SWIFT

Monday Morning: Tarantela [UPDATE]

I could listen to this piece on a loop. It’s Santiago de Murcia’s “Tarantela,” performed by noted lutist Rolf Lislevand. The instrument he is playing is as important as the music and his artistry; it’s an extremely rare Stradivarius guitar called the Sabionari. While tarantellas more commonly feature additional instruments and percussion like tambourines, this instrument is stunning by itself.

You can learn more about the Sabionari at Open Culture, a site I highly recommend for all manner of educational and exploratory content.

And now to dance the tarantella we call Monday.

Wheels

  • What’s the German word for ‘omertà’? Because Volkswagen has it (Forbes) — Besides the use of obfuscation by translation, VW’s culture obstructs the investigation into Dieselgate by way of a “code of silence.” And money. Hush money helps.
  • Growing percentage of VW investors want an independent investigation (WSJ) — An association 25,000 investors now demands an investigation; the problem continues to be Lower Saxony, the Qatar sovereign-wealth fund and the Porsche family, which combined own 92% of voting stock.
  • VW production workers get a 5% pay raise (IBT) — Is this “hush money,” too, for the employees who can’t afford to be retired like VW’s executives? The rationale for the increase seems sketchy since inflation is negligible and VW group subsidiary workers at Audi and Porsche won’t receive a similar raise.
  • Insanity? VW Group a buy opportunity next month (The Street) — Caveat: I am not a stockbroker. This information is not provided for investment purposes. Your mileage may vary. But I think this is absolute insanity, suggesting VW group stock may offer a buy opportunity next month when VW publishes a strategy for the next decade. If this strategy includes the same utterly opaque organization committing fraud to sell vehicles, is it smart to buy even at today’s depressed prices? The parallel made with Apple stock is bizarre, literally comparing oranges to Apples. Just, no.

Bad News (Media)

Cybersec

  • Organized criminals steal $13M in minutes from Japanese ATMs (The Guardian) — And then they fled the country. What?! The mass thefts were facilitated by bank account information acquired from an unnamed South African bank. Both Japan and SA use chip-and-pin cards — so much for additional security. Good thing this organized criminal entity seeks money versus terror. Interesting that the South African bank has yet to be named.(*)
  • Slovenian student receives 15-month suspended sentence for disclosing state-created security problems (Softpedia) — The student at Slovenia’s Faculty of Criminal Justice and Security in Maribor, Slovenia had been investigating Slovenia’s TETRA encrypted communications protocol over the last four years as part of a school project. He used responsible disclosure practices, but authorities did not respond; he then revealed the encrypted comms’ failure publicly to force action. And law enforcement went after him for exposing their lazy culpability hacking them.
  • Related? Slovenian bank intended target for Vietnamese bank’s SWIFT attempted hack funds (Reuters) — Huh. Imagine that. Same country with highly flawed state-owned encrypted communications protocol was the target for monies hackers attempted to steal via SWIFT from Vietnamese TPBank. Surely just a coincidence, right?

Just for the heck of it, consider a lunch read/watch on a recent theory: World War 0. Sounds plausible to me, but this theory seems pretty fluid.

Catch you here tomorrow morning!

* UPDATE — 1:20 P.M. EDT —
Standard Bank reported it had lost 300 million rand, or USD $19.1 million to the attack on Japanese ATMs. First reports in South African media and Reuters were roughly 11 hours ago or 9:00 a.m. Johannesburg local time. It’s odd the name of the affected bank did not get wider coverage in western media, but then South Africa has a problem with disclosing bank breaches. There were five breaches alleged last year, but little public information about them; they do not appear on Hackmageddon’s list of breaches. This offers a false sense of security to South African banking customers and to banks’ investors alike.

Japan Times report attribute the thefts to a Malaysian crime gang. Neither Japan Times nor Manichi mention Standard Bank’s name as the affected South African bank. Both report the thefts actually took place more than a week ago on May 15th — another odd feature about reporting on this rash of well-organized thefts.

SEC Says Hackers Like NSA Are Biggest Threat to Global Financial System

Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.

Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.

Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.

The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.

“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.

“As we go out there now, we are pointing that out.”

Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.

Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.

(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise  manipulate the financial systems;

Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.

After which point, James Clapper started pointing to similar attacks as a major global threat.

I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.

Wednesday Morning: Wandering

This music video is the result of an insomniac walkabout. I went looking for something mellow I hadn’t heard before and tripped on this lovely little indie folk artistry. Not certain why I haven’t heard Radical Face before given how popular this piece is. I like it enough to look for more by the same artist.

Let’s go wandering…

Volkswagen: 3.0L fix in the offing, but too late for EU and the world?

  • New catalytic converter may be part of so-called fix for VW and Audi 3.0L vehicles (Bloomberg) — The financial hit affected dividend as reserve for fix/recall/litigation was raised from 6.7B to 16.2B euros. VW group will not have a full explanation about Dieselgate’s origins and costs to shareholders until the end of 2016.
  • But Netherland’s NO2 level exceeds the 40 microgram threshold in 11 locations, violating EU air pollution standards (DutchNews) — Locations are those with high automobile traffic.
  • UK government shoveled 105,000 pounds down legal fee rat hole fighting air pollution charges (Guardian-UK) — Look, we all know the air’s dirty. Stop fighting the charges and fix the mess.
  • UK’s MPs already said air pollution was a ‘public health emergency’ (Guardian-UK) — It’s killing 40-50,000 UK residents a year. One of the approaches discussed but not yet in motion is a scrapping plan for dirty diesel vehicles.
  • Unfortunately global CO2 level at 400 ppm tipping point, no thanks to VW’s diesel vehicles (Sydney Melbourne Herald) — Granted, VW’s passenger vehicles aren’t the only source, but cheating for nearly a decade across millions of cars played a substantive role.

Mixed government messages about hacking, encryption, and cybersecurity enforcement
Compare: FBI hires a “grey hat” to crack the San Bernardino shooter’s iPhone account, versus FCC and FTC desire for escalated security patching on wireless systems. So which is it? Hacking is good when it helps government, or no? Encryption is not good for government except when it is? How do these stories make any sense?

  • State of Florida prosecuting security researcher after he revealed FL state’s election website was vulnerable (Tampa Bay Times) — Unencrypted site wide-open to SQL “injection attack” allowed research to hack into the site. Florida arrests him instead of saying thanks and fixing their mess.
  • UK court rules hacker does not have to give up password (Guardian-UK) — Computer scientist and hacker activist Lauri Love fights extradition to U.S. after allegedly stealing ‘massive quantities’ of data from Fed Reserve and NASA computers; court ruled he does not have to give up password for his encrypted computers taken into custody last autumn.
  • SWIFT denies technicians left Bangladeshi bank vulnerable to hacking (Reuters) — Tit-for-tat back and forth between Bangladesh Bank and SWIFT as to which entity at fault for exposures to hacking. Funny how U.S. government is saying very little about this when the vulnerability could have been used by terrorists for financing.

Well, it’s not quite noon Pacific time, still morning somewhere. Schedule was off due to insomnia last night; hoping for a better night’s sleep tonight, and a better morning tomorrow. Catch you then!

Tuesday Morning: Monitor

Y me lamento por no estar alla
Y hoy te miento para estar solos tu y yo
Y la distancia le gano al amor
Solo te veo en el monitor

— excerpt, Monitor by Volovan

Sweet little tune, easy to enjoy even if you don’t speak Spanish.

Speaking of monitor…

Flint Water Crisis: Michigan State Police monitoring social media
Creeptastic. MSP is following social media communications related to Flint water crisis, which means they’re watching this blog and contributors’ tweets for any remarks made about Flint. Whatever did they do in the day before social media when the public was unhappy about government malfeasance?

MDEQ personnel told Flint city water employee to omit tests with high lead readings
The charges filed last week against two Michigan Department of Environmental Quality and a Flint city employee were related to the manipulation and falsification of lead level tests. From out here it looks like Mike Glasgow did what the MDEQ told him to do; with the city under the control of the state, it’s not clear how Glasgow could have done anything else but do what the state ordered him to do. Which governmental body had higher authority under emergency management — the city’s water department, or the MDEQ? And what happens when personnel at the MDEQ aren’t on the same page about testing methodology?

MDHHS too worried about Ebola to note Legionnaire’s deaths in 2014-2015?
Michigan’s Department of Health and Human Services director Nick Lyons maintains a “breakdown in internal communication” kept information about the Legionnaire’s disease outbreak from reaching him. He also said MDHHS was focused on Ebola because of its high mortality rate overseas. There were a total of 11 cases of Ebola in the U.S. between 2014 and 2015, none of which were diagnosed or treated in Michigan. Meanwhile, 10 people died of Legionnaire’s due to exposure to contaminated Flint water in that same time frame. Not certain how MDHHS will respond to an imported biological crisis when it can’t respond appropriately to a local one created by the state.

Other miscellaneous monitoring

  • Charter Communications and Time Warner tie-up approved, with caveat (Reuters) — Charter can’t tell content providers like HBO they can’t sell their content over the internet – that’s one of a few exceptions FCC placed on the deal. I think this is just insane; the public isn’t seeing cheaper broadband or cable content in spite of allowing ISPs to optimize economies of scale. Between Charter/TWC and Comcast, they’ll have 70% of all broadband connections in the U.S.
  • Mitsubishi Motors fudged its fuel economy numbers for last 25 years (AP) — This investigation is exactly what should happen across EU, because EU-based manufacturers have done this for just as long or longer. And the EU knows this, turns a blind eye to the tricks automakers use to inflate fuel economy ratings.
  • Goldman Sachs has a brand new gig: internet-based banking (Fortune) — This is the fruit of GS’ acquisition of General Electric’s former financial arm. Hmm.
  • BAE Systems has a nice graphic outlining the SWIFT hack via Bangladesh’s central bank (BAE) — Makes it easy to explain to Grampa how somebody carted off nearly a billion dollars.

Toodledy-doo, Tuesday. See you tomorrow morning!

Turns Out Their Reassurances Were Too SWIFT

When I first wrote about the $81 million bank heist of Bangladesh, I noted that the hack appeared to target SWIFT, the international payment transfer system, even while SWIFT itself was giving us reassurances that they had not been breached.

While SWIFT insists it has not been breached, the hackers used a name making it clear they were targeting the SWIFT system.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

SWIFT is sending out a security advisors to its members, advising them to shore up their local operating environments.

Three days ago, Reuters issued a report that seemed to reiterate the centrality of the negligence of Bangladesh bank for the hack, which was relying on a second-hand, $10 router for its SWIFT set-up.

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said.

The shortcomings made it easier for hackers to break into the Bangladesh Bank system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.

“It could be difficult to hack if there was a firewall,” Alam said in an interview.

The lack of sophisticated switches, which can cost several hundred dollars or more, also means it is difficult for investigators to figure out what the hackers did and where they might have been based, he added.

Though local cops cast some of the blame on SWIFT.

The police believe that both the bank and SWIFT should take the blame for the oversight, Alam said in an interview.

“It was their responsibility to point it out but we haven’t found any evidence that they advised before the heist,” he said, referring to SWIFT.

A spokeswoman for Brussels-based SWIFT declined comment.

Which might have been the tip-off that this was coming…

The attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system, said security researchers at British defense contractor BAE Systems.

SWIFT, a cooperative owned by 3,000 financial institutions, confirmed to Reuters that it was aware of malware targeting its client software. Its spokeswoman Natasha Deteran said SWIFT would release on Monday a software update to thwart the malware, along with a special warning for financial institutions to scrutinize their security procedures.

[snip]

Deteran told Reuters on Sunday that it was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.” She said “the malware has no impact on SWIFT’s network or core messaging services.”

The software update and warning from Brussels-based Swift, or the Society for Worldwide Interbank Financial Telecommunication, come after researchers at BAE (BAES.L), which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access.

One wonders whether SWIFT would have released a public statement if not for BAE’s imminent public report on this?

Again, NSA managed to hack into SWIFT (double-dipping on the sanctioned access they got through an agreement with the EU) via printer traffic at member banks.

NSA’s TAO hackers hacked into SWIFT (even though the US has access to SWIFT to obtain counterterrorism information via an intelligence agreement anyway), apparently by accessing printer traffic from what sounds like member banks.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

So SWIFT had warning there were vulnerabilities in its local printer system (though it’s not clear this is the same vulnerability the Bangladesh thieves used).

You’d think SWIFT would have made some effort when that became public to shore up vulnerabilities in the global finance system. Instead, they left themselves vulnerable to a $10 router.

SWIFT and the Bangladeshi Bank Heist

I’ve been following the story of how what are described to be criminal hackers tried to steal $1 billion from Bangladesh’s national bank, in part because of the tie to SWIFT, the financial transfer company (as of now, $81 million are still missing, but Sri Lanka and the Fed managed to reverse or prevent the remainder of the theft attempt). As part of the hack, the thieves stole Bangladesh’s SWIFT credentials (it appears they did this after Bangladesh connected the server running SWIFT transactions to 3 other servers).

“Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers,” the interim report said. Those servers are operated by the bank but run the SWIFT interface, and the report makes it clear the breach stretches into other parts of the bank’s network as well. “The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation.”

SWIFT is a member-owned cooperative that provides international codes to facilitate payments between banks globally. It can’t comment on the investigation, according to Charlie Booth from Brunswick Group, a corporate advisory firm that represents SWIFT.

“We reiterate that the SWIFT network itself was not breached,” Booth said in an e-mail. “There is a full investigation underway, on what appears to be a specific and targeted attack on the victim’s local systems.” SWIFT said last week its “core messaging services were not impacted by the issue and continued to work as normal.”

Dedicated servers running the SWIFT system are located in the back office of the Accounts and Budgeting Department of Bangladesh Bank. They are connected with three terminals for payment communications.

While SWIFT insists it has not been breached, the hackers used a name making it clear they were targeting the SWIFT system.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

SWIFT is sending out a security advisors to its members, advising them to shore up their local operating environments.

On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”

In separate news, a local security researcher who had been working on the hack disappeared last week.

In a weird turn of events, one of the security researchers who voiced their criticism at the central bank’s security measures disappeared on Wednesday night.

Family members are saying that Zoha met with a friend at 11:30 PM on Wednesday night, March 16. While coming home, a jeep pulled in front of their auto-rickshaw, and men separated the two, putting them in two different cars.

Zoha’s friend was dumped somewhere in the city (Dhaka) and was able to get home by 02:00 AM, the next day. He then contacted Zoha’s family, who said the security researcher never came home.

The next day, family members tried to report the researcher missing, but police officers just kept redirecting them from one police station to another until the family gave up and contacted the media for help.

[snip]

According to BDNews24, Zoha was a former collaborator of Bangladesh’s ICT (Information and Communication Technology) Division and worked with various government agencies in the past. It appears that his comments about the Bangladesh central bank cyber-heist were made working as a “shadow investigator” for a security company that family members declined to name.

Answering questions about his own investigation into the central bank’s cyber-heist, Zoha said that the “database administrator of the [Bangladesh Bank] server cannot avoid responsibility for such hacking” and that he “noticed apathy about the [server’s] security system.”

From this description and those based on the FireEye report, it seems like Bangladeshi authorities, and not SWIFT, would be the powerful people who might want to make this guy disappear. But I find it interesting that someone who was presumably mirroring FireEye’s work has apparently been kidnapped.

Remember: NSA’s TAO hackers hacked into SWIFT (even though the US has access to SWIFT to obtain counterterrorism information via an intelligence agreement anyway), apparently by accessing printer traffic from what sounds like member banks.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

While we don’t have enough detail to assess, it does sound like the NSA got in through vulnerabilities at the member bank level, like these thieves did.

Again, I assume the kidnapping is best explained by Bangladeshi efforts to cover up their own incompetence. But I do find the possibility that SWIFT might be vulnerable due to vulnerabilities at its member banks, too.

Russia’s Sabre-Rattling: Not Just Bluster About Banks and Ukraine Unrest


Last Friday, CNBC interviewed Andrey Kostin, CEO of Russia’s second largest bank, following the EU’s decision to extend economic sanctions against Russia, ostensibly to punish Russia for hostilities against Ukraine. Kostin’s comments were combative.

“You know, we have quite a strong opinion on sanctions. Sanctions, in other words, is economic war against Russia. Economic war will definitely have and will have very negative implications on the Russian economy, but more than that it will have very negative implications on the political dialogue and on security in Europe. And who wants to live in a less secure world? I think nobody. I think it’s the wrong way to treat Russia like this. I think it will never to lead to any other consequences as to less stability and less secure Europe.” [sic]

“”You can’t treat any country like this. You know you can’t say, if you behave rightly, that’s a small [weep*] for you, if you behave wrongly, that’s a big [weep*] for you.’ That’s not a dialog, that’s a threat. … I think we should talk. I mean, politicians should talk, like business men. Business men do talk, and they are interested in working together. …”

In short, Russia feels the sanctions are warfare, and they want to deal. They’d really like the asymmetric attack on finance to stop short of terminating Russian banks’ access to SWIFT (the impact of which WaPo spells out).

But the banks’ discomfort with the sanctions and continued incursions against Ukraine aren’t the only signs of Russian belligerence. By year end, there had been forty events characterized as “close military encounters” during 2014, according to European Leadership Network, a non-partisan, nonprofit think tank. Continue reading

SWIFT Change

I’ve long tracked developments in SWIFT, the system that tracks international bank transfers. The NSA got SWIFT to turn over data willingly after 9/11. But then the consortium moved its servers to Europe, making the data legally safer — though surely not technically safer  — from NSA hands. And in spite of the fact that the US negotiated, and then violated the spirit of, a permissive deal to access this information, documents leaked by Edward Snowden still show the NSA double dipping, obtaining SWIFT information via the legal front door and the technical back door.

Nevertheless, it wasn’t the evidence that the US had preferential access to the records of international bank transfers is not what led someone to create a competitor. The threat of sanctions did.

Russia has just announced a plan to have some alternative to SWIFT in place by May.

Russia intends to have its own international inter-bank system up and running by May 2015. The Central of Russia says it needs to speed up preparations for its version of SWIFT in case of possible ”challenges” from the West.

“Given the challenges, Bank of Russia is creating its own system for transmitting financial messaging… It’s time to hurry up, so in the next few months we will have certain work done. The entire project for transmitting financial messages will be completed in May 2015,” said Ramilya Kanafina, deputy head of the national payment system department at the Central Bank of Russia (CBR).

Calls not to use the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system in Russian banks began to grow as relations between Russia and the West deteriorated over sanctions. So far, SWIFT says despite pressure from some Western countries to join the anti-Russian sanctions, it has no intention of doing so.

I’ve long wondered when US reliance on sanctions — which is effectively an assertion of the authority to be able to dictate which economic players are acceptable and not — would begin to undermine the US system. And while this does not seem to be primarily motivated by an effort to undercut US hegemony, except to the degree that Russia refuses to comply with US demands it be permitted to rearrange Russia’s immediate neighborhood. Rather, this is a reaction to US actions.

Nevertheless, it may establish the infrastructure that undermines US hegemony.

Double Dipping at SWIFT

Spiegel today reveals more details about NSA’s “Follow the Money” program, in which it collects credit card information from select geographical regions. In addition, as TV Globo also revealed last week, they are conducting Tailored Access Operations against SWIFT, the international financial transfer messaging system.

The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.

Now, some caution about this claim is in order. Spiegel reports that NSA’s financial records database has 180 million records, of which 84% are credit card transactions.

The collected information then flows into the NSA’s own financial databank, called “Tracfin,” which in 2011 contained 180 million records. Some 84 percent of the data is from credit card transactions.

Even assuming the balance of the records in the database come from SWIFT, that’s less than 29 million records (in 2011, so assume the number is larger now). In 2011, SWIFT was sending 17.5 million records a day. So whatever makes it into the actual database is just a small fraction of international traffic.

But that almost certainly doesn’t account for the bulk of the SWIFT information collected by the US government. Remember: in addition to stealing the data, Treasury also gets it via a now-public agreement. The former CEO of SWIFT Leonard Schrank and former Homeland Security Czar, Juan Zarate actually boasted in July, in response to the earliest Edward Snowden revelations, about how laudable Treasury’s consensual access to the data was.

The use of the data was legal, limited, targeted, overseen and audited. The program set a gold standard for how to protect the confidential data provided to the government. Treasury legally gained access to large amounts of Swift’s financial-messaging data (which is the banking equivalent of telephone metadata) and eventually explained it to the public at home and abroad.

It could remain a model for how to limit the government’s use of mass amounts of data in a world where access to information is necessary to ensure our security while also protecting privacy and civil liberties.

Never mind that by the time they wrote this, an EU audit had showed the protections were illusory, in part because the details of actual queries were oral (and therefore the queries weren’t auditable), in part because Treasury was getting bulk data. But there was a legitimate way to get data pertaining to the claimed primary threat at hand, terrorism. And now we know NSA also stole data.

Note, too, the timing. While Spiegel doesn’t provide enough details about the exploitation of SWIFT for us to date it, the dates it does provide about this financial spying are 2010 and 2011. That was the period when the EU was trying to put sensible limits to Treasury’s access of SWIFT.

Back when the intelligence community first decided to go after SWIFT data, their first plan was to just steal it.

Intelligence officials were so eager to use the Swift data that they discussed having the C.I.A. covertly gain access to the system, several officials involved in the talks said. But Treasury officials resisted, the officials said, and favored going to Swift directly.

12 years later, they apparently are stealing at least some of it. That probably means they wanted data for transactions that have nothing to do with the counterterrorism application first SWIFT and then the EU bought off on. So there’s the legal access to counterterrorism data via Treasury, and the illegal access to (presumably) some other kind of data via NSA.

Continue reading

James Clapper’s Financial War on the World

I’m fundraising this week. Please support me if you can. 

Yesterday, TV Globo published details of NSA spying on Brazil’s oil company, Petrobras, SWIFT, and financial organizations. Besides revealing that man-in-the-middle attacks are sometimes used, the report didn’t offer details of what the NSA was actually collecting. Its sources suggest NSA might be seeking Brazil’s leading deep sea drilling technology or geological information that would be useful in drilling auctions, but it is also conceivable the NSA is just trying to anticipate what the oil market will look like in upcoming years (this is one area where we probably even spy on our allies the Saudis, since they have been accused of lying about their reserves).

To some degree, then, I await more details about precisely what we’re collecting and why.

But what I am interested in is James Clapper’s response. He released this statement on the I Con site.

It is not a secret that the Intelligence Community collects information about economic and financial matters, and terrorist financing.

We collect this information for many important reasons: for one, it could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy. It also could provide insight into other countries’ economic policy or behavior which could affect global markets.

Our collection of information regarding terrorist financing saves lives. Since 9/11, the Intelligence Community has found success in disrupting terror networks by following their money as it moves around the globe. International criminal organizations, proliferators of weapons of mass destruction, illicit arms dealers, or nations that attempt to avoid international sanctions can also be targeted in an effort to aid America’s and our allies’ interests.

What we do not do, as we have said many times, is use our foreign intelligence capabilities to steal the trade secrets of foreign companies on behalf of – or give intelligence we collect to – US companies to enhance their international competitiveness or increase their bottom line.

As we have said previously, the United States collects foreign intelligence – just as many other governments do – to enhance the security of our citizens and protect our interests and those of our allies around the world. The intelligence Community’s efforts to understand economic systems and policies and monitor anomalous economic activities is critical to providing policy makers with the information they need to make informed decisions that are in the best interest of our national security.

Let me take this extraordinary statement in reverse order.

In the fourth paragraph, Clapper reiterates the final defense that NSA defenders use: that we’re better than, say, China and France, because we don’t engage in industrial espionage, stealing technology with our spying. That may be true, but I suspect at the end of the day the economic spying we do might be more appalling.

In the third paragraph, he retreats to the terror terror terror strategy the Administration has used throughout this crisis. And sure, no one really complains that the government is using financial tracking to break up terrorist networks (though the government is awfully selective about whom it prosecutes, and it almost certainly has used a broad definition of “terrorism” to spy on the financial transactions of individuals for geopolitical reasons). But note, while the Globo report provided no details, it did seem to describe that NSA spies on SWIFT.

That would presumably be in addition to whatever access Treasury gets directly from SWIFT, through agreements that have become public.

That is, the Globo piece at least seems to suggest that we’re getting information from SWIFT via two means, via the now public access through the consortium, but also via NSA spying. That would seem to suggest we’re using it for things that go beyond the terrorist purpose the consortium has granted us access for. Past reporting on SWIFT has made it clear we threatened to do just that. The Globo report may support that we have in fact done that.

Now the second paragraph. James Clapper, too cute by half, asserts, spying on financial information,

could provide the United States and our allies early warning of international financial crises which could negatively impact the global economy

Hahahahahaha! Oh my word! Hahahaha. I mean, sure, the US needs to know of pending financial crises, in the same way it wants to know what the actual versus claimed petroleum reserves in the world are (and those are, of course, closely related issues). But with this claim, Clapper suggests the US would actually recognize a financial crisis and do something about it.

Hahahahaha. Didn’t — still doesn’t — work out that way.

Continue reading