies were respon­si­ble for hack­ing polit­i­cal par­ty orga­ni­za­tions in the run-up to the Nov. 8 pres­i­den­tial elec­tion. On Thurs­day, law­mak­ers accused Rus­sia of being respon­si­ble.

    Var­i­ous expla­na­tions have been float­ed by offi­cials in Wash­ing­ton as to how the tools were stolen. Some feared it was the work of a leak­er sim­i­lar to for­mer agency con­trac­tor Edward Snow­den, while oth­ers sus­pect­ed the Rus­sians might have hacked into NSA head­quar­ters in Fort Meade, Mary­land.

    But offi­cials head­ing the FBI-led inves­ti­ga­tion now dis­count both of those sce­nar­ios, the peo­ple said in sep­a­rate inter­views.

    NSA offi­cials have told inves­ti­ga­tors that an employ­ee or con­trac­tor made the mis­take about three years ago dur­ing an oper­a­tion that used the tools, the peo­ple said.

    That per­son acknowl­edged the error short­ly after­ward, they said. But the NSA did not inform the com­pa­nies of the dan­ger when it first dis­cov­ered the expo­sure of the tools, the sources said. Since the pub­lic release of the tools, the com­pa­nies involved have issued patch­es in the sys­tems to pro­tect them.

    Inves­ti­ga­tors have not ruled out the pos­si­bil­i­ty that the for­mer NSA per­son, who has since depart­ed the agency for oth­er rea­sons, left the tools exposed delib­er­ate­ly. Anoth­er pos­si­bil­i­ty, two of the sources said, is that more than one per­son at the head­quar­ters or a remote loca­tion made sim­i­lar mis­takes or com­pound­ed each oth­er’s mis­steps.

    Rep­re­sen­ta­tives of the NSA, the Fed­er­al Bureau of Inves­ti­ga­tion and the office of the Direc­tor of Nation­al Intel­li­gence all declined to com­ment.

    After the dis­cov­ery, the NSA tuned its sen­sors to detect use of any of the tools by oth­er par­ties, espe­cial­ly for­eign adver­saries with strong cyber espi­onage oper­a­tions, such as Chi­na and Rus­sia.

    That could have helped iden­ti­fy rival pow­ers’ hack­ing tar­gets, poten­tial­ly lead­ing them to be defend­ed bet­ter. It might also have allowed U.S offi­cials to see deep­er into rival hack­ing oper­a­tions while enabling the NSA itself to con­tin­ue using the tools for its own oper­a­tions.

    Because the sen­sors did not detect for­eign spies or crim­i­nals using the tools on U.S. or allied tar­gets, the NSA did not feel oblig­at­ed to imme­di­ate­ly warn the U.S. man­u­fac­tur­ers, an offi­cial and one oth­er per­son famil­iar with the mat­ter said.

    In this case, as in more com­mon­place dis­cov­er­ies of secu­ri­ty flaws, U.S. offi­cials weigh what intel­li­gence they could gath­er by keep­ing the flaws secret against the risk to U.S. com­pa­nies and indi­vid­u­als if adver­saries find the same flaws.

    Crit­ics of the Oba­ma admin­is­tra­tion’s poli­cies for mak­ing those deci­sions have cit­ed the Shad­ow Bro­kers dump as evi­dence that the bal­ance has tipped too far toward intel­li­gence gath­er­ing.

    The inves­ti­ga­tors have not deter­mined con­clu­sive­ly that the Shad­ow Bro­kers group is affil­i­at­ed with the Russ­ian gov­ern­ment, but that is the pre­sump­tion, said one of the peo­ple famil­iar with the probe and a fifth per­son.

    One rea­son for sus­pect­ing gov­ern­ment instead of crim­i­nal involve­ment, offi­cials said, is that the hack­ers revealed the NSA tools rather than imme­di­ate­ly sell­ing them.

    The pub­li­ca­tion of the code, on the heels of leaks of emails by Demo­c­ra­t­ic Par­ty offi­cials and pre­ced­ing leaks of emails by for­mer U.S. Sec­re­tary of State Col­in Pow­ell, could be part of a pat­tern of spread­ing harm­ful and occa­sion­al­ly false infor­ma­tion to fur­ther the Russ­ian agen­da, said Jim Lewis, a cyber­se­cu­ri­ty expert at the Cen­ter for Strate­gic and Inter­na­tion­al Stud­ies.

    ...

    Inves­ti­ga­tors have not ruled out the pos­si­bil­i­ty that the for­mer NSA per­son, who has since depart­ed the agency for oth­er rea­sons, left the tools exposed delib­er­ate­ly. Anoth­er pos­si­bil­i­ty, two of the sources said, is that more than one per­son at the head­quar­ters or a remote loca­tion made sim­i­lar mis­takes or com­pound­ed each oth­er’s mis­steps.”

    So that’s where the inves­ti­ga­tion is clear­ly head­ing: some­one left it one a serv­er, and Rus­sia hacked it. And what’s the evi­dence? Well, appar­ent­ly the evi­dence is an admis­sion by the NSA that they knew all about an inci­dent three years about involv­ing an employ­ee or con­trac­tor leav­ing these tools on a serv­er.

    ...
    Var­i­ous expla­na­tions have been float­ed by offi­cials in Wash­ing­ton as to how the tools were stolen. Some feared it was the work of a leak­er sim­i­lar to for­mer agency con­trac­tor Edward Snow­den, while oth­ers sus­pect­ed the Rus­sians might have hacked into NSA head­quar­ters in Fort Meade, Mary­land.

    But offi­cials head­ing the FBI-led inves­ti­ga­tion now dis­count both of those sce­nar­ios, the peo­ple said in sep­a­rate inter­views.

    NSA offi­cials have told inves­ti­ga­tors that an employ­ee or con­trac­tor made the mis­take about three years ago dur­ing an oper­a­tion that used the tools, the peo­ple said.

    That per­son acknowl­edged the error short­ly after­ward, they said. But the NSA did not inform the com­pa­nies of the dan­ger when it first dis­cov­ered the expo­sure of the tools, the sources said. Since the pub­lic release of the tools, the com­pa­nies involved have issued patch­es in the sys­tems to pro­tect them.

    Inves­ti­ga­tors have not ruled out the pos­si­bil­i­ty that the for­mer NSA per­son, who has since depart­ed the agency for oth­er rea­sons, left the tools exposed delib­er­ate­ly. Anoth­er pos­si­bil­i­ty, two of the sources said, is that more than one per­son at the head­quar­ters or a remote loca­tion made sim­i­lar mis­takes or com­pound­ed each oth­er’s mis­steps.

    After the dis­cov­ery, the NSA tuned its sen­sors to detect use of any of the tools by oth­er par­ties, espe­cial­ly for­eign adver­saries with strong cyber espi­onage oper­a­tions, such as Chi­na and Rus­sia.

    That could have helped iden­ti­fy rival pow­ers’ hack­ing tar­gets, poten­tial­ly lead­ing them to be defend­ed bet­ter. It might also have allowed U.S offi­cials to see deep­er into rival hack­ing oper­a­tions while enabling the NSA itself to con­tin­ue using the tools for its own oper­a­tions.

    Because the sen­sors did not detect for­eign spies or crim­i­nals using the tools on U.S. or allied tar­gets, the NSA did not feel oblig­at­ed to imme­di­ate­ly warn the U.S. man­u­fac­tur­ers, an offi­cial and one oth­er per­son famil­iar with the mat­ter said.
    ...

    So, assum­ing this is accu­rate, it sounds like the NSA at least half-solved the Shad­ow Bro­kers mys­tery in terms of where the code came from. Either that or the intel­li­gence com­mu­ni­ty is so para­noid about acknowl­edg­ing the pos­si­bil­i­ty that it was part of the Snowden/Appelbaum heist that mak­ing up a sto­ry like this is the bet­ter alter­na­tive. Either way, there’s still the ques­tion of who is doing the leak­ing now. And as we saw, while they haven’t con­clud­ed it was Rus­sia, it’s pre­sumed to be Rus­sia:

    ...
    The inves­ti­ga­tors have not deter­mined con­clu­sive­ly that the Shad­ow Bro­kers group is affil­i­at­ed with the Russ­ian gov­ern­ment, but that is the pre­sump­tion, said one of the peo­ple famil­iar with the probe and a fifth per­son.

    One rea­son for sus­pect­ing gov­ern­ment instead of crim­i­nal involve­ment, offi­cials said, is that the hack­ers revealed the NSA tools rather than imme­di­ate­ly sell­ing them.
    ...

    Regard­ing the deci­sion the hack­ers’ to release the code to the world instead of imme­di­ate­ly sell­ing it, keep in mind that the Shad­ow Bro­kers actu­al­ly only released some of the code as a kind of teas­er, writ­ten in ‘Boris and Natasha’ bro­ken Eng­lish, and then offered the rest of the code to pri­vate bid­ders via a Bit­coin auc­tion. But it was the claims by Wik­ileaks that they had all the code and were going to release it for free that real­ly made it seem like the hack­ers weren’t actu­al­ly in it for the mon­ey. And, of course, don’t for­get that Jacob Appel­baum was Wik­ileaks’ chief hack­er and remains quite close to the orga­ni­za­tion.

    Also note that Wik­ileaks has­n’t actu­al­ly released the code yet, which rais­es the ques­tion as to whether or not they’re keep­ing it as a kind of lever­age to pro­tect Assange. And maybe pro­tect Appelbaum...could that be part of why he’s nev­er men­tioned in the inves­ti­ga­tion? The threat of releas­ing every­thing now before sys­tems can get patched? Either way, the hack­ers are at least pre­tend­ing to real­ly want some mon­ey for the code:

    Net­work World

    Shad­ow Bro­kers rant about peo­ple want­i­ng stolen NSA-linked hack­ing tools for free

    The Shad­ow Bro­kers sound­ed angry when the group com­plained about peo­ple want­i­ng the stolen NSA-linked hack­ing tools for free.

    By Ms. Smith
    Oct 2, 2016 10:19 AM PT

    The hack­ing group try­ing to auc­tion off NSA-linked Equa­tion Group hack­ing tools is unhap­py because no one has coughed up the big bucks yet to buy the exploits.

    On Sat­ur­day, the Shad­ow Bro­kers took to Medi­um to release the group’s third mes­sage. The hack­ers sound hurt that peo­ple don’t trust them and – if curs­ing is any indi­ca­tion – the hack­ers are angry that the Equa­tion Group cyber weapons auc­tion has flopped so far.

    The Shad­ow Bro­kers want $1 mil­lion dol­lars and sound irri­tat­ed that inter­est­ed par­ties want the stolen hack­ing tools for free. “Peo­ples is hav­ing inter­est in free files. But peo­ple is no inter­est in #EQGRP_Auction.”

    Although the writ­ing style is like­ly to throw ana­lysts off the track of deter­min­ing who wrote Shad­ow Bro­kers’ mes­sages, the alleged­ly forced bro­ken Eng­lish gets annoy­ing fast even if you aren’t a gram­mar Nazi. That might par­tial­ly be why the group’s sec­ond mes­sage was basi­cal­ly ignored by the media; how­ev­er, it did men­tion a bid of 1.5 bit­coins which is cur­rent­ly worth about $915. The blockchain info shows a measly 1.761821 bit­coins received in total – which was worth $1,073.85 at the time of pub­lish­ing.

    What are they auc­tion­ing off besides the fire­wall toolk­it, released as proof about the “remote exploits, priv­i­lege esca­la­tions, per­sis­tence mech­a­nisms, RATs, LPs, and post-exploit col­lec­tion util­i­ties”? The Shad­ow Bro­kers claim to have more Equa­tion Group toolk­its for oth­er plat­forms like “Win­dows, Unix/Linux, Routers, Data­bas­es, Mobile, Tele­com. New­er revi­sions too. The auc­tion file is toolk­it for one of oth­er plat­forms. Includes remote exploits, local exploits/privilege esca­la­tions, per­sis­tence mech­a­nisms, RATs, LPs, post-exploit col­lec­tion util­i­ties. Val­ue esti­mat­ed in mil­lions of euros/dollars.”

    Four dif­fer­ent sources told Reuters that the NSA believes Russ­ian hack­ers got hold of the exploits after an employ­ee or con­trac­tor “care­less­ly left them avail­able on a remote com­put­er.” That mis­take alleged­ly occurred about three years ago after an oper­a­tion, which used the tools, end­ed.

    *If you are offend­ed by cussing, even par­tial­ly redact­ed curs­ing, then you might want to avoid read­ing the rest.

    The Shad­ow Bro­kers claim the group is not sell­ing the hack­ing tools in the under­ground because doing so is not as easy as whip­ping “out a phone book of rep­utable under­ground cyber arms deal­ers and make text and voice­mail.”

    The auc­tion idea is com­pared to sell­ing a mil­lion-dol­lar piece of art, ask­ing if you would sell it at a yard sale or at a “rich f**k auc­tion house.” The group added, “Is think­ing peo­ples is hav­ing more balls, is tak­ing big­ger risks for to make advan­tage over adver­saries. Equa­tion Group is pwn­ing you every day, because you are giant f**king p**sies.”

    Shad­ow Bro­kers say the group doesn’t want 1 mil­lion bit­coins, but 1 mil­lion dol­lars via bit­coins. “Three dif­fer­ent files. #1 = Free File is free. #2 = Auc­tion File is auc­tion. #3 = Con­so­la­tion Prize file is for los­ing bid­ders if goal reached (goal not reached).”

    And to secu­ri­ty experts who have com­plained that the hack­ing tools in the free file were old, the Shad­ow Bro­kers came up with an inter­est­ing anal­o­gy: “Exploit is being like good p**sy, what dif­fer­ence between 20yr old and 40yr old, if both get­ting job done? When you giv­ing away sh*t for free, you giv­ing new sh*t or old sh*t? $12 mil­lion is being pret­ty good free sh*t!”

    ...

    The no refund pol­i­cy as well as the no end date to the auc­tion were also addressed. As for the lat­ter, Shad­ow Bro­kers explod­ed with an enraged, “Holy f**king sh*t, so many f**king rules with you peo­ples.”

    If some­one will just show a lit­tle trust by bid­ding the ask­ing price in the auc­tion which the group swears is legit, then the Shad­ow Bro­kers promise to dis­ap­pear and nev­er be heard from again.

    Although the writ­ing style is like­ly to throw ana­lysts off the track of deter­min­ing who wrote Shad­ow Bro­kers’ mes­sages, the alleged­ly forced bro­ken Eng­lish gets annoy­ing fast even if you aren’t a gram­mar Nazi. That might par­tial­ly be why the group’s sec­ond mes­sage was basi­cal­ly ignored by the media; how­ev­er, it did men­tion a bid of 1.5 bit­coins which is cur­rent­ly worth about $915. The blockchain info shows a measly 1.761821 bit­coins received in total – which was worth $1,073.85 at the time of pub­lish­ing.”

    Yes, some­one who appears to be a native Eng­lish speak­er try­ing to appear like a non-native Eng­lish speak­er is very upset that the no one in the world wants to pay them $1 mil­lion in bit­coins with a no refunds pol­i­cy for the code that Wik­ileaks promis­es to release for free at some point.

    So that’s the appar­ent state of the Shad­ow Bro­kers inves­ti­ga­tion. It was­n’t Hal Mar­tin, who appears to be some sort of NSA data hoard­er. And it was­n’t Jacob Appel­baum or any­one relat­ed to the Snow­den Affair (even though Wik­ileaks some­how got their hands on the code and has yet to release it all after say­ing they were going to do so). Instead it was an NSA employ­ee or con­trac­tor who left the code on a serv­er and actu­al­ly told the NSA about all this short­ly doing so and the NSA knew about this years ago but con­clud­ed that noth­ing bad would hap­pen if they did­n’t tell any­one about. That’s what hap­pened. And maybe that’s actu­al­ly what hap­pened. But it will be inter­est­ing to see if Wik­ileaks ever releas­es that code and whether or not the inves­ti­ga­tors con­clu­sions regard­ing the cul­pa­bil­i­ty of Appel­baum or some­one asso­ci­at­ed with his net­work sud­den­ly change.

    Posted by Pterrafractyl | October 10, 2016, 7:40 pm
  12. Now that the US gov­ern­ment is offi­cial­ly blam­ing Rus­sia for the var­i­ous high-pro­file polit­i­cal hacks this year, one of the big ques­tions going for­ward is how the US responds. And as this post from the the Coun­cil on For­eign Rela­tions blog sug­gests, that US response might not come in the form of some retal­ia­to­ry cyber actions. Instead, we should prob­a­bly expect non-cyber respons­es like increas­ing mil­i­tary aid for Rus­si­a’s neigh­bors and increas­ing gov­ern­ment invest­ments in anonymiz­ing cyber tech­nol­o­gy (like Tor):

    Coun­cil on For­eign Rela­tions Blog

    After Attribut­ing a Cyber­at­tack to Rus­sia, the Most Like­ly Response Is Non Cyber

    by Adam Segal
    Octo­ber 10, 2016

    Almost four months after the cyber­se­cu­ri­ty firm Crowd­Strike claimed that two Russ­ian hack­er groups were behind the theft of data from com­put­ers at the Demo­c­ra­t­ic Nation­al Com­mit­tee and oth­er polit­i­cal orga­ni­za­tions, the U.S. gov­ern­ment has pub­licly attrib­uted the attacks to Rus­sia. In a joint state­ment from the Direc­tor of Nation­al Intel­li­gence and Depart­ment of Home­land Secu­ri­ty, the intel­li­gence com­mu­ni­ty declared that it was “con­fi­dent that the Russ­ian Gov­ern­ment direct­ed the recent com­pro­mis­es of e‑mails from US per­sons and insti­tu­tions, includ­ing from US polit­i­cal orga­ni­za­tions.” Accord­ing to the state­ment, the hack was not the work of an indi­vid­ual call­ing him­self Guc­cifer 2.0 or a 400 pound hack­er sit­ting on a bed, but was: intend­ed to inter­fere with the U.S. elec­tions; con­sis­tent with oth­er Russ­ian efforts to influ­ence pub­lic opin­ion in Europe and Eura­sia; and was like­ly to have been autho­rized at the high­est lev­els of the Russ­ian gov­ern­ment.

    ...

    The next steps for the Oba­ma admin­is­tra­tion are unclear. As Hen­ry Far­rell notes, the U.S. gov­ern­ment will now have to decide if it will pro­vide com­pelling evi­dence of Russ­ian cul­pa­bil­i­ty. Releas­ing addi­tion­al proof will be nec­es­sary if the Unit­ed States wants to build some inter­na­tion­al legit­i­ma­cy for what­ev­er retal­ia­to­ry actions it takes. In fact, the Unit­ed States signed onto a 2015 UN report that said that accu­sa­tions of inter­na­tion­al­ly “wrong­ful acts brought against states”–the kind the Unit­ed States is accus­ing Rus­sia—”should be sub­stan­ti­at­ed.” But sub­stan­ti­a­tion has sig­nif­i­cant risks. It will be dif­fi­cult to assign respon­si­bil­i­ty with­out reveal­ing intel­li­gence capa­bil­i­ties, and attri­bu­tion may allow Rus­sia to patch vul­ner­a­bil­i­ties and result in the loss of U.S. defen­sive and offen­sive capa­bil­i­ties.

    A num­ber of ana­lysts have stressed the chal­lenges fac­ing the Unit­ed States in respond­ing to these attacks, and espe­cial­ly in pre­vent­ing the con­fronta­tion from spin­ning out of con­trol. While covert cyber oper­a­tions would be one exam­ple of a a pro­por­tion­al response—and the Unit­ed States cer­tain­ly has the capa­bil­i­ty to attack Russ­ian networks—it can­not ensure esca­la­tion dom­i­nance and the abil­i­ty to end the con­flict. Attacks that attempt to under­mine Putin’s legit­i­ma­cy by expos­ing emails or finan­cial records and reveal­ing com­pro­mis­ing infor­ma­tion might pro­voke even more wide­spread threats to U.S. crit­i­cal infra­struc­ture. More­over, as for­mer NSA gen­er­al coun­sel Rajesh De and for­mer CIA deputy direc­tor Michael Mor­rell note, offen­sive cyber­at­tacks are coun­ter­pro­duc­tive to the norms of behav­ior that the Unit­ed States is try­ing to estab­lish.

    This does not mean there should be no reac­tion. Instead, Wash­ing­ton will want to con­sid­er a range of options such as extend­ing sanc­tions to those around Putin using a new a new exec­u­tive order, more aid to Esto­nia and oth­er states on Russia’s periph­ery, and more funds for the devel­op­ment of next gen­er­a­tion anonymiz­ing tools for dis­si­dents and non-gov­ern­men­tal orga­ni­za­tions that mon­i­tor the Krem­lin. The Unit­ed States could also take steps to dis­man­tle the IT infra­struc­ture and hop points that Russ­ian intel­li­gence used to com­pro­mise U.S. polit­i­cal insti­tu­tions to dis­rupt future cyber oper­a­tions. This could take the form of clan­des­tine activ­i­ty or pub­licly vis­i­ble steps, such as work­ing with the inter­na­tion­al net­work of com­put­er emer­gency response teams much like the Unit­ed States did to coun­ter­act the 2011–2013 Iran­ian denial of ser­vice attacks against U.S. banks.

    Great pow­ers are still try­ing to nav­i­gate the bounds of accept­able and pro­por­tion­ate respons­es when faced with con­fronta­tion­al state-spon­sored cyber activ­i­ty. Although analo­gies to nuclear pol­i­cy or pre­vi­ous U.S. expe­ri­ence with Russ­ian kom­pro­mat from the past may be help­ful to nav­i­gate the present, cyber­space has unique char­ac­ter­is­tics that make these imper­fect par­al­lels. Washington’s response to Moscow’s actions will set the bar for future respons­es and set the exam­ple for oth­er coun­tries who could be vic­tim of the same kind of activ­i­ty. The White House will want to choose its next move care­ful­ly.

    This does not mean there should be no reac­tion. Instead, Wash­ing­ton will want to con­sid­er a range of options such as extend­ing sanc­tions to those around Putin using a new a new exec­u­tive order, more aid to Esto­nia and oth­er states on Russia’s periph­ery, and more funds for the devel­op­ment of next gen­er­a­tion anonymiz­ing tools for dis­si­dents and non-gov­ern­men­tal orga­ni­za­tions that mon­i­tor the Krem­lin. The Unit­ed States could also take steps to dis­man­tle the IT infra­struc­ture and hop points that Russ­ian intel­li­gence used to com­pro­mise U.S. polit­i­cal insti­tu­tions to dis­rupt future cyber oper­a­tions. This could take the form of clan­des­tine activ­i­ty or pub­licly vis­i­ble steps, such as work­ing with the inter­na­tion­al net­work of com­put­er emer­gency response teams much like the Unit­ed States did to coun­ter­act the 2011–2013 Iran­ian denial of ser­vice attacks against U.S. banks.”

    Yes, if the US responds to its charges against Rus­sia with cyber attacks of its own, that could lead to a mas­sive esca­la­tion of attacks that nei­ther side can con­trol. But there are oth­er options, like fuel­ing a mil­i­tary build up on Rus­si­a’s bor­ders. No pos­si­bil­i­ty for a dis­as­trous esca­la­tion of ten­sions there!

    The oth­er rec­om­men­da­tion was that the US could increase funds for anonymiza­tion tools that could be used by Russ­ian dis­si­dents. And that’s an obvi­ous ref­er­ence to tools like Tor. Tools like Tor which hap­pen to have been devel­oped by cypher­punk hack­ers like Jacob Appel­baum (who is no longer with Tor fol­low­ing a wave of sex­u­al harass­ment alle­ga­tions this sum­mer).

    Since it’s pos­si­ble, or at least rec­om­mend­ed by the CFR blog, that the US respond to these hacks with a mil­i­tary build up around Rus­sia and an increase in fund­ing for tools like Tor, maybe it’s worth keep­ing in mind:
    a. The man­ner in which the Snow­den Affair appeared to have had the dis­rup­tion of the US-Russ­ian “reset” as one of its objec­tives.

    b. The degree to which Snow­den, Appel­baum, and the rest of the cypher­punk com­mu­ni­ty would love to see the devel­op­ment of even more secure anonymiza­tion tools like Tor that would great­ly enhance the pow­er of hack­ers to oper­ate anony­mous­ly.

    and c. The dis­tinct pos­si­bil­i­ty — in terms of capa­bil­i­ty, ide­ol­o­gy, and motives — that some­one from this cypher­punk net­work could be behind at least some of these high-pro­file hacks.

    So whether or not these hacks real­ly are com­ing from the cypher­punk elite hack­er net­works, if the US responds to these high-pro­file hacks with a big new invest­ment in the cypher­punks’ dream-tools, you can be pret­ty sure there’s going to be a lot more high-pro­file hacks. Hack­ing the US will be like a cypher­punk pina­ta: hit it hard enough in a man­ner that impli­cates a coun­try like Rus­sia or Chi­na (coun­tries the anonymiza­tion tools were built to be used in) and fun prizes even­tu­al­ly fall out!

    Sim­i­lar­ly, if the US does indeed respond to these hacks with a big mil­i­tary build up in places like the Baltics and Geor­gia and specif­i­cal­ly attrib­ut­es the build up to the alleged Russ­ian hacks, you can also be pret­ty sure there’s going to be a lot more high-pro­file US hacks.

    Still, it’s pos­si­ble the US does actu­al­ly have sol­id evi­dence that the Russ­ian gov­ern­ment was indeed behind the hacks but can’t reveal because that evi­dence would expose sources and meth­ods. And let’s say the US has con­clud­ed there’s a jus­ti­fi­ca­tion for some sort or response. In that case, what should the US gov­ern­ment do?

    The answer isn’t obvi­ous and more impor­tant­ly it isn’t obvi­ous it isn’t obvi­ous because we’re in new weird ter­ri­to­ry here. Kind of like the new weird ter­ri­to­ry of the nuclear age and the mad­ness of mutu­al­ly assured destruc­tion with nukes or oth­er WMDs. Dooms­day-ish tech­no-show­downs aren’t new, but each one is its own snowflake of doom.

    And since one of the biggest threats in the age of the Great Hack is the risk that one of these hacks either direct­ly leads to the use of a WMD (like some­one tak­ing over launch sys­tems) or indi­rect­ly (like a hack response that spi­rals out of con­trol), it’s def­i­nite­ly worth keep­ing in mind that one of the biggest goals of the age of the Great Hack is to get rid of WMDs. Or at least get that all point­ed towards space for the even­tu­al Borg attack (Good luck with that!). And while that may not be pos­si­ble any time soon, we prob­a­bly should­n’t under­es­ti­mate the util­i­ty of an end­less inter­na­tion­al con­ver­sa­tion about a vision for a future that does­n’t involve dooms­day show­downs. Because tech­nol­o­gy is mak­ing dooms­day show­downs eas­i­er and eas­i­er and that trend­ing isn’t end­ing until we do. And bad rela­tions aren’t an excuse for not talk­ing about how to build a bet­ter tomor­row.

    So why should­n’t the response to this grow­ing US-Russ­ian show­down be a “Russ­ian reset” reset? And why not make build­ing a glob­al agree­ment for not using high pro­file hacks as a way of mess­ing with oth­er nations elec­tions one of those build­ing blocks for that bet­ter tomor­row. Regard­less of whether Rus­sia was behind these hacks or not, now is prob­a­bly a good time for a reset reset and a long mean­ing­ful talk about what to do next.

    Posted by Pterrafractyl | October 12, 2016, 8:29 pm
  13. Here’s some­thing rather notable about the big DDoS attack last week that took down a num­ber of major web­sites: Wik­ileaks basi­cal­ly claimed the attack done by Wik­ileaks sup­port­ers in retal­i­a­tion against the cut off of Julian Assange’s inter­net access. And while Wik­ileak­s’s claim has­n’t been proven, as the arti­cle below notes, short­ly after Wik­ileaks sent out a tweet ask­ing its sup­port­ers to end the attack, the attack end­ed:

    The Dai­ly Dot

    Wik­iLeaks asks sup­port­ers to stop mas­sive DDoS attack snarling major web­site

    Aaron Sankin —
    Oct 21 at 11:41PM | Last updat­ed Oct 21 at 11:41PM

    In a tweet on Fri­day after­noon, the offi­cial account of the rad­i­cal trans­paren­cy group Wik­iLeaks asked it sup­port­ers to halt a mas­sive dis­trib­uted denial of ser­vice (DDoS) attack that brought down many of the inter­net’s most pop­u­lar web­sites.

    In a tweet on Fri­day after­noon, the offi­cial account of the rad­i­cal trans­paren­cy group Wik­iLeaks asked it sup­port­ers to halt a mas­sive dis­trib­uted denial of ser­vice (DDoS) attack that brought down many of the inter­net’s most pop­u­lar web­sites.

    Mr. Assange is still alive and Wik­iLeaks is still pub­lish­ing. We ask sup­port­ers to stop tak­ing down the US inter­net. You proved your point. pic.twitter.com/XVch196xyL— Wik­iLeaks (@wikileaks) Octo­ber 21, 2016

    That same morn­ing, Dyn, which man­ages the Domain Name Sys­tem (DNS) for sites like Twit­ter, Spo­ti­fy, and Net­flix released a state­ment that its servers on the East Coast of the Unit­ed Sates were being flood­ed with fraud­u­lent traf­fic.

    Com­put­ers iden­ti­fy web­sites using IP address­es (58.188.221.232, for exam­ple), but humans typ­i­cal­ly have a dif­fi­cult time remem­ber­ing long strings of num­bers. DNS servers trans­late those IP address into more more man­age­able domain names (dailydot.com, for exam­ple). When Dyn’s DNS sys­tem went down, the abil­i­ty to trans­late between IP address­es and domain names broke down.

    The attack began around 7am ET and has led to the affect­ed sites hav­ing acces­si­bil­i­ty issues through­out the course of the day.

    The attack is believed to have been car­ried out by a bot­net called Mirai, which uses Inter­net of Things enabled devices, such as wi-fi routers and web cams, to send volu­mi­nous amounts of traf­fic. The same bot­net was also report­ed­ly respon­si­ble for an attack against the web­site of promi­nent and influ­en­tial cyber­se­cu­ri­ty blog­ger Bri­an Krebs.

    Short­ly after Wik­iLeaks tweet­ed its mes­sage, Dyn post­ed a sta­tus update to its site pro­claim­ing, “This inci­dent has been resolved.”

    No direct evi­dence has been pre­sent­ed as to why Wik­iLeaks believes its sup­port­ers were behind the attack. A request for com­ment was not imme­di­ate­ly returned.

    How­ev­er, con­tro­ver­sial Wik­iLeaks founder Julian Assange is in the midst of an intense pub­lic spat with the Unit­ed States gov­ern­ment. Assange, who has spent the past four years holed up in Lon­don’s Ecuado­ri­an Embassy evad­ing par­tic­i­pa­tion in a Swedish sex­u­al assault inves­ti­ga­tion, recent­ly had his per­son­al inter­net con­nec­tion tem­porar­i­ly restrict­ed by the Ecuado­ri­an gov­ern­ment.

    In a state­ment released ear­li­er this week, Ecuado­ri­an offi­cials said they made moves to lim­it Assange’s inter­net access fol­low­ing Wik­iLeaks’ pub­li­ca­tion of troves of emails stolen from senior Demo­c­ra­t­ic par­ty offi­cials in an attempt to dam­age the pres­i­den­tial cam­paign of for­mer Sec­re­tary of State Hillary Clin­ton and boost the chances of for­mer real­i­ty TV star Don­ald Trump. The Oba­ma admin­is­tra­tion has for­mal­ly accused senior offi­cials in the Russ­ian gov­ern­ment as being respon­si­ble for the breach­es of the par­ty’s com­put­er sys­tems, but Wik­iLeaks has pushed by against those asser­tions.

    ...

    “Short­ly after Wik­iLeaks tweet­ed its mes­sage, Dyn post­ed a sta­tus update to its site pro­claim­ing, “This inci­dent has been resolved.””

    Well, coin­ci­dences do hap­pen. But the fact that it’s real­ly hard to dis­miss the idea that one or more Wik­ileaks sup­port­ers car­ried this out (the attack was car­ried out by a Bot­net so it could have con­ceiv­ably been one per­son run­ning the whole attack) is a reflec­tion of the real­i­ty that Wik­ileaks is prob­a­bly going to have an abun­dance of sup­port­ers with exten­sive hack­ing skills. The kind of hack­ing skills that, if mis­in­ter­pret­ed, could cre­ate a major inter­na­tion­al inci­dent. It’s a fun fact increas­ing­ly worth keep­ing in mind.

    Posted by Pterrafractyl | October 24, 2016, 6:49 pm
  14. Here’s an arti­cle that should serve as a reminder that, if Hillary Clin­ton wins, the GOP inves­ti­ga­tions are going to be up and run­ning from the very first day and prob­a­bly con­tin­ue until she leaves office (assum­ing the GOP nev­er los­es con­trol of the House dur­ing her time in office). It’s a reminder we don’t real­ly need since it’s obvi­ous this will hap­pen, but with key GOP lead­ers already talk­ing about “years” of inves­ti­ga­tions they have lined up it’s still worth not­ing. But there’s anoth­er reminder in the arti­cle that has­n’t received too much atten­tion yet: If Hillary wins, the GOP’s reliance on Wik­ileaks for any­thing Hillary-relat­ed is only going to grow and grow:

    The Wash­ing­ton Post

    House Repub­li­cans are already prepar­ing for ‘years’ of inves­ti­ga­tions of Clin­ton

    By David Weigel
    Octo­ber 26 at 12:19 PM

    SOUTH JORDAN, Utah — Jason Chaf­fetz, the Utah con­gress­man wrap­ping up his first term atop the pow­er­ful House Over­sight Com­mit­tee, unen­dorsed Don­ald Trump weeks ago. That freed him up to pre­pare for some­thing else: spend­ing years, come Jan­u­ary, prob­ing the record of a Pres­i­dent Hillary Clin­ton.

    “It’s a tar­get-rich envi­ron­ment,” the Repub­li­can said in an inter­view in Salt Lake City’s sub­urbs. “Even before we get to Day One, we’ve got two years’ worth of mate­r­i­al already lined up. She has four years of his­to­ry at the State Depart­ment, and it ain’t good.”

    If Repub­li­cans retain con­trol of the House, some­thing that GOP-friend­ly maps make pos­si­ble even in the event of a Trump loss, Clin­ton will become the first pres­i­dent since George H.W. Bush to imme­di­ate­ly face a House Over­sight Com­mit­tee con­trolled by the oppo­si­tion par­ty. (Bill Clin­ton, George W. Bush and Barack Oba­ma lost Con­gress lat­er in their pres­i­den­cies.)

    And oth­er Repub­li­can lead­ers say they sup­port Chaffetz’s efforts — rais­ing the specter of more par­ti­san acri­mo­ny between them and the White House for the next four years.

    “The rig­or­ous over­sight con­duct­ed by House Repub­li­cans has already brought to light trou­bling devel­op­ments in the [Hillary] Clin­ton email scan­dal,” the office of House Speak­er Paul D. Ryan (R‑Wis.) said in a state­ment to The Wash­ing­ton Post. “The speak­er sup­ports [Oversight’s] inves­tiga­tive efforts fol­low­ing where the evi­dence leads, espe­cial­ly where it shows the need for changes in the law.”

    And the Over­sight Com­mit­tee may not be the only House pan­el ready for par­ti­san bat­tle. While the Select Com­mit­tee on Beng­hazi appears to have fin­ished its work, Rep. Jim Jor­dan (R‑Ohio), a com­mit­tee mem­ber who says Clin­ton might have per­jured her­self on ques­tions about her email, said recent­ly that he wants the com­mit­tee to con­tin­ue.

    If she wins, Clin­ton would enter office with low favor­able rat­ings and only one-third of vot­ers con­sid­er­ing her “hon­est and trust­wor­thy.” As a result, Repub­li­cans are not inclined to give her a polit­i­cal hon­ey­moon. To many of them, a Clin­ton vic­to­ry would mean that Trump threw away an elec­tion that any­one else could have won.

    “This should have been a slam dunk for the GOP,” par­ty con­sul­tant Frank Luntz said Sun­day on CBS News’s “Face the Nation.”

    That analy­sis stems from the inves­ti­ga­tions Repub­li­cans have led — or asked for — into Clinton’s tenure at the State Depart­ment. Clin­ton has been dogged by inves­ti­ga­tions into the ter­ror­ist attacks in Beng­hazi, and for the bet­ter part of two years, she’s reeled from ques­tions about the pri­vate email serv­er she used while sec­re­tary of state. Chaf­fetz, too, views Clin­ton as a lucky can­di­date whose past will catch up with her after the polls close.

    “She’s not get­ting a clean slate,” he said. “It’s not like the State Depart­ment was bend­ing over back­wards to help us under­stand what was going on. We’ve got doc­u­ment destruc­tion. We’ve got their own rogue sys­tem. We’ve got clas­si­fied infor­ma­tion out the door. We’ve got their foun­da­tion doing who knows what. I mean, it took them four years just to release her sched­ule.”

    Sev­er­al Clin­ton allies recoiled when asked about Chaffetz’s plans for 2017. Clin­ton spokesman Bri­an Fal­lon said Chaf­fetz threat­ened to “ignore the public’s clear desire for the two par­ties to work togeth­er,” and he and oth­ers accused Chaf­fetz of wast­ing tax­pay­er mon­ey chas­ing old sto­ries.

    “It’s clear Con­gress­man Chaf­fetz is ready to spend resources on addi­tion­al worth­less polit­i­cal inves­ti­ga­tions that will, again, come up with noth­ing,” said David Brock, a for­mer Clin­ton foe who now runs the pro-Clin­ton polit­i­cal action com­mit­tee Amer­i­can Bridge and its affil­i­ates.

    Rep. Eli­jah E. Cum­mings (D‑Md.), the rank­ing mem­ber of the Over­sight Com­mit­tee and the Select Com­mit­tee on Beng­hazi, said that new Clin­ton inves­ti­ga­tions based on the scan­dals vet­ted since 2013 would amount to waste.

    “Repub­li­cans are pre­tend­ing like they haven’t been inves­ti­gat­ing Sec­re­tary Clin­ton for years ever since she announced that she was run­ning for pres­i­dent, includ­ing every­thing from Beng­hazi to emails to the Clin­ton Foun­da­tion,” Cum­mings said in a state­ment. “It’s no exag­ger­a­tion to say that on the first day Sec­re­tary Clin­ton walks into the White House, Repub­li­cans will have already inves­ti­gat­ed her more than any oth­er pres­i­dent in his­to­ry.”

    Chaf­fetz, elect­ed in 2008 after beat­ing an incum­bent con­gress­man in a pri­ma­ry, rose quick­ly in the House. After John A. Boehner’s sur­prise retire­ment, Chaf­fetz briefly ran for speak­er of the House. Today, he says he’s “sup­port­ive” of Ryan and has no plan to chase his job — though he does not rule out sup­port­ing some­one else. Over­sight, he explained, is “where the action is.”

    Chaf­fetz empha­sized that the ques­tions raised since he took over the com­mit­tee in 2015 have not all been answered.

    “We still have tens of thou­sands of miss­ing doc­u­ments,” he said. “That ranges from every­thing from the miss­ing box­es [of sub­poe­naed emails] to the David Petraeus emails, to [State Depart­ment Under­sec­re­tary] Patrick Kennedy’s com­mu­ni­ca­tions.”

    Chaf­fetz also sug­gest­ed that com­ing Clin­ton hear­ings would touch on issues that had not been vet­ted. He had sent the committee’s inves­ti­ga­tors a week­end arti­cle from the Wall Street Jour­nal that asked whether Vir­ginia Gov. Ter­ry McAu­li­ffe (D) had slant­ed the FBI’s probe of Clin­ton by help­ing out­side groups put $467,500 into the cam­paign of Vir­ginia sen­ate can­di­date Jill McCabe, whose hus­band, Andrew, lat­er became deputy direc­tor of the FBI.

    “It seems like an obscene amount of mon­ey for a los­ing race,” Chaf­fetz said. “The ties between the gov­er­nor and the Clin­tons are well-known. He rais­es mon­ey for a lot of peo­ple, but why so much for this one per­son?”

    In addi­tion, Chaf­fetz pre­vi­ous­ly said in an inter­view with CNN, an FBI agent’s sug­ges­tion that Kennedy had tried to get Clinton’s emails declas­si­fied deserved a hard look. “I hon­est­ly don’t believe they act in the best inter­ests of our coun­try,” he said of the State Depart­ment. Future Over­sight inves­ti­ga­tions, he said, might depend on whether Clin­ton tries to put peo­ple ensnared by pre­vi­ous probes into her admin­is­tra­tion.

    “It depends on who stays and who goes,” Chaf­fetz said. “If Hillary Clin­ton brings in the same gang — Loret­ta Lynch, Cheryl Mills, Huma Abe­din, Jake Sul­li­van — she has her cast of char­ac­ters. If they put on the same play, she’s not going to get good reviews from the crit­ics. Every sin­gle time we turn around, this puz­zle gets more com­pli­cat­ed with more pieces to it. That sto­ry about the $12 mil­lion from Moroc­co to the Clin­ton Foun­da­tion? You could take any one of these sto­ries and have a year’s worth of inves­ti­ga­tions.”

    But the Moroc­co sto­ry also points to a poten­tial prob­lem for Chaf­fetz. The embar­rass­ing 2015 emails from Clin­ton staffers, debat­ing whether the future can­di­date should go to Moroc­co to col­lect a large char­i­ta­ble dona­tion, came from hacked exchanges pub­lished by Wik­iLeaks. Chaf­fetz was inclined to steer away from them and had told Over­sight inves­ti­ga­tors to avoid pok­ing through the website’s cache. “You don’t want to be deal­ing with stolen doc­u­ments,” he said.

    Few Repub­li­cans share that cau­tion. At his ral­lies, Trump has cit­ed sev­er­al Wik­iLeaks-based sto­ries and accused the media of cov­er­ing them up — some­times before lead­ing chants of “lock her up,” direct­ed at Clin­ton. He has also drawn atten­tion to women who have accused Bill Clin­ton of unwant­ed sex­u­al advances, and to videos pro­duced by con­ser­v­a­tive sting artist James O’Keefe that pur­port to show Demo­c­ra­t­ic strate­gists plot­ting vio­lence at Trump ral­lies.

    Rep. Tim Mur­phy (R‑Pa.), who chairs the inves­tiga­tive sub­com­mit­tee of the Ener­gy and Com­merce Com­mit­tee, tweet­ed that he was “stunned” by the O’Keefe videos. Chaf­fetz did not men­tion them. While Democ­rats blanch at what he might inves­ti­gate, Clinton’s long­time crit­ics wor­ry that the Over­sight Com­mit­tee will not go far enough.

    “In the past, Repub­li­cans have used scan­dal inves­ti­ga­tions to keep their polit­i­cal oppo­nents off kil­ter, as opposed to using them for seri­ous account­abil­i­ty,” said Tom Fit­ton, the pres­i­dent of Judi­cial Watch, which has filed dozens of ongo­ing Clin­ton suits. “They made noise about Clin­ton lying to Con­gress, when, if they were real­ly con­cerned about it, they could have passed a con­tempt res­o­lu­tion.”

    The neg­a­tive feel­ings toward Clin­ton — the cer­tain­ty, in con­ser­v­a­tive media, that she is “crooked” — could put pres­sure on Repub­li­cans from the first moments of Clinton’s pres­i­den­cy. Asked whether inves­ti­ga­tions could lead to extend­ed polit­i­cal crises, with echoes of Water­gate, Chaf­fetz said it would depend on Clin­ton and her team.

    “It depends on how coop­er­a­tive they are, how seri­ous­ly they take it,” Chaf­fetz said. “If they con­tin­ue to erect walls and shore up the tur­rets, then, yeah, it’s going to be a bat­tle. But if they act like they’re sup­posed to, if they com­ply with sub­poe­nas and actu­al­ly respond to requests from Con­gress, well, our repub­lic requires that.”

    ...

    ““It’s a tar­get-rich envi­ron­ment,” the Repub­li­can said in an inter­view in Salt Lake City’s sub­urbs. “Even before we get to Day One, we’ve got two years’ worth of mate­r­i­al already lined up. She has four years of his­to­ry at the State Depart­ment, and it ain’t good.””

    That was the warn­ing com­ing from Jason Chaf­fetz, head of the House Over­sight Com­mit­tee: get ready for the GOP to make impeach­ing Hillary Clin­ton their full-time job. And House Speak­er Paul Ryan appeared to ful­ly back him up. It’s pre­dictable that they would do so, but it was­n’t nec­es­sar­i­ly pre­dictable that they would just come out and admit it before the elec­tion. But that’s what they just did so it will be inter­est­ing to see if that admis­sion enters into both the pres­i­den­tial and House races with the elec­tion less than two weeks away. Pledg­ing to begin years of inves­ti­ga­tions from day one is a rather polar­iz­ing state­ment for par­ty lead­ers to make.

    And that pledge basi­cal­ly means Julian Assange’s cur­rent sta­tus as a kind of GOP sav­ior-in-wait­ing is prob­a­bly going to con­tin­ue unabat­ed too:

    ...

    “It depends on who stays and who goes,” Chaf­fetz said. “If Hillary Clin­ton brings in the same gang — Loret­ta Lynch, Cheryl Mills, Huma Abe­din, Jake Sul­li­van — she has her cast of char­ac­ters. If they put on the same play, she’s not going to get good reviews from the crit­ics. Every sin­gle time we turn around, this puz­zle gets more com­pli­cat­ed with more pieces to it. That sto­ry about the $12 mil­lion from Moroc­co to the Clin­ton Foun­da­tion? You could take any one of these sto­ries and have a year’s worth of inves­ti­ga­tions.”

    But the Moroc­co sto­ry also points to a poten­tial prob­lem for Chaf­fetz. The embar­rass­ing 2015 emails from Clin­ton staffers, debat­ing whether the future can­di­date should go to Moroc­co to col­lect a large char­i­ta­ble dona­tion, came from hacked exchanges pub­lished by Wik­iLeaks. Chaf­fetz was inclined to steer away from them and had told Over­sight inves­ti­ga­tors to avoid pok­ing through the website’s cache. “You don’t want to be deal­ing with stolen doc­u­ments,” he said.

    Few Repub­li­cans share that cau­tion. At his ral­lies, Trump has cit­ed sev­er­al Wik­iLeaks-based sto­ries and accused the media of cov­er­ing them up — some­times before lead­ing chants of “lock her up,” direct­ed at Clin­ton. He has also drawn atten­tion to women who have accused Bill Clin­ton of unwant­ed sex­u­al advances, and to videos pro­duced by con­ser­v­a­tive sting artist James O’Keefe that pur­port to show Demo­c­ra­t­ic strate­gists plot­ting vio­lence at Trump ral­lies.

    ...

    Is Chaf­fetz real­ly going to resist the allure of all those Wik­ileaks doc­u­ments? Julian Assange is still pre­sum­ably going to remain hell-bent on some­how tak­ing down Hillary one way or anoth­er so we should expect a steady stream of Hillary-relat­ed leaks, real or not. And Wik­ileaks has already proven time and again this cam­paign sea­son that its capa­ble of tit­il­lat­ing GOP audi­ences. So if Wik­ileaks releas­es a leak that could actu­al­ly either cre­ate a new GOP inves­ti­ga­tion or fur­ther an exist­ing inves­ti­ga­tion, it’s hard to believe that Chaf­fetz and the rest of the GOP isn’t going to be more than hap­py to over­come any remain­ing ret­i­cence they might have about rely on stolen doc­u­ments.

    All in all, it’s very clear we can expect an end­less wave of inves­ti­ga­tions and, there­fore, it’s also very clear that we can expect one giant end­less GOP prayer for Wik­ileaks to some­how pro­vide the evi­dence they need to prove Hillary is a demon or some­thing. And the more the GOP invests its polit­i­cal for­tunes in some­how tak­ing down Hillary, the stronger that Wik­ileaks prayer is going to get.

    So while it’s obvi­ous­ly going to be quite inter­est­ing to see how years of end­less GOP inves­ti­ga­tions impacts the pub­lic’s view of Hillary, it’s going to be extra inter­est­ing to see just how pop­u­lar Julian Assange is with the Amer­i­can right-wing after four to eight years of this. Espe­cial­ly if the GOP begins to expe­ri­ence a “Boy who cried cor­rupt wolf” pub­lic back­lash, mak­ing some sort of big ‘score’ from Assange all the more impor­tant for the “inves­ti­gate Hillary into obliv­ion” strat­e­gy. Yes, some in the GOP might still have cold feet about cozy­ing up to Wik­ileaks, but the inter­est is obvi­ous­ly there to take this rela­tion­ship to the next lev­el. And why not? It’s a rela­tion­ship that clear­ly has a lot of long-term poten­tial. And who knows, maybe they’re soul­mates.

    Posted by Pterrafractyl | October 26, 2016, 3:04 pm
  15. Inter­est­ing that the Podes­ta hack orig­i­nat­ed from Ukraine. While it is pos­si­ble that this was done by Russ­ian-linked groups in Ukraine, where they have launched many attacks from before, it is also pos­si­ble that the attack came from pro-Ukrain­ian fas­cist forces as well, pos­si­bly to ensure that Hillary stays in their camp?

    https://m.cnsnews.com/news/article/

    In the email, the hack­ers even pro­vid­ed an Inter­net address of the pur­port­ed Ukrain­ian hack­er that actu­al­ly traced to a mobile com­mu­ni­ca­tions provider in Ukraine.

    Posted by Roger Stoned | November 1, 2016, 10:51 am
  16. Awww...it looks like the “Trump serv­er set up secret com­mu­ni­ca­tion with Alfa” sto­ry is already crum­bling as oth­er experts with access to the data com­ment on the find­ings, includ­ing the FBI which had already inves­ti­gat­ed the mat­ter. As the arti­cle below notes, it’s not that there isn’t some­thing some­what odd about the com­mu­ni­ca­tion pat­tern been Alfa’s mys­tery serv­er with the serv­er used by the Trump orga­ni­za­tion alleged­ly for mar­ket­ing pur­pos­es. It is odd. But it’s also poten­tial­ly total­ly innocu­ous so noth­ing can be con­clud­ed:

    The Wash­ing­ton Post

    That secret Trump-Rus­sia email serv­er link is like­ly nei­ther secret nor a Trump-Rus­sia link

    By Philip Bump
    Novem­ber 1, 2016 at 12:28 PM

    Of all the things that were going to get Don­ald Trump into trou­ble over the course of this elec­tion, I would have put “auto­mat­ed com­put­er serv­er activ­i­ty” pret­ty low on the list. But here we are.

    On Mon­day night, Slate pub­lished a lengthy sto­ry writ­ten by Franklin Foer explor­ing an odd con­nec­tion between Trump’s busi­ness­es and a bank in Rus­sia. Researchers look­ing to track Russ­ian attempts at hack­ing Amer­i­can polit­i­cal inter­ests noticed that a serv­er at the bank had been con­nect­ing to a serv­er linked to Trump — spo­rad­i­cal­ly, in a pat­tern that they felt was indica­tive of inter­per­son­al com­mu­ni­ca­tion. With atten­tion in the pres­i­den­tial race focused on how Trump’s polit­i­cal and eco­nom­ic inter­ests might over­lap with those of the Russ­ian state, this was a tan­ta­liz­ing wisp of smoke.

    For all of Foer’s exe­ge­sis of the sit­u­a­tion — cul­mi­nat­ing, he admits, with a lack of cer­tain­ty about what it all means — it seems like­ly that the sim­plest answer isn’t that some­one affil­i­at­ed with Trump or his cam­paign set up a backchan­nel method for con­tact­ing some­one at Alfa Bank in Rus­sia. It seems more like­ly that the human ten­den­cy for pat­tern-seek­ing is extract­ing a con­spir­a­cy the­o­ry from the auto­mat­ed clunk­i­ness of the way the Inter­net works.

    ...

    Naadir Jee­wa does con­sult­ing work on pre­cise­ly the sorts of sys­tems involved in the Trump-Alfa sce­nario. When Foer’s piece was pub­lished, he quick­ly tweet­ed a num­ber of rea­sons that he was skep­ti­cal of the idea that this was some­how nefar­i­ous. (He has sub­se­quent­ly writ­ten out his thoughts.) Based in the Unit­ed King­dom, he spoke with The Fix by phone on Tues­day morn­ing to explain his rea­son­ing.

    To under­stand what’s like­ly hap­pen­ing, we need to estab­lish a few basics. First of all, the Trump serv­er was­n’t real­ly a Trump serv­er. It was much less of a Trump email serv­er, for exam­ple, than Hillary Clin­ton’s email serv­er was hers. Clin­ton had a phys­i­cal serv­er that host­ed her email. The trump-email.com domain that Alfa was con­nect­ing to was host­ed by a com­pa­ny called Cen­dyn. Cen­dyn runs mar­ket­ing sys­tems for the hos­pi­tal­i­ty indus­try, mean­ing that it offers an out-of-the-box solu­tion for a com­pa­ny that owns a bunch of hotels to push out sales pitch emails to its cus­tomers. In oth­er words, trump-email.com isn’t the email serv­er Trump used to send emails from his clos­et. It was a domain name that linked back to a Cen­dyn serv­er.

    This is impor­tant for a few rea­sons. The first, Jee­wa said, was that the trump-email.com was con­fig­ured to reject a cer­tain type of query from anoth­er serv­er. Since its job was sim­ply to push out thou­sands of entice­ments to come stay at Trump Soho (or what­ev­er) it did­n’t need to receive many incom­ing requests (like incom­ing email). The sec­ond is that the con­spir­a­cy the­o­ry hinges on Trump’s team using an off­site serv­er host­ed by some­one else for its qui­et com­mu­ni­ca­tions with its Russ­ian allies. Instead of, say, their own serv­er, under their own con­trol. Or an encrypt­ed chat app. Or a phone call.

    So why were the Alfa Bank servers com­mu­ni­cat­ing with trump-email.com in a rhythm that both seems to mir­ror human com­mu­ni­ca­tion pat­terns and seems to have increased over the course of the cam­paign? To the lat­ter point, the researchers look­ing at the traf­fic only began track­ing com­mu­ni­ca­tions in July, so every­thing’s been with­in the con­text of the cam­paign. A graph cre­at­ed by the researchers seems “to fol­low the con­tours of polit­i­cal hap­pen­ings in the Unit­ed States,” in Foer’s words.

    [see graph of serv­er activ­i­ty]

    But it does­n’t real­ly. The biggest spike appears to have hap­pened in ear­ly August — a point at which there was cer­tain­ly a lot going on, but noth­ing par­tic­u­lar­ly excep­tion­al. This, too, seems more like pat­tern-seek­ing than a real cor­re­la­tion to events. (The ques­tion of when the com­mu­ni­ca­tions occurred dur­ing the day is hard to eval­u­ate, giv­en the lim­it­ed data we have avail­able. It’s worth remem­ber­ing, though, that the sev­en-hour time shift between Moscow and the U.S. East Coast means that either we or they are at work for most of any 24-hour peri­od.)

    Jee­wa notes that the type of requests the Alfa Bank servers were mak­ing were what’s called an “A record lookup.” (This is accord­ing to the files that have been made pub­lic, which, he said, could have been fil­tered to exclude oth­er exam­ples.) The domain name sys­tem relies on domain name servers (DNS), which act like a sort of Inter­net phone book. If you look up a busi­ness in a phone book, you’ll see its main num­ber, maybe a fax line, maybe some num­bers for var­i­ous depart­ments. DNS look-ups work the same way: If a serv­er wants to know how to con­tact trump-email.com, it con­tacts a DNS serv­er to learn its num­ber — not a phone num­ber, but an Inter­net pro­to­col (IP) address, which is a string of num­bers allow­ing Inter­net traf­fic to find its des­ti­na­tion. Domains, like the busi­ness in our phone book exam­ple, have dif­fer­ent infor­ma­tion avail­able about how they can be con­tact­ed. An MX record pro­vides a point­er to the domain’s email sys­tem (think: fax num­ber in the phone book). An A record is the main phone num­ber, the IP address host­ing the domain. It’s prob­a­bly the most basic type of domain lookup request. That’s what Alfa Bank’s servers appear to have kept request­ing again and again.

    Why? When an email is sent, the receiv­ing serv­er often checks to ver­i­fy where it came from. To con­tin­ue the anal­o­gy above, it’s as though you got a call on your cell from a num­ber, and the per­son said he was call­ing from Ace Elec­tron­ics. You might look up Ace Elec­tron­ics in the phone book and see if the phone num­ber matched. Sim­i­lar thing here: When an email came from trump-email.com, Alfa Bank’s serv­er like­ly checked the DNS sys­tem to get more infor­ma­tion about the point of ori­gin. Jee­wa demon­strates that this is com­mon prac­tice by point­ing out that one of the hacked Clin­ton cam­paign emails released by Wik­iLeaks includes an email from Cen­dyn’s servers — and a request back from the recip­i­ent for more infor­ma­tion. For some rea­son, it seems, the Alfa Bank servers keep ask­ing for that A record over and over again.

    One pos­si­bil­i­ty is that the Trump sys­tem keeps send­ing out spam emails. Anoth­er is that the Alfa Bank serv­er has a con­fig­u­ra­tion issue. As Jee­wa says in his write-up, “email sys­tems are ter­ri­ble.” Email is a clunky, kludge‑y way of pass­ing text mes­sages around the Web, and bugs can get intro­duced that cause weird behav­ior. It’s far more like­ly in this case that the Alfa Bank servers are mis­fir­ing than that there’s a secret com­mu­ni­ca­tions sys­tem being used. Dyn — the DNS sys­tem that was attacked two weeks ago, crip­pling Inter­net con­nec­tiv­i­ty — told a reporter from The Verge that it was­n’t only Alfa that was look­ing up trump-email.com, sug­gest­ing that the serv­er was­n’t as secret as it seems.

    Foer men­tions in his piece that the New York Times was inves­ti­gat­ing the link. On Mon­day, the paper report­ed that the FBI had looked into and dis­missed the idea that the two servers rep­re­sent­ed a secret com­mu­ni­ca­tions chan­nel. Inves­ti­ga­tors “con­clud­ed that there could be an innocu­ous expla­na­tion, like a mar­ket­ing email or spam, for the com­put­er con­tacts,” the Times’ Eric Licht­blau and Steven Lee Myers report­ed.

    The cam­paign offered a state­ment to Foer. It read, in part: “The email serv­er, set up for mar­ket­ing pur­pos­es and oper­at­ed by a third-par­ty, has not been used since 2010. ... The Trump Orga­ni­za­tion is not send­ing or receiv­ing any com­mu­ni­ca­tions from this email serv­er. The Trump Orga­ni­za­tion has no com­mu­ni­ca­tion or rela­tion­ship with this enti­ty or any Russ­ian enti­ty.”

    After the Times start­ed ask­ing ques­tions, the trump-email.com domain name changed, with Alfa Bank con­tact­ing the new email short­ly after­ward. This is offered by Foer as fur­ther evi­dence of a con­spir­a­cy, but Jee­wa isn’t sure. “All it looks like now is that their set up is like every oth­er cus­tomers’,” he said, mean­ing that the Trump sys­tem now fits the pat­tern of Cen­dyn’s nor­mal host-nam­ing — or, more direct­ly, that an old serv­er used by one of Trump’s com­pa­nies was brought into con­for­mance with Cen­dyn’s oth­er cus­tomers.

    Why did the Alfa Bank serv­er reach out to the new domain right away? It’s not clear. Per­haps because the new serv­er sent a test email, Jee­wa said, and Alfa Bank was in the test group.

    ...

    “Foer men­tions in his piece that the New York Times was inves­ti­gat­ing the link. On Mon­day, the paper report­ed that the FBI had looked into and dis­missed the idea that the two servers rep­re­sent­ed a secret com­mu­ni­ca­tions chan­nel. Inves­ti­ga­tors “con­clud­ed that there could be an innocu­ous expla­na­tion, like a mar­ket­ing email or spam, for the com­put­er con­tacts,” the Times’ Eric Licht­blau and Steven Lee Myers report­ed.

    Well, that set­tles that...in that it set­tles noth­ing which is appro­pri­ate giv­en the lack of any con­clu­sive evi­dence.

    At the same time, it’s worth not­ing that if any groups want to set up secure servers for pri­vate com­mu­ni­ca­tion with each oth­er in the way alleged by the orig­i­nal Slate arti­cle, now we all know how to do it: set up your servers to behave as close­ly to these servers as pos­si­ble because at that point it will seem innocu­ous if some­one detects the odd behav­ior. After all, a mar­ket­ing serv­er would poten­tial­ly be a pret­ty good front for some­thing like that.

    It’s anal­o­gous to the chal­lenges of dis­cern­ing the iden­ti­ty of, say, alleged Russ­ian hack­ers when the data used to make that ID can be so eas­i­ly spoofed by a skilled hack­er or con­firm­ing the valid­i­ty of hacked emails when the email con­tent can be total­ly forged and no one would know it. So while dig­i­tal con­spir­a­cy the­o­ries are like­ly to be increas­ing­ly preva­lent as major hacks con­tin­ue to rock soci­eties, and while those dig­i­tal con­spir­a­cy the­o­ries are like­ly to be crit­i­cized because the evi­dence to con­clu­sive­ly back them up sim­ply isn’t avail­able, the 2016 US cam­paign is turn­ing into a giant les­son in the real­i­ty that dig­i­tal con­spir­a­cy the­o­ries are basi­cal­ly the only option in a dig­i­tal age.

    It’s also a reminder that the prob­lem isn’t real­ly with the dig­i­tal con­spir­a­cy the­o­ries. Those are unavoid­able and unfor­tu­nate­ly nec­es­sary. The prob­lems are with the dig­i­tal con­spir­a­cy con­clu­sions using incon­clu­sive evi­dence.

    Posted by Pterrafractyl | November 1, 2016, 6:41 pm
  17. With the 2016 US elec­tion sea­son com­ing to a mer­ci­ful end, and the ques­tion of just how much dam­age Don­ald Trump did to the Trump brand by run­ning as an Alt-Right white nation­al­ist can­di­date yet to be answered, it’s worth not­ing that the Trump isn’t the only brand poten­tial­ly seri­ous­ly sul­lied by this elec­tion. Of course there’s the GOP’s brand too, but that was already pret­ty sul­lied. Per­haps a more inter­est­ing ques­tion is what this is going to do to Wik­ileaks’ brand, because it’s not as if the world has got­ten an expla­na­tion for why the orga­ni­za­tion was doing every­thing it could to thrust Pres­i­dent Don­ald Trump onto the world stage. And here’s Wik­ileak’s answer...it’s and answer­ing that’s prob­a­bly not going to do much for the brand: Wik­ileaks was­n’t try­ing to help Don­ald Trump at all. Nope. Noth­ing to see here:

    Talk­ing Points Memo Livewire

    Assange Defends Wik­iLeaks Against Alle­ga­tions It’s Inter­fer­ing In US Elec­tion

    By Esme Cribb
    Pub­lished Novem­ber 8, 2016, 12:10 PM EDT

    Julian Assange released a state­ment Tues­day push­ing back on accu­sa­tions that Wik­iLeaks is inter­fer­ing in the 2016 U.S. pres­i­den­tial elec­tion.

    “Our orga­ni­za­tion defends the public’s right to be informed,” Assange wrote in the state­ment pub­lished on Wik­iLeaks’ web­site. “This is why, irre­spec­tive of the out­come of the 2016 US Pres­i­den­tial elec­tion, the real vic­tor is the US pub­lic which is bet­ter informed as a result of our work.”

    He dis­missed alle­ga­tions that Wik­iLeaks has dis­pro­por­tion­ate­ly focused on mate­r­i­al relat­ed to Hillary Clin­ton’s cam­paign, and wrote that the orga­ni­za­tion has not received equiv­a­lent infor­ma­tion about Don­ald Trump or third-par­ty can­di­dates which “ful­fills our stat­ed edi­to­r­i­al cri­te­ria.”

    Assange assert­ed that Wik­ileaks has no “per­son­al desire” to influ­ence the elec­tion results.

    “Pub­lish­ing is what we do,” he wrote. “To with­hold the pub­li­ca­tion of such infor­ma­tion until after the elec­tion would have been to favour one of the can­di­dates above the public’s right to know.”

    He tout­ed Wik­iLeaks’ record of authen­ti­cat­ing leaked doc­u­ments and said that the orga­ni­za­tion’s ulti­mate mis­sion is to inform the pub­lic.

    “Wik­ileaks remains com­mit­ted to pub­lish­ing infor­ma­tion that informs the pub­lic, even if many, espe­cial­ly those in pow­er, would pre­fer not to see it,” Assange wrote. “Wik­iLeaks must pub­lish. It must pub­lish and be damned.”

    The rad­i­cal trans­paren­cy orga­ni­za­tion’s actions over the past few months seem to under­mine Assange’s defense, how­ev­er. Wik­iLeaks has used its Twit­ter account to crit­i­cize Clin­ton for her “reward­ing of cor­rup­tion,” pro­mote polls that appar­ent­ly indi­cate the Demo­c­ra­t­ic nom­i­nee is “enti­tled, uncool and unaware of it,” and offer a $20,000 boun­ty for infor­ma­tion about the mur­der of a Demo­c­ra­t­ic Nation­al Com­mit­tee staffer. In Sep­tem­ber, the orga­ni­za­tion also tweet­ed and then delet­ed a poll ask­ing users to spec­u­late about Clin­ton’s health.

    Assange him­self wrote in Feb­ru­ary that a vote for Clin­ton is “a vote for end­less, stu­pid war.” In a June inter­view, he called Clin­ton “a bit of a prob­lem for free­dom of the press.” And Trump ally Roger Stone claimed in a speech he deliv­ered in August that he had “com­mu­ni­cat­ed with Assange” about an “Octo­ber sur­prise” the Wik­iLeaks founder had promised to reveal about Clin­ton, which nev­er mate­ri­al­ized.

    ...

    “Assange him­self wrote in Feb­ru­ary that a vote for Clin­ton is “a vote for end­less, stu­pid war.” In a June inter­view, he called Clin­ton “a bit of a prob­lem for free­dom of the press.” And Trump ally Roger Stone claimed in a speech he deliv­ered in August that he had “com­mu­ni­cat­ed with Assange” about an “Octo­ber sur­prise” the Wik­iLeaks founder had promised to reveal about Clin­ton, which nev­er mate­ri­al­ized.”

    Yeah, it’s kind of hard to ignore Roger Stone’s claims that either he or one or one of his friends was in con­tact with Assange and get­ting inside infor­ma­tion on when Wik­ileaks was going to do an anti-Hillary dump. We’re all appar­ent­ly just sup­posed to ignore about that. And while an offi­cial “Octo­ber Sur­prise” may not have emerged from Wik­ileaks in Octo­ber, that prob­a­bly had some­thing to do with the fact that they were releas­ing all the Hillary/De­mo­c­rat-relat­ed infor­ma­tion in near dai­ly dribs and drabs for months. Sure, the leaks weren’t real­ly “sur­pris­ing” at that point, but they were still pret­ty dam­ag­ing and very obvi­ous­ly favor­able to the Trump cam­paign. But we’re pre­sum­ably sup­posed to ignore that too.

    So, giv­en the enor­mous dam­age Wik­ileaks did to its cred­i­bil­i­ty by basi­cal­ly act­ing as Don­ald Trump’s dig­i­tal dirty-tricks mid­dle­man, one of the inter­est­ing ques­tions worth ask­ing now is what hap­pens if peo­ple in gen­er­al just start­ed ignor­ing Wik­ileaks. Or, more specif­i­cal­ly, what if Wik­ileaks acquired a rep­u­ta­tion as a cryp­to-far-right orga­ni­za­tion and effec­tive­ly died because it lost that crit­i­cal trust fac­tor. Or what­ev­er oth­er rea­son that might cause the orga­ni­za­tion to dis­solve. What hap­pens to all the unleaked infor­ma­tion? Because just imag­ine how much real, and total­ly fake, unleaked infor­ma­tion is still resid­ing on its servers. Does some oth­er ‘trans­paren­cy orga­ni­za­tion’ get all the data? Assange has pre­vi­ous­ly hint­ed that an “insur­ance” file will get released if Wik­ileaks is shut down. But what if it just dies a slow death? Is every­thing going to be dumped in one giant death rat­tle? In oth­er words, does Wik­ileaks have a will? If there is a Wik­ileaks will, can we all see it or is it pri­vate? After the near-death expe­ri­ence Wik­ileaks helped but the the Unit­ed States through it seems like a ques­tion worth answer­ing.

    Posted by Pterrafractyl | November 8, 2016, 2:59 pm

Post a comment