Dave Emory’s entire lifetime of work is available on a flash drive that can be obtained HERE. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by early winter of 2016. The new drive (available for a tax-deductible contribution of $65.00 or more.) (The previous flash drive was current through the end of May of 2012.)
WFMU-FM is podcasting For The Record–You can subscribe to the podcast HERE.
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.
This broadcast was recorded in one, 60-minute segment.
Introduction: One of the foundational elements of Mr. Emory’s work over the decades has been the Reinhard Gehlen “Org.”
Beginning as the Eastern Front intelligence organization of the Third Reich under General Reinhard Gehlen, the organization then jumped to the CIA, becoming its department of Russian and Eastern affairs. It became the de-facto NATO intelligence organization and, ultimately the BND.
Incorporating large numbers of SS and Gestapo veterans, it manifested continuity with the Third Reich chain of command and was ultimately responsible to the remarkable and deadly Bormann capital network.
In this program, we examine the role of Ukrainian fascists evolved from the milieu of the OUN/B and other elements ultimately associated with, and/or evolved from the “Org” in the development of the meme of “Russia/Putin/Kremlin did it. The “it” in question are the high-profile hacks: the hacking of the DNC and Podesta computers and e‑mail accounts, the “non-hack” of the NSA by the so-called Shadow Brokers and earlier hacks of the German Bundestag.
First, we review for the convenience of the listener/reader, key points of analysis presented in previous programs about the high-profile hacks:
Points of information reviewed include:
- Evidence suggesting that Russia was NOT behind the DNC hacks. ” . . . . None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence. . . . Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation? Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better?. . . .”
- Information indicating that the NSA “hack” may well not have been a hack at all, but the work of an insider downloading the information onto a USB drive. “. . . Their claim to have ‘hacked’ a server belonging to the NSA is fishy. According to ex-NSA insiders who spoke with Business Insider, the agency’s hackers don’t just put their exploits and toolkits online where they can potentially be pilfered. The more likely scenario for where the data came from, says ex-NSA research scientist Dave Aitel, is an insider who downloaded it onto a USB stick. . . . When hackers gain access to a server, they keep quiet about it so they can stay there. . . .One of the many strange things about this incident is the very public nature of what transpired. When a hacker takes over your computer, they don’t start activating your webcam or running weird programs because you’d figure out pretty quickly that something was up and you’d try to get rid of them. . . . . . . If the Shadow Brokers owned the NSA’s command and control server, then it would probably be a much better approach to just sit back, watch, and try to pivot to other interesting things that they might be able to find. . . People sell exploits all the time, but they hardly ever talk about it. . . . Most of the time, an exploit is either found by a security research firm, which then writes about it and reports it to the company so it can fix the problem. Or, a hacker looking for cash will take that found exploit and sell it on the black market. So it would make sense for a group like Shadow Brokers to want to sell their treasure trove, but going public with it is beyond strange. . . .”
- Eddie the Friendly Spook endorsed the cover story of the Shadow Brokers’ NSA “hack”–that the event was a hack (despite indicators to the contrary) and that Russia did it. ” . . . If you ask ex-NSA contractor Edward Snowden, the public leak and claims of the Shadow Brokers seem to have Russian fingerprints all over them, and it serves as a warning from Moscow to Washington. The message: If your policymakers keep blaming us for the DNC hack, then we can use this hack to implicate you in much more.‘That could have significant foreign policy consequences,’ Snowden wrote on Twitter. ‘Particularly if any of those operations targeted US allies. Particularly if any of those operations targeted elections. . . .”
- The code in the files was from 2013, when Snowden undertook his “op.” “. . . . The code released by the Shadow Brokers dates most recently to 2013, the same year Edward Snowden leaked classified information about the NSA’s surveillance programs.. . . Snowden also noted that the released files end in 2013. ‘When I came forward, NSA would have migrated offensive operations to new servers as a precaution,’ he suggested — a move that would have cut off the hackers’ access to the server. . . . ”
- Author James Bamford highlighted circumstantial evidence that WikiLeaker Jacob Appelbaum–who appears to have facilitated Snowden’s journey from Hawaii to Hong Kong–may have been behind the Shadow Brokers non-hack. “. . . . There also seems to be a link between Assange and the leaker who stole the ANT catalog, and the possible hacking tools. Among Assange’s close associates is Jacob Appelbaum, a celebrated hacktivist and the only publicly known WikiLeaks staffer in the United States – until he moved to Berlin in 2013 in what he called a “political exile” because of what he said was repeated harassment by U.S. law enforcement personnel. In 2010, a Rolling Stone magazine profile labeled him “the most dangerous man in cyberspace.”In December 2013, Appelbaum was the first person to reveal the existence of the ANT catalog, at a conference in Berlin, without identifying the source. That same month he said he suspected the U.S. government of breaking into his Berlin apartment. He also co-wrote an article about the catalog in Der Spiegel. But again, he never named a source, which led many to assume, mistakenly, that it was Snowden. . . .”
- Applebaum was anti-Clinton, sentiments expressed in the clumsy Boris and Natasha-like broken English that accompanied announcement of the Shadow Brokers’ gambit. “. . . . Shortly thereafter, he [Applebaum] turned his attention to Hillary Clinton. At a screening of a documentary about Assange in Cannes, France, Appelbaum accused her of having a grudge against him and Assange, and that if she were elected president, she would make their lives difficult. ‘It’s a situation that will possibly get worse’ if she is elected to the White House, he said, according to Yahoo News. . . .. . . . In hacktivist style, and in what appears to be phony broken English, this new release of cyberweapons also seems to be targeting Clinton. It ends with a long and angry ‘final message’ against ‘Wealthy Elites . . . breaking laws’ but ‘Elites top friends announce, no law broken, no crime commit[ed]. . . Then Elites run for president. Why run for president when already control country like dictatorship?’ . . .”
We continue our analysis with information about the stunning, unsubstantiated allegation that Russia was behind the hacks:
- The joint CIA/FBI/NSA declassified version of the Intelligence Report on Russian hacking came out. There is no substantive detail in the report:“ . . . . To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently). . . . .”
- The Bitly technology used in the hacks enabled the entire world to see what was going on! This strongly indicates a cyber-false flag operation: ” . . . . Using Bitly allowed ‘third parties to see their entire campaign including all their targets— something you’d want to keep secret,’ Tom Finney, a researcher at SecureWorks, told Motherboard. It was one of Fancy Bear’s ‘gravest mistakes,’ as Thomas Rid, a professor at King’s College who has closely studied the case, put it in a new piece published on Thursday in Esquire, as it gave researchers unprecedented visibility into the activities of Fancy Bear, linking different parts of its larger campaign together. . . .”
- It should be noted that while this report is signed off on by the CIA, NSA, and FBI, the FBI never examined the DNC’s hacked server. Instead, according to the DNC, the job was outsourced to CrowdStrike! Neither the FBI, nor any other U.S. government entity has run an independent forensic analysis on the system! ” . . . Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News. . . .The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News. . .‘CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,’ the intelligence official said, adding they were confident Russia was behind the widespread hacks. . . It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014. BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .”
- The FBI claims that the DNC denied them access to the servers! Right! Note the prominence of CrowdStrike in this imbroglio. More about them below. ” . . . . The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers. ‘The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,’ a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’ . . . The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. . . . The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. . . .”
- The DNC responded to the FBI’s counter-assertion by reasserting that it’s giving the FBI full access to whatever it requested. If there’s a problem with the FBI getting access to that server, it’s a problem between the FBI and Crowdstrike: ” . . . The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night. ‘Someone is lying their ass off,’ a US intelligence official said of the warring statements. But officials with the DNC still assert they’ve ‘cooperated with the FBI 150%.They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,’ the DNC official said. ‘If anybody contradicts that it’s between Crowdstrike and the FBI.’ . . .Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .”
- An important article underscores that many tech experts disagree with the government’s so-called analysis: ” . . . . Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is ‘case closed,‘might some skepticism be in order? Some cyber experts say ‘yes.’ . . . Cyber-security experts have also weighed in. The security editor at Ars Technica observed that ‘Instead of providing smoking guns that the Russian government was behind specific hacks,’ the government report ‘largely restates previous private sector claims without providing any support for their validity.’ Robert M. Lee of the cyber-security company Dragos noted that the report ‘reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.’ Cybersecurity consultant Jeffrey Carr noted that the report ‘merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.’ . . .”
- CrowdStrike–at the epicenter of the supposed Russian hacking controversy is noteworthy. Its co-founder and chief technology officer, Dmitry Alperovitch is a senior fellow at the Atlantic Council, financed by elements that are at the foundation of fanning the flames of the New Cold War: “In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks. . . . Dmitri Alperovitch is also a senior fellow at the Atlantic Council. . . . The connection between [Crowdstrike co-founder and chief technology officer Dmitri] Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda. . . . ”
- There was an update back in December from the German government regarding its assessment of the 2015 Bundgestag hacks (attributed to “Fancy Bear” and “Cozy Bear,” as mentioned in the Sandro Gaycken post above) that it attributed to APT28 and Russia: while it asserts the hacks did indeed take place, the leaked documents were later determined to be an insider leak (via Google translate). “ . . . . According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises. . . . ”
- Another article details at length the skepticism and outright scorn many cybersecurity experts feel concerning the report. ” . . . . Did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: ‘I know who the source is… It’s from a Washington insider. It’s not from Russia.’ [We wonder if it might have been Tulsi Gabbard–D.E.] [36] . . . .”
- Exemplifying some of the points of dissension in the above-linked story: ” . . . . Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. ‘It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.’ Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. ‘No,’ he continues. ‘This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage. . . .”
- The source code used in the attacks traces back to Ukraine! ” . . . . In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. [Note this!–D.E.] The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed ‘quite substantially.’ Wordfence notes that not only is the software ‘commonly available,’ but also that it would be reasonable to expect ‘Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.’ To put it plainly, Wordfence concludes that the malware sample ‘has no apparent relationship with Russian intelligence.’ . . .”
The program concludes with a frightening piece of legislation signed into law by Barack Obama in December. It is an ominous portent of the use of government and military power to suppress dissenting views as being “Russian” propaganda tools! “. . . . The new law is remarkable for a number of reasons, not the least because it merges a new McCarthyism about purported dissemination of Russian ‘propaganda’ on the Internet with a new Orwellianism by creating a kind of Ministry of Truth – or Global Engagement Center – to protect the American people from ‘foreign propaganda and disinformation.’ . . . As part of the effort to detect and defeat these unwanted narratives, the law authorizes the Center to: ‘Facilitate the use of a wide range of technologies and techniques by sharing expertise among Federal departments and agencies, seeking expertise from external sources, and implementing best practices.’ (This section is an apparent reference to proposals that Google, Facebook and other technology companies find ways to block or brand certain Internet sites as purveyors of ‘Russian propaganda’ or ‘fake news.’) . . .”
Program Highlights Include:
- Review of key points pointing to the milieu of the OUN/B in Ukraine in the generation of the “Russia did it” meme. Note similarities between: the PropOrNot list of supposed “Russian” fake news outlets, the list of “Russian” journalists and websites and the Global Engagement Center created by Obama in the waning days of his administration.
- The “PropOrNot” group quoted in a Washington Post story tagging media outlets, websites and blogs as “Russian/Kremlin stooges/propaganda tools/agents” is linked to the OUN/B heirs now in power in Ukraine. ” . . . One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. . . . ‘the OUN‑B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN‑B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!). . . .”
- The OUN/B heirs ruling Ukraine compiled a list of journalists who were “Russian/Kremlin stooges/propaganda tools/agents,” including personal data and contact information (like that made public in the WikiLeaks data dump of DNC e‑mails). This list was compiled by the Ukrainian intelligence service, interior ministry and–ahem–hackers: “. . . . One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian ‘terrorists.’ [43] The website, ‘Myrotvorets’ [43] or ‘Peacemaker’—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police. . . . Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: ‘Slava Ukraini!’ [Glory to Ukraine!] So when PropOrNot’s anonymous ‘researchers’ reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly ‘Myrotvorets’ blacklist of ‘treasonous’ journalists. . . .”
- A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing the “Russia did it” disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”
1a. An interesting piece by Dr. Sandro Gaycken, a Berlin-based former ‘hacktivist’ who now advises NATO and the German government on cyber-security matters, makes the case that the evidence implicating Russia was very much the type of evidence a talented team could spoof. He also notes that some of the tools used in the hack were the same used last year when Angela Merkel’s computer was hacked and used to infect other computers at the Bundestag. That hack was also blamed on Russian hackers. But, again, as the article below points out, when the evidence for who is responsible is highly spoofable, confidently assigning blame is almost too easy.
Dr. Gaycken’s observations will be expanded upon in material presented later in the program.
Dr. Sandro Gaycken is the Director of the Digital Society Institute, a former hacktivist, and a strategic advisor to NATO, some German DAX-companies and the German government on cyber matters.
The hack of the Democratic National Committee (DNC) definitely looks Russian. The evidence is compelling. The tools used in the incident appeared in previous cases of alleged Russian espionage, some of which appeared in the German Bundestag hack. The attackers, dubbed Cozy Bear and Fancy Bear, have been known for years and have long been rumored to have a Russian connection. Other indicators such as IP addresses, language and location settings in the documents’ metadata and code compilation point to Russia. The Kremlin is also known to practice influence operations, and a leak before the Democrats’ convention fits that profile as does laundering the information through a third party like Wikileaks. Finally, the cui bono makes sense as well; Russia may favor Donald Trump given his Putin-friendly statements and his views on NATO.
Altogether, it looks like a clean-cut case. But before accusing a nuclear power like Russia of interfering in a U.S. election, these arguments should be thoroughly and skeptically scrutinized.
A critical look exposes the significant flaws in the attribution. First, all of the technical evidence can be spoofed. Although some argue that spoofing the mound of uncovered evidence is too much work, it can easily be done by a small team of good attackers in three or four days. Second, the tools used by Cozy Bear appeared on the black market when they were first discovered years ago and have been recycled and used against many other targets, including against German industry. The reuse and fine-tuning of existing malware happens all the time. Third, the language, location settings, and compilation metadata can easily be altered by changing basic settings on the attacker’s computer in five minutes without the need of special knowledge. None of the technical evidence is convincing. It would only be convincing if the attackers used entirely novel, unique, and sophisticated tools with unmistakable indicators pointing to Russia supported by human intelligence, not by malware analysis.
The DNC attackers also had very poor, almost comical, operational security (OPSEC). State actors tend to have a quality assurance review when developing cyberattack tools to minimize the risk of discovery and leaving obvious crumbs behind. Russian intelligence services are especially good. They are highly capable, tactically and strategically agile, and rational. They ensure that offensive tools are tailored and proportionate to the signal they want to send, the possibility of disclosure and public perception, and the odds of escalation. The shoddy OPSEC just doesn’t fit what we know about Russian intelligence.
The claim that Guccifer 2.0 is a Russian false flag operation may not hold up either. If Russia wanted to cover up the fact it had hacked the DNC, why create a pseudonym that could only attract more attention and publish emails?Dumping a trove of documents all at once is less valuable than cherry picking the most damaging information and strategically leaking it in a crafted and targeted fashion, as the FSB, SVR or GRU have probably done in the past. Also, leaking to Wikileaks isn’t hard. They have a submission form.
Given these arguments, blaming Russia is not a slam dunk. Why would a country with some of the best intelligence services in the world commit a whole series of really stupid mistakes in a highly sensitive operation?Why pick a target that has a strong chance of leading to escalatory activity when Russia is known to prefer incremental actions over drastic ones? Why go through the trouble of a false flag when doing nothing would have been arguably better? Lastly, how does Russia benefit from publicly backing Donald Trump given that Republicans have been skeptical of improving relations?
The evidence and information in the public domain strongly suggests Russia was behind the DNC hack, even though Russian intelligence services would have had the choice of not making it so clear cut given what we know about their tools, tactics, procedures, and thinking.
The DNC hack leads to at least four “what if” questions, each with its own significant policy consequences. First, if Russia had poor operational security and misjudged its target, it needs to be educated about the sensitivity of certain targets in its favorite adversary countries to avoid a repeat of this disaster. Second, if Russia deliberately hacked the DNC to leak confidential information, it would represent a strategic escalation on behalf of the Kremlin and the world would need to prepare for difficult times ahead. Third, if the breach and leak were perpetrated by a bunch of random activists using the pseudonym “Guccifer 2.0“, it would be the first instance of non-state actors succeeding in creating a global incident with severe strategic implications, demanding more control of such entities and a much better design of escalatory processes among nations. Finally, it is entirely possible that this was a false flag operation by an unknown third party to escalate tensions between nuclear superpowers. If this is the case, this party has to be uncovered. . . .
1b. The joint CIA/FBI/NSA declassified version of the Intelligence Report on Russian hacking came out. There is no substantive detail in the report:
“ . . . . To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently). . . . .”
Five pages of no evidence. Altogether unconvincing.
The charge that Russian government actors were responsible for the DNC/Podesta hacks is …an assertion that’s supported by publicly available evidence analyzed by third parties.
We note that the evidence that John Podesta spearphishing campaign was part of a broader attack against the DNC, like so much evidence in this case, based on the inexplicable and massive security mistake made by the hackers when they left their Bitly profile used to execute their spearphisphing attack open to the public so every in the world could see that these hackers set up special spearphishing attacks against a large number of Democratic officials. One of many inexplicable and massive security mistakes that these Russian hackers made.
On Thursday, Director of National Intelligence James Clapper told the Senate Armed Services Committee that an unclassified version of a joint “intelligence community” report about Russian hacking would be released next week. Said report was in fact posted online this afternoon, and after reading it, the “Friday news dump” timing makes sense: The top-line takeaways in the document are mostly conclusions that have already been leaked or discussed publicly by figures such as Clapper himself. Moreover, since the release is an unclassified version of a report that presumably involves material obtained through intelligence-gathering operations that are still active, no information about the “sources and methods” supporting its conclusions is included.
To summarize, the report says that the CIA, FBI, and National Security Agency believe that Russian hackers—directed ultimately by Vladimir Putin—hacked email accounts belonging to the Democratic National Committee and to Clinton campaign chairman John Podesta and then passed the material they obtained on to WikiLeaks through a third party. This was done, the report asserts, because the Russians believed that Donald Trump would be friendlier to their country’s interests, as president, than Hillary Clinton. And … that’s about it. Not counting intro pages or appendices, the report is five pages long and does not include any description of the actual evidence that Russian actors were responsible for the DNC/Podesta hacks (an assertion that’s supported by publicly available evidence analyzed by third parties) or the assertion that Putin ultimately directed the release of hacked material in order to help elect Donald Trump (an assertion that’s harder to verify independently).
The report’s final paragraph does involve what I believe is a new, ominous tidbit about ongoing hack attempts:
Immediately after Election Day, we assess Russian intelligence began a spearphishing campaign targeting US Government employees and individuals associated with US think tanks and NGOs in national security, defense, and foreign policy fields. This campaign could provide material for future influence efforts as well as foreign intelligence collection on the incoming administration’s goals and plans.
In other words: More fun times ahead!
2a. One of many remarkable aspects of this investigation, and one which argues strongly against Russia being the culprit, concerns the fact that the hackers used Bitly technology that enabled the whole world to see what they were doing!
. . . . SecureWorks was tracking known Fancy Bear command and control domains. One of these lead to a Bitly shortlink, which led to the Bitly account, which led to the thousands of Bitly URLs that were later connected to a variety of attacks, including on the Clinton campaign. With this privileged point of view, for example, the researchers saw Fancy Bear using 213 short links targeting 108 email addresses on the hillaryclinton.com domain, as the company explained in a somewhat overlooked report earlier this summer, and as BuzzFeed reported last week.
Using Bitly allowed “third parties to see their entire campaign including all their targets— something you’d want to keep secret,” Tom Finney, a researcher at SecureWorks, told Motherboard.
It was one of Fancy Bear’s “gravest mistakes,” as Thomas Rid, a professor at King’s College who has closely studied the case, put it in a new piece published on Thursday in Esquire, as it gave researchers unprecedented visibility into the activities of Fancy Bear, linking different parts of its larger campaign together. . . .
2b. The hack of John Podesta’s e‑mail–alleged to have been performed by Russia–originated with a phishing attack from Ukraine.
Although it may not be significant, the hack into Clinton campaign manager John D. Podesta’s gmail account originated with Ukraine.
NB: such information can be easily spoofed by a skilled hacker.
“The Phishing Email that Hacked the Account of John Podesta;” CBS News; 10/28/2016.
This appears to be the phishing email that hacked Clinton campaign chairman John Podesta’s Gmail account. Further, The Clinton campaign’s own computer help desk thought it was real email sent by Google, even though the email address had a suspicious “googlemail.com” extension. . . .
. . . . The email, with the subject line “*Someone has your password,*” greeted Podesta, “Hi John” and then said, “Someone just used your password to try to sign into your Google Account john.podesta@gmail.com.” Then it offered a time stamp and an IP address in “Location: Ukraine.” . . .”
3. It should be noted that while this report is signed off on by the CIA, NSA, and FBI, the FBI never examined the DNC’s hacked server. Instead, according to the DNC, the job was outsourced to CrowdStrike!
Neither the FBI, nor any other U.S. government entity has run an independent forensic analysis on the system!
” . . . Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News. . . .The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News. . .‘CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,’ the intelligence official said, adding they were confident Russia was behind the widespread hacks. . . It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014. BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .”
“The FBI Never Asked For Access To Hacked Computer Servers” by Ali Watkins; BuzzFeed; 1/4/2017.
The Democratic National Committee tells BuzzFeed News that the bureau “never requested access” to the servers the White House and intelligence community say were hacked by Russia.
The FBI did not examine the servers of the Democratic National Committee before issuing a report attributing the sweeping cyberintrusion to Russia-backed hackers, BuzzFeed News has learned.
Six months after the FBI first said it was investigating the hack of the Democratic National Committee’s computer network, the bureau has still not requested access to the hacked servers, a DNC spokesman said. No US government entity has run an independent forensic analysis on the system, one US intelligence official told BuzzFeed News.
“The DNC had several meetings with representatives of the FBI’s Cyber Division and its Washington (DC) Field Office, the Department of Justice’s National Security Division, and U.S. Attorney’s Offices, and it responded to a variety of requests for cooperation, but the FBI never requested access to the DNC’s computer servers,” Eric Walker, the DNC’s deputy communications director, told BuzzFeed News in an email.
The FBI has instead relied on computer forensics from a third-party tech security company, CrowdStrike, which first determined in May of last year that the DNC’s servers had been infiltrated by Russia-linked hackers, the U.S. intelligence official told BuzzFeed News.
“CrowdStrike is pretty good. There’s no reason to believe that anything that they have concluded is not accurate,” the intelligence official said, adding they were confident Russia was behind the widespread hacks.
The FBI declined to comment.
“Beginning at the time the intrusion was discovered by the DNC, the DNC cooperated fully with the FBI and its investigation, providing access to all of the information uncovered by CrowdStrike — without any limits,” said Walker, whose emails were stolen and subsequently distributed throughout the cyberattack.
It’s unclear why the FBI didn’t request access to the DNC servers, and whether it’s common practice when the bureau investigates the cyberattacks against private entities by state actors, like when the Sony Corporation was hacked by North Korea in 2014.
BuzzFeed News spoke to three cybersecurity companies who have worked on major breaches in the last 15 months, who said that it was “par for the course” for the FBI to do their own forensic research into the hacks. None wanted to comment on the record on another cybersecurity company’s work, or the work being done by a national security agency. . . .
4. The FBI claims that the DNC denied them access to the servers! ” . . . . The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers. ‘The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,’ a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’ . . . The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. . . . The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. . . .”
Note the ambiguity in the FBI’s statement. It’s not saying that the DNC rebuffed the FBI forever. It said the DNC rebuffed the FBI “until well after the initial compromise had been mitigated”. And the initial compromise was presumably “mitigated” by May of 2016 since that’s as far as the leaked emails go up to. So has the FBI, or any other government agency, requested access to the DNC servers after that point? How about since the election? If that request hasn’t been made, that adds to the strangeness of of the affair.
The Democratic National Committee refused to give FBI investigators access to their hacked servers, according to an FBI statement, a conclusion the president-elect was quick to embrace.
The FBI struck back at the Democratic National Committee on Thursday, accusing it of denying federal investigators access to its computer systems and hamstringing its investigation into the infiltration of DNC servers by Russia-backed hackers.
“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated. This left the FBI no choice but to rely upon a third party for information,” a senior law enforcement official told BuzzFeed News in a statement. ‘These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.’
The DNC said the FBI had never asked for access to their hacked servers, BuzzFeed News reported on Wednesday.
A DNC source familiar with the investigation tried to downplay that report on Thursday, hours before the FBI statement was issued. The fact that the FBI didn’t have direct access to the servers was not “significant,” the source said.
“I just don’t think that that’s really material or an important thing,” the source continued. “They had what they needed. There are always haters out here.”
The DNC source also brushed off the idea that it was the DNC that refused to let FBI access the server. When BuzzFeed News attempted to reach the official after the FBI statement came out, he declined to comment.
The warring statements are the latest twists in an extraordinary standoff between the Democrats and federal investigators that reached a fever pitch over the bureau’s probe into Democratic nominee Hillary Clinton’s private email server. That investigation saw FBI Director James Comey break long-standing tradition against potentially influencing elections, issuing a public letter to Congress 10 days before the election announcing potential new evidence in the case. The review ended with the FBI maintaining its Julyonclusion that Clinton should not face criminal charges, a fact that was declared only two days before polls opened. The timing fueled speculation over Clinton’s potential wrongdoing and tipped the scales in Trump’s favor, Democrats say.
The FBI announced it was investigating the hack of the DNC’s servers in July, after a third-party computer security firm, Crowdstrike, said it had evidence of Kremlin-backed hackers infiltrating its system. That hack — which federal officials have formally attributed to Russian hackers cleared by senior Russian officials — and subsequent release of stolen emails was part of a broader effort by Russia to influence the US election and push Donald Trump into the White House, according to FBI and CIA analysis.
…
A US intelligence official, requesting anonymity to discuss the investigation, said that because the FBI did not have access to the DNC servers, investigators had been forced to rely on computer forensics from the Crowdstrike analysis. Crowdstrike was originally hired by the DNC to investigate the hacks in the spring of 2016.
In a statement sent to BuzzFeed News Wednesday, the DNC said it cooperated fully with the FBI investigation and shared all of the Crowdstrike information with the FBI.
The DNC declined to comment on the FBI’s statement.
The FBI and the Department of Homeland Security, in a report released in the last week of December, publicly accused Russia of being behind the sweeping cyberattacks. The White House subsequently expelled 35 Russian diplomats from the US, issued sanctions against Russian intelligence officials, and cut off access to two Russian diplomatic facilities in the US.
A separate report on the widespread Russian influence operation, compiled by the Director of National Intelligence, was briefed to the White House on Thursday. A declassified version is expected to be publicly released on Monday.
5. The DNC responded to the FBI’s counter-assertion by reasserting that it’s giving the FBI full access to whatever it requested. If there’s a problem with the FBI getting access to that server, it’s a problem between the FBI and Crowdstrike:
” . . . The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night. ‘Someone is lying their ass off,’ a US intelligence official said of the warring statements. But officials with the DNC still assert they’ve ‘cooperated with the FBI 150%.They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,’ the DNC official said. ‘If anybody contradicts that it’s between Crowdstrike and the FBI.’ . . . ”
” . . . . Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .”
The Democratic National Committee downplayed its public spat with the FBI on Friday over why federal investigators did not independently examine their servers breached by Russian cyberspies, saying it was a misunderstanding that didn’t have anything to do with lingering political tensions between the two.“There’s no fight between the Bureau and the DNC,” a high-level DNC official told BuzzFeed News, requesting anonymity to discuss the investigation. “I don’t know how this has happened, I don’t know where this is coming from.”
The FBI announced in July it was investigating a sweeping cyberattack against the DNC, later attributed to Russia-backed hackers. That intrusion, and subsequent release of stolen DNC emails, was part of a broader Kremlin-directed effort to undermine the US election, smearing Democrats and bolstering Donald Trump, according to an intelligence assessment released Friday.
The FBI’s investigation of the hack, launched in July, came under sharp scrutiny Wednesday after BuzzFeed News revealed that the FBI had never had direct access to the committee’s hacked servers, and that no US Government entity had yet run an independent forensic analysis on the system. Instead, federal investigators had relied on computer forensics from a third-party DNC contractor, Crowdstrike.
“How and why are they so sure about hacking if they never even requested an examination of the computer servers?” President-elect Donald Trump tweeted on Thursday about the scandal. “What is going on?”
A spokesman for the DNC did not respond when asked what had led to the communications breakdown between their organization and the FBI by Friday night. The FBI did not respond to a request for comment.
The DNC said Wednesday that the FBI had never asked for access to the servers. On Thursday, in a stunning counterpunch, the FBI said it had not only asked, but had consistently and repeatedly been denied access by DNC officials, who the bureau said had “inhibited” the investigation.
It was a startling twist in a tense storyline that’s emerged between the DNC and the FBI, who top Democrats say torpedoed Hillary Clinton’s presidential prospects by mishandling its wholly separate investigation into the Democratic presidential nominee’s use of a private email server while she was Secretary of State.
The FBI had previously told lawmakers on the Hill that the DNC had not allowed federal investigators to access their servers. After BuzzFeed News reported on Wednesday that the DNC claimed FBI agents had never asked for the servers, congressional officials pressured the FBI for answers. A senior law enforcement official issued a public statement on the matter Thursday night.
“Someone is lying their ass off,” a US intelligence official said of the warring statements.
But officials with the DNC still assert they’ve “cooperated with the FBI 150%.”
“They’ve had access to anything they want. Anything that they desire. Anything they’ve asked, we’ve cooperated,” the DNC official said. “If anybody contradicts that it’s between Crowdstrike and the FBI.”
DNC officials planned to reach out to the FBI Friday to try and clarify both institutions’ positions, the official said.
Without direct access to the computer network, another US intelligence official told BuzzFeed, federal investigators had been forced to rely on the findings of the private cybersecurity firm Crowdstrike for computer forensics. From May through August of 2016, the Democratic National Committee paid Crowdstrike $267,807 dollars for maintenance, data services and consulting, among other things, according to federal records. . . .
6. A key element of analysis is an important article in The Nation by James Carden. This story points out that a number of cyber-security experts are skeptical of the official findings.
Furthermore the story points out that Crowdstrike is headed by Dmitri Alperovitch a senior fellow at the Atlantic Council, which is funded, in part, by the State Department, NATO, Lithuania, Latvia, the Ukrainian World Congress and Ukrainian oligarch Victor Pinchuk!
” . . . . Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is ‘case closed,‘might some skepticism be in order? Some cyber experts say ‘yes.’ . . . Cyber-security experts have also weighed in. The security editor at Ars Technica observed that ‘Instead of providing smoking guns that the Russian government was behind specific hacks,’ the government report ‘largely restates previous private sector claims without providing any support for their validity.’ Robert M. Lee of the cyber-security company Dragos noted that the report ‘reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.’ Cybersecurity consultant Jeffrey Carr noted that the report ‘merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.’ . . .”
“In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.”
” . . . . Dmitri Alperovitch is also a senior fellow at the Atlantic Council. . . . The connection between [Crowdstrike co-founder and chief technology officer Dmitri] Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda. . . . ”
“Is Skepticism Treason?” by James Carden; The Nation; 1/3/2017.
Despite the scores of media pieces which assert that Russia’s interference in the election is “case closed,” some cyber experts say skepticism is still in order.
The final days of 2016 were filled with more developments—some real, some not—in the ongoing story of Russia’s alleged interference in the US presidential election. On December 29, the FBI and the Department of Homeland Security released a joint report that provided “technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election.”
In retaliation, the Obama administration announced that it was expelling 35 Russian diplomats, closing 2 diplomatic compounds in Maryland and New York, and applying sanctions on Russia’s intelligence service. A day later, December 30, The Washington Post reported that an electrical utility in Vermont had been infiltrated by the same Russian malware that used to hack the DNC.
Taken together, these events set off a wave of media condemnation not just of the Russian government, but of President-elect Donald J. Trump for what is widely believed to be his overly accommodative posture toward Russian President Vladimir Putin.
Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is “case closed,” might some skepticism be in order? Some cyber experts say “yes.”
As was quickly pointed out by the Burlington Free Press, The Washington Post’s story on the Vermont power grid was inaccurate. The malware was detected on a laptop that belonged to the utility but was not connected to the power plant. “The grid is not in danger,” said a spokesman for the Burlington utility. The Post has since amended its story with an editor’s note (as it did when its November 24 story on Russian “fake news” by reporter Craig Timberg was widely refuted) dialing back its original claims of Russian infiltration.
…
Cyber-security experts have also weighed in. The security editor at Ars Technica observed that “Instead of providing smoking guns that the Russian government was behind specific hacks,” the government report “largely restates previous private sector claims without providing any support for their validity.” Robert M. Lee of the cyber-security company Dragos noted that the report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” Cybersecurity consultant Jeffrey Carr noted that the report “merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.”
In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.
In late December, Crowdstrike released a largely debunked report claiming that the same Russian malware that was used to hack the DNC has been used by Russian intelligence to target Ukrainian artillery positions. Crowdstrike’s co-founder and chief technology officer, Dmitri Alperovitch, told PBS, “Ukraine’s artillery men were targeted by the same hackers…that targeted DNC, but this time they were targeting cellphones [belonging to the Ukrainian artillery men] to try to understand their location so that the Russian artillery forces can actually target them in the open battle.”
Dmitri Alperovitch is also a senior fellow at the Atlantic Council.
The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda.
It would seem then that a healthy amount of skepticism toward a government report that relied, in part, on the findings of private-sector cyber security companies like Crowdstrike might be in order. And yet skeptics have found themselves in the unenviable position of being accused of being Kremlin apologists, or worse.
…
7. The OUN/B milieu in the U.S. has apparently been instrumental in generating the “Russia did it” disinformation about the high-profile hacks. In the Alternet.org article, Mark Ames highlights several points:
- The “PropOrNot” group quoted in a Washington Post story tagging media outlets, websites and blogs as “Russian/Kremlin stooges/propaganda tools/agents” is linked to the OUN/B heirs now in power in Ukraine. ” . . . One PropOrNot tweet, dated November 17, invokes a 1940s Ukrainian fascist salute “Heroiam Slava!!” [17] to cheer a news item on Ukrainian hackers fighting Russians. The phrase means “Glory to the heroes” and it was formally introduced by the fascist Organization of Ukrainian Nationalists (OUN) at their March-April 1941 congress in Nazi occupied Cracow, as they prepared to serve as Nazi auxiliaries in Operation Barbarossa. . . . ‘the OUN‑B introduced another Ukrainian fascist salute at the Second Great Congress of the Ukrainian Nationalists in Cracow in March and April 1941. This was the most popular Ukrainian fascist salute and had to be performed according to the instructions of the OUN‑B leadership by raising the right arm ‘slightly to the right, slightly above the peak of the head’ while calling ‘Glory to Ukraine!’ (Slava Ukraїni!) and responding ‘Glory to the Heroes!’ (Heroiam Slava!). . . .”
- The OUN/B heirs ruling Ukraine compiled a list of journalists who were “Russian/Kremlin stooges/propaganda tools/agents,” including personal data and contact information (like that made public in the WikiLeaks data dump of DNC e‑mails). This list was compiled by the Ukrainian intelligence service, interior ministry and–ahem–hackers: “. . . . One of the more frightening policies enacted by the current oligarch-nationalist regime in Kiev is an online blacklist [42] of journalists accused of collaborating with pro-Russian ‘terrorists.’ [43] The website, ‘Myrotvorets’ [43] or ‘Peacemaker’—was set up by Ukrainian hackers working with state intelligence and police, all of which tend to share the same ultranationalist ideologies as Parubiy and the newly-appointed neo-Nazi chief of the National Police. . . . Ukraine’s journalist blacklist website—operated by Ukrainian hackers working with state intelligence—led to a rash of death threats against the doxxed journalists, whose email addresses, phone numbers and other private information was posted anonymously to the website. Many of these threats came with the wartime Ukrainian fascist salute: “Slava Ukraini!” [Glory to Ukraine!] So when PropOrNot’s anonymous “researchers” reveal only their Ukrainian(s) identity, it’s hard not to think about the spy-linked hackers who posted the deadly ‘Myrotvorets’ blacklist of “treasonous” journalists. . . .”
- A Ukrainian activist named Alexandra Chalupa has been instrumental in distributing the “Russia did it” disinformation to Hillary Clinton and influencing the progress of the disinformation in the media. ” . . . . One of the key media sources [46] who blamed the DNC hacks on Russia, ramping up fears of crypto-Putinist infiltration, is a Ukrainian-American lobbyist working for the DNC. She is Alexandra Chalupa—described as the head of the Democratic National Committee’s opposition research on Russia and on Trump, and founder and president of the Ukrainian lobby group ‘US United With Ukraine Coalition’ [47], which lobbied hard to pass a 2014 bill increasing loans and military aid to Ukraine, imposing sanctions on Russians, and tightly aligning US and Ukraine geostrategic interests. . . . In one leaked DNC email [50] earlier this year, Chalupa boasts to DNC Communications Director Luis Miranda that she brought Isikoff to a US-government sponsored Washington event featuring 68 Ukrainian journalists, where Chalupa was invited ‘to speak specifically about Paul Manafort.’ In turn, Isikoff named her as the key inside source [46] ‘proving’ that the Russians were behind the hacks, and that Trump’s campaign was under the spell of Kremlin spies and sorcerers. . . .”
8a. There was an update back in December from the German government regarding its assessment of the 2015 Bundgestag hacks (attributed to “Fancy Bear” and “Cozy Bear,” as mentioned in the Sandro Gaycken post above) that it attributed to APT28 and Russia: while it asserts the hacks did indeed take place, the leaked documents were later determined to be an insider leak (via Google translate).
“ . . . . According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises. . . . ”
The Bundestagspolizei is still looking for the apparent leaker.
The WikiLeaks leak of documents from the DNC was alleged by former UK diplomat Craig Murray to have come from a dissatisfied DNC insider, who gave him the information from a thumb drive.
The situation vis a vis the hack of the Bundestag is strikingly similar.
After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.According to the report, federal security authorities are convinced that not hackers had stolen the 2420 documents published by the Internet platform Wikileaks in early December. There was certainly no evidence that the material had been stolen in the cyber attack on the Bundestag in 2015, it was called into security crises.
The “mirror” pointed out that the Wikileaks material covered 90 gigabytes, but the infiltrated Bundestagsrechnern only 16 gigabytes of data were stolen. The Cyberattacke apparently also had no members of the Bundestag or employees from the environment of the NSA investigation committee affected.
The “Frankfurter Allgemeine Sonntagszeitung” had cited a high security officer a week ago with the words that there was “high plausibility” for the fact that the secrets published by Wikileaks were captured in the cyber attack on the Bundestag. Russian hackers are responsible for the attack. Also the committee chairman Patrick Sensburg (CDU) had not excluded a foreign hacker attack immediately after the publication of the documents.
According to WikiLeaks, the approximately 2400 documents come from various federal agencies such as the Bundesnachrichtendienst and the federal offices for constitutional protection and security in information technology. The documents are intended to provide evidence of cooperation between the US National Security Agency (NSA) and the BND.
…
After the publication of confidential files from the NSA investigation committee the Bundestagspolizei is looking for the perpetrators in parliament, as the news magazine “Spiegel” reports. “A violation of secrecy and a special duty of secrecy” is confirmed, a Bundestag spokesman confirmed to the magazine. Bundestag President Norbert Lammert (CDU) had approved the investigation against unknown. The German Bundestag is a separate police zone.
…
8b. The monikers Fancy Bear and Cozy Bear have been applied to “APT 28” and “APT 29,” abbreviations standing for “advanced persistent threat.”
As the article below also points out, it’s entirely possible that “APT28” and “APT29” aren’t distinct entities at all. Why? Because the conclusion by firms like FireEye and Crowdstrike that there are two groups, “APT28” and “APT29”, that were leaving years of electronic trails from all their hacking activities isn’t based on any distinct “APT28” or “APT29” calling card. It’s based on the tool sets of hacking tools and infrastructure (like servers) used by these groups. And those tool sets used by APT28 and APT29 are readily available on the Dark Web and circulating among hacker communities as was the infrastructure.
In other words, a wide variety of skilled hackers have access to the exact same hacking tools that were used by groups like FireEye and Crowdstrike to uniquely identify APT28/29 and the same sets of corrupted servers. Since so much of the rest of the evidence that was used to attribute the hacking evidence to Russian hackers is based on readily spoofable information – like the cyrillic characters in a hacked document or that the hacking tool set code appeared to be compiled during Moscow working hours…all spoofable evidence – the evidence used to attribute these hacks to Kremlin-backed hackers could have been spoofed by a wide variety of possible culprits.
” . . . . Did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: ‘I know who the source is… It’s from a Washington insider. It’s not from Russia.’ [We wonder if it might have been Tulsi Gabbard–D.E.] [36] . . . .”
“Did the Russians Really Hack the DNC?” by Gregory Elich; Counter Punch; 1/13/2017.
Russia, we are told, breached the servers of the Democratic National Committee (DNC), swiped emails and other documents, and released them to the public, to alter the outcome of the U.S. presidential election.
How substantial is the evidence backing these assertions?
Hired by the Democratic National Committee to investigate unusual network activity, the security firm Crowdstrike discovered two separate intrusions on DNC servers. Crowdstrike named the two intruders Cozy Bear and Fancy Bear, in an allusion to what it felt were Russian sources. According to Crowdstrike, “Their tradecraft is superb, operational security second to none,” and “both groups were constantly going back into the environment” to change code and methods and switch command and control channels.
On what basis did Crowdstrike attribute these breaches to Russian intelligence services? The security firm claims that the techniques used were similar to those deployed in past security hacking operations that have been attributed to the same actors, while the profile of previous victims “closely mirrors the strategic interests of the Russian government. Furthermore, it appeared that the intruders were unaware of each other’s presence in the DNC system. “While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations,” Crowdstrike reports, “in Russia this is not an uncommon scenario.” [1]
Those may be indicators of Russian government culpability. But then again, perhaps not. Regarding the point about separate intruders, each operating independently of the other, that would seem to more likely indicate that the sources have nothing in common.
Each of the two intrusions acted as an advanced persistent threat (APT), which is an attack that resides undetected on a network for a long time. The goal of an APT is to exfiltrate data from the infected system rather than inflict damage. Several names have been given to these two actors, and most commonly Fancy Bear is known as APT28, and Cozy Bear as APT29.
The fact that many of the techniques used in the hack resembled, in varying degrees, past attacks attributed to Russia may not necessarily carry as much significance as we are led to believe. Once malware is deployed, it tends to be picked up by cybercriminals and offered for sale or trade on Deep Web black markets, where anyone can purchase it. Exploit kits are especially popular sellers. Quite often, the code is modified for specific uses. Security specialist Josh Pitts demonstrated how easy that process can be, downloading and modifying nine samples of the OnionDuke malware, which is thought to have first originated with the Russian government. Pitts reports that this exercise demonstrates “how easy it is to repurpose nation-state code/malware.” [2]
In another example, when SentinalOne Research discovered the Gyges malware in 2014, it reported that it “exhibits similarities to Russian espionage malware,” and is “designed to target government organizations. It comes as no surprise to us that this type of intelligence agency-grade malware would eventually fall into cybercriminals’ hands.” The security firm explains that Gyges is an “example of how advanced techniques and code developed by governments for espionage are effectively being repurposed, modularized and coupled with other malware to commit cybercrime.” [3]
Attribution is hard, cybersecurity specialists often point out. “Once an APT is released into the wild, its spread isn’t controlled by the attacker,” writes Mark McArdle. “They can’t prevent someone from analyzing it and repurposing it for their own needs.” Adapting malware “is a well-known reality,” he continues. “Finding irrefutable evidence that links an attacker to an attack is virtually unattainable, so everything boils down to assumptions and judgment.” [4]
Security Alliance regards security firm FireEye’s analysis that tied APT28 to the Russian government as based “largely on circumstantial evidence.” FireEye’s report “explicitly disregards targets that do not seem to indicate sponsorship by a nation-state,” having excluded various targets because they are “not particularly indicative of a specific sponsor’s interests.” [5] FireEye reported that the APT28 “victim set is narrow,” which helped lead it to the conclusion that it is a Russian operation. Cybersecurity consultant Jeffrey Carr reacts with scorn: “The victim set is narrow because the report’s authors make it narrow! In fact, it wasn’t narrowly targeted at all if you take into account the targets mentioned by other cybersecurity companies, not to mention those that FireEye deliberately excluded for being ‘not particularly indicative of a specific sponsor’s interests’.” [6]
FireEye’s report from 2014, on which much of the DNC Russian attribution is based, found that 89 percent of the APT28 software samples it analyzed were compiled during regular working hours in St. Petersburg and Moscow. [7]
But compile times, like language settings, can be easily altered to mislead investigators. Mark McArdle wonders, “If we think about the very high level of design, engineering, and testing that would be required for such a sophisticated attack, is it reasonable to assume that the attacker would leave these kinds of breadcrumbs? It’s possible. But it’s also possible that these things can be used to misdirect attention to a different party. Potentially another adversary. Is this evidence the result of sloppiness or a careful misdirection?” [8]
“If the guys are really good,” says Chris Finan, CEO of Manifold Technology, “they’re not leaving much evidence or they’re leaving evidence to throw you off the scent entirely.” [9] How plausible is it that Russian intelligence services would fail even to attempt such a fundamental step?
James Scott of the Institute for Critical Infrastructure Technology points out that the very vulnerability of the DNC servers constitutes a muddied basis on which determine attribution. “Attribution is less exact in the case of the DNC breach because the mail servers compromised were not well-secured; the organization of a few hundred personnel did not practice proper cyber-hygiene; the DNC has a global reputation and is a valuable target to script kiddies, hacktivists, lone-wolf cyber-threat actors, cyber-criminals, cyber-jihadists, hail-mary threats, and nation-state sponsored advanced persistent threats; and because the malware discovered on DNC systems were well-known, publicly disclosed, and variants could be purchased on Deep Web markets and forums.” [10]
Someone, or some group, operating under the pseudonym of Guccifer 2.0, claimed to be a lone actor in hacking the DNC servers. It is unclear what relation – if any – Guccifer 2.0 has to either of the two APT attacks on the DNC. In a PDF file that Guccifer 2.0 sent to Gawker.com, metadata indicated that it was it was last saved by someone having a username in Cyrillic letters. During the conversion of the file from Microsoft Word to PDF, invalid hyperlink error messages were automatically generated in the Russian language. [11]
This would seem to present rather damning evidence. But who is Guccifer 2.0? A Russian government operation? A private group? Or a lone hacktivist? In the poorly secured DNC system, there were almost certainly many infiltrators of various stripes. Nor can it be ruled out that the metadata indicators were intentionally generated in the file to misdirect attribution. The two APT attacks have been noted for their sophistication, and these mistakes – if that is what they are – seem amateurish. To change the language setting on a computer can be done in a matter of seconds, and that would be standard procedure for advanced cyber-warriors. On the other hand, sloppiness on the part of developers is not entirely unknown. However, one would expect a nation-state to enforce strict software and document handling procedures and implement rigorous review processes.
At any rate, the documents posted to the Guccifer 2.0 blog do not necessarily originate from the same source as those published by WikiLeaks. Certainly, none of the documents posted to WikiLeaks possess the same metadata issues. And one hacking operation does not preclude another, let alone an insider leak.
APT28 relied on XTunnel, repurposed from open source code that is available to anyone, to open network ports and siphon data. The interesting thing about the software is its failure to match the level of sophistication claimed for APT28. The strings in the code quite transparently indicate its intent, with no attempt at obfuscation. [12] It seems an odd oversight for a nation-state operation, in which plausible deniability would be essential, to overlook that glaring point during software development.
Command-and-control servers remotely issue malicious commands to infected machines. Oddly, for such a key component of the operation, the command-and-control IP address in both attacks was hard-coded in the malware. This seems like another inexplicable choice, given that the point of an advanced persistent threat is to operate for an extended period without detection. A more suitable approach would be to use a Domain Name System (DNS) address, which is a decentralized computer naming system. That would provide a more covert means of identifying the command-and-control server. [13]Moreover, one would expect that address to be encrypted. Using a DNS address would also allow the command-and-control operation to easily move to another server if its location is detected, without the need to modify and reinstall the code.
One of the IP addresses is claimed to be a “well-known APT 28” command-and-control address, while the second is said to be linked to Russian military intelligence. [14] The first address points to a server located in San Jose, California, and is operated by a server hosting service. [15] The second server [16] Clearly, these are servers that have been compromised by hackers. It is customary for hackers to route their attacks through vulnerable computers. The IP addresses of compromised computers are widely available on the Deep Web, and typically a hacked server will be used by multiple threat actors. These two particular servers may or may not have been regularly utilized by Russian Intelligence, but they were not uniquely so used. Almost certainly, many other hackers would have used the same machines, and it cannot be said that these IP addresses uniquely identify an infiltrator. Indeed, the second IP address is associated with the common Trojan viruses Agent-APPR and Shunnael. [17]
“Everyone is focused on attribution, but we may be missing the bigger truth,” says Joshua Croman, Director of the Cyber Statecraft Initiative at the Atlantic Council. “[T]he level of sophistication required to do this hack was so low that nearly anyone could do it.”[18]
In answer to critics, the Department of Homeland Security and the FBI issued a joint analysis report, which presented “technical details regarding the tools and infrastructure used” by Russian intelligence services “to compromise and exploit networks” associated with the U.S. election, U.S. government, political, and private sector entities. The report code-named these activities “Grizzly Steppe.” [19]
For a document that purports to offer strong evidence on behalf of U.S. government allegations of Russian culpability, it is striking how weak and sloppy the content is. Included in the report is a list of every threat group ever said to be associated with the Russian government, most of which are unrelated to the DNC hack. It appears that various governmental organizations were asked to send a list of Russian threats, and then an official lacking IT background compiled that information for the report, and the result is a mishmash of threat groups, software, and techniques. “PowerShell backdoor,” for instance, is a method used by many hackers, and in no way describes a Russian operation.
Indeed, one must take the list on faith, because nowhere in the document is any evidence provided to back up the claim of a Russian connection. Indeed, as the majority of items on the list are unrelated to the DNC hack, one wonders what the point is. But it bears repeating: even where software can be traced to Russian origination, it does not necessarily indicate exclusive usage. Jeffrey Carr explains: “Once malware is deployed, it is no longer under the control of the hacker who deployed it or the developer who created it. It can be reverse-engineered, copied, modified, shared and redeployed again and again by anyone.” Carr quotes security firm ESET in regard to the Sednit group, one of the items on the report’s list, and which is another name for APT28: “As security researchers, what we call ‘the Sednit group’ is merely a set of software and the related infrastructure, which we can hardly correlate with any specific organization.” Carr points out that X‑Agent software, which is said to have been utilized in the DNC hack, was easily obtained by ESET for analysis. “If ESET could do it, so can others. It is both foolish and baseless to claim, as Crowdstrike does, that X‑Agent is used solely by the Russian government when the source code is there for anyone to find and use at will.” [20]
The salient impression given by the government’s report is how devoid of evidence it is. For that matter, the majority of the content is taken up by what security specialist John Hinderaker describes as “pedestrian advice to IT professionals about computer security.” As for the report’s indicators of compromise (IoC), Hinderaker characterizes these as “tools that are freely available and IP addresses that are used by hackers around the world.” [21]
In conjunction with the report, the FBI and Department of Homeland Security provided a list of IP addresses it identified with Russian intelligence services. [22] Wordfence analyzed the IP addresses as well as a PHP malware script provided by the Department of Homeland Security. In analyzing the source code, Wordfence discovered that the software used was P.A.S., version 3.1.0. It then found that the website that manufactures the malware had a site country code indicating that it is Ukrainian. The current version of the P.A.S. software is 4.1.1, which is much newer than that used in the DNC hack, and the latest version has changed “quite substantially.” Wordfence notes that not only is the software “commonly available,” but also that it would be reasonable to expect “Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.” To put it plainly, Wordfence concludes that the malware sample “has no apparent relationship with Russian intelligence.” [23]
Wordfence also analyzed the government’s list of 876 IP addresses included as indicators of compromise. The sites are widely dispersed geographically, and of those with a known location, the United States has the largest number. A large number of the IP addresses belong to low-cost server hosting companies. “A common pattern that we see in the industry,” Wordfence states, “is that accounts at these hosts are compromised and those hacked sites are used to launch attacks around the web.” Fifteen percent of the IP addresses are currently Tor exit nodes. “These exit nodes are used by anyone who wants to be anonymous online, including malicious actors.” [24]
If one also takes into account the IP addresses that not only point to current Tor exits, but also those that once belonged to Tor exit nodes, then these comprise 42 percent of the government’s list. [25] “The fact that so many of the IPs are Tor addresses reveals the true sloppiness of the report,” concludes network security specialist Jerry Gamblin. [26]
Cybersecurity analyst Robert Graham was particularly blistering in his assessment of the government’s report, characterizing it as “full of garbage.” The report fails to tie the indicators of compromise to the Russian government. “It contains signatures of viruses that are publicly available, used by hackers around the world, not just Russia. It contains a long list of IP addresses from perfectly normal services, like Tor, Google, Dropbox, Yahoo, and so forth. Yes, hackers use Yahoo for phishing and maladvertising. It doesn’t mean every access of Yahoo is an ‘indicator of compromise’.” Graham compared the list of IP addresses against those accessed by his web browser, and found two matches. “No,” he continues. “This doesn’t mean I’ve been hacked. It means I just had a normal interaction with Yahoo. It means the Grizzly Steppe IoCs are garbage.” Graham goes on to point out that “what really happened” with the supposed Russian hack into the Vermont power grid “is that somebody just checked their Yahoo email, thereby accessing one of the same IP addresses I did. How they get from the facts (one person accessed Yahoo email) to the story (Russians hacked power grid)” is U.S. government “misinformation.” [27]
The indicators of compromise, in Graham’s assessment, were “published as a political tool, to prove they have evidence pointing to Russia.” As for the P.A.S. web shell, it is “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” Relying on the government’s sample for attribution is problematic: “Just because you found P.A.S. in two different places doesn’t mean it’s the same hacker.” A web shell “is one of the most common things hackers use once they’ve broken into a server,” Graham observes. [28]
Although cybersecurity analyst Robert M. Lee is inclined to accept the government’s position on the DNC hack, he feels the joint analysis report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” The report’s list “detracts from the confidence because of the interweaving of unrelated data.” The information presented is not sourced, he adds. “It’s a random collection of information and in that way, is mostly useless.” Indeed, the indicators of compromise have “a high rate of false positives for defenders that use them.” [29]
…
The intent of the joint analysis report was to provide evidence of Russian state responsibility for the DNC hack. But nowhere does it do so. Mere assertions are meant to persuade. How much evidence does the government have? The Democratic Party claims that the FBI never requested access to DNC servers. [32] The FBI, for its part, says it made “multiple requests” for access to the DNC servers and was repeatedly turned down. [33] Either way, it is a remarkable admission. In a case like this, the FBI would typically conduct its own investigation. Was the DNC afraid the FBI might come to a different conclusion than the DNC-hired security firm Crowdstrike? The FBI was left to rely on whatever evidence Crowdstrike chose to supply. During its analysis of DNC servers, Crowdstrike reports that it found evidence of APT28 and APT29 intrusions within two hours. Did it stop there, satisfied with what it had found? Or did it continue to explore whether additional intrusions by other actors had taken place?
In an attempt to further inflame the hysteria generated from accusations of Russian hacking, the Office of the Director of National Intelligence published a declassified version of a document briefed to U.S. officials. The information was supplied by the CIA, FBI, and National Security Agency, and was meant to cement the government’s case. Not surprisingly, the report received a warm welcome in the mainstream media, but what is notable is that it offers not a single piece of evidence to support its claim of “high confidence” in assessing that Russia hacked the DNC and released documents to WikiLeaks. Instead, the bulk of the report is an unhinged diatribe against Russian-owned RT media. The content is rife with inaccuracies and absurdities. Among the heinous actions RT is accused of are having run “anti-fracking programming, highlighting environmental issues and the impacts on health issues,” airing a documentary on Occupy Wall Street, and hosting third-party candidates during the 2012 election.[34] . . .
. . . . Mainstream media start with the premise that the Russian government was responsible, despite a lack of convincing evidence. They then leap to the fallacious conclusion that because Russia hacked the DNC, only it could have leaked the documents.
So, did the Russian government hack the DNC and feed documents to WikiLeaks? There are really two questions here: who hacked the DNC, and who released the DNC documents? These are not necessarily the same. An earlier intrusion into German parliament servers was blamed on the Russians, yet the release of documents to WikiLeaks is thought to have originated from an insider. [35] Had the Russians hacked into the DNC, it may have been to gather intelligence, while another actor released the documents. But it is far from certain that Russian intelligence services had anything to do with the intrusions. Julian Assange says that he did not receive the DNC documents from a nation-state. It has been pointed out that Russia could have used a third party to pass along the material. Fair enough, but former UK diplomat Craig Murray asserts: “I know who the source is… It’s from a Washington insider. It’s not from Russia.” [36]
There are too many inconsistencies and holes in the official story. In all likelihood, there were multiple intrusions into DNC servers, not all of which have been identified. The public ought to be wary of quick claims of attribution. It requires a long and involved process to arrive at a plausible identification, and in many cases the source can never be determined. As Jeffrey Carr explains, “It’s important to know that the process of attributing an attack by a cybersecurity company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.” [37]
Russia-bashing is in full swing, and there does not appear to be any letup in sight. We are plunging headlong into a new Cold War, riding on a wave of propaganda-induced hysteria. The self-serving claims fueling this campaign need to be challenged every step of the way. Surrendering to evidence-free emotional appeals would only serve those who arrogantly advocate confrontation and geopolitical domination.
…
9. The high-profile hacks have helped spawn an Orwellian creation–the “Countering Foreign Propaganda and Disinformation Act.”
“The War Against Alternative Information” by Rick Sterling; Consortium News; 1/1/2017.
The U.S. establishment is not content simply to have domination over the media narratives on critical foreign policy issues, such as Syria, Ukraine and Russia. It wants total domination. Thus we now have the “Countering Foreign Propaganda and Disinformation Act” that President Obama signed into law on Dec. 23 as part of the National Defense Authorization Act for 2017, setting aside $160 million to combat any “propaganda” that challenges Official Washington’s version of reality.
The legislation was initiated in March 2016, as the demonization of Russian President Vladimir Putin and Russia was already underway and was enacted amid the allegations of “Russian hacking” around the U.S. presidential election and the mainstream media’s furor over supposedly “fake news.” . . . .
. . . . The new law is remarkable for a number of reasons, not the least because it merges a new McCarthyism about purported dissemination of Russian “propaganda” on the Internet with a new Orwellianism by creating a kind of Ministry of Truth – or Global Engagement Center – to protect the American people from “foreign propaganda and disinformation.”
As part of the effort to detect and defeat these unwanted narratives, the law authorizes the Center to: “Facilitate the use of a wide range of technologies and techniques by sharing expertise among Federal departments and agencies, seeking expertise from external sources, and implementing best practices.” (This section is an apparent reference to proposals that Google, Facebook and other technology companies find ways to block or brand certain Internet sites as purveyors of “Russian propaganda” or “fake news.”)
Justifying this new bureaucracy, the bill’s sponsors argued that the existing agencies for “strategic communications” and “public diplomacy” were not enough, that the information threat required “a whole-of-government approach leveraging all elements of national power.”
The law also is rife with irony since the U.S. government and related agencies are among the world’s biggest purveyors of propaganda and disinformation – or what you might call evidence-free claims, such as the recent accusations of Russia hacking into Democratic emails to “influence” the U.S. election.
Despite these accusations — leaked by the Obama administration and embraced as true by the mainstream U.S. news media — there is little or no public evidence to support the charges. There is also a contradictory analysis by veteran U.S. intelligence professionals as well as statements by Wikileaks founder Julian Assange and an associate, former British Ambassador Craig Murray, that the Russians were not the source of the leaks. Yet, the mainstream U.S. media has virtually ignored this counter-evidence, appearing eager to collaborate with the new “Global Engagement Center” even before it is officially formed. . . .
What would George Orwell think of the Trump presidency thus far? Hopefully a great deal of disgust. But as the following article suggests, that disgust would probably be paired with a very different sentiment: ‘ka-ching!’:
“Conway delivered her infamous “alternative facts” quote during an interview with NBC’s Meet the Press host Chuck Todd on Sunday while she attempted to defend White House Press Secretary Sean Spicer’s false claim that Trump’s inauguration audience was the “largest” in history. Spicer later stood by that claim.”
While “alternative facts”, otherwise known as “lies”, are nothing new to politics, attempting to reframe your lies as “alternative facts” during a televised interview...that’s kind of a new one. At least for incoming presidential administrations.
But if this is going to be a ‘Big Lie’ kind of administration engaging in epic levels of corruption and looting, it’s not like it’s going to have a lot of options in terms of blatantly and aggressively lying to the public. So maybe their best option really is to just going with the “alternative facts” brand and hope that Team Trump can successfully sell his base even more deeply on the notion that everything is a lie except what Trump tells them. It’s worth a shot! Sure, not lying and looting is worth more of a shot, but if that’s not an option “alternative facts” might be the next best route for Team Trump. And as the article below makes clear, not constantly lying is not going to be an option:
“Two people familiar with the meeting said Trump spent about 10 minutes at the start of the bipartisan gathering rehashing the campaign. He also told them that between 3 million and 5 million illegal votes caused him to lose the popular vote.”
It’s worth noting that while it seems like that Trump knows he’s spewing out blatant lies when he keeps saying millions of illegal voters for voting in the election, keep in mind that it doesn’t have to be an actual lie. It’s entirely possible that Trump is so divorced from reality that he really does believe this stuff. And that’s something to keep in mind during our “official alternative facts” era: these are necessarily part of a ‘Big Lie’ agenda. It could also be a ‘Big Lies but also Big Delusions’ agenda.
Something else to keep in mind in all this: The German government recently created an initiative to hunt down and eradicate fake news on the internet due to fears of a Russian misinformation campaign in the upcoming 2017 German elections. So...is that going to include the hunting down and eradicating Trump’s “alternative facts”? Or are some alternative facts going to be more acceptable than others? We’ll find out:
“In December, the German Interior Ministry proposed creating a Center of Defense Against Misinformation, to help hunt down and eradicate fake news or other false information from the internet. The ministry has already told political parties to disable bots, technology that automatically shares news, tweets, and Facebook posts, saying those can be easily tricked into distributing propaganda.”
Well, that certainly sounds like a plan by the German government to counter almost everything coming out of the Trump administration. Unless the new Center of Defense Against Misinformation is only going to be focused on Russian misinformation.
The head of GCHQ resigned on Monday, much to everyone’s surprise. And while personal reasons and family health issues were stressed as the only reason for the sudden resignation, it’s hard to ignore the fact that this happened on the first full day of Donald Trump’s presidency. So the timing of this surprise resignation with the massive shift in the character and loyalties of the people running the US government was either unintentionally coincidental or intentionally coincidental. Either way it’s a hell of a coincidence:
“His sudden resignation – he informed staff just hours before making this decision public – prompted speculation that it might be related to British concerns over shared intelligence with the US in the wake of Donald Trump becoming president.”
Well, if Hannigan’s resignation really was a kind of public crypto-protest it’s going to be interesting if his replacement ends up quietly scaling back the US/UK intelligence sharing operations. But it’s not like the UK is the only country extensively sharing intelligence with the US, so it’s also going to be quite interesting to see if there are any other actions by high-level intelligence officials from the rest of the 5‑Eyes/9‑Eyes/Whatever-Eyes nations that appear to be some sort of protest about intelligence sharing with the US. Especially after the reports that Trump is still using an unsecured Android phone:
“Trump, on the other hand, is using a phone with none of these protections. Texts he sends and calls he makes could easily be intercepted by a device called a Stingray, currently in use by law enforcement, that mimics a cell tower. A person given access to his phone, physically or remotely, could quickly and easily steal files or download malware. And if Trump is using the phone as often as the New York Times reports — that is, every night — there’s likely lots of information on it that prying eyes would like to see.”
Yeah, reports like that probably don’t do much to allay concerns from the US’s closest allies about intelligence sharing with a Trump-run government. But there is one argument that could be made to the US’s allies that might at least reduce any Trump-specific concerns: there’s a good chance that whatever sensitive intelligence that gets shared with the US won’t actually be seen be Trump since Trump still doesn’t seem to actually care about intelligence:
“Trump said he likes his briefings short, ideally one-page if it’s in writing. “I like bullets or I like as little as possible. I don’t need, you know, 200-page reports on something that can be handled on a page. That I can tell you.””
Well there we go: while it’s probably the case that Trump’s administration is going to flood the intelligence agencies with far-right crypto-fascists intent on disseminating as many secrets to far-right governments and groups around the world as they can, at least if Trump’s phone gets hacked he’s unlikely to have many sensitive documents on there since he doesn’t actually care about such topics. Phew!
So, uh, ‘Russian hackers’ apparently hacked a number of Wisconsin county Democratic Party websites. The hacks didn’t actually do any damage other than redirecting people to a random website and no data was successfully harvested from the server according to investigators. And why are Russian hackers suspected? Because the hackers created two new admin accounts on the first server where the hack was detected and, lo and behold, these new accounts had “.ru” email addresses. They also created profiles for the admin accounts that included Russian characters in the “About” and “Bio” sections. So while it’s unclear what exactly the purpose of the hack was, it’s pretty clear that one of the primary goals of the hack was to make sure the Democrats found out they were hacked and make sure it looked like Russian hackers did it:
“Two new users showed up as registered administrators of the website: larisa@steamreal.ru and ewartumba@mail.ru. The “.ru” suffix indicates a Russian origin, Benson said. The profile pages of the users had characters in the Russian alphabet in “Address” and “About Me” fields, she said.”
The self-incriminating Russians strike again! It’s the only possibility. Or not:
Well, at least we’ve hit a point where people are open to the idea that these “I’m Russian!” calling card hacks are maybe, just maybe, not actually done by Russians. At least not all of them. Unless the hacks really are being done by Russians using a reverse psychology to sow doubts about the Russian hacking campaign by being so blatantly Russian about it. It’s also possible that it really was Russian hackers who are really trying to send a “ha, ha, we can hack you” kind of message, but if so it’s a very strange decision for Russia to intentionally piss off Americans during a period when Trump might be willing to warm US/Russian relations.
This is all part of the weird nature of crime in the digital age: a skilled hacker could, in theory, get away with the ‘perfect crime’ by leaving no trace of who did it, but that doesn’t stop people from speculating about who did it (unless the hack is never detected). So leaving little ‘calling cards’ has potential value to a hacker, but only if it’s not assumed that the evidence left behind isn’t evidence of who the hacker wants people to assume pulled off the hack. So leaving behind self-incriminating evidence is a potentially effective defense. It’s sort of an “anyone smart enough to pull off this hack wouldn’t be stupid enough to leave this kind of obvious evidence” defense. And it’s a viable defense since framing someone else (or some nationality) for the hack is one way to carry out that ‘perfect crime’. But only if it’s assumed that someone wouldn’t intentionally self-incriminate.
It’s also worth noting that this kind of self-incriminating evidence isn’t meaningless evidence from a propaganda/disinfo perspective unless the public interprets this evidence as spoofable and meaningless. And the American public in general is still clearly very willing to take the “I’m Russian!” evidence at face value and that public learning curb is part of what’s so fascinating about the possibility that we could be looking at a period where hackers of all stripes start leaving Russian calling cards, whether its for intentional propaganda, reverse psychology, or just for the LOLs: If this goes on long enough with enough blatantly self-incriminating “I’m Russian!” hacks of this nature it’s possible we’re going to eventually get to a point where it’s just assumed that any hack blamed on the Russians due to self-incriminating evidence is probably someone trying to make it look like the Russians (as opposed to assuming that self-incriminating evidence is meaningless and could come for Russian hackers or non-Russian hackers). And that would allow for a nearly ‘perfect crime’, specifically for Russian hackers, because while you can’t stop people from speculating about who did a hack it’s still possible for the public to develop a “this is spoofed to make it look Russian” reflexive response.
So one of the possible blowbacks of an extended spoofed ‘Russian’ hacking campaign (or successes of a clever reverse-psychology self-incriminating hacking campaign actually carried out by the Kremlin) could be the creation of ingrained skepticism against future Russian hacks...specifically those hacks with self-incriminating evidence. And if that happens for Russia, a whole bunch of other countries might start thinking, “hey, maybe we need a self-incriminating hacking campaign!”, and then proceed to launch waves of self-incriminating nuisance attacks that hopefully aren’t enough to start a war between nations but still enough to get a lot of public attention about all the blatantly self-incriminating evidence. Who knows if that will happen but it’s a fascinating possibility. And kind of scary.
Slightly off topic
Btw DE in case you didn’t know,
Bibliomania bookstore in Oakland
has an expanded Fascism section
with many “classics” Bormann Brotherhood, American Swastika, Trade with Enemy, Old Nazis New Germany, Control of Candy Jones (in Espionage), Skorzeny Infield, Skorzeny Memoirs, Gehlen The General was a Spy, and many more. Also highly recommend the historical fiction of Philip Kerr;especially “Hitler’s Peace” and “A Quiet Flame” latter draws heavily from “The Real Odessa” by Uki Goni.
Check out the latest twist in mysterious DNC hacks: malware said to belong to “Fancy Bear” appeared online earlier this week by a pair of security firms. And following some analysis of the code by an ex-NSA staffer running his own security firm, a large amount of the spyware targeting Macs look an awful lot like the code sold by Italian “lawful intercept” spyware vendor Hacking Team, based on a comparison of the leaked code to Hacking Team’s code that was published by Wikileaks back in 2015. And while the Russian government was indeed known a customer of Hacking Team, guess who reportedly bought the same code: Israel, the FBI, DEA, and the US Department of Defense:
“Hacking Team, a so-called “lawful intercept” company whose emails and files were dumped on Wikileaks after a breach in 2015, sold to both America and Russia. It was a provider for the FBI from 2011, selling as much as $775,000 in surveillance tools, though the feds found limited use for them. The DEA and the DoD were also customers, spending $567,000 and $190,000 respectively. Emails indicated it demoed and sold kit to the FSB too, spending as much as $450,000 via research center Kvant. And in leaked emails an employee from Hacking Team’s chief Israeli surveillance partner NICE noted the FSB was particularly interested in infecting Apple Macs.”
So if the Russian government really was behind the hacks, it apparently used code from a “lawful intercept” malware firm that was known to have sold to the FSB, along with multiple US government agencies and the Israelis. And, of course, might also be used by anyone who happened to decide to reuse the code from the 2015 Wikileaks release:
So if the code released this week by those security firms really is from a Russian government hacking entity, it’s another indication that that entity appears to use readily available code that could be attributed to numerous different actors. Which makes sense. Except for all the things the DNC hackers did to ensure that the hacks would be attributed back to Russians.
So if transcripts of the calls between Donald Trump’s campaign officials and Russian government officials are ever released, you have to wonder if the topic of “why are the hackers implicating Russia?” ever came up. And given the ambiguous and spoofable nature of the technical evidence, you also have to wonder which side will be asking that question.
Here is right wing blog’s explanation of the Russian Hacks — it was actually the CIA. There obviously was not any mention that this could be a black operation created by the Underground Reich’s intelligence Operation.
The Russians hack as much US information as they can, as do the Chinese, Pakistanis, and others. However, no Russian Intelligence Agency Hacking Operation would have a handle name which even remotely could be tied to Russia such as “Fancy Bear”. This was an obviously chosen name by the perpetuator of this hack to discedit US public opinion against Russia. This is similar to how the Nazis perpetuated the cold war to serve their own purposes.
https://jonrappoport.wordpress.com/2017/03/07/wikileaks-cia-hackers-can-pose-as-russians-ring-a-bell/
WikiLeaks: CIA hackers can pose as Russians—ring a bell?
by Jon Rappoport
March 7, 2017
(Part‑2, here)
Let’s see. The CIA claims that Russian government hackers interfered in the US election, on the side of Trump.
But suppose CIA hackers fabricated an operation to make it look like a Russian hack? Too far-fetched?
Not anymore.
In conjunction with their new data-dump of CIA material, WikiLeaks issues this statement:
“The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation. With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from.”
Spy games.
A group within the CIA wanted to shift blame for Hillary Clinton’s defeat? How about pointing at the Russians? “Easy. We can use Russian hacking tools and fabricate a scenario. We can say we discovered ‘fingerprints’ that point to the Russian government.”
Here is what the CNN Wire Service reported on January 2, 2017: “…even as President-elect Donald Trump and his aides cast doubt on the links between Russia and recent hacks against Democrats, US intelligence officials say that newly identified ‘digital fingerprints’ indicate Moscow was behind the intrusions.”
“One official told CNN the administration has traced the hack to the specific keyboards — which featured Cyrillic characters — that were used to construct the malware code, adding that the equipment leaves ‘digital fingerprints’ and, in the case of the recent hacks, those prints point to the Russian government.”
Really? We live in a world where spies and their cronies are constantly fixing reality to suit themselves.
So now all this bravado about discovering how the Russians hacked and stole the election blows up like a cream puff with a firecracker inside.
Who originally hacked/accessed the Democratic National Committee (DNC) email files and handed them to WikiLeaks for publication? That appeared to be an insider at the DNC. But the cover story—“the Russians did it”—floated by the CIA other US intelligence agencies now takes on a new hue.
The CIA has worked, over the years, to refine its ability to fake a hack-trace to all sorts of people, including the Russian government.
This gives people yet another opportunity to realize that employees of intelligence agencies are trained to lie. It’s their bread and butter. A day without lying is a misspent day.
They purposely lie in their investigations, in their reports, in their testimony, in their leaks to the press, in their budget requests, in their clandestine operations, in their statements about the circumscribed limits of their activities.
In their minds, they lie in order to tell the truth.
They will, when it suits them, also tell the truth in a way that supports a larger lie.
Some CIA agents eventually forget which way is up and what they’re doing. This is a
While this isn’t new news, it’s worth noting that Roger Stone once again confirmed that he has a back channel to Julian Assange. A “perfectly legal back channel” as Stone put it:
“In one post, later deleted, Stone said he had “never denied perfectly legal back channel to Assange who indeed had the goods on #CrookedHillary”.”
It’s not hard to particularly surprising that Stone would have deleted that particular tweet since it was part of a tweetstorm that made him seem like a psycho, although it’s a little hard to see what exactly Stone thought he was accomplishing since his psycho status has been long established and it’s not like he’s ever minded coming off as a psycho in the past.
So who knows what Stone thought he was accomplishing by delete those tweets including the tweet where he once again acknowledging having a back channel with Assange, but if the latest report by The Smoking Gun is accurate, there might be some tweets Stone really wishes he could delete right now. His private tweets with “Guccifer 2.0”:
“A source told the website that Stone, who admitted over the weekend to back-channel communications with WikiLeaks founder Julian Assange, exchanged private direct messages with Guccifer 2.0, in addition to exchanges on their public Twitter accounts.”
So according to one source, Stone exchanged private direct message over Twitter with Guccifer 2.0, although Stone claims he doesn’t recall whether or not that happened:
But if two of The Smoking Gun’s sources are correct, the FBI might be in a position to help Stone recall:
So we’ll see if the FBI investigation into Stone’s links with Russia ends up charging him with anything, but it’s important to recall that one of the reasons Guccifer 2.0 was assumed to be Russian is because the hacked files they released kept leaving little hints in the documents there were leaking that strongly suggested they were Russian:
And don’t forget that the name signed in Cyrillic was that of Felix Dzerzhinksy, the founder of the Soviet secret police.
It raises the question: if the FBI investigation identifies Guccifer 2.0 and also reveals that Stone was indeed coordinating the hacks (or coordinating how to disseminate the information after the hacks took place), but it’s also learned that Guccifer 2.0 wasn’t actually a Russian agent, will the FBI drop the case against Stone? We’ll see. Or probably not see since there’s a good chance we’ll never find out what the FBI learned about Stone’s activities if it can’t find any conclusive Stone/Russia connections.
But at least it was nice to learn that it’s the FBI’s San Francisco office doing this investigation and not the New York office.
So that’s part of the latest update on the Trump campaign’s collusion with Wikileaks and possible collusion with the Democratic Party hackers. But it’s not the only recent update of that nature:
“A short time later, a source with the UK Independence Party, the party Farage until recently led, confirmed to The Independent that Farage was meeting with Assange and had met with him for about 40 minutes”
Is Nigel Farage a new Trump administration back channel to Wikileaks? Sean Spicer wasn’t ready to deny it. And could Farage be Stone’s back channel? Well, keep in mind that Stone previously asserted that his go-between was an American libertarian on the “opinion side” of the US media. Also keep in mind that there’s basically no reason to believe anything coming out of Stone’s mouth so who knows. But Trump’s closest ally in the UK just met with Julian Assange days after the big CIA hacking tool leak and right before Assange holds a press conference promising more revelations so one thing we can say with increasing certainty is that Donald Trump has a lot of friends who are friendly with Wikileaks.
So Nixon hagiographer Monica Crowley, who forfeited a job with Trumps“s National Security Council
due to charges of plagiarism, is now a registered lobbyist for the Ukrainian steel billionaire who funds
the Atlantic Council: Victor Pinchuk!
Pinchuk appears to be quite the artful dodger having donated to both the Clinton and Trump Foundations prior to the US election.
However it was the op-ed he wrote in December for the Wall Street Journal that thrust Pinchuk into the
spotlight while angering Ukrainian Poroshenko at the same time. It read “Ukraine Must Make Painful
Compromise for Peace With Russia.” Pinchuk recommended Ukraine defer any plans to join the EU
and NATO. In return he indicated Kiev might approve the lifting of sanctions imposed on Russia.
Naturally Poroshenko now views Pinchuk as an appeaser and probably a contender for his job.
Ah yes the Art of the Deal!
With the House Intelligence Committee public hearings over the investigation into Russian interference in the 2016 election now underway, one of the more interesting questions from a political sh#t‑storm perspective is whether or not Roger Stone is going to be called to testify. John McCain said Stone should be called to testify before the Senate Intelligence Committee just last week, so it certainly seems possible he’ll be testifying before at least one congressional body at some point soon. And while it’s unclear what Stone will say if he does end up testifying, based on the preview he gave us in a series of tweets it sounds like Stone is characterize the suspicions that he was colluding with Russian government assets on a conspiracy of US intelligence services and George Soros:
“This is does not constitute collusion...I had no contacts with Russians. This one has been manufactured by the intelligence service with a nice assist from [billionaire philanthropist George] Soros and [David] Brock. I’m not gonna stop fighting for Donald Trump, nor are they going to silence me. I am anxious to go to the committee. Let’s see if they can handle the truth.”
Are suspicions about Roger Stone’s collusion with Russian assets purely a fabrication of US intelligence services and George Soros? Well, it’s certainly possible that the US intelligence community is hyping the strength of any evidence that it was indeed the Russian government behind the “Fancy Bear” and “Cozy Bear” hacks, especially since much of the technical evidence pointing towards Russian government hackers is evidence predicated on the assumption that these Russian government hackers either had incredibly poor operational security for this operation or actively want the US to know it was the Russian government doing the hacking and openly invited the kind of broad public uproar in the aftermath. But it’s pretty undeniable that either Russian hackers or hackers who wanted everyone to think they were Russian hackers did the hacking. That’s not really disputable.
So if Stone wants to prove that the suspicions that he was coordinating with Russian assets were just a fabrication of US intelligence he’ll need to help everyone determine who the hackers actually were. And he just might be in a position to do exactly that since so much of the interest surrounding Roger Stone’s collusion with the hackers has to do with the fact that he openly communicated with “Guccifer 2.0”, openly bragged about a “back channel” with Wikileaks, and openly predicted the nature of upcoming hacks (like the hacks of John Podesta’s emails) before anyone knew they were coming. So it will be interesting to see what he has to say about all those topics should he be called to testify before Congress, although as Stone has already indicated, he’s going to take the stance that he just randomly guessed John Podesta’s emails were going to get hacked based on his personal research and never actually had any direct or indirect communication with Wikileaks (despite now-deleted tweets to the contrary):
“Stone claims to be the subject of a warrant under the Foreign Intelligence Surveillance Act, saying his knowledge of that comes from “credible sources” that he cannot reveal. His communications with others — by phone and email — are being monitored, he claims to CNN.”
Stone is confident he’s under a FISA warrant but won’t reveal the “credible sources”. Huh. So does Stone legally have to reveal the “credible sources” telling him that he’s under a FISA warrant if Congress asks? Isn’t that a very high-level leak someone like Stone shouldn’t have any access to? Hopefully he’ll be asked to testify and we can find out. Along with what Stone will finally say about all this:
Aha. So Stone admits beint in contact with “Guccifer 2.0” in August, but he asserts that it was all out in the open and it’s just a coincidence that Stone also predicted late in August that John Podesta’s “time in the barrel” was coming. A coincidence brought about by Stone’s “own research” into Podesta. And all those admissions about a back channel to Wikileaks were wrong...instead he was merely speaking to a friend who had spoken with Assange and somehow this doesn’t constitute a back channel. Nope.
Now that Donald Trump’s former national security adviser Michael Flynn has requested immunity in return for his testimony in the various investigations swirling around the Trump administration and its ties to Russia, it’s worth noting that Flynn and his possible illegal actions are a great example of why any investigation into foreign influence of the Trump administration must extend far being Russia if it’s going to be a comprehensive investigation. Yes, Flynn may have violated the Logan Act during his conversation the Russian ambassador in late December. But what about possible improper Turkish influences?
“Mr Woolsey told The Wall Street Journal he arrived in the middle of the conversation but described the basic plan as a “covert step in the dead of night to whisk this guy away”.”
Extraordinary rendition by the US. Within the US. On behalf of Erdogan. Yeah, that’s pretty extraordinary. And a pretty good reason for requesting immunity. Along with the Turkish lobbying:
“Anyone representing the interests of foreign powers in a political capacity must declare their interest to the US government under the Foreign Agents Registration Act.”
So there’s plenty of in-your-face potentially criminal Turkish government influences. And then there’s all those business-related conflicts of interest that Trump himself has in Turkey. And, of course, there’s the ideological ties a far-right rogue administration like the Trump’s will have with a far-right rogue administration like Erdogan’s as part of the general far-right global movement to destroy all that which is non-far-right. Is that going to be part of these various investigations into foreign influences of the Trump administration? Especially given the spoofable nature of the Russian hacking evidence? Of course not, since ties to Russia are apparently the only foreign influences that matter and not the Trump administration’s ties to the global far-right. For some mysterious reason.
So if Flynn testifies it’s pretty clear that the investigations are going to be exclusively interested in Russia and only Russia. So hopefully some of the investigators can get Flynn to shed light on why it is that the ‘Russian hackers’ keep going out of their way to ensure they are identified as Russian hackers:
“I’d also inform the committee that within the last 24 hours, at 10:45 a.m. yesterday, a second attempt was made, again against former members of my presidential campaign team who had access to our internal information, again targeted from an I.P. address from an unknown location in Russia,” he continued. “That effort was also unsuccessful.”
Yep, on the same day Vladimir Putin uses a bungled “Read my lips” line to deny Russian involvement in the hacks, Marco Rubio informs that world that Russian hackers made their second attempt to hack Rubio’s staff within the last 24 hours. And how do they know it was Russian hackers? Because their I.P. addresses led back to Russia. So of course it was Russians. And specifically the Russian government. And definitely not someone else.
And since all these investigations are apparently exclusively interested in Russian ties, and only Russian ties, hopefully Flynn will at least shed some light on that strange ‘Russian hacker’ behavior. After all, if those ‘Russian hackers’ hadn’t been so blatantly Russian there’s a good chance Flynn wouldn’t be in this situation in the first place. Sure, he would still have the Turkish government lobbying conflicts of interest even if these ‘Russian hackers’ didn’t frame themselves as Russian hackers, but as is abundantly clear at this point, if it’s not a Russian-related foreign conflict of interest — like a conflict of interest that could potentially motivate a foreign government (or international far-right network) to hack the DNC and make it look like the Russians did it — nobody really cares. At least not enough to investigate it. Or even consider the possibility.
One of the questions that’s been looming over Wikileaks ever since the organization chose Donald Trump’s side in the 2016 US elections and played a key spoiler role by strategically dribbling out new anti-Hillary leaks for the final months of the campaign was the question of whether or not Wikileaks had a bunch of dirt on Trump that it was strategically not leaking. Well, if they do have such information on Trump, they’re probably at least a little tempted to dump it now:
““It’s time to call out WikiLeaks for what it really is: A non-state hostile intelligence service often abetted by state actors like Russia,” Pompeo said.”
Well, while Wikileaks probably isn’t thrilled by this announcement, they’re probably pretty please about how CIA director Mike Pompeo is making no effort to highlight Wikileaks’ extensive connections to neo-Nazis and the far-right. The far-right is probably pretty pleased by that too, as they must be in general with the current characterization in the West on Russia as the main sponsor/backer for all things far-right. It’s a great narrative! For the far-right.
So is Wikileaks going to retaliate with some sort of embarrassing data dump? Could it all be theatrics? We’ll see. And don’t forget that if the prosecution of Assange really does establish a legal precedent that could be used to silence other publishers of leaked documents, as groups like the ACLU are claiming, that could also be a big incentive for the leak-prone Trump administration to pursue this case. Chilling the press would be a huge incentive for Team Trump. It’s a reminder that this case could have implications that go far beyond Wikileaks so learning more about what exactly they’re going to charge Assange with is going to something to watch.
But note one of the other big complications with this declared desire to arrest Assange: Ecuador’s new government has no interest in letting that happen:
And that’s part of what makes the timing of this announcement so interesting. It comes just after Ecuador’s closely contested elected held a recount that the right-wing candidate, who said he would kick Assange out of Ecuador’s embassy, continues to contest as unfair:
“Mr Lasso had demanded a full recount citing allegations of fraud but the national electoral council only agreed to a recount of 10% of the votes.”
And these allegations by Ecuador’s right-wing followed similar allegations of voting rigging after the first vote. So it’s going to be very interesting to see what the US’s stance is toward Ecuador if Lasso continues to contest the recount outcome. The fact that the Organization of American States validated the recount suggests we won’t be seeing some sort of covert regime-change policy. But let’s not forget about one of the more disturbing potential Trump administration appointments that almost happened: Elliot Abrams was about to be named deputy secretary of State, and only lost the post after Trump learned Abrams trashed him during the campaign. So while Abrams didn’t get the job, he almost got the job. Either way, it doesn’t bode well for the US’s regime change policies towards Central and South American left-wing governments:
“Nevertheless, Abrams persisted. A decade after George H.W. Bush pardoned his crime against Congress, Abrams was plotting coups against democratically elected South American governments — as an adviser to George W.”
Yep, we almost had a former South American coup-plotter as the new deputy Secretary of State. Almost. But then Trump found out Abrams dissed him. That was the deal-breaker. But the coup-plotting was fine.
So that’s all something to keep in mind with the announcement by Mike Pompeo that they’re going to seeking Assange’s arrest: making left-wing South and Central American governments was a specialty of the guy Trump almost made the deputy secretary of State and Assange’s arrest is only going to happen if Ecuador’s newly elected left-wing government is suddenly gone.
Well, ok, there are other options for getting Assange.
Wow, those Russian government hackers really need a OPSEC refresher course. So it turns out that the hacked documents in the ‘Macron hack’ not only contained Cyrillic text in the metadata, but also contained the name of the last person to modify the documents. And that name, “Roshka Georgiy Petrovichan”, is an employee at Evrika, a large IT company that does work for the Russian government, including the FSB. Also found in the metadata is the email of the person who uploaded the files to “archive.org”, and that email address, frankmacher1@gmx.de, is registered with a German free webmail provider used previously in 2016 phishing attacks against the CDU in Germany that have been attributed to APT28. So it would appear that the ‘Russian hackers’ not only left clues suggesting it was Russian hackers behind the hack, but they decided name names this time. Their own names. And even Wikileaks concluded that it was the result of Russian hackers:
“The involvement of APT28, the editing of some documents leaked by someone using a Russian version of Microsoft Office, and the attempt to spread the data through amplification in social media channels such as 4Chan, Twitter, and Facebook—where a number of new accounts posted links to the data—are all characteristics of the information operations seen during the 2016 US presidential campaign.”
Yes, indeed, leaving seemingly self-incriminating data in the metadata is pretty characteristic of the hacking of 2016 presidential campaign. Characteristic of the inexplicable operational security oversights be allegedly professional Russian government hackers...whose operational security appears to be getting worse with each hack. This time they uploaded modified faked documents that could easily be determine was modified by “Roshka Georgiy Petrovich”. Bravo! What a sneaky hack by those professional Russian government hackers.
And in related news, a group of cybersecurity researchers studying the Macron hack has concluded the the modified documents were modified by someone associated with The Daily Stormer neo-Nazi website and Andrew “the weev” Auernheimer:
““We strongly believe that the fake offshore documents were created by someone with control of the Daily Stormer server,” said Tord Lundström, a computer forensics investigator at Virtualroad.org.”
And who is in control of the Daily Stormer? Well, its public face and publisher is Andrew Anglin. But look who the site is registered to: Andrew Auernheimer, was apparently resided in Ukraine as of the start of this year:
That’s the analysis from the web-security firm Virtualroad.org. Someone associated with the Daily Stormer modified those faked documents. Like, perhaps a highly skilled neo-Nazi hacker like “the weev”.
So based on an analysis of how the document dump unfolded it’s looking like the inexplicably self-incriminating ‘Russian hackers’ may have been a bunch of American neo-Nazis. Imagine that.
With the appointment of former FBI chief Robert Mueller as special counsel in an investigation into the Trump team’s possible collusion with the Russian government moving ahead along side both the House and Senate investigations, coupled with one instance after another of behavior by the Trump administration, or Trump himself, that looks an awful lot like obstruction of justice intended to thwart these investigations, it’s pretty clear that the eventual outcome of these investigations is seen by all political sides in the US as being ‘make or break’ in nature. If some sort of collusion is firmly established, so firmly that the public starts turning decisively and overwhelming against Trump, that’s most likely the end of Trump administration...and possible the subsequent Pence administration. But if nothing is conclusively established and Trump declares victory, it’s entirely possible that not only will Trump be able to shrug off the Russian collusion charges but able to deflect just about any other non-Russian charges his administration faces too.
So given the incredibly high stakes involved with these investigations, here’s an article by cybersecurity expert Bruce Schneier from back in January that highlights one of the most important aspects of all this that the Democrats are going to have to keep in mind: Given the fact that cyberattacks are notoriously easy to spoof and attribution often comes down to educated guessing, coming to any sort of confident conclusion as to who carried out the hacking of the DNC and subsequent hack of John Podesta probably requires the use of the kind of intelligence and methods that intelligence agencies and the public are faced with a significant dilemma that isn’t going away. Should sources and methods be revealed that can help conclusively establish who conducted the hacks if, by revealing them, those sources and methods end up getting burned and/or killed. Or is simply saying “trust us” by the intelligence community going to be adequate proof. That’s the dilemma facing the current investigation and future investigations of this nature so, at a minimum, it’s probably pretty important for people to recognize that the centerpiece of the Trump/Russian investigation — those notorious hacks — might end up being a contest between the Trump team and a bunch of spies all saying “trust us”:
“If the government is going to take public action against a cyberattack, it needs to make its evidence public. But releasing secret evidence might get people killed, and it would make any future confidentiality assurances we make to human sources completely non-credible. This problem isn’t going away; secrecy helps the intelligence community, but it wounds our democracy.”
Yep, the investigation into the Democratic Party hacks isn’t just a mega-headache. It’s a meta-mega-headache. There’s going to be a lot more situations like this where providing evidence for attribution isn’t going to be easy. Especially if doing so might get a source killed. And unless the Trump/Russia investigations come across some very conclusive evidence that can be revealed in public, “trust us” is probably going to be a major element of any final conclusion from these investigations. So with that word of caution in mind, it’s also going to be critical for the Democrats to keep in mind that the general sentiment that we often hear these days that “all 17 US intelligence agencies” signed on to the report concluding that Russia was behind the hacks isn’t actually true. Only four agencies were involved in the report:
“On Tuesday, former CIA Director John Brennan told the House Intelligence Committee that only four of the 17 U.S. intelligence agencies took part in the assessment, relying on analysts from the Central Intelligence Agency, the National Security Agency and the Federal Bureau of Investigation, under the oversight of the Office of the Director of National Intelligence.”
The CIA, NSA, and FBI, working under the ODNI. That’s it. While there isn’t anything inherently wrong with an intelligence assessment from 4 out of 17 of the US’s intelligence agencies, it’s also not 17. And then there’s the potential problems with an intelligence assessment conducted by hand-picked analysts. It’s just not a good look. So it’s going to be important that the Democrats don’t back themselves into a rhetorical corner and give the Trump team freebie counter-attacks by repeating the claim that all 17 intelligence agencies participated in that intelligence assessment since any final report involving the hacks will probably rely on a “trust us” component in the place of evidence made available to the public.
Of course, given the abundance of evidence suggesting that the hacks weren’t actually done by the Russian government, coupled with the abundance of obstruction of justice by Donald Trump into this investigation, it’s very possible that Trump is hiding something, even if it’s not the big Trump/Russian conspiracy. Some sort of investigation is clearly in order. Just not an investigation focused exclusively on Russia. Which raises a rather fascinating question: If Trump was given the offer of having all 17 intelligence agencies reattempt that January 6th intelligence assessment but also change its focus to simply asking who did the hacks (not just, “did the Russians do it?”) and whether or not any sort of foreign collusion took place, including the international far-right and not just Russian collusion, would he do it? If not, why not? Hopefully that question is asked at some point. Not that we should expect a coherent answer.
Vladimir Putin added an unsurprising new defense to the charges that the Russian government ordered the 2016 DNC hacks during a recent interview: Maybe it was “patriotic Russians” that did it independently. This, of course, led to all sort of commentary that Putin was basically admitting that Russian hackers were behind the hack without fully admitting it, which ignores the rest of what he said in the interview about the matter like how the hacks also could have been orchestrated to look like they came from Russia.
And while the “patriotic Russians” defense isn’t unreasonable (couldn’t the Trump team or anyone else hire some ‘patriotic’ Russian hackers?), it’s still a pretty risky defense for Putin to put forward since it basically preemptively justifies the hacking of Russian officials by “patriotic [insert country here]s” much like how Trump’s cheerleading of the hacks preemptively justifies any future hacking of Trump. So if we do end up see some sort of high-profile counter-hacks against Putin or other Russian VIPs in the not too distant future, expect a ‘patriotic hacker’ to be behind it (who may or may not be 400 pounds and sitting in bed):
“Asked about suspicions that Russia might try to interfere in the coming elections in Germany, Mr. Putin raised the possibility of attacks on foreign votes by what he portrayed as free-spirited Russian patriots. Hackers, he said, “are like artists” who choose their targets depending how they feel “when they wake up in the morning.” Any such attacks, he added, could not alter the result of elections in Europe, America or elsewhere.”
Could a free-spirited Russian patriot have been behind the hacks? We can’t rule it out. And if it was indeed a ‘Russian patriot’ they clearly needed the practice given the shocking number of mistakes these patriotic Russian made to implicate a Russian on the hack, something Putin hinted at when pointed out the ability of hackers to obscure the origin of a hack:
But that part was largely left out of the media coverage and instead the entire thing was characterized as a sly admission of guilt.
And if it was a sly admission of guilt, wow, was the timing ever amazing. Because on the same day we get the reports about an apparent Putin *wink wink* admission of Russian involvement in the hacks, we also get this report:
“The head of the French government’s cyber security agency, which investigated leaks from President Emmanuel Macron’s election campaign, says they found no trace of a notorious Russian hacking group behind the attack.”
Yep, the big hack of Emmanuel Macron’s campaign team right before the French election had no trace of Russian government involvement. In particular, no trace of “APT28”, a.k.a Fancy Bear:
That’s the word of the French government’s cyber security agency. Of course, this shouldn’t really be a surprise at this point given all the previously reported signs pointing towards this hack being the handiwork of the notorious neo-Nazi hacker Andrew “the weev” Auerheimer, or at least that Auerheimer was involved with modifying and distributing the hacked documents and inserting the name of a Russian FSB IT contractor in the document meta-data.
Still, the fact that the French government is reporting no trace of Russian government involvement is pretty remarkable during this period of the high-profile political hacks where the hacked documents keep leaving little “fingerprints” of Russian involvement. Especially
And yet it was widely reported soon after the attack to be the work of the Russian government due to an abundance of evidence. Technical evidence pointing indicating it was the same group that conducted the DNC hacks. And it wasn’t just private security firms making this charge. The NSA made the same charge too:
““If you take a look at the French election … we had become aware of Russian activity,” Rogers said in response to questions from senator Kirsten Gillibrand about the allegations of Russia hacking the Macron campaign. “We had talked to our French counterparts prior to the public announcements of the events publicly attributed this past weekend and gave them a heads-up: ‘Look, we’re watching the Russians, we’re seeing them penetrate some of your infrastructure.’””
That was the analysis from the NSA. Despite, you know, the jaw-dropping apparent mistakes that these Russian government hackers were making and warnings from some analysts:
And let’s not forget that if there’s one agency on the planet that should have the tools at its disposal to potentially track down the origin of a professional hack where the hackers are trying to obscure their identity, it’s the NSA. We’re basically forced to trust them on a lot of these kinds of things.
So is there going to be any followup from the NSA, Trend Micro, or any other cybersecurity analysts to try to make sense of this rather dramatic disagreement with the French government? Probably not. We’ll see. But if there isn’t some sort of public clarification from the cybersecurity industry and governments about the growing difficulty in attributing the origin of hacks it’s only a matter of time before that difficult conversation takes place. Because thanks, in part, to the distribution of cutting-edge hacking tool kits like those leaked by the “ShadowBrokers”, it’s becoming increasingly difficult to distinguish between a sophisticated hacking operation conducted by a national intelligence service or just some random guy:
““I think those days are over when we can say in black and white: We know this is an espionage group,” DiMaggio said”
The age of easy attribution, if it ever existed, is over thanks to not the growing availability of leaked intelligence service hacking tool kits but also just the growing sophistication of independently developed tools. And even for the NSA in some cases apparently...unless the NSA was just making stuff up. Either way, yikes. At least ‘yikes’ for most folks. ‘Patriotic’ hackers are probably ok with the situation. Non-patriotic hackers too.
Were US voting machines hacked during the 2016 election? That’s the question raised by a new report based on a leaked classified NSA document stating that hackers (declared to be Russian government hackers in the document although no raw intelligence is provided) successfully executed a spear-phishing attack on election systems company about a month before the November election. While not named, the document references to a product made by a Florida-based VR Systems, an electronic voting services and equipment vendor with products used in eight states.
And the leaker appears to already be caught due, in part, to the Intercept handing the leaked document back to the NSA which provided the clues necessary to determine its origin. And with the Trump administration already looking to make an example out of the leaker — a 25 yr old private contractor named Reality Winner who is reportedly not at all a fan of Donald Trump — we’ll see whether or not Winner’s eventual sentence sends a chill through the government or ends up provoking even more leaks. Given the scope of Winner’s leak — a single document that doesn’t reveal sources and methods or endanger lives in any way — it’s hard to say how a harsh conviction will be received by potential leakers.
Either way, with Winner having already admitted to the act and facing 10 years in prison we probably shouldn’t expect many more leaks on this topic any time soon:
“Russian military intelligence carried out a cyber-attack on at least one US voting software supplier and sent spear-phishing emails to more than a hundred local election officials days before the poll, the Intercept reported on Monday.”
So it does appear that someone was not only trying to hack US election system companies (which isn’t surprising) but actually succeeded in one instance (not particularly surprising, but still disturbing). It’s not hard to imagine why Winner thought this was worth the risk given the potentially explosive nature of this finding.
At the same time, again, keep in mind that when the leaked document states “Russian military intelligence” was behind the spear-phishing attacks, there was no actual raw intelligence provided explaining why the NSA was confident this was Russian military intelligence:
“While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.”
So what we can say with confidence from this leak is that the NSA’s internal language is just as conclusive about the Russian government origin of these hacks as the public language. Still, it doesn’t actually tell us what that confidence is based on. And while it would be nice to assume that the NSA couldn’t possibly be jumping to — or intentinally arriving at — erroneous conclusions, this is probably a good to review the recent conclusions of the French cyberintelligence chief and his recent warnings about the incredible dangers of cyber-misattribution, the ease with which any random hacker could carrying out a spear-phishing attack, and his bafflement at the NSA’s recent Russian attribution to the spear-phishing French election hacks:
“Poupard said “the most nightmare scenario, the point of view that Rogers expressed and which I share” would be “a sort of permanent war — between states, between states and other organizations, which can be criminal and terrorist organizations — where everyone will attack each other, without really knowing who did what. A sort of generalized chaos that could affect all of cyberspace.””
That’s quite a nightmare scenario from Guillaume Poupard, head of France’s cybersecurity: everyone hacking everyone without anyone really knowing who did. Pretty scary. And apparently already reality. Especially when basic attacks like spear-phishing campaigns get interpreted as hack attacks so sophisticated that only a nation-state could do it:
“It really could be anyone. It could even be an isolated individual”
Just an isolated individual could have been behind the Macron hack? Huh.
And yet, as Poupard describes, the NSA was very confident that this was the work of Russian government hackers...despite the inability to actually explain the basis of that confidence when Poupard directly asked for it:
““Why did Admiral Rogers say that, like that, at that time? It really surprised me. It really surprised my European allies. And to be totally frank, when I spoke about it to my NSA counterparts and asked why did he say that, they didn’t really know how to reply either,” he said. “Perhaps he went further than what he really wanted to say.””
So what can we conclude from all this after? Well, that someone spear-phished a US voting systems company. With consequence that have yet to be determined. That’s pretty much it. Still, on its own that’s a pretty big revelation. If it suggests that whoever was behind the other DNC and Podesta hacks was probably behind this hack too, that’s strong evidence pointing in the direction of direct election manipulation. And if it turns out Russian ran one of the most incompetent self-incriminating hacking campaign in history by executing those DNC/Podesta hacks...well, that would suggest Russia was planning on doing something as wildly inflammatory as having their easily-identified hackers try to directly manipulate election results. But if the self-incrimating “Russian hackers” were actually, say, hackers working for the Trump campaign masking themselves as Russians...well, that tells as that the Trump campaign was interested in manipulating election results. Either way, that’s a pretty big revelation.
It’s a reminder that, given the common assumption that Trump keeps trying to shut down the Russian probe over fears that it will discover Russian/Trump team collusion, don’t forget that the discovery that the Trump team hired hackers to pretend to be Russian (or maybe hired Russian hackers) would also be a massively scandalous deal. Especially if it involved the attempted (or successful) manipulation of the vote.
@Pterrafractyl–
Interesting, isn’t it, that “The Intercept,” which was a repository for the NSA files purloined by Snowden, hands the document back to NSA.
I strongly suspect this is part of the “op” to remove funky Trump in favor of arch reactionary Pence, who doesn’t have Trump’s baggage, while at the same time ramping up Cold War II.
Even as Germany and EU are moving past the failing US and implementing an EU army (with the French nuclear capability at its center), the US is attempting to reforge the Atlantic Alliance.
I am of the opinion that the Underground Reich is in control of both factions–the US right-wing Atlanticist faction and the post US, post NATO German/EU future.
Look for pressure on Putin, perhaps removing him, perhaps not. Ultimately I expect this will result in accommodation between Russia and EU/Germany.
Russia agrees to EU nuclear-armed military union and Ukrainian admission to EU, with EU joining with Eurasian economic union creating an economic community (dominated by Germany) stretching from Lisbon to Vladistovok.
The Caligulized America, with lousy public education, poisoned environment, no health care and virulent, racist ignorance and ethnic Balkanization being the dominant features of US society slides into secondary status.
Ultimately, I expect the U.S. to split up into smaller countries, particular after earthquakes and other natural and ecological disasters and mass casualty terror attacks decimate the nation.
Cheers!
Ms. Winner is, in my opinion, the James McCord of this “New Watergate.”
Ain’t we got fun?!
Cheers,
Dave Emory
The New York Times had a recent report on the ongoing investigation into the Shadow Brokers leak and struggles the NSA has had in identifying the source. One of the key points in the article is that agency investigators and staff continue to fear that the source was an insider who has yet to be found based on all the evidence pointing towards it being an inside job. And yet, despite that, one of the other key points is that the agency is also pretty sure Russia was behind it. Of course:
“Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.”
So was it a leaker, a Russian hack, or both? Well, here’s the evidence we’re given for it being an insider: For starters, they appear to have insider operational insights based on their public taunts:
And then there’s the public rantings that appear to reveal a subtle familiarity with American culture and humor despite the broken English:
But, of course, we shouldn’t really read too much into what’s publicly written by the Shadow Brokers since that’s obviously an area where they could be intentionally leaving misleading clues.
And then there’s the observation the some, but not all, of the hacking tool kits they stole were stolen in their entirety, which suggests someone with a thumb drive might have just scooped them up and walked out with them. It’s not clearly why a hacker couldn’t also scoop them up and extract entire tool kits but it’s possible that the entire tool kits were only found in one place on servers not connected to the internet (which is exactly what ex-NSA insider have said was the case). Anyway, the fact that entire tool kits were stolen is seen by the investigators as hinting at an insider:
And that’s all part of why there’s ongoing fears that the leaker is still in the agency:
But despite those fears of an unknown insider, Russia appears to be one of the top suspects. Those suspicions appear to be partly based on interpretations of their public rants:
So a joke about “Russian security peoples” becoming hackers is one ‘clue’. What else? Well, there’s this backstory: In 2014 US security firms (Symantec, Crowdstrike, and FireEye) reported that Moscow was behind certain hacking groups. Then Kaspersky, a Russian-based anti-virus firm, started incorporating code into its anti-virus softwar to stop the hacks revealed in the Snowden leaks. The NSA worked to replace its now-detactable malware with malware that the NSA was hoping Kaspersky hadn’t yet discovered. In February of 2015, Kaspersky issues a new round of updates based on its analysis of the “Equation Group” (a named used for the NSA’s T.A.O. team) and the NSA is relieved to find that to find that Kaspersky hadn’t included some tools the NSA feared Kaspersky had already discovered. The agency breathes a sigh of relief, until August of 2016, when the Shadow Brokers start their leaks. That’s the big backstory that’s appears to be significant part of why Russia is a prime culprit for this hack...that there was an ongoing US/Russian rivalry:
“Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.”
As we can see, while the actual evidence doesn’t appear to really toward this being a Russian hack, there’s a “strong belief” that this is all a Russian operation. And that strong belief appears to be based on a conviction that is just has to be the Russians, because of course it’s them.
It’s a reminder that one of the most damaging aspects of the current cyber-Cold War between the US and Russian governments is that fact that it appears to have obscured in the minds of US officials the far-right libertarian Cypherpunk Cold War against government everywhere.