Yesterday, President Obama rolled out yet another new cyber-directive, this one aiming to better coordinate response to attacks. (PPD, annex, fact sheet) Along with all that, the White House released a guideline on the ranking of cyberattacks, including the Orange Alert type table that reminds me of Tom Ridge’s discredited system.
I’m going to post at more length about this prioritization system and the PPD.
But for the moment I wanted to post the table separately to ask what you think the DNC hack(s) (remember there were two) would rank on the system. My guess is the initial hack (APT29, alleged to be FSB) would be Level 1 or even 0. State actors spy on political parties all the time, and that’s all we’ve been told APT29 was doing.
The real question is APT28, which is the hack alleged to have ties to Guccifer and therefore to the Wikileaks posting of all the emails. It’s not yet clear the hack was intended to elect Trump (assuming it is Russian); I think it more likely to be retaliation for the Ukrainian coup. It’s not clear how important it will be on the election (and I expect more damaging documents to be released closer to the election). And it’s not clear how much this really has affected public confidence.
The question is still more problematic if you try to grade the OPM hack, which has to be far closer to a Level 4 (because of the risk it placed clearance holders under). But do you also lump it in with, say, the hack of Anthem, which is understood to be related?
I will ask the White House tomorrow if it has ranked the DNC hack(s). But for now, where do you think it would rate?
This Parisian artist is fascinating. Indila is extremely popular in France, mostly because of ballads like this one with multi-generational appeal. Many of her works contain lyrics in more than one language which increases the breadth of her allure. This particular song is indie/dream pop, but she also works in rap and fusion raï — the latter a form of Algerian folk music.
It’s no surprise that some of Indila’s work fuses raï with other genres. She’s of Algerian descent, though she’s said she’s also Indian, Cambodian, Egyptian and Moroccan. Indian influences her work with band TLF in Criminel, African cultures shape her collaboration with Youssoupha in Dreamin’ (the video is set in Arizona, oddly enough), and Middle East in Poussière d’empire with artist Nessbeal.
Do surf YouTube for more of her solo work when you’re in the mood for something sweet and angst-y.
Flooding in China displaces 300,000 (News) — Hundreds are missing or dead, at least one village completely destroyed. Many are angry about lack of warning. Northern China is most affected, with flooding worse than is has been in years — no mentions in reports of how long since last major flooding of the same scale. Climate change likely responsible for record flooding as it has been in other parts of the world.
Canada’s intelligence agency likewise resists oversight (CTVNews) — Communications Security Establishment (CSE) won’t disclose what information has been shared with other non-Canadian entities which may result in human rights violations. CSE may not spy on Canadians anywhere, but compliance can’t be proven with censored records.
Not even going to bother with the Trump+Russia crap here, because it’s all over social media. Probably well-fanned smoke to hide his refusal to release tax returns.
These are among some of the stupidest, rudest, dickiest things in my timeline today. Perps deserve a whack along side the head. Don’t like my language? Tough rocks.
If you have the stomach for it, listen to this Bloomberg podcast in which Laurence Ball, Department of Economics Chair at Johns Hopkins, says the U.S. could have avoided the 2008 crash by rescuing Lehman Brothers. Hindsight is 20/20 — in this case, it’s nauseating, too. Fecking Bush administration…
Reuters just published a story about a big cache of data ISIS left as it retreated from Manbij. It’s great news that the military got these materials, as it will helps us defeat ISIS. Just as important is this part.
The material, gathered as fighters moved from village to village surrounding the town of Manbij, includes notebooks, laptops, USB drives, and even advanced math and science textbooks rewritten with pro-Islamic State word problems, Colonel Chris Garver, the U.S. military spokesman in Iraq, said in a news briefing.
The U.S.-backed fighters – an alliance of Kurdish and Arab forces – have gathered more than 4 terabytes of digital information, and the material, most of it in Arabic, is now being analyzed by the U.S-led coalition fighting the militant group.
This retreat is happening as we speak. That means that US forces were able to exploit the data almost immediately on seizing it. And that, in turn, either means it is not encrypted, it is badly encrypted, or the US also got passwords for encrypted files along with the rest of the stash.
Perhaps this can put to rest the calls to weaken encryption because ISIS is using it to great effect?
I miss prosthesis and mended souls
Trample over beauty while singing their thoughts
I match them with my euphoria
When they said “Je suis plus folle que toi”
— excerpt, Tilted by Christine And The Queens
We’ve spent (and will spend) a lot of time looking at Americans this month, given the two major parties’ political conventions back to back. Yeah, we’ll look at Russia with a gimlet eye directed by media. But we could use a look away.
The artist in this video is actually Héloïse Letissier; Christine and the Queens is the stage name she and a group of transgender supporting artists use, though many of her works are solo performances. Letissier’s work isn’t confined to music alone as she also works in graphic arts. Her work frequently combines French and English lyrics with strong synthpop beat, making for wide appeal outside of France. If you like Tilted, try the mournful but earworm-y Paradis Perdus and the more hip-hoppy No Harm Is Done.
The question,”Is the DNC Hack an Act of War?” put to Jack Goldsmith (Slate) — Assuming it’s Russian in origin, Goldsmith said the hack is “not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information.” But Goldsmith didn’t think there was enough evidence to say for certain this was Russia’s work in this interview published last evening.
Tesla driver ‘speeding’ before Florida crash (Reuters) — IMO, the truck driver still bears some responsibility here, failed to yield to oncoming vehicle in spite of their speed. But I don’t have all the data, can’t be certain. One thing I can be more sure of: Tesla’s ‘driving-assist software’ should NOT be perceived as autopilot. If this was true autopilot, the software would have adjusted the vehicle’s speed to meet and not exceed the posted limit.
“For the same car, in the U.S., you get a compensation, while in Europe you get an apology,” said Maroš Šefčovič, a Commission vice president overseeing energy and climate policy. “I don’t think it is fair.”
Yeah, it’s not fair, and VW’s head engineer Ulrich Eichhorn is wrong when he says EU customers aren’t damaged. Baloney–the entire EU is damaged by higher NOX and other pollutants generated by these fraudulent cars. People are sick and dying because EU’s biggest automaker is poisoning the air.
Plasma technology may extend storage life of fruits (ScienceDaily) — Plasma technology — using energy applied to a gas — can zap bacteria on surface of fruit to prevent deterioration the bacteria cause. Except it’s expensive compared to simply washing fruit with known natural antibacterial agents. Like vinegar and water. Plasma tech might be best used on soft fruits like berries which don’t handle washing very well. But still, more energy required, and any heat generated might cook the fruit. ~smh~
Better beer through yeast (Nature) — Soon-to-be-published paper will detail 150 yeast strains’ genomes in an effort to help beermakers find the perfect yeast. What happens when they find The One, though? Will we lose our excuse for sampling widely and deeply?
Longread for your next commute
Belt magazine offers a four-part series, Walking to Cleveland by Drew Philps. It’s a travelogue of sorts, documenting Philp’s journey on foot from Dearborn to Cleveland in time for the Republican National Convention. Visit the Midwest with read.
Since yesterday, both Jack Goldsmith and Peter Singer have had offered some interesting perspective on the alleged Russian hack of the DNC.
Singer had a bit of a Twitter rant.
His linked (recent) Oversight testimony which discussed how much more complex cyber deterrence is than Cold War nuclear deterrence is.
For his part, Goldsmith first considered what was old and new in the hack, finding the only real new thing was releasing the emails.
While there is nothing new in one nation using its intelligence services to try to influence an election in another, doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.
He then dismissed the notion — floated elsewhere — that this amounts to cyberwar while implying that the US has to get far better at defending our own networks and systems.
How seriously do you think the government takes issues of cyberwarfare? Do you feel confident about our defensive capabilities and competence?
“Cyberwar” is a misleading term—the Russian hack, if it is that, is not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information. That said, the U.S. government takes all major cyberoperations against it and its major public and private institutions very seriously. My confidence about our defensive capabilities and competence depends on what institutions you are talking about. Today, some components of the government (e.g. the Defense Department) do better than others (e.g. the Office of Personnel Management, which recently suffered an very damaging hack). And private sector defenses, even of important critical infrastructure networks, are a very mixed bag. The scale of the challenge is enormous, and offense has many advantages over defense. I don’t know anyone who is sanguine about our defensive capabilities overall.
Then he went on a Twitter rant directed at the hand-wringing about how unusual this is.
1/ In assessing the DNC hack, remember that USG is no innocent when it comes to infiltrating foreign computer networks.
2/ The cyber-attack on Iranian nuclear centrifuges was one of the most consequential in history.
3/ USG openly & aggressively supports technologies that weaken foreign gov’t control over networks.
6/ It’s also well known that US has in past used covert ops to influence foreign elections.
7/ Current U.S. cyber-espionage almost certainly extends to political organizations in adversary states.
11/ The point is that USG plays rough in cyberspace, and should expect others to do so as well.
12/ And yet USG seems perpetually unprepared. DNC hack is tiny tip of iceberg of possible electoral disruptions via cyber.
In short, both think this is something other than cyberwar, but view the importance of it differently (even while both provide suggestions for a policy framework to respond), particularly the uniqueness of the perceived sabotage of the election. But their discussion (along with virtually everyone else’s) has pitched this as a two-front question, us against Russia, though Singer’s testimony has a lot of discussion about how much more complexity there is to this issue, including the non-state actors who might be involved.
After having dismissed the unthinking equation of 2 intelligence hacks = Guccifer = Russia = WikiLeaks = Russia story, I want to return to it to complicate matters somewhat, to talk about Wikileaks role whether or not it cooperated with Russia on this. First, what follows is in no way meant to be a defense of Wikileaks’ action here, which included the inclusion of credit card and social security information in the dump. Particularly against the background of what it recently did with Turkish documents: in the guise of releasing a bunch of Erdogan documents, it also dumped voting information on most women in Turkey, including whether or not they were members of Erdogan’s AKP.
WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.
Yes — this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan’s ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. The Istanbul file alone contains more than a million women’s private information, and there are 79 files, with most including information of many hundreds of thousands of women.
Another file appears to contain sensitive information, including Turkish citizenship IDs of what appears to be millions of AKP members, listed as active or deceased. Yet another file contains the full names, citizenship IDs and cellphone numbers of hundreds of thousands of AKP election monitors — the most active members of the party.
As Zeynep Tufekci points out, in the wake of the failed coup and Erdogan’s retaliation, this has the possibility of endangering a great number of people.
So Wikileaks has done two things that were egregious and damaging. I do not defend that. I condemn it (and the sloppy journalism that enabled it).
Update: see this post on where the Turkey files came from, which came from Phineas Fisher; it wasn’t Wikileaks.
But I want to consider how different its role is with the target of this leak — Hillary Clinton (and Democrats more generally) — and Turkey.
Most of the discussion about the where and whyfor of the leak assumes it is all about Russia’s interest (assuming, of course, that this was a Russian state hack). But consider why Wikileaks might want to leak in this way and at this time.
Hillary was, of course, Secretary of State when Wikileaks leaked the State department cables and pushed aggressively for Chelsea Manning’s prosecution (as Charlie Savage wrote in a piece published just before I finished this, this is a point Assange made when he discussed the emails 6 weeks ago). She has, since then, been found to treat information claimed to be far more sensitive in careless fashion (as has the State Department generally).
Very importantly, State worked closely with DOJ as it investigated Wikileaks. There is very good reason to believe that as part of that investigation, DOJ mapped out Wikileaks’ supporters and, possibly, financial contributors — that is, precisely the kind of people, to the DNC, that Wikileaks just doxxed. That’s arguably a violation of Section 215, which includes First Amendment protections.
We also know that GCHQ was (at least as a SIGDEV research project, but those often serve to conduct surveillance that wouldn’t really fly within other legal guidelines) collecting log files of people who visit Wikileaks.
We know that under pressure from the US government, traditional funding sources stopped taking donations for Wikileaks. I’ve seen hints of some legally dubious action that may be worse, as well. In addition, in 2012, the FBI considered Bitcoin donations to Wikileaks among the many nefarious things one could do with Bitcoin.
Love or hate Wikileaks, but it — and its political and financial supporters — were tracked. Its sources of funding were cut off. And then the government realized that Wikileaks (at that point, at least) was engaging in what a lot of media outlets also do and conceded it couldn’t charge Assange for those activities.
Now I’m not trying to say two wrongs make a right — that because FBI collected data implicating innocent supporters of Wikileaks, it is okay for Julian Assange to dox all the DNC’s supporters.
Rather, I’m trying to raise this in the context of the issues that Singer and Goldsmith lay out. Whether Wikileaks cooperated with Russia (if Russia did the hack) or not, it is a key player in this leak. Even if Russia did this to help Trump, Assange executed the leaks to maximal damage to Hillary (and I suspect Wikileaks will continue to do more damage with further leaks). What does this say about issues of retaliation against non-state actors working with the sphere of state actors, as people consider information war in the era of cyber?
I don’t know the answer to that, but as we raise the question, those issues need to be addressed as readily as the state actor question. The way this rolls out may be as much a question of a non-state actor retaliating against a political figure as it is a state actor trying to elect its preferred candidate.
Tonight was the opening of the Democratic National Convention. It was a rather stunning difference from the scenes on the street yesterday and today, where there were minimal and well behaved cops in Philly as contrasted with the warrior cop oppressive stormtrooper presence in Cleveland. From my reporter friends from the Arizona Republic, the food is totally better in Philly too. Hey, armies move on food, and cheesesteaks rule.
Is everything coming up roses? Nope. There was the whole Debbie Wasserman Schultz thing. She was well advised by our friend David Dayen to stay away and excommunicate herself from the convention podium. But, crikey, the rest simply looks beautiful. Sanders supporters marching in the streets for change, mostly unfettered and unoppressed, other voices being heard, and all relative delegates meeting and co-existing in the halls. This ain’t the dysfunctional RNC bigoted shit show. That, in and of itself, would be worth this post. There is more.
Don’t let cable coverage and the relentless yammer of their panels of self interested toadies fool you, the few true camera pans at the RNC showed more than a few empty seats and a far smaller crowd (especially in the upper decks) than displayed tonight at the DNC.
The real tell, in difference, was in the quality of the speakers and presentation. The only lasting memory from the RNC’s opening night was the embarrassing plagiarism in Melania Trump’s speech. Honestly, my bet is that is not on her, but the understaffed and idiot handlers her narcissistic, yet bumbling, husband provided. That said, it was a res ipsa loquitur deal and, in the end, spoke for itself. What else do you remember from that night other than Tim Tebow did not appear? I got nuthin.
The first night of the DNC in Philly, however, came with a litany of decent and well presented folks presented to a full and energetic hall. Emphasis on full. The dynamics in staging and presentation were stark. As were the quality and mental coherence of the speakers. The first electric moment came when Sarah Silverman, who along with Al Franken, was doing a bit and intro to Paul Simon singing (a geriatric, albeit mesmerizing) Bridge Over Troubled Water. Silverman and Franken had to kill an extra 120 seconds or so and she blurted out some hard, and real, truth that her fellow Bernie Sanders supporters who refuse to help Clinton defeat Trump are flat out “being ridiculous”. Truer words have never been spoken.
But soon came Michelle Obama to the podium. I am not sure I have the words to describe how good Michelle was. As a convention speaker, a surrogate, a leader, a mother and as a First Lady embodying all of the above. Michelle Obama killed it. She blew the joint up. I don’t know how else to describe it, but if you did not witness it live, watch the video up at top. Just do it.
Frankly, at the conclusion of Michelle Obama’s speech, it was hard to see how the last two key speakers, Elizabeth Warren and Bernie Sanders, could possibly top the moment. Sadly, they could not. Liz Warren gave a great, and often in depth, speech. One that absolutely slayed Donald Trump in nearly every way. On its own, it would have been noteworthy. But sandwiched between the brilliance of Michelle Obama and Sanders, with his acolytes cheering and hers still reeling, it seemed good, but not great.
Bernie Sanders caught a little more fire, but mostly because of his yuuge contingent of supporters. And that is not just a good thing, it is a great thing. Sanders did everything, and more, he should have done in this speech by ginning up the classic points and issues his campaign, and its followers, were built on…and then transferring them to Clinton.
It did not work perfectly, but this will be a process up until the election date on November 8. Bernie went a long way, gracefully and patiently, tonight. And, while the cheering crowd appeared to be much more than just the “Sandernistas”, all of the hall seemed to get on board. That, along with Sarah Siverman telling holdout Bernie Busters to wake up and not be ridiculous, were giant steps in unifying support for Clinton over Trump.
Listen, I have been around the block a few times, and know I am supposed to lead with the headline. Sorry, this one worked up to it, and here it is. The RNC and Trump got their lousy bounce because the media, once again, cravenly portrayed what happened in Cleveland as normal, and tit for tat, with what is happening, and will happen, in Philadelphia. That is simply a ratings and craven click germinated lie. The difference is stark.
Nowhere is it more stark than in the picture painted as to the surrogates who will come out of the respective conventions to campaign for their respective candidate between now and November 8.
Um, let’s see, for the GOP we have Newt, Carson, Melania, Thiel, Flynn, Joe Arpaio and Chachi Baio. I excluded Ivanka because she might actually be competent. Seriously, that is basically it for Trump surrogates. From the whole convention. Even Clint Eastwood’s chair took a pass in this, the year of the Orange Faced Short Fingered Vulgarian Bigot.
Let’s compare that with what came out of the Democratic Convention’s first night. Sarah Silverman, Al Franken, Paul Simon, Eva Longoria, Corey Booker and, then, the big three…Michelle Obama, Liz Warren and Bernie Sanders. That is just the first night folks.
See a bit of a dichotomy in personality and credibility there?
Then picture that Clinton’s road warrior surrogates will include not just the above, but also Joe Biden, President Barack Obama and the Big Dog himself, Bill Clinton.
Elections are won in the trenches. Say what you will about Hillary Clinton, and I will probably join you on many negatives, but the Clintons do have a ground operation. And their surrogates are like the 1927 Yankees compared to the Bad News Bears for Trump and the RNC. How will Trump bolster his bench, by bringing in Roger Ailes to molest the women of America? Is there another ground plan for the Trump Juggalos?
Sure, Clinton can still muck it up and lose. She, and the DNC, have been beyond pathetic in how they have treated nearly half their party, and much of their activist base, during the primaries and aftermath. Not just ugly, but stupid. They deserve any hell they get for that, whether it comes from appropriately enraged Sanders supporters or from press reporting on hacks (THE RUSSIANS ARE COMING, THE RUSSIANS ARE COMING!!!)
Bottom line is this: Which set of surrogates would you think would do a better job spreading out over the country: Crazy Newt, Racist Flynn, Bigot Arpaio and Chachi, …. or Michelle Obama, Liz Warren, Bernie Sanders, Barack Obama and Joe Biden?
Think I will go with the latter, and I think they will reach a heck of a lot more voters who will actually engage than will the trite and petty bigots Trump will have on the public offer.
And the Dems have a laundry list of other quality surrogates who will stand up. Trump has apparent Klan worthy members like Jeff Sessions, felons like Don King and Mike Tyson, and people who seek to be them.
Who you gonna call when it comes time to vote?
Seems like an easy decision, especially when you consider that the next 30 to 35 years of ideological control of the Supreme Court hang in the balance.
Part of the frenzied discussion about the possibility that Russia hacked the DNC includes claims that the US would never do something so dastardly.
Except that the Foreign Government Section 702 Certificate makes it clear the NSA is authorized to spy on foreign based political organizations even within the US (and would have far more liberty under EO 12333). Among the parties specifically authorized for targeting in 2010 was Pakistan’s People Party, the incumbent party in a nominal ally.
Indeed, the Snowden documents have an even better example of the US spying in advance of an election — when, in June 2012, NSA targeted the texts between Enrique Peña Nieto and nine of his closest associates.
The NSA’s intelligence agents in Texas must have been asking themselves such questions when they authorized an unusual type of operation known as structural surveillance. For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Peña Nieto and “nine of his close associates,” as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Peña Nieto’s most relevant contacts and entered them into a databank called “DishFire.” From then on, these individuals’ cell phones were singled out for surveillance.
According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Peña Nieto himself and some by his associates. This technology “might find a needle in a haystack,” the analysts noted, adding that it could do so “in a repeatable and efficient way.”
This would have been in the weeks leading up to the election on July 1.
There is one difference: We don’t know what our spooks did with the information gleaned from the 85,489 texts kept from candidate EPN (it was a close election, and I presume we preferred EPN to Andrés Manuel López Obrador). NSA and CIA (with which NSA partnered on this hack) certainly did not release any information we know of from those texts. A more interesting question, in this case, is whether the US used anything from those texts to reassure ourselves — or ensure — that EPN’s campaign promises to change Mexico’s level of cooperation in the war on drugs (which of course also means spying) would change once he won the election, as they did.
None of this excuses Russia if it hacked the DNC. But it does provide a very concrete example where the US hacked the most intimate network of a person running for office — and of an ally, no less.
Spies steal information, even from political candidates. Including American spies.
There has been a lot written about Russia intelligence agencies allegedly hacking the DNC server and — by leaking it — attempting to influence the election. Some observers have, based on that assumption, called the hack an act of war.
I’m agnostic on whether Russian intelligence did one or both of the hacks, in part for reasons I’m still working through. I’m even more skeptical of some of the claims made about Russia’s motivations in launching this attack to put Trump in the presidency (which is not to say Trump wouldn’t be horrible for a whole slew of other reasons); on that topic, see this Josh Marshall piece and a fact-checking of it. And I’m frankly amused that, after using several other outlets for publicity and to release documents, the hacker(s’) cooperation with WikiLeaks (which irresponsibly released credit card and social security information on Democratic donors, but which almost certainly had its donors investigated by DOJ with the heavy involvement of Clinton after Wikileaks published the State cables) itself is a sign of Russian involvement. Does Russia also run The Hill, the last outlet used by DNC hacker(s)?
In short, there are a whole bunch of claims being made, all serving a narrative that Putin is playing in our elections, with little scrutiny of how you get from one level (what have been described as two separate hacks) to another (to Guccifer 2, to help Putin) to another (with the help of Wikileaks). It’s like the Rosetta stone of Cold War 2.0 paranoia. All may be true, but the case is thus far still fragile.
This post, from Thomas Rid, is the most sober analysis of the claim that Russian hackers hacked the DNC. Even still, there are some logical problems with the analysis (that are sadly typical of the underlying cybersecurity consultants). Take these two passages, for example.
The DNC knew that this wild claim would have to be backed up by solid evidence. APost story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.
The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.
They argue (based in part on CrowdStrike’s claims of expertise) both that the hacker(s) were really sophisticated and that they deliberately adopted a Russian name but accidentally left Russian metadata in the files. Particularly with regards to the Russian metadata, you don’t both adopt a notable Russian spook’s ID while engaging in a false flag but then “accidentally” leave metadata in the files, although the second paragraph here pertains to Guccifer 2 and not the Crowdstrike IDed hackers.
If Guccifer were a true false flag, he might well be pretending to be Russian to hide his real identity.
Add to that this post (from June), which notes some confirmation bias in the way that FireEye first attributed APT 28 (which CrowdStrike believes to be GRU, Russia’s military intelligence).
I chose to look at Fancy Bear (APT28 in FireEye’s ecosystem). The most comprehensive report on that threat actor was written by FireEye and released last October, 2014 so I started with that. To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:
“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.” (emphasis added)
That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.
And even if you took the underlying report as definitive, APT 28 was primarily focused on military targets, which by itself ought to raise questions about why they’d go after the DNC.
To make the argument based on targets that APT 28 is GRU you need to do even more adjusting of motivation (though more recent APT 28 attributed attacks are more similar to this one).
But one reason I find the Rid piece sober and useful is it emphasizes something that has been ignored by much of the inflamed reporting. First, even CrowdStrike claims that DNC was hacked twice, by two different Russian entities, which did not appear to be coordinating during the hack. From the CrowdStrike report:
At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.
And, as Rid points out, the proof that Guccifer is tied to Russia (it would be to GRU or APT 28 if the tie were real, so the less persistent of the two apparently unrelated hacks) is even less clear, though there still is a lot of circumstantial evidence.
The evidence linking the Guccifer 2.0 account to the same Russian operators is not as solid, yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authoritiessuspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far. The technical details are as remarkable as its strategic context.
Other features are also suspicious. One is timing, as ThreatConnect, another security company, has pointed out in a useful analysis: various timestamps indicate that the Guccifer-branded leaking operation was prompted by the DNC’s initial publicity, with preparation starting around 24 hours after CrowdStrike’s report came out. Both APT 28 and Guccifer were using French infrastructure for communications. ThreatConnect then pointed out that both the self-proclaimed hacker’s technical statements on the use of 0-day exploits as well as the alleged timeline of the DNC breach are most likely false. Another odd circumstantial finding: sock-puppet social media accounts may have been created specifically to amplify and extend Guccifer’s reach, as UK intelligence startup Ripjar told me.
Perhaps most curiously, the Guccifer 2.0 account, from the beginning, was not simply claiming to have breached the DNC network—but claiming that two Russian actors actually were not on the DNC network at the same time. It is common to find multiple intruders in tempting yet badly defended networks. Nevertheless the Guccifer 2.0 account claimed confidently, and with no supporting evidence, that the breach was simply a “lone hacker”—a phrasing that seems designed to deflect blame from Russia. Guccifer 2.0’s availability to the journalists was also surprising, and something new altogether.
The combative yet error-prone handling of the Guccifer account is in line with the GRU’s aggressive and risk-taking organizational culture and a wartime mindset prevalent in the Russian intelligence community. Russia’s agencies see themselves as instruments of direct action, working in support of a fragile Russia under siege by the West, especially the United States.
Now, again, I’m not saying the Russians didn’t do this hack, nor am I dismissing the idea that they’d prefer Trump to Hillary. By far the most interesting piece of this is the way those with the documents — both the hackers and Wikileaks — held documents until a really awkward time for some awkward disclosures, with what may be worse to come.
But discussions that want to make the case should explain several things: Which of the two agencies alleged to have hacked DNC are behind the operation — or are they both, even though they weren’t, at least according to the report that everyone is relying on without question, apparently cooperating? How certain can they be that the GRU is Guccifer, and if Guccifer is supposed to be a false flag why was it so incompetently done? What explains Guccifer’s sort of bizarre strategy along the way, encompassing both Wikileaks (an obvious one) and The Hill?
Again, I absolutely don’t put this kind of thing beyond Putin. Russia has used hacking to influence outcomes of elections and authority in various countries in the past and the only thing new here is that 1) we wouldn’t already be playing the other side and 2) we’re big and can fight back. But the story, thus far, is more complex than being laid out.
Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович) Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!
You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…
Much of the data was stamped out in saving from format to format
Emails of users though were still embedded in the excel files
The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
The image files have no metadata.. none.. niente clean.
Grizzli777 is just someone who pirates
Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.
*squint.. takes drag of cigarette*
So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!
[(A) Control neurosphere (B) Zika-infected neurosphere Source: Science, 13MAY2016 http://science.sciencemag.org/content/352/6287/816.full]
Because unproven claims persist that chemical exposure — specifically the pyridine-based pesticide pyriproxyfen — causes the birth defects seen in children born to women exposed to Zika virus, I am bringing out the dead, laying out the bodies.
By ‘bodies’ I mean sharing here pictures of cells you see in the embedded photos from a peer-reviewed study published this May.
In these images you’ll see the damage done to human tissue in lab conditions.
No pyriproxyfen was present.
How Researchers Studied Zika
This is the methodology researchers used:
1) The researchers used human stem cells to create neurospheres — the kind of cells which turns into nerve and brain tissue in an actual embryo.
2) They set aside control samples of neurospheres which were not infected.
3) They infected test samples neurospheres with Brazilian Zika virus.
4) They observed the changes in the infected neurospheres.
5) They compared them to the uninfected control samples.
6) They wrote and published a report on their findings.
The image above is the best example from their report of the difference between Zika-infected cells and the uninfected test samples.
What Researchers Found in this Study
In short, Zika inhibits, damages, and kills infected neurospheres.
This is what we can expect to happen to a fetus’ brain or nerve tissues when infected by Zika under the right conditions during early pregnancy.
[(A) Control mock-infected organoid (B) Zika-infected organoid (damage noted at arrows)]
What Else Researchers Found in this Study
The researchers also conducted a very similar test on human brain organoids. These are not single neurospheres but neuro-tissue grown from stem cells so that they form a model like a tiny brain. Not a brain, a tissue-based model of a brain.
They used the same six steps above using a mock-infected model, a Zika-infected model, and a dengue virus-infected model. (Dengue fever is caused by a flavivirus — the same family of viruses to which Zika and yellow fever belong.) Researchers found Zika virus caused similar destructive damage on these larger models while limiting their growth; they did not find the same damage or destruction in the dengue-infected models and none in the mock-infected control models. Zika alone damaged neurological tissue models.
Researchers also studied neural stem cells (NSCs) — the simplest neuro tissue model — and found similar results in which the Zika virus killed off NSCs. Studying NSCs, neurospheres, and organoids, the researchers observed Zika’s actions on different stages of neuro tissue maturity. In each of these models, from the simplest (NSCs) to the most complex (organoids), Zika was destructive.
[ZIKV (Zika virus) induces death in human neurospheres. These micrographs show the ultrastructure of mock- and ZIKV-infected neurospheres after 6 days in vitro. (A) Mock-infected neurosphere showing cell processes and organelles. (B) ZIKV-infected neurosphere showing a pyknotic nucleus, swollen mitochondria, smooth membrane structures, and viral envelopes (arrow). (C) Viral envelopes on the cell surface (arrows). (D) Swollen mitochondria. (E) Viral envelopes inside the endoplasmic reticulum (arrows). (F) Viral envelopes close to smooth membrane structures (arrows).]
Other Research on Zika Using Mouse Tissue
Three other studies published in May this year using mice or mouse tissues likewise showed evidences of neurological tissue and brain damage or growth suppression when infected by Zika virus. The studies came from research facilities in Brazil, China, and the U.S. — and in each study, pyriproxyfen was not included. The Zika-infected specimens showed damage and the control specimens did not.
The study from Brazil at the University of São Paulo also included research using human stem cells, comparing a Brazilian strain of Zika against an African strain:
Beltrão-Braga, Muotri, and their colleagues also grew brain organoids from human stem cells and infected these in vitro models with the Brazilian and African strains of the virus. In the human mini brains, both strains of the virus caused cell death, but the Brazilian strain appeared to also interfere with the formation of cortical layers. The virus didn’t replicate in the brain organoids grown from chimpanzee stem cells, suggesting it may have adapted to human tissue, the researchers noted in their paper.
Emphasis mine. Research published earlier showed Zika has already mutated rapidly after arriving in Brazil, with at least nine variants found inside the last two years.
What’s Next in Zika Research
What researchers don’t yet know, for starters: How Zika works — how does it damage or kill cells? When exactly does the virus do the most damage? What mechanisms interfere with Zika’s operations and can they be used in vaccines or drug therapy? What makes Zika different from dengue or other flavivirus? What does Zika do to adult neuro tissue to cause Guillain-Barre Syndrome? Which adults are most at risk? Will the different mutations in Brazil respond differently to vaccines? How long can humans carry live Zika virus? Has the virus mutated and become transmissible by bodily fluids or aerosol? These are just a few of the questions we still have about Zika.
There are some good guesses about Zika’s mechanisms — like this hypothesis focusing on vitamin A storage in the liver, which also suggests Zika may negatively affect liver cells (yet another avenue of research needed). But will a vaccine targeting this activity work for other flavivirus, too? What if this guess is wrong; are there other approaches we’ve yet to hear about?
We won’t have any of these answers in a reasonable period of time if we don’t have adequate funding.
It’s not just birth defects we are talking about here, either. Look at the damage in those images again; this virus not only damages fetal nerve and brain tissue, it kills fetuses. Infants born with Zika-related defects may be blind and may lead short, painful lives. And it may kill and maim adults, too, if they develop a serious case of Zika-related Guillain-Barre Syndrome.
Let’s not bring out any more Zika dead.
(Note: Forgive me for the simplistic terms used in this post if you have a background in science. I had to make this as brief and succinct as possible for those who don’t have that background.)
Source: Zika virus impairs growth in human neurospheres and brain organoids
BY PATRICIA P. GARCEZ, ERICK CORREIA LOIOLA, RODRIGO MADEIRO DA COSTA, LUIZA M. HIGA, PABLO TRINDADE, RODRIGO DELVECCHIO, JULIANA MINARDI NASCIMENTO, RODRIGO BRINDEIRO, AMILCAR TANURI, STEVENS K. REHEN
SCIENCE13 MAY 2016 : 816-818
Zika virus infection in cell culture models damages human neural stem cells to limit growth and cause cell death.
Zika Studies Using Mice:
F. Cugola et al., “The Brazilian Zika virus strain causes birth defects in experimental models,” Nature, doi:10.1038/nature18296, 2016.
C. Li et al., “Zika virus disrupts neural progenitor development and leads to microcephaly in mice,” Cell Stem Cell, doi:10.1016/j.stem.2016.04.017, 2016.
J. Miner et al., “Zika virus infection during pregnancy in mice causes placental damage and fetal demise,” Cell, doi:10.1016/j.cell.2016.05.008, 2016.
Two cases of Zika in Florida may have been non-travel, non-sexual transmission (NBC News) — With one case identified in Miami-Dade and another in Broward county, Florida is checking for the possibility local mosquitoes may have been the vector of infection. They are also confirming sexual transmission is not a vector. So far there have been 15 recorded cases of infection by sexual transmission in the U.S. and one by lab accident.
I can’t make this clear enough to Congress: you’re playing with lives here, and it’s going to be ugly. It will affect your families if anyone is of childbearing age. I haven’t seen anything in the material I’ve read to date that says definitively studies are underway to verify transmission from Brazil’s Culex quinquefasciatus to humans. There’s a study on the most common U.S.’ Culex pipiens species which showed weak transmission capabilities, but once it’s proven quinquefasciatus can transmit, it’s just a matter of time before more effective pipiens pick up and transmit the virus, and they may already have done so based on the two cases in Florida. GET OFF YOUR BUTTS AND FUND ADEQUATE RESEARCH PRONTO — or risk paying for it in increased health care and other post-birth aid for decades.
SNP’s Angus Robertson: Scotland “on the brink of independence” (The Telegraph) — Robertson, Leader of the Scottish National Party in the House of Commons, is bucking for deputy slot to First Minister Nicola Sturgeon — consider the motive. Sturgeon has been laying groundwork for another independence referendum if there is no other way to keep Scotland in the EU.
Enbridge settles $177 million for 2010 oil pipeline rupture (ICTMN) — Seems light for the largest ever oil spill inside the continental U.S., and their subsequent half-assed attempts to clean up the mess. Check the photo in the story and imagine that happening under the Straits of Mackinac between Lakes Huron and Michigan. How did it take them so long not to know what had happened and where?
Cable lobby counters FCC pressure on set-top boxes (Ars Technica) — Sure, they’ll yield to the FCC on set-top boxes, but they won’t offer DVR service and each cable provider with 1 million subscribers or more will be responsible for their own apps. Cable lobby claims copyright issues are a concern with the DVR service; is that a faint whiff of MPAA I smell?