Kaspersky Lab reported this morning a next-generation version of Duqu malware infected the information security company’s network.
WSJ reported this particular version may have been used to spy on the P5+1 talks with Iran on nuclear development. Dubbed ‘Duqu 2.0,’ the malware may have gathered audio, video, documents and communications from computers used by talk participants.
Ars Technica reported in depth on Kaspersky’s discovery of the malware and its attributes. What’s really remarkable in this iteration is its residence in memory. It only exists as a copy on a drive at the first point of infection in a network, and can be wiped remotely to destroy evidence of its occupation.
The infosec firm killed the malware in their networked devices by mimicking a power outage. They detached from their network suspect devices believed to contain an infecting copy.
Kaspersky’s Patient Zero was a non-technical employee in Asia. Duqu 2.0 wiped traces of its own insertion from the PC’s drive.
Neither WSJ or Ars Technica noted Kaspersky’s network must have been subject to a program like TREASUREMAP.
…Because the rest of the data remained intact on the PC and its security patches were fully up to date, researchers suspect the employee received a highly targeted spear phishing e-mail that led to a website containing a zero-day exploit. … (bold mine – source: Ars Technica)
How was a single non-technical point of contact in Asia identified as a target for an infected email? Continue reading
Predictably, Richard Burr has used the news of the Office of Personnel Management hack to renew his efforts to pass CISA. Burr added it as an amendment to the National Defense Authorization Act yesterday, stating,
The recent cyber breach at the Office of Personnel Management was a serious attack on our government and we cannot continue to have citizens’ personal information needlessly exposed to foreign adversaries and criminals. In passing the Cybersecurity Information Sharing Act with an overwhelmingly bipartisan vote of 14-1, the Committee recognized the extreme threat posed by our adversaries who, in addition to the OPM breach, have stolen hundreds of millions of Americans’ personal information in the last year alone, swiped intellectual property, and conducted attacks on our agencies. Not only does CISA propose a solution to help address these threats, it does so in a way that works to ensure the personal privacy of all Americans. We can no longer simply watch Americans’ personal information continue to be compromised. This bill is long needed and will help us combat threats to our country and our economy.
Remember, OPM was warned in a series of IG Reports that it didn’t have adequate protection for the Federal government workers’ data it stored. Congressional overseers, like Burr, did nothing to force OPM to improve security, just as the Intelligence Committees have tried for years to get National Security agencies to provide better checks on insider threats and other security problems, but never succeeded in actually getting them to do so.
So Burr’s response to neglect is to do something else that wouldn’t prevent the OPM hack. But it would effectively gut ECPA and FOIA, all in the name of information sharing which is about the 20th most effective way to combat hacking.
This is sheer incompetence from a legislative standpoint — pushing through an ineffective solution when faced with mounting evidence it wouldn’t work, all so as to increase spying on Americans.
But then, that seems to be Burr’s aspiration: to increase spying regardless of the efficacy of it.
Both Patrick Leahy and Ron Wyden released statements in response to Burr’s move. I’m intrigued by the way they note no one has been able to see the amendments Wyden tried to push through in the committee.
The Intelligence Committee’s information sharing bill will affect the privacy rights of all Americans, yet it has been cloaked in secrecy. It was considered behind closed doors, without a public hearing or public debate. We cannot even read the text of amendments considered at the mark up of this legislation. Senator Burr’s information sharing bill also erodes Americans’ right to know what their government is doing by weakening the Freedom of Information Act. I am deeply concerned that the Republican Leader now wants the Senate to pass this information sharing bill without any opportunity for the kind of public debate it needs. This is not the transparent and meaningful committee process the Republican Leader promised just months ago. I agree that we must do more to protect our cybersecurity, but this information sharing bill should not be considered as a last-minute amendment to yet another bill that was negotiated and considered behind closed doors. The privacy of millions of Americans is at stake. The American people deserve an open debate about legislation that would dramatically expand the amount of information about them that companies can share with agencies throughout the federal government.
“Senate Republican leaders are trying to make a bad defense bill worse by adding a flawed cybersecurity bill,” Wyden said.
“If Senator McConnell insists on attaching the flawed CISA bill to unrelated legislation, I will be fighting to ensure the Senate has a full debate and a chance to offer amendments to add vital protections for American privacy and address the threats to our cybersecurity.
Cybersecurity threats demand thoughtful solutions, not half-baked efforts that don’t address the real problems. CISA would create a way for the government to obtain Americans’ information without a warrant, and without adequate protections to protect their privacy. Most security experts agree that encouraging private companies to share more information with the government would have done little if anything to prevent recent data breaches.
As I noted here, I’m working on a post that puts last week’s report on NSA’s use of upstream Section 702 collection in context.
But first, there’s one more detail that deserves its own post.
By March 23, 2012, NSA had drafted a certificate exclusively for cyber, with the intent of getting the FISC to approve it that year (which probably would have been in October). Yet “the current Certifications already allow[ed] for the tasking of  cyber signatures such as IP addresses, strings of computer code, and similar non-email or phone number-based selectors.”
And whether or not NSA was already collecting cyber signatures in March 2012, by May, DOJ approved their collection on the Foreign Government certificate.
On May 4, 2012, DOJ sent the Intelligence Committee Chairs a white paper on Section 702 to be shared with the rest of Congress. Here’s the passage that describes how NSA uses upstream collection:
Given that the only redaction here addresses terrorists and the unredacted remainder describes only the collection of email and phone identifiers, it seems virtually certain that the passage — and therefore the white paper — made no mention of the cyber signature collection the NSA and DOJ were actively preparing to collect, and would collect before the reauthorization of FAA that December.
It’s certainly possible DOJ gave Congress notice that the use of Section 702 had changed significantly by the time Congress voted in December, but there’s no public record of it. In the interim period, the Senate defeated a cybersecurity bill that would even have restricted NSA from obtaining domestically collected cyber data, reflecting real skepticism about spying for cybersecurity purposes in the US.
If, as the record strongly suggests, the government expanded NSA upstream 702 to include cyber signatures without telling Congress before they reauthorized the underlying authority, it would not be the first time: DOJ did not tell even the House Judiciary Committee — much less Congress as a whole — that it was using Section 215 to collect location data until after both the 2010 and 2011 Patriot Act reauthorizations.
Whatever the merit to using 702 upstream collection to hunt hackers — even ignoring the real privacy problems with it — the public record raises real questions about whether the practice was authorized and would have been authorized by Congress. Given that such collection involves an expansion of the intentional collection of domestic data, the apparent absence of Congressional sanction raises real problems about the practice (though, as I’ve suggested, Congress just retroactively authorized the use of whatever illegally-collected 702 data NSA can get FISC to approve the use of).
The NSA’s defenders like to claim Congress always gets notice. But the record shows that, over and over, NSA only asks for for forgiveness after the fact rather than asking for permission before the collection.
I’ve been puzzling over the list of “key SSO cyber milestone dates” released with the upstream 702 story the other day.
For the most part, it lists technical and legal milestones leading to expanded collection targeting cyber targets (which makes sense, given that’s what Special Source Operations does — collect data off switches). There’s the one redacted bullet (which, if it referred to an attack thwarted, might refer to this thwarted attack on a US defense contractor in December 2012).
But what is the August 2012 DDOS attack on Saudi Aramco doing on the list? And, for that matter, why is it referred to as a DDOS attack?
The attack was publicly described as a two-step hack targeted against both Aramco and Qatar’s gas industry which copy-catted an attack associated with the Flame attack on Iran. It is generally now described as Iranian retaliation for StuxNet. Though at the time, potential attribution ranged from hacktivists, a single hacker, or Aramco insiders. The Sony hack used tools related to the Shamoon attack.
Not long after the Aramco hack, the NSA expanded their Third Party SIGINT relationship to include the Saudi Interior Ministry (then led by close US ally Mohammed bin Nayef). The next month the Saudis (again, with MbN in the leader) prematurely renewed their Technical Cooperation Agreement with the US, adding a new cybersecurity component.
So regardless of how serious an attack it was (on that, too, accounts varied) it did have a significant effect on our role in cybersecurity in the Middle East, potentially with implications for SSO.
But unless SSO thwarted the attack — or at least alerted the Saudis in time to pull their computers offline — why would that be a significant milestone for SSO?
Reuters reports that, contrary to initial reports, the Office of Personnel Management hack revealed earlier this week did compromise the security clearance and background check information in the data, meaning the hack will be far more valuable as intelligence to set up phishing and other further spying efforts. The hack is believed to have been perpetrated by Chinese hackers, though it is unclear thus far whether or not they are part of the government.
Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.
A total of 2.1 million current U.S. government workers were affected, according to a source familiar with the FBI-led investigation into the incident.
Accusations by U.S. government sources of a Chinese role in the cyber attack, including possible state sponsorship, could further strain ties between Washington and Beijing. Tensions are already heightened over Chinese assertiveness in pursuit of territorial claims in the South China Sea.
The same report notes that the hack may be linked to the hack of similar scope of Anthem earlier this year.
This is, as a lot of the current and former government employees I follow on Twitter are realizing this morning, a devastating hack, one which will have repercussions both in the private lives of those whose data has been hacked as well as generally for America’s national security, because the data in the OPM servers offers a road map for further espionage targeting.
It is also something the US does all the time — and not just against official government employees of adversary nations, but also against civilian or quasi civilian telecom targets, as well as employees of corporations of interest.
This WaPo piece quotes a number of cybersecurity people suggesting several recent major hacks are being used to pull together large data repositories — similar to in purpose but at this point just a mere shadow of what we do using bulk collection and XKeyscore. But it tries to suggest the Chinese collection of bulk data is worse because, “in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.”
The US Intelligence Community let us have a debate over a mere fraction of the bulk data being collected by the NSA — that collected domestically to target Americans. But for the stuff targeting foreigners on a far greater scale, President Obama proclaimed we would continue collecting in bulk but limit its use to all the major purposes we were already using it for before we ever got around to debating the Section 215 dragnet.
(1) espionage and other threats and activities directed by foreign powers or their intelligence services against the United States and its interests;
(2) threats to the United States and its interests from terrorism;
(3) threats to the United States and its interests from the development, possession, proliferation, or use of weapons of mass destruction;
(4) cybersecurity threats;
(5) threats to U.S. or allied Armed Forces or other U.S or allied personnel;
(6) transnational criminal threats, including illicit finance and sanctions evasion related to the other purposes named in this section.
That scope goes well beyond the scope of those affected in this OPM hack.
Once the government does whatever it can to protect the millions compromised by this hack, I hope it will provide an opportunity to do two things: focus on actual cyber-defense, rather than an offensive approach that itself entails and therefore legitimates precisely this kind of bulk collection, and reflect on whether the world we’ve built, in which millions of innocent people get swept up in spying because it’s easy to do so, is really one we want to pursue. Ideally, such reflection might lead to some norm-setting that sharply limits the kinds of targets who can be bulk collected (though OPM would solidly fit in any imaginable such limits).
China has, unsurprisingly, now adopted our approach, even if it would take a decade for it to catch up in ability to bulk collect from most nodes. And that’s going to suck for a lot of government and private sector employees who will be made targets as a result.
But that’s the world and the rules we chose to create.
Update: See this NYT piece for just how shoddy the security on OPM’s servers was. We’ve been arguing for years about ways to better respond to criminal hackers and neglecting really really basic steps needed to prevent our adversaries from adopting the same approach we use.
Back in October 2013, Jim Sensenbrenner and Patrick Leahy released the original, far better, version of the USA Freedom Act. As I noted in November 2013, it included a provision that would limit upstream collection to international terrorism and international proliferation of WMD uses.
It basically adds a paragraph to section d of Section 702 that limits upstream collection to two uses: international terrorism or WMD proliferation.
(C) limit the acquisition of the contents of any communication to those communications—
(i) to which any party is a target of the acquisition; or
(ii) that contain an account identifier of a target of an acquisition, only if such communications are acquired to protect against international terrorism or the international proliferation of weapons of mass destruction.;
And adds a definition for “account identifier” limiting it to identifiers of people.
(1) ACCOUNT IDENTIFIER.—The term ‘account identifier’ means a telephone or instrument number, other subscriber number, email address, or username used to uniquely identify an account.
At the time, I noted that this would give the NSA 6 months to shut down the use of upstream collection to collect cyber signatures.
Jonathan Mayer’s comments on the NYT/PP story today reveals why that would be important to do (this is a point I’ve been making for years): because if you’re collecting signatures of cyber attacks, you’re collecting victim data, as well, a problem that would only get worse under the cyberinformation sharing bills before Congress.
This understanding of the NSA’s domestic cybersecurity authority leads to, in my view, a more persuasive set of privacy objections. Information sharing legislation would create a concerning surveillance dividend for the agency.
Because this flow of information is indirect, it prevents businesses from acting as privacy gatekeepers. Even if firms carefully screen personal information out of their threat reports, the NSA can nevertheless intercept that information on the Internet backbone.
Furthermore, this flow of information greatly magnifies the scale of privacy impact associated with information sharing. Here’s an entirely realistic scenario: imagine that a business detects a handful of bots on its network. The business reports a signature to DHS, who hands it off to the NSA. The NSA, in turn, scans backbone traffic using that signature; it collects exfiltrated data from tens of thousands of bots. The agency can then use and share that data.12 What began as a tiny report is magnified to Internet scale.
But, instead of giving NSA 6 months to close this loophole, we instead passed USA F-ReDux, which does nothing to rein domestic spying in the name of cybersecurity.
Leahy released a remarkable statement in response to today’s story that doesn’t reveal whether he knew of this practice (someone knew to forbid it in their original bill!), but insisting he’ll fight for more limits on surveillance and transparency.
Today’s report that the NSA has expanded its warrantless surveillance of Internet traffic underscores the critical importance of placing reasonable and commonsense limits on government surveillance in order to protect the privacy of Americans. Congress took an important step in this direction this week by passing the USA FREEDOM Act, but I have always believed and said that more reforms are needed. Congress should have an open, transparent and honest debate about how to protect both our national security and our privacy. As Congress continues to work on surveillance and cybersecurity legislation, I will continue to fight for more reforms, more transparency, and more accountability – particularly on issues related to the privacy of Americans’ personal communications.
Remember: on Tuesday, Richard Burr vehemently denied we had secret law. And while this application of FISA wasn’t entirely secret — I figured it out pretty quickly, but a great great many people doubted me, as per usual — even Leahy is faced with a situation where he can’t admit he knew about a practice he already tried to shut down once.
As the Daily Dot reported, Senators Wyden, Heinrich, and Hirono wrote John Brennan a letter trying to get him to admit that he lied about hacking the Senate Intelligence Committee.
But, as often happens with Wyden-authored letters, they also included this oblique paragraph at the end:
Additionally, we are attaching a separate classified letter regarding inaccurate public statements that you made on another topic in March 2015. We ask that you correct the public record regarding these statements immediately.
A game!!! Find the lies Brennan told in March!!!
The most likely place to look for Brennan lies comes in this appearance at the Council on Foreign Relations, where Brennan took questions from the audience.
While you might think Brennan lied about outsourcing torture to our allies, his answer on CIA involvement with interrogations conducted by our partners was largely truthful, even if he left out the part of detainees being tortured in custody.
But on a related issue, Brennan surely lied. He claimed — in response to a questions from an HRW staffer — not to partner with those who commit atrocities.
QUESTION: I’m going to try to stand up. Sarah Leah Whitson, Human Rights Watch. Two days ago, ABC News ran some video and images of psychopathic murderers, thugs in the Iraqi security forces, carrying out beheadings, executions of children, executions of civilians. Human Rights Watch has documented Iraqi militias carrying out ISIS-like atrocities, executions of hundreds of captives and so forth.
And some of the allies in the anti-ISIS coalition are themselves carrying out ISIS-like atrocities, like beheadings in Saudi Arabia, violent attacks on journalists in Saudi Arabia—how do you think Iraqi Sunni civilians should distinguish between the good guys and the bad guys in this circumstance?
BRENNAN: It’s tough sorting out good guys and bad guys in a lot of these areas, it is. And human rights abuses, whether they take place on the part of ISIL or of militias or individuals who are working as part of formal security services, needs to be exposed, needs to be stopped.
And in an area like Iraq and Syria, there has been some horrific, horrific human rights abuses. And this is something that I think we need to be able to address. And when we see it, we do bring it to the attention of authorities. And when we see it, we do bring it to the attention of authorities. And we will not work with entities that are engaged in such activities.
As I noted at the time, Brennan totally dodged the question about Saudi atrocities. But it is also the case that many of the “moderates” we’ve partnered with in both Syria and Iraq have themselves engaged in atrocities.
So I suspect his claim that “we will not work with entities that are engaged in such activities” is one of the statements Wyden et al were pointing to.
A potentially related alternative candidate (the letter did say Brennan had made false statements, plural) is this exchange. When Brennan claimed, at the time, he has no ties to Qasim Soleimani, I assumed he was lying, not just because we’re actually fighting a way in IRGC’s vicinity but also because Brennan seemed to exhibit some of the “tells” he does when he lies.
QUESTION: James Sitrick, Baker & McKenzie. You spent a considerable amount of your opening remarks talking about the importance of liaison relationships. Charlie alluded to this in one of his references to you, on the adage—the old adage has it that the enemy of your enemy is your friend. Are we in any way quietly, diplomatically, indirectly, liaisoning with Mr. Soleimani and his group and his people in Iraq?
BRENNAN: I am not engaging with Mr. Qasem Soleimani, who is the head of the Quds Force of Iran. So no, I am not.
I am engaged, though, with a lot of different partners, some of close, allied countries as well as some that would be considered adversaries, engaged with the Russians on issues related to terrorism.
We did a great job working with the Russians on Sochi. They were very supportive on Boston Marathon. We’re also looking at the threat that ISIL poses both to the United States as well as to Russia.
So I try to take advantage of all the different partners that are out there, because there is a strong alignment on some issues—on proliferation as well as on terrorism and others as well.
I happen to think it an exaggeration that the Russians “were very supportive on Boston Marathon,” but maybe that’s because FSB was rolling up CIA spies who were investigating potentially related groups in Russia.
Finally, while less likely, I think this might be a candidate.
QUESTION: Thank you. Paula DiPerna, NTR Foundation. This is probably an unpopular suggestion, but is it feasible or how feasible would it be to do a little selective Internet disruption in the areas concerned, a la a blockade, digital blockade, and then an international fund to indemnify business loss?
BRENNAN: OK. First of all, as we all know, the worldwide web, the Internet, is a very large enterprise. And trying to stop things from coming out, there are political issues, there are legal issues here in the United States as far as freedom of speech is concerned. But even given that consideration, doing it technically and preventing some things from surfacing is really quite challenging.
And we see that a number of these organizations have been able to immediately post what they’re doing in Twitter. And the ability to stop some things from getting out is really quite challenging.
As far as, you know, indemnification of various companies on some of these issues, there has been unfortunately a very, very long, multi-year effort on the part of the Congress to try to pass some cybersecurity legislation that addressed some of these issues. There has been passage in the Senate.
I think it’s overdue. We need to update our legal structures as well as our policy structures to deal with the cyber threats we face.
Remember, Ron Wyden has been pointing to an OLC opinion on Common Commercial Services (which, however, CIA’s now General Counsel Carolyn Krass said publicly she wouldn’t rely on) for years. I suspect indemnity is one of the things it might cover.
Plus, I do think it likely that we’ve disrupted the Internet in various circumstances.
Who knows? Maybe Brennan just told a lot of lies.
It wouldn’t be the first time.
Update: NatSec sources are already dismissing this Sy Hersh piece on the real story behind the bin Laden killing. But if there’s truth to this detail, then it would suggest I was overly optimistic when I suggested Brennan was truthful about outsourcing our interrogation to allies.
The retired official told me that the CIA leadership had become experts in derailing serious threats from Congress: ‘They create something that is horrible but not that bad. Give them something that sounds terrible. “Oh my God, we were shoving food up a prisoner’s ass!” Meanwhile, they’re not telling the committee about murders, other war crimes, and secret prisons like we still have in Diego Garcia. The goal also was to stall it as long as possible, which they did.’
If we do still have a secret prison in Diego Garcia, then the claim that we outsource everything to allies would be the key lie here.
Update: As I show in this post, the transcription of Burr’s speech in the Congressional record removed the reference to IP addresses.
Update: While Burr’s office did not respond to my request for comment, they did respond to Buzzfeed (which sadly didn’t ask the obvious follow-up questions). His office claims he misspoke, though apparently didn’t explain why he would confuse Section 215 and PRTT, why he would tie the Internet dragnet to phone calls, or why, if the current dragnet doesn’t collect Internet data but USA F-ReDux would, why that would not then be a welcome return for the Senator given his stated desire to track such collection. I have asked for comment again from Burr’s office on those questions.
Since last summer, I have been emphasizing that the bulk of Section 215 orders collect Internet data, not phone records under the phone dragnet. I pointed to evidence that that production included data flows and noted FBI claims they use it to conduct hacking investigations. But I have assumed that was primarily bulky collection, not bulk collection.
Now what’s bulk data? Bulk data is storing telephone numbers and IP addresses — we have no idea who they belong to — that are domestic. And the whole basis behind this program is that as a cell phone is picked up in Syria, and you look at the phone numbers that phone talked to, if there’s some in the United States we’d like to know that — at least law enforcement would like to know it — so that we can understand if there’s a threat against us here in the homeland [sic] or somewhere else in the world. So Section 215 allows the NSA to collect in bulk telephone numbers and IP addresses with no identifier on it. We couldn’t tell you who that American might be.
I thought when you leaked details like this it helped our enemies? I thought if you did such things you were a traitor, deserving of an orange jumpsuit at Gitmo?
So it appears it’s the IP dragnet, and not the phone dragnet, that the Republicans are trying to save?
It’s a little late for that, though, given that the Second Circuit just ruled such dragnets illegal.
The leak of emails and intellectual property, including then-unreleased film The Interview, was labeled “a serious national security matter” by the White House. In January this year, President Obama issued an executive order increasing sanctions against North Korea, the purported origin of the hack on SPE’s network and computers.
Sony Pictures Entertainment (SPE) is a wholly-owned subsidiary of Sony Corporation, a Japanese multinational conglomerate. In offering retaliation on behalf of SPE, the White House placed SPE on par with critical U.S. infrastructure, though no one will be physically injured or die should SPE be hacked again, and the market won’t collapse if SPE loses money on all its movies this year.
If SPE, a foreign-owned, information security-challenged entertainment firm, is now entitled to military protection against cyberattack, what is it the White House and the U.S. will receive or has received in exchange?
What’s the exchange in this quid pro quo?
In 2013, STARZ network ordered the 16-episode adaptation of bestselling historical fiction novel, Outlander by author Diana Gabaldon, from production companies Tall Ship Productions, Story Mining & Supply Co., and Left Bank Productions, in association with Sony Pictures Television.
While STARZ was the U.S. distributor, offering the series on its own cable network, SPE’s TV arm appears to have handled overseas distribution to broadcast, cable, and video streaming services.
Outlander’s cross-genre narrative is set mainly in 1740s Scotland; the story is sympathetic to a Scottish protagonist and his time-traveling English wife who are caught between the British and Jacobites in the ramp up to the 1746 Battle at Culloden. The Scottish people and countryside are treated favorably in the series’ production.
The program debuted on STARZ in the U.S. on August 9 last year — a little less than six weeks before Scotland’s independence referendum (“IndyRef”). Outlander began airing in Canada and Australia in August also, and in October in Ireland after the IndyRef vote.
Distribution deals in other countries including Germany, Hungary, Japan, and the Netherlands led to wider release overseas last year.
But Outlander never received a distribution deal in 2014 in the UK, in spite of its many Scottish and British fans’ clamor and the source book’s status as a renewed bestseller in advance of the show’s U.S. debut. To date the series has only released on Amazon Prime Instant Video in the UK, for paid video-on-demand streaming — not on broadcast or cable.
At least one email leaked by hackers revealed that SPE personnel had a meeting or meetings with Cameron’s government. In an internal email from Keith E. Weaver, executive vice president, SPE executives were told,
“Your meeting with Prime Minister Cameron on Monday will likely focus on our overall investment in the U.K. – with special emphasis on the jobs created by Tommy Cooper [the ITV show], the importance of Outlander (i.e., particularly vis-a-vis the political issues in the U.K. as Scotland contemplates detachment this Fall), and the growth of our channels business…”
The implication is that SPE would suppress any effort to distribute Outlander to the benefit of Cameron’s anti-independence position, in exchange for “growth of our channels business…”
What exactly does this mean?
And is the pursuit of growth confined to SPE, or did “channels business” mean something else? Were Sony executives also looking for opportunities for Sony Corporation, which includes Sony Computer Entertainment, Sony Music Entertainment, Sony Mobile Communications (once known as Sony Ericsson), and Sony Financial?
Did SPE executives and the Prime Minister agree not to seek broadcast or cable distribution Outlander in the UK before this month’s election? Continue reading
I’ve been reading Empire of Secrets, a book about the role of MI5 as the British spun off their empire. It describes how, in country after country, the government that took over from the British — even including people who had been surveilled and jailed by the British regime — retained the British intelligence apparatus and crafted a strong intelligence sharing relationship with their former colonizers. As an example, it describes how Indian Interior Minister, Sardr Patel, decided to keep the Intelligence Bureau rather than shut it down.
Like Nehru, Patel realised that the IB had probably compiled records on himself and most of the leaders of Congress. However, unlike Nehru, he did not allow this to colour his judgment about the crucial role that intelligence would play for the young Indian nation.
Patel not only allowed the continued existence of the IB, but amazingly, also sanctioned the continued surveillance of extremist elements within this own Congress Party. As Smith’s report of the meeting reveals, Patel was adamant that the IB should ‘discontinue the collection of intelligence on orthodox Congress and Muslim League activity’, but at the same time he authorised it to continue observing ‘extremist organisations’. Patel was particularly concerned about the Congress Socialist Party, many of whose members were communist sympathisers.
The reason Patel was so amenable to continued surveillance of some of his fellow Indian politicians (keeping tabs on his own supporters, as one IPI report put it) was his fear of communism.
And the same remarkable process, by which the colonized enthusiastically partnered with their former colonizers to spy on their own, happened in similar fashion in most of Britain’s former colonies.
That’s what I was thinking of on March 13, when John Brennan gave a speech to the Council on Foreign Relations. While it started by invoking an attack in Copenhagen and Charlie Hebdo, a huge chunk of the speech talked about the value of partnering with our intelligence allies.
Last month an extremist gunned down a film director at a cafe in Copenhagen, made his way across town and then shot and killed a security guard at a synagogue. Later the same day the terrorist group ISIL released a video showing the horrific execution of Coptic Christians on a beach in Libya.
The previous month, in a span of less than 24 hours, we saw a savage attack on the staff of the satirical newspaper Charlie Hebdo in France. We saw a car bomb kill dozens at a police academy in Yemen.
As CIA tackles these challenges, we benefit greatly from the network of relationships we maintain with intelligence services throughout the world. This is a critically important and lesser known aspect of our efforts. I cannot overstate the value of these relationships to CIA’s mission and to our national security. Indeed, to the collective security of America and its allies.
By sharing intelligence, analysis, and know-how with these partner services, we open windows on regions and issues that might otherwise be closed to us. And when necessary, we set in concert to mitigate a common threat.
By collaborating with our partners we are much better able to close key intelligence gaps on our toughest targets, as well as fulfill CIA’s mission to provide global coverage and prevent surprises for our nation’s leaders. There is no way we could be successful in carrying out our mission of such scope and complexity on our own.
Naturally these are sensitive relationships built on mutual trust and confidentiality. Unauthorized disclosures in recent years by individuals who betrayed our country have created difficulties with these partner services that we have had to overcome.
But it is a testament to the strength and effectiveness of these relationships that our partners remain eager to work with us. With the stakes so high for our people’s safety, these alliances are simply too crucial to be allowed to fail.
From the largest services with global reach to those of smaller nations focused on local and regional issues, CIA has developed a range of working and productive relationships with our counterparts overseas. No issue highlights the importance of our international partnerships more right now than the challenge of foreign fighters entering and leaving the conflict in Syria and Iraq.
We roughly estimate that at least 20,000 fighters from more than 90 countries have gone to fight, several thousand of them from Western nations, including the United States. One thing that dangers these fighters pose upon their return is a top priority for the United States intelligence community, as well as our liaison partners.
We exchange information with our counterparts around the world to identify and track down men and women believed to be violent extremists. And because we have the wherewithal to maintain ties with so many national services, we act as a central repository of data and trends to advance the overall effort.
On this and in innumerable other challenges, our cooperation with foreign liaison quietly achieves significant results. Working together, we have disrupted terrorist attacks and rolled back groups that plot them, intercepted transfers of dangerous weapons and technology, brought international criminals to justice and shared vital intelligence and expertise on everything from the use of chemical armaments in Syria to the downing of the Malaysian airliner over Ukraine.
These relationships are an essential adjunct to diplomacy. And by working with some of these services in building their capabilities we have helped them become better prepared to tackled the challenges that threaten us all.
With CIA’s support, I have seen counterparts develop into sophisticated and effective partners. Over time our engagement with partner services fosters a deeper, more candid give and take, a more robust exchange of information and assessments, and a better understanding of the world that often ultimately encourages better alignment on policy.
Another advantage of building and maintaining strong bilateral and multilateral intelligence relationships is that they can remain, albeit not entirely, insulated from the ups and downs of diplomatic ties. These lengths can provide an important conduit for a dispassionate dialogue during periods of tension, and for conveying the U.S. perspective on contentious issues.
In recognition of the importance of our liaison relationships, I recently reestablished a senior position at the CIA dedicated to ensuring that we are managing relationships in an integrated fashion. To developing a strategic vision and corporate goals for our key partnerships and to helping me carryout my statutory responsibility to coordinate the intelligence communities’ foreign intelligence relationships. [my emphasis]
We are and still remain in the same position as MI5, Brennan seems to want to assure the CFR types, in spite of the embarrassment experienced by our intelligence partners due to leaks by Chelsea Manning and Edward Snowden. Information sharing remains the cement of much of our relationships with allies; our ability to let them suck off our dragnet keeps them in line.
And of particular note, Brennan described these “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”
The spooks keep working together regardless of what the political appointees do, Brennan suggested.
But that speech is all the more notable given the revelations in this Der Spiegel story. It describes how, because of the Snowden leaks, the Germans slowly started responding to something they had originally discovered in 2008. The US had been having BND spy on selectors well outside the Memorandum of Understanding governing the countries’ intelligence sharing, even including economic targets. At first, BND thought this was just 2,000 targets, but as the investigation grew more pointed, 40,000 suspicious selectors were found. Only on March 12 — the day before Brennan gave this remarkable speech — did Merkel’s office officially find out.
But in October 2013, not even the BND leadership was apparently informed of the violations that had been made. The Chancellery, which is charged with monitoring the BND, was also left in the dark. Instead, the agents turned to the Americans and asked them to cease and desist.
In spring 2014, the NSA investigative committee in German parliament, the Bundestag, began its work. When reports emerged that EADS and Eurocopter had been surveillance targets, the Left Party and the Greens filed an official request to obtain evidence of the violations.
At the BND, the project group charged with supporting the parliamentary investigative committee once again looked at the NSA selectors. In the end, they discovered fully 40,000 suspicious search parameters, including espionage targets in Western European governments and numerous companies. It was this number that SPIEGEL ONLINE reported on Thursday. The BND project group was also able to confirm suspicions that the NSA had systematically violated German interests. They concluded that the Americans could have perpetrated economic espionage directly under the Germans’ noses.
Only on March 12 of this year did the information end up in the Chancellery.
This has led to parliamentary accusations that BND lied in earlier testimony. The lies are notable, given how they echo the same kind of sentiment John Brennan expressed in his speech.
According to a classified memo, the agency told parliamentarians in 2013 that the cooperation with the US in Bad Aibling was consistent with the law and with the strict guidelines that had been established.
The memo notes: “The value for the BND (lies) in know-how benefits and in a closer partnership with the NSA relative to other partners.” The data provided by the US, the memo continued, “is checked for its conformance with the agreed guidelines before it is inputted” into the BND system.
Now, we know better. It remains to be determined whether the BND really was unaware at the time, or whether it simply did not want to be aware.
The NSA investigative committee has also questioned former and active BND agents regarding “selectors” and “search criteria” on several occasions. Prior to the beginning of each session, the agents were informed that providing false testimony to the body was unlawful. The BND agents repeatedly insisted that the selectors provided by the US were precisely checked.
As almost a snide aside, Der Spiegel notes that in spite of these lies, the public prosecutor has not yet been informed of these lies.
That is, the spooks have been lying — at least purportedly including up to and including Merkel’s office. But the government seems to be uninterested in pursuing those lies.
As Brennan said as this was just breaking out, the spooks retain their “strong bilateral and multilateral intelligence relationships …remain[ing], albeit not entirely, insulated from the ups and downs of diplomatic ties.”
And as with Brennan — who, as Gregory Johnsen chronicles in this long profile of the CIA Director published yesterday — the spooks always evade accountability.