A Bit about Dossiers: You’ve Been Eating this FUD for Years

/74 Comments/in , /by

NB: Note the byline — this is Rayne, with what might be another minority report.

Once upon a time in a nearby galaxy in the not-too-distant past, I worked in competitive intelligence. I gathered information about large technology companies’ competitors and summarized it into reports — dossiers, if you will. These firms made product decisions after reading these reports. Thanks to non-disclosure agreements I can’t tell you which companies or products, but know that if you are reading this you have been in contact with their goods and/or the long-term impact of their products and services.

The technology you’ve used or been in contact with has been shaped by these same dossiers.

My research was based on publicly available information. No sneaking around inside fence lines with false identification or hacking servers and networks to pry open locked-away goods. No flights overseas to slink through alleys into dark pubs with shady characters. I was armed with my native curiosity, a decent computer, both internet and library access, and a background in Fortune 500 report writing.

These companies took my work and used it in what is corporate warfare. It goes on around you every day, skirmishes and battles for your wallet and attention, volleys lobbed by hard and soft goods manufacturers and retailers, by firms selling services and intangibles. You think of this as marketing and often consciously blow it off.

Some of this corporate warfare is negative, openly bashing competitors based on comparative price and quality. But some of it is far more insidious; it attacks brands in a way designed to inspire long-term avoidance of entire product lines and brand names, and based on fairly flimsy information. Sometimes it’s just plain false — truly false misinformation and plausible disinformation.

But isn’t some of this fraud, you might ask? Hah-hah. Good luck proving it and making a case. Disinformation is particularly weaselly because it is plausibly true, plausibly deniable.

And I would bet dollars to donuts you’ve made tens and hundreds of purchasing decisions in your lifetime based on disinformation, perhaps even disinformation created from my dossiers. This is the point of corporate disinformation campaigns: to dissuade you from supporting their competition.

As a researcher I often ran into laundered information. For example, it might be disseminated as a small press release in another country in a language Americans don’t often bother to acquire any level of fluency. The press release may get picked up in another country, then by an English language media outlet which reports the content now two degrees from origin as news. Presto: what was once the direct output of a corporate entity is now news upon which buyers make decisions.

Is there media complicity here? Sure, to some degree; the point of origin may be lost and the first news outlets may not perceive the importance of information’s provenance because to them the origin is still visible; witness this week’s reporting by U.S. news outlets all ultimately relying on a single German business paper’s report. But the news media doesn’t bear all the culpability here. News consumers in the U.S. have been notoriously lax in validating content for decades.

It’s unsurprising given the antiquity of the admonishment, Caveat emptor. It has long been a problem that consumers of goods whether information or products and services must be more skeptical before committing their wallets and health, let alone their votes.

Social media has only made the job of laundering information even easier, between the number of washings platforms can offer and the automation of repetition, scale, and dispersion, all for a pittance. Over the last ten years the work I did as a researcher has become incredibly difficult; tracing the origin of a single piece of highly controversial or relatively arcane news originating overseas is like swimming against a mighty current.

And much of that current is deliberately crafted “alternative narrative” (pdf) — disinformation.

You may look askance at information laundering about products and services. Don’t. My own work was laundered not once but twice that I’m aware of. I wasn’t a marketing department employee at the firms which contracted competitive intel research. Nor was I an employ of the small firm contracted by these Fortune 100-1000 firms needing my services. That’s two removes and I am sure there was at least one more — the work I did was probably restated and re-presented internally, at a minimum.

Immaculate information conception — you were sold a bill of goods without knowing I was at the other end of the food chain. You never saw my fingerprints, heard my heels on the pavement, or caught a whiff of my perfume, even though in one way or another you have been touched in the last decade by decisions made based on my research.

~ | ~

You have been eating the FUD prepared for you — fear, uncertainty and doubt which gave you pause and made you choose something else. FUD has long been a tactic of technology companies; billions in sales have relied on its use. Entire industries have depended on it, created wholly from competitive intelligence dossiers like those I’ve prepared.

And yet concern trolls tell you Russia wasn’t a factor during the 2016 and that ‘fake news’ played no role whatsoever in Trump’s election? Bullshit. Russia’s culture and government make Silicon Valley look like pikers when it comes to the development and use of FUD. Social media and the decades-long reflexivity of right-wing media only served to weaponize Russia’s FUD against the U.S. We never saw it coming because we bought our own nonsense disinfo of American exceptionalism and western democracy’s inviolability.

Out there on the internet in either social media, public records, or leaked data is your voter records, disclosing your location, your state/congressional district/precinct, your voting habits; your vehicle records, your home address; your telephone number, your social media accounts and the network of family and friends and businesses with which you choose to associate. Add your purchasing habits from buyers’ loyalty cards and subscriptions, your fast food purchases when not made with cash. Your debts, whether your small business’ Dun & Bradstreet report, your mortgage, and now your personal credit record (thank you so much, Equifax). Your entire life can be digitally reconstructed to reveal your soft underbelly: what is it that makes you wake up at night in a cold sweat?

It takes little for corporations to identify and target you with an ad to make you doubt another company’s product. I don’t even have to weed through all sources I once mined and aggregated to tell them what you were thinking about Competitor X’s product Y. You’ve already told the world and the places you’ve connected to have shared it. There are simple algorithms to harvest what’s needed, quickly and cheaply.

You are not exceptional nor inviolable because you have been conditioned to exist in this information matrix. You have made little effort to pan golden fact from streams of manufactured information, too eager to swallow misinfo and disinfo because it’s easy — plausible, palatable, hits you right where you are most sensitive and vulnerable.

And yet concern trolls tell you a competing nation-state wouldn’t have used this against you, inserting FUD in a way that furthers their interests above our own, though trillions of dollars benefit at least one nation-state to do so? Though a competing nation-state’s disinformation campaign may have a very low benchmark of success, merely to dissuade you from wholeheartedly supporting restrictions against them?

Hah. Sucker. I have some technology to sell you.

~ | ~

Now here’s the part where I get annoyed with the friction over the Steele dossier. I have reasonable confidence in Steele’s findings. But this doesn’t put me in the same camp as folks who believe the dossier is gospel truth waiting to be decoded into trial-worthy evidence. My confidence separates me from those who pooh-pooh the dossier as ‘fake news’.

The fundamental problem with the public’s understanding of the dossier is the dossier’s utility. It is like the documents I prepared for technology companies — a competitive intelligence report, designed to inform its purchaser about the weaknesses and threats a competitor poses, or the most sensitive point where a competitor can be attacked. It’s not a full-blown SWOT analysis (strengths, weaknesses, opportunities, threats) as the dossier is an external view; it’s closer to an inverted SWOT looking at a competitor excluding any internal perception of the client and its place in the market. It also doesn’t have to be one hundred percent accurate — just reasonably close for the marketing equivalent of a grenade or a Daisy Cutter as the situation dictates.

The friction on the left exists because nearly everyone with a published opinion on the Steele dossier doesn’t see it as a marketing document which should have helped a purchaser develop the political equivalent of the Four Ps — product, placement, promotion (pricing doesn’t really work here, apart from ensuring messaging includes the opportunity costs of electing the right/wrong candidate).

The Clinton campaign nor the dossier-purchasing campaign before it would not necessarily take the Steele dossier as evidence in a legal sense, just as the marketing documents I prepared weren’t evidence. I didn’t get sworn statements and multiple corroborating witnesses to disclose what competing technology companies were doing; neither did Christopher Steele or his intermediary client(s) do this about candidate Trump. (It kind of runs up a flag to your targets when you ask a witness to swear out a statement in front of a notary — so much for gaining a competitive edge.) But just as the firms who bought my services trusted me to gather reasonably accurate information sufficient to make a marketing decision, so, too, did Steele’s clients trust him to do the same. (Just as an aside, it’s rather amusing so few ask how such trust is generated.)

In short, competitive intelligence dossiers are not evidentiary. They’re aggregations of reasonably accurate information for the purpose of making a marketing decision, whether the dossier’s user is a product, service, or a campaign. They help a client look forward. They aren’t designed to lock down and set in stone facts for retrospection. And in most cases, competitive intelligence dossiers try to capture a moving target; they work within a narrow time frame because the field can change rapidly.

Think about a technology company approaching someone like me today for competitive intelligence. What use would the dossiers I prepared years ago be today? They don’t capture the competitive environment in which products now go head to head. I can think of multiple competitors I followed and wrote about in my dossiers which no longer exist. In the technology sector, the landscape can change overnight. What in the Steele dossier has changed if a Trump competitor were to try and use it today?

Argue all you want about the Steele dossier. In the mean time, the competition has been drafting a more fluid dossier on us, shifting their information warfare, I mean, campaign to persuade us to their cause or to our detriment, serving up fresh, hot FUD you may all too willingly consume. For all you know, the friction itself is a direct result of disinfo-created FUD.

10 Years of emptywheel: Key Non-Surveillance Posts 2016-2017

/1 Comment/in , , /by

Happy Birthday to me! To us! To the emptywheel community!

On December 3, 2007, emptywheel first posted as a distinct website. That makes us, me, we, ten today.

To celebrate, over the next few days, the emptywheel team will be sharing some of our favorite work from the last decade. I’ll be doing probably 3 posts featuring some of my most important or — in my opinion — resilient non-surveillance posts, plus a separate post bringing together some of my most important surveillance work. I think everyone else is teeing up their favorites, too.

Putting together these posts has been a remarkable experience to see where we’ve been and the breadth of what we’ve covered, on top of mainstays like surveillance. I’m really proud of the work I’ve done, and proud of the community we’ve maintained over the years.

For years, we’ve done this content ad free, relying on donations and me doing freelance work for others to fund the stuff you read here. I would make far more if I worked for some free-standing outlet, but I wouldn’t be able to do the weedy, iterative work that I do here, which would amount to not being able to do my best work.

If you’ve found this work valuable — if you’d like to ensure it remains available for the next ten years — please consider supporting the site.

2016

Why Doesn’t Dianne Feinstein Want to Prevent Murders Like those Robert Dear Committed?

I’ve written a lot about how the focus on Islamic terrorism, based on a claim it’s foreign, creates gross inequalities for Muslims in this country, and does nothing to address some of our most dangerous mass killers (as the Stephen Paddock massacre in Las Vegas makes all too clear). This post is one of that series. It focuses on how the ill-advised efforts to use the No Fly List to create a list of those who couldn’t own guns would be discriminatory and wouldn’t add much to safety.

“Only Facts Matter:” Jim Comey Is Not the Master Bureaucrat of Integrity His PR Sells Him As

From the periods when Jim Comey was universally revered as a boy scout through those when Democrats blamed him for giving us Trump (through the time Democrats predictably flip flopped on that point), I have consistently pointed to a more complicated story, particularly with regards to surveillance and torture. I think the lesson of Comey isn’t so much he’s a bad person — it’s that he’s human, and no human fits into the Manichean world of good guys and bad guys that he viewed justice through.

NSA and CIA Hacked Enrique Peña Nieto before the 2012 Election

As Americans came to grips with the fact that Russia had hacked Democrats to influence last year’s election, many people forgot that the US does the same. And it’s not even just in the bad old days of Allen Dulles. The Snowden documents revealed that NSA and CIA hacked Enrique Peña Nieto in the weeks before he was elected in 2012. The big difference is we don’t know what our spooks did with that information.

Why Is HPSCI’s Snowden Report So Inexcusably Shitty?

In 2016, HPSCI released its Devin Nunes-led investigation into Edward Snowden’s leaks. It was shitty. Really shitty.

Now that the HPSCI investigation into the Russian hack (which has not been subjected to the same limitations as the Snowden investigation was) has proven to be such a shit show, people should go back and review how shitty this review was (including its reliance on Mike Flynn’s inflammatory claims). There absolutely should have been a review of Snowden’s leaks. But this was worse than useless.

Look Closer to Home: Russian Propaganda Depends on the American Structure of Social Media

As people began to look at the role of fake news in the election, I noted that we can’t separate the propaganda that supported Trump from the concentrated platforms that that propaganda exploited. A year later, that’s a big part of what the Intelligence Committees have concluded.

The Evidence to Prove the Russian Hack

In this post I did a comprehensive review of what we knew last December about the proof Russia was behind the tampering in last year’s election.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

Last year, in a speech on the hack, Obama focused more on America’s vulnerability that made it possible for Russia to do so much damage than he did on attacking Putin. I think it’s a really important point, one I’ve returned to a lot in the last year.

The Shadow Brokers: “A Nice Little NSA You’ve Got Here; It’d Be a Shame If…”

In December, I did a review of all the posts Shadow Brokers had done and suggested he was engaged in a kind of hostage taking, threatening to dump more NSA tools unless the government met his demands. I was particularly interested in whether such threats were meant to prevent the US from taking more aggressive measures to retaliate against Russia for the hack.

2017

On “Fake News”

After getting into a bunch of Twitter wars over whether we’re at a unique moment with Fake News, I did this post, which I’ve often returned to.

How Hal Martin Stole 75% of NSA’s Hacking Tools: NSA Failed to Implement Required Security Fixes for Three Years after Snowden

The government apparently is still struggling to figure out how its hacking tools (both NSA and CIA) got stolen. I noted back in January that an IG report from 2016 showed that in the three years after Snowden, the IC hadn’t completed really basic things to make itself more safe from such theft.

The Doxing of Equation Group Hackers Raises Questions about the Legal Role of Nation-State Hackers

One thing Shadow Brokers did that Snowden and WikiLeaks, with its Vault 7 releases, have not is to reveal the identities of NSA’s own hackers. Like DOJ’s prosecution of nation-state hackers, I think this may pose problems for the US’ own hackers.

Reasons Why Dems Have Been Fucking Stupid on the Steele Dossier: a Long Essay

I believe Democrats have been ill-advised to focus their Russia energy on the Steele dossier, not least because there has been so much more useful reporting on the Russia hack that the Steele dossier only makes their case more vulnerable to attack. In any case, I continue to post this link, because I continue to have to explain the dossier’s problems.

Other Key Posts Threads

10 Years of emptywheel: Key Non-Surveillance Posts 2008-2010

10 Years of emptywheel: Key Non-Surveillance Posts 2011-2012

10 Years of emptywheel: Key Non-Surveillance Posts 2013-2015

[Photo: Emily Morter via Unsplash]

K. T. McFarland’s Big Fat Email [UPDATED]

/51 Comments/in , /by

[NB: Update at the bottom of this post.]

I am posting this on the fly, haven’t yet fully digested what I just read. All I can really do right now is roll my eyes as I wave my hands in the air and scream about the stupid that burns.

You need to read this article, Emails Dispute White House Claims That Flynn Acted Independently on Russia; this bit in particular just boggles my mind although it’s not the only thing in this article which made me ululate.

Excerpt, The New York Times

And of course it’s Obama’s or the Democratic Party’s fault she was taken out of context here. Uh-huh. And Clinton should be impeached.

This bit is nearly as mind-blowingly whack:

Excerpt, The New York Times

“Political malpractice” is not the first thing that comes to mind here, Mr. Cobb.

UPDATE — 9:00 PM EST —

NYT’s Michael Schmidt has now provided K. T. McFarland’s full quote to clarify what was meant in the email.

We’re supposed to believe the context is about spin McFarland anticipated Obama (or the unspecified Democrats in the NYT’s article) would employ against Trump.

However lawyer Ty Cobb’s explainer-cum-apologia doesn’t sound like McFarland and others on the transition team were merely indulging in speculation.

Any time now I expect someone in the administration will not only say openly that Trump authorized the transition team to discuss dropping the sanctions, but that it isn’t illegal when the president does it.

Except in the U.S. we only have one president at a time.

Throwing H2O on the Pompeo to State Move

/20 Comments/in , , , /by

I could be totally wrong, but I don’t think the reported plan for Rex Tillerson to step down, to be replaced by Mike Pompeo, who in turn will be replaced by Tom Cotton (or maybe Admiral Robert Harward because Republicans can’t afford to defend an Arkansas Senate seat), will really happen.

The White House has developed a plan to force out Secretary of State Rex W. Tillerson, whose relationship with President Trump has been strained, and replace him with Mike Pompeo, the C.I.A. director, perhaps within the next several weeks, senior administration officials said on Thursday.

Mr. Pompeo would be replaced at the C.I.A. by Senator Tom Cotton, a Republican from Arkansas who has been a key ally of the president on national security matters, according to the White House plan. Mr. Cotton has signaled that he would accept the job if offered, said the officials, who insisted on anonymity to discuss sensitive deliberations before decisions are announced.

I say that for two reasons.

First, because of all the evidence that Mike Flynn is working on a plea deal. Particularly given that Mueller has decided he doesn’t need any more evidence of Flynn’s corrupt dealings with Turkey, I suspect his leverage over Flynn has gone well beyond just those crimes (which, in turn, is why I suspect Flynn has decided to flip).

I think that when the plea deal against Flynn is rolled out, it will be associated with some fairly alarming allegations against him and others, allegations that will dramatically change how willing Republicans are to run interference for Trump in Congress.

If I’m right about that, it will make it almost impossible for Pompeo to be confirmed as Secretary of State. Already, Senate Foreign Relations Committee Chair Bob Corker, who’d oversee the confirmation, is sending signals he’s not interested in seeing Pompeo replace Tillerson.

“I could barely pick Pompeo out of a lineup” Sen. Bob Corker (R-Tenn.), chairman of the Senate Foreign Relations Committee, said Thursday morning.

Already, Pompeo’s cheerleading of Wikileaks during the election should have been disqualifying for the position of CIA Director. That’s even more true now that Pompeo himself has deemed them a non-state hostile intelligence service.

Add in the fact that Pompeo met with Bill Binney to hear the skeptics’ version of the DNC hack, and the fact that Pompeo falsely suggested that the Intelligence Community had determined Russia hadn’t affected the election. Finally, add in the evidence that Pompeo has helped Trump obstruct the investigation and his role spying on CIA’s own investigation into it, and there’s just far too much smoke tying Pompeo to the Russian operation.

All that will become toxic once Mike Flynn’s plea deal is rolled out, I believe.

So between Corker and Marco Rubio, who both treat Russia’s hack of the election with real seriousness (remember, too, that Rubio himself was targeted), I don’t see how Pompeo could get out of the committee.

But there’s another reason I don’t think this will happen. I suspect it — like earlier threats to replace Jeff Sessions — is just an attempt to get Tillerson to hew the Administration line on policy. The NYT cites Tillerson’s difference of opinion on both North Korea and Iran.

Mr. Trump and Mr. Tillerson have been at odds over a host of major issues, including the Iran nuclear deal, the confrontation with North Korea and a clash between Arab allies. The secretary was reported to have privately called Mr. Trump a “moron” and the president publicly criticized Mr. Tillerson for “wasting his time” with a diplomatic outreach to North Korea

It’s Iran that’s the big issue, particularly as Jared frantically tries to finish his “peace” “plan” before he gets arrested himself. The fact that Trump has floated Cotton as Pompeo’s replacement is strong support for the notion that this is about forcing Tillerson to accept the Administration lies about Iran and the nuclear deal: because Cotton, more than anyone else, has been willing to lie to oppose the deal.

Trump is basically saying that unless Tillerson will adopt the lies the Administration needs to start a war with Iran, then he will be ousted.

But Tillerson’s claim that he doesn’t need to replace all the people who’ve left state because he thinks a lot of domestic issues will be solved soon seems to reflect that he’s parroting the Administration line now.

Obviously, there’s no telling what will happen, because Trump is completely unpredictable.

But he also likes to use threats to get people to comply.

Update: CNN now reporting I’m correct.

On the Jared and Flynn Stories

/9 Comments/in , /by

Amid reports that Mike Flynn is flipping like a pancake, CNN reported (in addition to a report that Mueller’s team canceled a grand jury appearance for former Flynn business associates) that Jared Kushner was asked a bunch of questions about Flynn in an interview earlier this month.

Before reading the details CNN provides, however, consider this line in the story:

It’s not clear that this is the only time that Kushner will meet with the special counsel’s team.

That is, the subtext here is that, even as Mueller’s team preps a plea deal with Flynn, he’s well aware that he remains a key target in conjunction with Flynn events, and may get hauled back before Mueller’s team for all the other stuff. Effectively, they were locking in Kushner’s testimony — including, presumably, about what kind of permission/instructions Flynn had to engage in the corrupt foreign deals he was pushing — from Kushner and his pop-in-law before flipping Flynn.

So here’s how CNN describes the Flynn questions:

Mueller’s team specifically asked Kushner about former national security advisor Michael Flynn, who is under investigation by the special counsel, two sources said. Flynn was the dominant topic of the conversation, one of the sources said.

[snip]

The conversation lasted less than 90 minutes, one person familiar with the meeting said, adding that Mueller’s team asked Kushner to clear up some questions he was asked by lawmakers and details that emerged through media reports. One source said the nature of this conversation was principally to make sure Kushner doesn’t have information that exonerates Flynn.

The meeting took place around the same time the special counsel asked witnesses about Kushner’s role in the firing of former FBI Director James Comey and his relationship with Flynn, these people said.

That means, as we speak, Flynn is providing his side of this story, and explaining why Jared was so intent on firing Mueller because Mueller was actively investigating Flynn.

As I’ve long said, you get to Jared through Flynn. It seems like Jared’s team is now hoping he gets a second chance at testimony before he gets busted himself.

The Russian Metadata in the Shadow Brokers Dump

/29 Comments/in , /by

When I first noted, back in April, that there was metadata in one of the Shadow Brokers dumps, I suggested two possible motives for the doxing of several NSA hackers. First (assuming Russia had a role in the operation), to retaliate against US indictments of Russian hackers, including several believed to be tied to the DNC hack.

A number of the few people who’ve noted this doxing publicly have suggested that it clearly supports the notion that a nation-state — most likely Russia — is behind the Shadow Brokers leak. As such, the release of previously unannounced documents to carry out this doxing would be seen as retaliation for the US’ naming of Russia’s hackers, both in December’s election hacking related sanctions and more recently in the Yahoo indictment, to say nothing of America’s renewed effort to arrest Russian hackers worldwide while they vacation outside of Russia.

But leaving the metadata in the documents might also make the investigation more difficult.

[F]our days before Shadow Brokers started doxing NSA hackers, Shadow Brokers made threats against those who’ve commented on the released Shadow Brokers files specifically within the context of counterintelligence investigations, even while bragging about having gone unexposed thus far even while remaining in the United States.

Whatever else this doxing may do, it will also make the investigation into how internal NSA files have come to be plastered all over the Internet more difficult, because Shadow Brokers is now threatening to expose members of TAO.

With that in mind, I want to look at a Brian Krebs piece that makes several uncharacteristic errors to get around to suggesting a Russian-American might have been the guy who leaked the files in question.

He sets out to read the metadata I noted (but did not analyze in detail, because why make the dox worse?) in April to identify who the engineer was that had NSA files discovered because he was running Kaspersky on his home machine.

In August 2016, a mysterious entity calling itself “The Shadow Brokers” began releasing the first of several troves of classified documents and hacking tools purportedly stolen from “The Equation Group,” a highly advanced threat actor that is suspected of having ties to the U.S. National Security Agency. According to media reports, at least some of the information was stolen from the computer of an unidentified software developer and NSA contractor who was arrested in 2015 after taking the hacking tools home. In this post, we’ll examine clues left behind in the leaked Equation Group documents that may point to the identity of the mysterious software developer.

He links to the WSJ and cites, but doesn’t link, this NYT story on the Kaspersky related breach.

Although Kaspersky was the first to report on the existence of the Equation Group, it also has been implicated in the group’s compromise. Earlier this year, both The New York Times and The Wall Street Journal cited unnamed U.S. intelligence officials saying Russian hackers were able to obtain the advanced Equation Group hacking tools after identifying the files through a contractor’s use of Kaspersky Antivirus on his personal computer. For its part, Kaspersky has denied any involvement in the theft.

Then he turns to NYT’s magnum opus on Shadow Brokers to substantiate the claim the government has investigations into three NSA personnel, two of whom were related to TAO.

The Times reports that the NSA has active investigations into at least three former employees or contractors, including two who had worked for a specialized hacking division of NSA known as Tailored Access Operations, or TAO.

[snip]

The third person under investigation, The Times writes, is “a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer.”

He then turns to the Shadow Brokers’ released metadata to — he claims — identify the two “unnamed” NSA employees and the contractor referenced in The Times’ reporter.”

So who are those two unnamed NSA employees and the contractor referenced in The Times’ reporting?

From there, he points to a guy that few reports that analyzed the people identified in the metadata had discussed, A Russian! Krebs decides that because this guy is Russian he’s likely to run Kaspersky and so he must be the guy who lost these files.

The two NSA employees are something of a known commodity, but the third individual — Mr. Sidelnikov — is more mysterious. Sidelnikov did not respond to repeated requests for comment. Independent Software also did not return calls and emails seeking comment.

Sidelnikov’s LinkedIn page (PDF) says he began working for Independent Software in 2015, and that he speaks both English and Russian. In 1982, Sidelnikov earned his masters in information security from Kishinev University, a school located in Moldova — an Eastern European country that at the time was part of the Soviet Union.

Sildelnikov says he also earned a Bachelor of Science degree in “mathematical cybernetics” from the same university in 1981. Under “interests,” Mr. Sidelnikov lists on his LinkedIn profile Independent Software, Microsoft, and The National Security Agency.

Both The Times and The Journal have reported that the contractor suspected of leaking the classified documents was running Kaspersky Antivirus on his computer. It stands to reason that as a Russian native, Mr. Sildelnikov might be predisposed to using a Russian antivirus product.

Krebs further suggests Sidelnikov must be the culprit for losing his files in the Kaspersky incident because the guy who first pointed him to this metadata, a pentester named Mike Poor, said a database expert like Sidelnikov shouldn’t have access to operational files.

“He’s the only one in there that is not Agency/TAO, and I think that poses important questions,” Poor said. “Such as why did a DB programmer for a software company have access to operational classified documents? If he is or isn’t a source or a tie to Shadow Brokers, it at least begets the question of why he accessed classified operational documents.”

There are numerous problems with Krebs’ analysis — which I pointed out this morning but which he blew off with a really snotty tweet.

First, the NYT story he cites but doesn’t link to notes specifically that the Kaspersky related breach is unrelated to the Shadow Brokers leak, something that I also  pointed out was logically obvious given how long the NSA claimed Hal Martin was behind the Shadow Brokers leak after the government was known to be investigating the Kaspersky related guy.

It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online.

Krebs also misreads the magnum opus NYT story. The very paragraph he quotes from reads like this:

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

That is, there aren’t “two unnamed NSA employees and [a] contractor referenced in The Times’ reporting.” The paragraph he refers to names two of the targets: Hal Martin (the other TAO employee) and Reality Winner. Which leaves just the Kaspersky related guy.

Krebs seemed unaware of the WaPo versions of the story, which include this one where Ellen Nakashima (who was the first to identify this guy last year) described the engineer as a Vietnamese born US citizen. Not a Russian-American, a Vietnamese-American.

Mystery solved Scoob! All without even looking at the Shadow Brokers’ metadata. There’s one more part of the Krebs story which is weird — that he takes the same non-response he got from the known NSA guys doxed by Shadow Brokers from Sidelnikov as somehow indicative of anything, even while if he had been “arrested” as Krebs’ headline mistakenly suggests, then you’d think his phone might not be working at all.

There’s more I won’t say publicly about Krebs’ project, what he really seems to be up to.

But the reason I went through the trouble of pointing out the errors is precisely because Krebs went so far out of his way to find a Russian to blame for … something.

We’ve been seeing Russian metadata in documents for 17 months. Every time such Russian metadata is found, everyone says, Aha! Russians! That, in spite of the fact that the Iron Felix metadata was obviously placed there intentionally, and further analysis showed that some of the other Russian metadata was put there intentionally, too.

At some point, we might begin to wonder why we’re finding so much metadata screaming “Russia”?

Update: After the Vietnamese-American’s guilty plea got announced, Krebs unpublished his doxing post.

A note to readers: This author published a story earlier in the week that examined information in the metadata of Microsoft Office documents stolen from the NSA by The Shadow Brokers and leaked online. That story identified several individuals whose names were in the metadata from those documents. After the guilty plea entered this week and described above, KrebsOnSecurity has unpublished that earlier story.

The Seychelles Meeting Inches Kushner Closer to Quid Pro Quo with Sanctioned Russian Money

/70 Comments/in , , /by

The Intercept has an article that has gotten surprisingly little attention, particularly given the reports that Mike Flynn is prepping to flip on Trump and that the House Intelligence Committee will have Erik Prince testify in its investigation.

It reveals that the previously unknown identity of a Russian that Erik Prince met in the Seychelles in January is the CEO of the Russian Direct Investment Fund.

The identity of the Russian individual was not disclosed, but on January 11, a Turkish-owned Bombardier Global 5000 charter plane flew Kirill Dmitriev, CEO of the Russian Direct Investment Fund, to the Seychelles, flight records obtained by The Intercept show. Dmitriev’s plane was an unscheduled charter flight and flew to the island with two other Russian individuals, both women. The RDIF is a $10 billion sovereign wealth fund created by the Russian government in 2011.

[snip]

Although Prince repeatedly stated he couldn’t remember the Russian’s name — “We didn’t exchange cards” — a spokesperson for Frontier Services Group confirmed to The Intercept in September that Prince “crossed paths” with Dmitriev in the Seychelles.

The article goes on to note that the RDIF separated from its parent company Vnesheconombank in 2016 to evade sanctions.

While it is legal to do business with RDIF in certain circumstances, there are several nuanced restrictions that if ignored or overlooked can easily lead to a violation. The resulting uncertainty has created opportunities for companies and individuals to find loopholes to bypass sanctions.

Analysts say RDIF attempted to do this in 2016 when the fund distanced itself from its parent company, the Russian bank Vnesheconombank, or VEB, which is also subject to U.S. sanctions. Legislation signed by Putin in June 2016 enabled RDIF to transfer its management company, known as the RDIF Management Company LLC, to the Russian Federal Agency for State Property Management.

Sadly, the Intercept article doesn’t lay out the timeline this creates:

Early December: Flynn and Kushner meet with Sergei Kislyak

Later December: At the behest of Kislyak, Kushner meets with Vnesheconombank’s Sergey Gorkov

December: Mohammed bin Zayed holds undisclosed meeting in NY with Kushner and Steve Bannon

December 29: Flynn tells Kislyak Trump will ease sanctions

January 11: At behest of Mohammed bin Zayed, Erik Prince meets with Dmitriev

January 17: Anthony Scaramucci meets with RDIF in Davos

As We Face Our Current Emergency Let’s Not Forget How (and Who) Our Last One Contributed to This One

/31 Comments/in , , /by

All over Twitter yesterday, people introduced this Michael Hayden tweet decrying Trump’s “assault on truth, a free press or the first amendment” by emphasizing that he served as CIA and NSA Director.

They seem to forget that, in the name of supporting expansive executive authority, Hayden lied to Congress, targeted Thomas Drake for his unclassified communications with the press about Hayden’s support for profiteering contractors, and attacked journalists who have covered the Snowden leaks.

Also on Twitter, Ben Wittes wrote a long thread, advocating that “Americans do not need to be actively contesting right now across traditional left-right divisions” so long as “Americans of good faith collectively band together to face a national emergency.”

In a thread that singles out the First Amendment (though not, predictably, the Fourth), Wittes imagines two main entities that might conduct investigations into Trump: law enforcement and “men and women of the bureaucracy who are courageous enough to come forward and assist,” though he follows quickly with a generalized profession that this non-partisan truce he has unilaterally declared also involves supporting the spooks.

Having declared a truce on “important foreign policy questions,” he then emphasizes we have to keep our promises abroad.

And also we have to keep promises about rights.

The two, together, have set off a debate about what our national emergency really is — where Trump came from.

Remarkably, I’ve seen few pointing back to this remarkable Adam Serwer piece on the whiteness that got Trump elected. As he lays out, Trump got elected because white voters cared more about restoring “traditional” race, sex, and class roles than about all the horrible things Trump espoused.

Trump’s great political insight was that Obama’s time in office inflicted a profound psychological wound upon many white Americans, one that he could remedy by adopting the false narrative that placed the first black president outside the bounds of American citizenship. He intuited that Obama’s presence in the White House decreased the value of what W. E. B. Du Bois described as the “psychological wage” of whiteness across all classes of white Americans, and that the path to their hearts lay in invoking a bygone past when this affront had not taken place, and could not take place.

That the legacy of the first black president could be erased by a birther, that the woman who could have been the first female president was foiled by a man who confessed to sexual assault on tape—these were not drawbacks to Trump’s candidacy, but central to understanding how he would wield power, and on whose behalf.

Americans act with the understanding that Trump’s nationalism promises to restore traditional boundaries of race, gender, and sexuality. The nature of that same nationalism is to deny its essence, the better to salve the conscience and spare the soul.

Serwer’s piece is absolutely required reading.

But his exposition largely focuses on the domestic aspect of white supremacy. This paragraph is one of the few that focuses on the last emergency people like Wittes and Hayden screamed un-self critically about, the never-ending war on terror.

In the meantime, more than a decade of war nationalism directed at jihadist groups has shaped Republican attitudes toward Muslims—from seeing them as potential Republican voters in the late 1990s to viewing them as internal enemies currently. War nationalism always turns itself inward, but in the past, wars ended. Anti-Irish violence fell following the service of Irish American soldiers in the Civil War; Germans were integrated back into the body politic after World War II; and the Italians, Jews, and eastern Europeans who were targeted by the early 20th century’s great immigration scare would find themselves part of a state-sponsored project of assimilation by the war’s end. But the War on Terror is without end, and so that national consolidation has never occurred. Again, Trump is a manifestation of this trend rather than its impetus, a manifestation that began to rise not long after Obama’s candidacy.

And there’s no mention of white supremacy’s foreign counterpart, American exceptionalism, which has long led (white male) Americans to believe America had somehow earned its wealth and prestige without, at the same time, hurting the well-being of others around the world, one which has made Trump’s instinct to demand capitulation from other countries so popular.

Both are, after all, about assuming the capitulation of brown people is the natural order we deserve, whether in our neighborhoods or on the other side of the world.

I raise all this because, in addition to the whiteness problem Serwer lays out, I do think the exceptionalism and expansive executive power that Hayden and Wittes have championed are part of what created this emergency as well. Those who created and sustained that last emergency — those who insisted we needed exceptional measures the last time, exceptional measures that gave Trump far more tools with which to violate norms and persecute enemies — want us to divorce this emergency from their own actions that contributed to it and may make it harder to recover from.

By all means, those who newly admit problems with expansive executive power are welcome to join those of us who’ve long been fighting it. But I’m not sure why everyone wants them to take the lead.

How Did Christopher Steele Collect Information after Sources (Allegedly) Dried Up?

/16 Comments/in , /by

Sorry to those who think I’m overly focused on the Christopher Steele dossier, but I’m reading Luke Harding’s book on the Russian investigation, which uses the dossier as a centerpiece. I may do a longer post about what his overall narrative does, but for now there’s a weird paragraph that conveniently is in this long excerpt I want to focus on.

After introducing the first report of the dossier (the one that features the pee tape and dated, non-email kompromat), Harding writes,

The memo was sensational. There would be others, 16 in all, sent to Fusion between June and early November 2016. At first, obtaining intelligence from Moscow went well. For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease. It got harder from late July, as Trump’s ties to Russia came under scrutiny. Finally, the lights went out. Amid a Kremlin cover-up, the sources went silent and information channels shut down.

There are several details that conflict with known facts and/or claimed (in some cases, sworn) ones.

First, Harding suggests there were 16 reports in all. I’m not sure whether he’s suggesting the final total of reports written between June and early November was 16 or whether he’s suggesting there were 16 additional reports in all, for a total of 17. Either way the number works out (there were 17 total reports, one of which was written after November). But that makes the November reference weird. There was no report written in early November. The last known report before the election was dated October 20, and then there wasn’t another one until that December 13 one.

  • 080: June 20, 2016
  • 086: July 26, 2015 (citing events in 2016)
  • 095: not dated
  • 94: July 19, 2016
  • 097: July 30, 2016
  • 100: August 5, 2016
  • 101: August 10, 2016
  • 102: August 10, 2016
  • 136: October 20, 2016
  • 105: August 22, 2016
  • 111: September 14, 2016
  • 112: September 14, 2016
  • 113: September 14, 2016
  • 130: October 12, 2016
  • 134: October 18, 2016
  • 135: October 19, 2016
  • 166: December 13, 2016

In any case, Harding gets the December date sort of correct later in the passage. Except he describes Glenn Simpson giving John McCain the report, dated December 13, before McCain called Jim Comey about it on December 8.

Less than 24 hours later, Kramer returned to Washington. Glenn Simpson then shared a copy of the dossier confidentially with McCain, along with a final Steele memo on the Russian hacking operation, written in December.

McCain believed it was impossible to verify Steele’s claims without a proper investigation. He made a call and arranged a meeting with Comey. Their encounter on 8 December 2016 lasted five minutes. Not much was said. McCain gave Comey the dossier.

I explain the significance of these December dates in this post.

Things are even weirder with the third sentence in this passage.

For around six months – during the first half of the year – Steele was able to make inquiries in Russia with relative ease.

According to the public narrative, Steele wasn’t working for Fusion until the Democrats asked for a Russian focus in June. And the first of his released reports relies on reporting from June. But Harding here suggests Steele was working on it for the six months before that! I pointed to circumstantial evidence that Fusion paid Steele on March 22, April 6, and May 25, in payments they don’t associate with Perkins Coie, in addition to the payments that were probably to him on July 13, August 2, September 1, October 5, and November 1.

Now check out the following sentences. Starting in “late July … the lights went out and … the sources went silent and information channels shut down.”

As the timeline above makes clear, the numbering in the dossier gets funky almost immediately, but the most likely reading suggests after that first, June 20 report, there are 4 reports from late July, and the remaining 12 reports all postdate late July. Report 100, the first post-July one, is sourced to “early August 2016” (and dated August 5).

Now, maybe the paragraph is just totally screwy. But if there’s any basis in fact to it, it suggests the public timeline is wrong (something which may be backed by the payments). More importantly, it suggests Steele’s extensive (albeit very indirect) network of sources stopped providing intelligence not long after he allegedly started his inquiry.

Did the Steele Dossier Lead the Democrats To Be Complacent after They Got Hacked?

/46 Comments/in , , /by

I get asked, a lot, why I obsess over the Steele dossier. A lot of people believe that even if the dossier doesn’t pan out, it doesn’t matter because Mueller’s investigation doesn’t depend on it. I’d be more sympathetic to that view if people like Adam Schiff and John Podesta didn’t keep invoking the dossier in ways that makes their legitimate concerns easy to discredit.

But I now believe the dossier may have done affirmative damage.

Consider the timeline.

Perkins Coie lawyer Marc Elias reportedly engaged Fusion for opposition research in April (their first payment was May 24).

April 26, Joseph Mifsud told George Papadopoulos that Russians said they had “dirt” on Hillary Clinton, in the form of emails.

April 29, the DNC discovered they had been hacked. Perkins Coie partner Michael Sussman had a key role in their response.

“Not sure it is related to what the F.B.I. has been noticing,” said one internal D.N.C. email sent on April 29. “The D.N.C. may have been hacked in a serious way this week, with password theft, etc.”

No one knew just how bad the breach was — but it was clear that a lot more than a single filing cabinet worth of materials might have been taken. A secret committee was immediately created, including Ms. Dacey, Ms. Wasserman Schultz, Mr. Brown and Michael Sussmann, a former cybercrimes prosecutor at the Department of Justice who now works at Perkins Coie, the Washington law firm that handles D.N.C. political matters.

“Three most important questions,” Mr. Sussmann wrote to his clients the night the break-in was confirmed. “1) What data was accessed? 2) How was it done? 3) How do we stop it?”

Sometime in May, Robert Johnston (who then worked at Crowdstrike) briefed the DNC on the hack. He told them how much data had been stolen, but he told them intelligence hackers generally don’t do anything with the stolen data.

When he briefed the DNC in that conference room, Johnston presented a report that basically said, “They’ve balled up data and stolen it.” But the political officials were hardly experienced in the world of intelligence. They were not just horrified but puzzled. “They’re looking at me,” Johnston recalled, “and they’re asking, ‘What are they going to do with the data that was taken?’”

Back then, no one knew. In addition to APT 29, another hacking group had launched malware into the DNC’s system. Called APT 28, it’s also associated Russian intelligence. Andrei Soldatov, a Russian investigative journalist and security expert, said it’s not crystal clear which Russian spy service is behind each hacker group, but like many other cybersecurity investigators, he agreed that Russian intelligence carried out the attack.

So, Johnston said, “I start thinking back to all of these previous hacks by Russia and other adversaries like China. I think back to the Joint Chiefs hack. What did they do with this data? Nothing. They took the information for espionage purposes. They didn’t leak it to WikiLeaks.”

So, Johnston recalled, that’s what he told the DNC in May 2016: Such thefts have become the norm, and the hackers did not plan on doing anything with what they had purloined.

May 25 was likely the date on which the last emails shared with Wikileaks got exfiltrated.

On June 9, Natalia Veselnitskaya met with Don Jr, Jared Kushner, and Paul Manafort at Trump Tower. Both at a Prevezon court hearing that morning and after the Trump Tower meeting, she reportedly met with Fusion’s Glenn Simpson. Though there’s no sign of Baker Hostetler paying for any services anytime near that meeting. Sometime Fusion associate Rinat Akhmetshin accompanied Veselnitskaya to the meeting; it’s possible he was paid for work in June.

Sometime in “mid-June,” the Perkins Coie lawyer Sussman and the DNC first met with the FBI about the hack. They asked the FBI to attribute the hack to Russia.

The D.N.C. executives and their lawyer had their first formal meeting with senior F.B.I. officials in mid-June, nine months after the bureau’s first call to the tech-support contractor. Among the early requests at that meeting, according to participants: that the federal government make a quick “attribution” formally blaming actors with ties to Russian government for the attack to make clear that it was not routine hacking but foreign espionage.

“You have a presidential election underway here and you know that the Russians have hacked into the D.N.C.,” Mr. Sussmann said, recalling the message to the F.B.I. “We need to tell the American public that. And soon.”

The FBI would not attribute the hack formally until the following year.

On June 14, the DNC placed a story with the WaPo, spinning the hack to minimize the damage done.

On June 15, Guccifer 2.0 started posting. In his first post, he proved a number of the statements Crowdstrike or Democrats made to the WaPo were wrong, including that:

  • The hackers took just two documents
  • Only Trump-related documents had been stolen
  • Hillary’s campaign had not been hacked
  • The DNC had responded quickly
  • No donor information had been stolen

Now, you’d think this (plus Julian Assange’s claim to have Hillary emails) would alert the Democrats that Johnston’s advice — that the Russians probably wouldn’t do anything with the data they stole — was wrong. Except that (as far as is publicly known) none of the documents Guccifer 2.0 leaked in that first batch were from the DNC.

Around this same time, Perkins Coie lawyer Marc Elias asked Fusion to focus on Trump’s Russian ties, which led to Christopher Steele’s involvement in the already started oppo effort.

On June 20, Perkins Coie would have learned from a Steele report that the dirt Russia had on Hillary consisted of “bugged conversations she had on various visits to Russia and intercepted phone calls rather than any embarrassing conduct.” It would also have learned that “the dossier however had not yet been made available abroad, including to TRUMP or his campaign team.”

On July 19, Perkins Coie would have learned from a Steele report that at a meeting with a Kremlin official named Diyevkin which Carter Page insists didn’t take place, Diyevkin “rais[ed] a dossier of ‘kompromat’ the Kremlin possessed on TRUMP’s Democratic presidential rival, Hillary CLINTON, and its possible release to the Republican’s campaign team.” At that point in time, the reference to kompromat would still be to intercepted messages, not email.

On July 22, Wikileaks released the first trove of DNC emails.

On July 26 — days after Russian-supplied emails were being released to the press — Perkins Coie would receive a Steele report (based on June reporting) that claimed FSB had the lead on hacking in Russia. And the report would claim — counter to a great deal of publicly known evidence — that “there had been only limited success in penetrating the ‘first tier’ foreign targets.” That is, even after the Russian hacked emails got released to the public, Steele would still be providing information to the Democrats suggesting there was no risk of emails getting released because Russians just weren’t that good at hacking.

It appears likely that the Democrats asked Fusion to focus on Russia because they believed they had been badly hacked by Russia.

Everything they learned (and would have learned, if the June reporting on cybersecurity had been produced in timely fashion) between the time they were hacked and when Wikileaks would start releasing massive amounts of emails would have told the Democrats that the Russians hadn’t really succeeded with their hacking, and any kompromat they had on Hillary was not emails, but instead dated intercepts. The Steele dossier would have led them to be complacent, rather than prepping for the onslaught of the emails.

We don’t know how Steele’s intelligence was used within the party. But if they had paid attention to it, it would have done affirmative damage, because it might have led them to continue to rely on Johnston’s opinion that the stolen emails weren’t coming out.

image_print