Tag Archives: Stuxnet

What if China Not Just Hacked — But Sabotaged — the F-35?

By:  Sunday February 24, 2013 6:02 pm

Screen shot 2013-02-24 at 10.24.35 AM

Over the last week, two perennial stories have again dominated the news. China continues to be able to hack us — including top DC power players — at will. And the F-35 has suffered another setback, this time a crack in an engine turbine blade (something which reportedly happened once before, in 2007).

The coincidence of these two events has got me thinking (and mind you, I’m just wondering out loud here): what if China did more than just steal data on the F-35 when it hacked various contractors, and instead sabotaged the program, inserting engineering flaws into the plane in the same way we inserted flaws in Iran’s centrifuge development via StuxNet?

We know China has hacked the F-35 program persistently. In 2008, an IG report revealed that BAE and some of the other then 1,200 (now 1,300) contractors involved weren’t meeting security requirements; last year an anonymous BAE guy admitted that the Chinese had been camped on their networks stealing data for 18 months. In April 2009, WSJ provided a more detailed report on breaches going back to 2007.

The Joint Strike Fighter, also known as the F-35 Lightning II, is the costliest and most technically challenging weapons program the Pentagon has ever attempted. The plane, led by Lockheed Martin Corp., relies on 7.5 million lines of computer code, which the Government Accountability Office said is more than triple the amount used in the current top Air Force fighter.

Six current and former officials familiar with the matter confirmed that the fighter program had been repeatedly broken into.

Continue reading


The 2011 DIOG Permits Using NSLs to Get Journalist Contacts

By:  Saturday January 26, 2013 11:43 pm

In what may be one of those stories telegraphing investigative details between people being investigated, the WaPo updates the StuxNet investigation.

Prosecutors are pursuing “everybody — at pretty high levels, too,” said one person familiar with the investigation. “There are many people who’ve been contacted from different agencies.”

The FBI and prosecutors have interviewed several current and former senior government officials in connection with the disclosures, sometimes confronting them with evidence of contact with journalists, according to people familiar with the probe.

Here’s the detail everyone is focusing on (and I’ve seen similar claims on reporting of other leak investigations).

Investigators, they said, have conducted extensive analysis of the e-mail accounts and phone records of current and former government officials in a search for links to journalists.

[snip]

Former prosecutors said these investigations typically begin by compiling a list of people with access to the classified information. When government officials attend classified briefings or examine classified documents in secure facilities, they must sign a log, and these records can provide an initial road map for investigators.

Former prosecutors said investigators run sophisticated software to identify names, key words and phrases embedded in e-mails and other communications, including text messages, which could lead them to suspects.

The FBI also looks at officials’ phone records — who called whom, when, for how long. Once they have evidence of contact between officials and a particular journalist, investigators can seek a warrant to examine private e-mail accounts and phone records, including text messages, former prosecutors said.

Prosecutors and the FBI can examine government e-mail accounts and government-issued devices, including cellphones, without a warrant. They can also look at private e-mail accounts without a warrant if those accounts were accessed on government computers. [my emphasis]

This description may well be how the government is conducting the StuxNet (and the UndieBomb 2.0 investigation, which the article also describes).

But if WaPo is relying solely on former prosecutors, this description may be totally outdated.

After all–as I’ve reported repeatedly in the past–the 2011 update of FBI’s Domestic Investigations and Operations Guide permits using National Security Letters to get journalists’ contacts in National Security investigations (as all of these would be).

A heavily-redacted section (PDF 166) suggests that in investigations with a national security nexus (so international terrorism or espionage, as many leak cases have been treated) DOJ need not comply with existing restrictions requiring Attorney General approval before getting the phone records of a journalist. The reason? Because NSLs aren’t subpoenas, and that restriction only applies to subpoenas.

Department of Justice policy with regard to the issuances of subpoenas for telephone toll records of members of the news media is found at 28 C.F.R. § 50.10. The regulation concerns only grand jury subpoenas, not National Security Letters (NSLs) or administrative subpoenas. (The regulation requires Attorney General approval prior to the issuance of a grand jury subpoena for telephone toll records of a member of the news media, and when such a subpoena is issued, notice must be given to the news media either before or soon after such records are obtained.) The following approval requirements and specific procedures apply for the issuance of an NSL for telephone toll records of members of the news media or news organizations. [my emphasis]

So DOJ can use NSLs–with no court oversight–to get journalists’ call (and email) records rather than actually getting a subpoena.

The section includes four different approval requirement scenarios for issuing such NSLs, almost all of which are redacted. Though one only partly redacted passage makes it clear there are some circumstances where the approval process is the same as for anyone else DOJ wants to get an NSL on:

If the NSL is seeking telephone toll records of an individual who is a member of the news media or news organization [2 lines redacted] there are no additional approval requirements other than those set out in DIOG Section 18.6.6.1.3 [half line redacted]

And the section on NSL use (see PDF 100) makes it clear that a long list of people can approve such NSLs:

  • Deputy Director
  • Executive Assistant Director
  • Associate EAD for the National Security Branch
  • Assistant Directors and all DADs for CT/CD/Cyber
  • General Counsel
  • Deputy General Counsel for the National Security Law Branch
  • Assistant Directors in Charge in NY, Washington Field Office, and LA
  • All Special Agents in Charge

In other words, while DOJ does seem to offer members of the news media–which is itself a somewhat limited group–some protection from subpoena, it also seems to include loopholes for precisely the kinds of cases, like leaks, where source protection is so important.

In other words, this story about starting with the sign-in logs of people who’ve been briefed on a particular topic, then gather call records of those officials?

That may be what happened.

Or it may work the other way, with the government identifying a story it doesn’t like and then using call records to trace back from there to the potential sources of the story.

This curious phrasing would support the latter scenario.

[DC US Attorney Ronald] Machen is examining a leak to the Associated Press that a double agent inside al-Qaeda’s affiliate in Yemen allowed the United States and Saudi Arabia to disrupt the plot to bomb an airliner using explosives and a detonation system that could evade airport security checks.

The AP, after all, didn’t report that UndieBomb 2.0 was actually a sting set up by a Saudi-run infiltrator (and their reporting, at least, suggested they didn’t know UndieBomber 2.0 was an informant). John Brennan and Richard Clarke told that story. And yet WaPo describes the investigation as focusing on the AP part of the story, not the more damning part about an infiltrator.

If and when John Brennan goes unpunished for revealing the most damning part of this story, it’ll become increasingly clear: not only is the government starting with the journalists’ phone and email contacts, but it is doing so with journalists it might otherwise want to silence.


Cyber-9/11 Warning!! … Screams Man Making Huge Profit Off Such Screams

By:  Monday December 3, 2012 12:04 pm

The FT reports (and CNET repeats almost in its entirety) that former Director of National Intelligence Mike McConnell says we have had our 9/11 warning and we risk the cyber equivalent of a World Trade Center attack unless “urgent action” is taken.

A former US intelligence chief says the west has had its “9/11 warning” on cybersecurity and warns that unless urgent action is taken, the US faces “the cyber equivalent of the World Trade Center attack”.

According to John “Mike” McConnell, such an attack would bring the country’s banking system, power grid and other essential infrastructure to their knees.

Mind you, McConnell doesn’t appear to be talking about a real warning–the kind of intelligence that set George Tenet’s hair on fire in 2001. Rather, he says the recent attacks on Saudi Aramco and some banks’ internet interfaces constitutes that warning.

Sustained cyber attacks targeting the websites of a dozen major US banks including Wells Fargo, JPMorgan Chase and Bank of America, coupled with an earlier attack on Saudi Aramco, which erased data on two-thirds of the Saudi oil company’s corporate PCs, were examples of the growing threat.

McConnell apparently would have us believe that some crude DNS attacks on banks and an infiltrator’s attack on Saudi oil business (not production) computers is a hair on fire warning.

Leon Panetta made similarly unconvincing claims back in October.

Nevertheless, the FT presented McConnell’s warning without providing readers a few important details. First, here’s how they describe the background that qualifies McConnell to issue such warnings.

Mr McConnell, who served as director of the National Security Agency under President Bill Clinton and then as director of national intelligence under President George W. Bush and President Barack Obama, believes those corporate attacks should be treated as a further “wake-up call” to politicians and business leaders in the west.

Here’s the very important detail they left out.

Mike McConnell is Vice Chairman of Booz Allen Hamilton, where his primary roles include serving on the firm’s Leadership Team and leading Booz Allen’s rapidly expanding cyber business.

It is McConnell’s job to make the cyber threat seem as dangerous as possible so his employer can get rich by charging the government an arm and a leg to take “urgent action.” While I’m not sure where the emails are available anymore, one of the amusing features of the HB Gary emails liberated by Anonymous is Mike McConnelll licking his chops as he identified new purported threats to build business around.

More amusing still is this:

Mr McConnell said such an attack could see a country like Iran work with Russian criminals or Chinese hackers to target banks, the power grid and the computers that control routing and ticketing for planes and trains.

[snip]

Mr McConnell said he doubted whether Iran or a terrorist group could undertake such a devastating assault at the moment but added that it is only a matter of time before the sophisticated tools needed fall into the wrong hands.

The government (and, apparently McConnell himself) believes Iran launched the attacks on Aramco and the banks. But as McConnell suggests, Iran couldn’t carry out a real 9/11 cyber-attack by itself: it’d have to have the help of Russian criminals or Chinese hackers to pull off a really serious attack.

Because, you see, cyberattacks aren’t as easy as McConnell’s fear-mongering suggests.

But note the scenario he envisions: “the sophisticated tools” needed for a cyber attack would “fall into the wrong hands” and enable such an attack.

Mike McConnell was Director of National Intelligence from 2007 to 2009. During his tenure, the StuxNet project moved from intelligence-gathering to testing to implementation. It is inconceivable the DNI, the former head of NSA, and former executive of BAH would be out of the loop on that operation.

In other words, McConnell is almost certainly one of the people involved in the decision to unleash these sophisticated tools in the first place. And now he’s screaming about the dangers he unleashed for profit.

It’s a very neat system our Military Intelligence Industrial Complex has created.


Are Escaped Zoo Animals Autonomous?

By:  Wednesday November 28, 2012 11:15 am

Back when David Sanger revealed new details of how StuxNet broke free of Natanz, he used the metaphor of an escaped zoo animal actively unlocking its cage.

In the summer of 2010, shortly after a new variant of the worm had been sent into Natanz, it became clear that the worm, which was never supposed to leave the Natanz machines, had broken free, like a zoo animal that found the keys to the cage. It fell to Mr. Panetta and two other crucial players in Olympic Games — General Cartwright, the vice chairman of the Joint Chiefs of Staff, and Michael J. Morell, the deputy director of the C.I.A. — to break the news to Mr. Obama and Mr. Biden.

An error in the code, they said, had led it to spread to an engineer’s computer when it was hooked up to the centrifuges. When the engineer left Natanz and connected the computer to the Internet, the American- and Israeli-made bug failed to recognize that its environment had changed. It began replicating itself all around the world. [my emphasis]

This zoo animal found the keys to its cage, broke free, spread to an engineer’s computer, failed to recognize its new environment, and then began replicating itself all around the world.

That is, Sanger used the language of a cognizant being, acting as an agent to spread itself. That’s not inapt. After all, viruses do spread themselves (though they don’t actually go seek out keys to do so).

Which is why this detail, noted in Obama’s other pre-Thanksgiving document dump, is so stunning. (h/t Trevor Timm)

The Defense Department does not require developers of computer systems that launch cyber operations to implement the same safeguards required of traditional arms makers to prevent collateral damage.

[snip]

directive, released Nov. 21, mandated that automated and semi-autonomous weaponry — such as guided munitions that independently select targets — must have human machine interfaces and “be designed to allow commanders and operators to exercise appropriate levels of human judgment over the use of force.” The mandate called for “rigorous hardware and software verification and validation” to ensure that engagements could be terminated if not completed in a designated time frame. The goal is to minimize “unintended engagements,” the document states.

The Pentagon is permitting less human control over systems that deploy malware, exploits and mitigation tools, highlighting Defense’s focus on agile responses to computer threats. The document, signed by Deputy Secretary of Defense Ashton Carter, explicitly states that the directive “does not apply to autonomous or semi-autonomous cyberspace systems for cyberspace operations.”

We have already lost control of one our semi-autonomous cyberspace operations. The potential danger from its “escape” could be tremendous.

And yet DOD specifically exempts similar operations in the future? So we can commit the same error again?


Blowback: Stuxnet and the Ongoing Risk to Manufacturing Worldwide

By:  Saturday November 10, 2012 6:15 pm

Dear Chevron: Thanks for letting us know you’ve been infected with Stuxnet. It’s difficult to muster sympathy for your management or shareholders, because you were warned.This guy quite clearly warned your industry, as did other firms specializing in technology security.

Every single manufacturer around the world using supervisory control and data acquisition (SCADA) driven equipment in their processes was warned. Businesses at particular risk are those relying on certain ubiquitous applications in a networked environment.

Perhaps you heeded the warning months ago but didn’t disclose widely that your business was working on eliminating the exposures. If your business has been hardening your systems, great. However, the public does have a right to know know if your plant located in their backyard might blow up or release toxic chemicals because your firm was exposed to cyber warfare elements our country sponsored in some fashion.

This goes for any other firms out there that are dealing with the same exposure. Perhaps you believe it’s a business intelligence risk to let your competitors know you’ve got a problem– frankly, we’re way past that. The potential risks to the public outweigh your short-term profitability, and if your plant blows up/dumps chemicals/produces unsafe or faulty products because of Stuxnet, our public problem becomes your public relations/long-term shareholder value problem anyhow.

By the way: perhaps it might be worthwhile to actively recruit American citizens who qualify for security clearance when hiring SCADA application analysts to fix your Stuxnet problems. Why compound your problem for lack of foresight with regard to national security risks? We can see you’re hiring. Ahem. Continue reading


Breaking: Panetta Equating Crude Iranian Cyberattacks with Pearl Harbor, Iran Infiltrated Aramco

By:  Sunday October 14, 2012 8:51 am

Today, the NYT–serving its role as spokesperson for the Cold War against Iran–confirms what blabby Joe Lieberman told CSPAN last month: the government suspects Iran was behind a series of crude cyberattacks on US banks.

Or to put it differently, Leon Panetta wants us to be more afraid of crude DNS attacks on US online banking sites than he wants us to be of the orders of magnitude greater damage the banks cause all by themselves. Because … Iran!

More interesting is the widely reported speculation we think Iran was behind the more serious attack on Aramco.

The attack under closest scrutiny hit Saudi Aramco, the world’s largest oil company, in August. Saudi Arabia is Iran’s main rival in the region and is among the Arab states that have argued privately for the toughest actions against Iran. Aramco, the Saudi state oil company, has been bolstering supplies to customers who can no longer obtain oil from Iran because of Western sanctions.

The virus that hit Aramco is called Shamoon and spread through computers linked over a network to erase files on about 30,000 computers by overwriting them. Mr. Panetta, while not directly attributing the strike to Iran in his speech, called it “probably the most destructive attack that the private sector has seen to date.”

Until the attack on Aramco, most of the cybersabotage coming out of Iran appeared to be what the industry calls “denial of service” attacks, relatively crude efforts to send a nearly endless stream of computer-generated requests aimed at overwhelming networks. But as one consultant to the United States government on the attacks put it several days ago: “What the Iranians want to do now is make it clear they can disrupt our economy, just as we are disrupting theirs. And they are quite serious about it.”

That’s interesting not because the attack did real damage–it didn’t, because it hit the business, not the production, computers.

Saudi Aramco has said that only office PCs running Microsoft Windows were damaged. Its oil exploration, production, export, sales and database systems all remained intact as they ran on isolated and heavily protected systems.

“All our core operations continued smoothly,” CEO Khalid Al-Falih told Saudi government and business officials at a security workshop on Wednesday.

“Not a single drop of oil was lost. No critical service or business transaction was directly impacted by the virus.”

It’s interesting because the malware was introduced into the Aramco network by an insider.

One or more insiders with high-level access are suspected of assisting the hackers who damaged some 30,000 computers at Saudi Arabia’s national oil company last month, sources familiar with the company’s investigation say.

[snip]

The hackers’ apparent access to a mole, willing to take personal risk to help, is an extraordinary development in a country where open dissent is banned.

“It was someone who had inside knowledge and inside privileges within the company,” said a source familiar with the ongoing forensic examination.

Once you translate the NYT’s spin, here’s what we’re left with:

  • We’re supposed to treat cyberattacks by Iran as an existential threat, even though they expose Iran’s relative impotence in the cyber sphere.
  • We’re supposed to get panicked about computers here at home because Iran succeeded in human espionage with Aramco.

And while Panetta cries wolf over and over, the banksters and the oil companies continue to real damage he ignores.


Latest StuxNet Incarnation Resembles Alleged Project of Murdered GCHQ Officer

By:  Saturday August 11, 2012 4:59 pm

Kaspersky Labs has found a new incarnation of StuxNet malware, which they’ve called Gauss. As Wired summarizes, the malware is focused geographically on Lebanon and has targeted banks.

A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers.

The malware, which steals system information but also has a mysterious payload that could be destructive against critical infrastructure, has been found infecting at least 2,500 machines, most of them in Lebanon, according to Russia-based security firm Kaspersky Lab, which discovered the malware in June and published an extensive analysis of it on Thursday.

The spyware, dubbed Gauss after a name found in one of its main files, also has a module that targets bank accounts in order to capture login credentials. The malware targets accounts at several banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets customers of Citibank and PayPal.

I find that interesting for a number of reasons. First, every time banks have squawked about our government’s access of SWIFT to track terrorist financing, the spooks have said if they don’t use SWIFT they’ll access the information via other means; it appears this malware may be just that. And the focus on Lebanon fits, too, given the increasing US claims about Hezbollah money laundering in the time since Gauss was launched. I’m even struck by the coincidence of Gauss’ creation last summer around the same time that John Ashcroft was going through the Lebanese Canadian Bank to find any evidence of money laundering rather than–as happens with US and European banks–crafting a settlement. I would imagine how that kind of access to a bank would give you some hints about how to build malware.

But the other thing the malware made me think of, almost immediately, was the (I thought) bogus excuse some British spooks offered last summer to explain the murder of Gareth Williams, the GCHQ officer–who had worked closely with NSA–who was found dead in a gym bag in his flat in August 2010. Williams was murdered, the Daily Mail claimed, because he was working on a way to track the money laundering of the Russian mob.

The MI6 agent found dead in a holdall at his London flat was working on secret technology to target Russian criminal gangs who launder stolen money through Britain.

[snip]

But now security sources say Williams, who was on secondment to MI6 from the Government’s eavesdropping centre GCHQ, was working on equipment that tracked the flow of money from Russia to Europe.

The technology enabled MI6 agents to follow the money trails from bank accounts in Russia to criminal European gangs via  internet and wire transfers, said the source.

‘He was involved in a very sensitive project with the highest security clearance. He was not an agent doing surveillance, but was very much part of the team, working on the technology side, devising stuff like software,’ said the source.

He added: ‘A knock-on effect of this technology would be that a number of criminal groups in  Russia would be disrupted.

‘Some of these powerful criminal networks have links with, and employ, former KGB agents who can track down people like  Williams.’

Frankly, I always thought that explanation was bogus–I suggested that the Brits could just partner with the US to access such data via SWIFT. And whatever it means, I haven’t seen such an explanation since.

But I do find it rather interesting that one of the most prominent unsolved murders of a spook was blamed–at around the time the StuxNet people were working on Gauss–on a plan to track money laundering.


“Dear John Brennan: You’re Being Investigated”

By:  Thursday August 2, 2012 3:27 pm

A number of people have pointed to Scott Shane’s story on the leak witch hunt for the details it gives on the increasing concern about leak witch hunts among journalists and national security experts.

But this paragraph includes the most interesting news in the article.

The F.B.I. appears to be focused on recent media disclosures on American cyberattacks on Iran, a terrorist plot in Yemen that was foiled by a double agent and the so-called “kill list” of terrorist suspects approved for drone strikes, some of those interviewed have told colleagues. The reports, which set off a furor in Congress, were published by The New York Times, The Associated Press, Newsweek and other outlets, as well as in recent books by reporters for Newsweek and The Times. [my emphasis]

That’s because prior reporting had indicated that the Kill List stories were not being investigated.

Recent revelations about clandestine U.S. drone campaigns against al Qaeda and other militants are not part of two major leak investigations being conducted by federal prosecutors, sources familiar with the inquiries said.

[snip]

The CIA has not filed a “crime report” with the Justice Department over reports about Obama’s drone policy and a U.S. “kill list” of targeted militants, an action which often would trigger an official leak investigation, two sources familiar with the matter said. They

So Shane’s revelation that the Kill List stories are being investigated amounts to the author of one of the Kill List stories reporting that some people who have been interviewed by the FBI told colleagues they got asked about the Kill List. Which might go something like, “Scott, they’re asking about your story, too.”

All without Shane acknowledging that Shane wrote one of the main Kill List Shiny Object stories.

Meanwhile, I find his reference to the outlets involved very interesting. Using the principle of parallelism, the passage seems to suggest the FBI is investigating the NYT for David Sanger’s sources on StuxNet, the AP for Adam Goldman and Matt Apuzzo’s sources on the UndieBomb 2.0 plot, and Newsweek for Daniel Klaidman’s sources on the Kill List. But of course the NYT also wrote a Kill List story, the AP wrote what is probably the most interesting Kill List story (which reported that the Kill List is now run by John Brennan). “And other outlets.” Which might include ABC for revealing that the UndieBomb 2.0 plotter was actually an infiltrator (ABC got the story indirectly from John Brennan, though Richard Clarke). Or the WaPo for Greg Miller’s original story on drone targeting, revealing that we were going to use signature strikes in Yemen. Or the WSJ, reporting that we had started using signature strikes.

In other words, it presents a rather interesting group of potential stories and sources.

Now I don’t know that John Brennan was the source for all this or that he’s really being investigated. I’m not saying Shane is being manipulative by reporting on this (though seriously, it’s another example of the NYT having a reporter report on a story that he is really a part of).

But I do find it rather interesting that a reporter targeted in this leak witch hunt just made news about the scope of the leak witch hunt.


Lamar Smith’s Futile Leak Investigation

By:  Friday July 13, 2012 9:27 am

Lamar Smtih has come up with a list of 7 national security personnel he wants to question in his own leak investigation. (h/t Kevin Gosztola)

House Judiciary Committee Chairman Lamar Smith, R-Texas, told President Obama Thursday he’d like to interview seven current and former administration officials who may know something about a spate of national security leaks.

[snip]

The administration officials include National Security Advisor Thomas Donilon, Director of National Intelligence James Clapper, former White House Chief of Staff Bill Daley, Assistant to the President for Homeland Security and Counterterrorism John Brennan, Deputy National Security Advisor Denis McDonough, Director for Counterterrorism Audrey Tomason and National Security Advisor to the Vice President Antony Blinken.

Of course the effort is sure to be futile–if Smith’s goal is to figure out who leaked to the media (though it’ll serve its purpose of creating a political shitstorm just fine)–for two reasons.

First, only Clapper serves in a role that Congress has an unquestioned authority to subpoena (and even there, I can see the Intelligence Committees getting snippy about their turf–it’s their job to provide impotent oversight over intelligence, not the Judiciary Committees).

As for members of the National Security Council (Tom Donilon, John Brennan, Denis McDonough, Audrey Tomason, and Antony Blinken) and figures, like Bill Daley, who aren’t congressionally approved? That’s a bit dicier. (Which is part of the reason it’s so dangerous to have our drone targeting done in NSC where it eludes easy congressional oversight.)

A pity Republicans made such a stink over the HJC subpoenaing Karl Rove and David Addington and backed Bush’s efforts to prevent Condi Rice from testifying, huh?

The other problem is that Smith’s list, by design, won’t reveal who leaked the stories he’s investigating. He says he wants to investigate 7 leaks.

Smith said the committee intends to focus on seven national security leaks to the media. They include information about the Iran-targeted Stuxnet and Flame virus attacks, the administration’s targeted killings of terrorism suspects and the raid which killed Usama bin Laden.

Smith wants to know how details about the operations of SEAL Team Six, which executed the bin Laden raid in Pakistan, wound up in the hands of film producers making a film for the president’s re-election. Also on the docket is the identity of the doctor who performed DNA tests which helped lead the U.S. to bin Laden’s hideout.

But his list doesn’t include everyone who is a likely or even certain leaker.

Take StuxNet and Flame. Not only has Smith forgotten about the programmers (alleged to be Israeli) who let StuxNet into the wild in the first place–once that happened, everything else was confirmation of things David Sanger and security researchers were able to come up with on their own–but he doesn’t ask to speak to the Israeli spooks demanding more credit for the virus.

Continue reading


The House Judiciary Committee Preens in Full Ignorance at Leaks Hearing

By:  Thursday July 12, 2012 7:06 am

The headline that has come out of yesterday’s House Judiciary Committee hearing on leaks is that the Committee may subpoena people. As US News correctly reports, one push for subpoenas came from a John Conyers ploy trying to call Republican members’ bluff; he basically asked how they could be sure who leaked the stories in question and if they were they should just subpoena those people to testify to the committee.

It’s a testament to the thin knowledge of these stories that none of the Republicans responded, “John Brennan.” But then, even if they had, the committee would quickly get into trouble trying to subpoena Brennan as National Security Advisors (and Deputy NSAs) have traditionally been excused from Congressional subpoena for deliberation reasons, a tradition reinforced by Bush’s approach with Condi Rice.

Ah well. I’m sure we’re going to have some amusing theater of Jim Sensenbrenner trying to force Conyers to come up with some names now.

The other big push for subpoenas, though, came from Trey Gowdy. Partly because he wanted to create an excuse to call a Special Prosecutor and partly because, just because, he was most interested in subpoenaing some journalists. And in spite of the way that former Assistant Attorney General Ken Wainstein patiently explained why there are good, national security, reasons why DOJ is hesitant to subpoena journalists, Gowdy wouldn’t let up.

But what concerned me more is that no one–not a single person on the House committee that oversees DOJ–explained that DOJ doesn’t need to subpoena journalists to find out who they’ve been talking to. They’ve given themselves the authority to get journalist call records in national security cases without Attorney General approval.

That’s a detail every member of the committee should know, particularly if they’re going to hold hearings about whether DOJ can adequately investigate leaks. And while I expect Trey Gowdy to be ignorant, it seems they all are ignorant of this detail.

There was another display of ignorance I find troubling for a different reason. Dan Lungren suggested that he learned of what we’re doing with StuxNet from David Sanger’s reports. He rightly noted that–as the Chair of the House Homeland Security Subcommittee on Cybersecurity–he ought to learn these things from the government, not the NYT. And while his ignorance of StuxNet’s escape may be due to the timing of his ascension to the Subcommittee Chair (most members of the Gang of Four, except Dianne Feinstein, would not have gotten briefed on early stages of StuxNet, when someone should have told the government what a boneheaded plan it was), the Subcommittee still should be aware that our own recklessness has made us vulnerable in dangerous new ways.

Perhaps the most telling detail of the hearing, though, came from retired Colonel Kenneth Allard. He was brought on, I guess, to label what we did with StuxNet an act of war (without, of course, considering whether that is the problem rather than the exposure that both Republican and Democratic Administrations are engaging in illegal war without telling anyone). In his comments, he went so far as to say that “What Mr. Sanger did is equivalent of having KGB operation run against White House.”

Someone had to accuse the journalists of being enemy spies.

But Allard’s statement reveals where all this comes from: personal pique against the NYT for coverage they’ve done on him. Not only did he complain that David Sanger’s publisher didn’t give the New York Journal of Books, for which he writes reviews, an advance copy, but also that the NYT reported on the scam the Pentagon set up to give select Generals and Colonels inside information to spin favorably on TV.

Third, I have personally experienced what it feels like when the NYT deliberately distorts national security information, even to the point of plagiarism. On April 20, 2008, the NYT published an inflammatory expose: “Behind Analysts, Pentagon’s Hidden Hand” by David Barstow. The Times’ article charged that over 70 retired officers, including me, had misused our positions while serving as military analysts with the broadcast and cable TV networks. Continue reading