The Compartments in WaPo’s Russian Hack Magnum Opus

The WaPo has an 8300 word opus on the Obama Administration’s response to Russian tampering in the election. The article definitely covers new ground on the Obama effort to respond while avoiding making things worse, particularly with regards to imposing sanctions in December. It also largely lays out much of the coverage the three bylined journalists (Greg Miller, Ellen Nakashima, and Adam Entous) have broken before, with new details. The overall message of the article, which has a number of particular viewpoints and silences, is this: Moscow is getting away with their attack.

“[B]ecause of the divergent ways Obama and Trump have handled the matter, Moscow appears unlikely to face proportionate consequences.”

The Immaculate Interception: CIA’s scoop

WaPo starts its story about how Russia got away with its election op with an exchange designed to make the non-response to the attack seem all the more senseless. It provides a dramatic description of a detail these very same reporters broke on December 9: Putin, who was personally directing this effort, was trying to elect Trump.

Early last August, an envelope with extraordinary handling restrictions arrived at the White House. Sent by courier from the CIA, it carried “eyes only” instructions that its contents be shown to just four people: President Barack Obama and three senior aides.

Inside was an intelligence bombshell, a report drawn from sourcing deep inside the Russian government that detailed Russian President Vladi­mir Putin’s direct involvement in a cyber campaign to disrupt and discredit the U.S. presidential race.

[snip]

The material was so sensitive that CIA Director John Brennan kept it out of the President’s Daily Brief, concerned that even that restricted report’s distribution was too broad. The CIA package came with instructions that it be returned immediately after it was read.

[snip]

In early August, Brennan alerted senior White House officials to the Putin intelligence, making a call to deputy national security adviser Avril Haines and pulling national security adviser Susan Rice side after a meeting before briefing Obama along with Rice, Haines and McDonough in the Oval Office.

While the sharing of this information with just three aides adds to the drama, WaPo doesn’t consider something else about it. The inclusion of Rice and McDonough totally makes sense. But by including Avril Haines, Brennan was basically including his former Deputy Director who had moved onto the DNSA position, effectively putting two CIA people in a room with two White House people and the President. Significantly, Lisa Monaco — who had Brennan’s old job as White House Homeland Security Czar and who came from DOJ and FBI before that — was reportedly excluded from this initial briefing.

There are a number of other interesting details about all this. First, for thousands of wordspace, the WaPo presents this intelligence as irreproachable, even while providing this unconvincing explanation of why, if it is so secret and solid, the CIA was willing to let WaPo put it on its front page.

For spy agencies, gaining insights into the intentions of foreign leaders is among the highest priorities. But Putin is a remarkably elusive target. A former KGB officer, he takes extreme precautions to guard against surveillance, rarely communicating by phone or computer, always running sensitive state business from deep within the confines of the Kremlin.

The Washington Post is withholding some details of the intelligence at the request of the U.S. government.

If this intelligence is so sensitive, why is even the timing of its collection being revealed here, much less its access to Putin?

That seemingly contradictory action is all the more curious given that not all agencies were as impressed with this intelligence as CIA was. It’s not until much, much later in its report until WaPo explains what remains true as recently as Admiral Rogers’ latest Congressional testimony: the NSA wasn’t and isn’t as convinced by CIA’s super secret intelligence as CIA was.

Despite the intelligence the CIA had produced, other agencies were slower to endorse a conclusion that Putin was personally directing the operation and wanted to help Trump. “It was definitely compelling, but it was not definitive,” said one senior administration official. “We needed more.”

Some of the most critical technical intelligence on Russia came from another country, officials said. Because of the source of the material, the NSA was reluctant to view it with high confidence.

By the time this detail is presented, the narrative is in place: Obama failed to respond adequately to the attack that CIA warned about back in August.

The depiction of this top-level compartment of just Brennan, Rice, McDonough, and Haines is interesting background, as well, for the depiction of the way McDonough undermined a State Department plan to institute a Special Commission before Donald Trump got started.

Supporters’ confidence was buoyed when McDonough signaled that he planned to “tabledrop” the proposal at the next NSC meeting, one that would be chaired by Obama. Kerry was overseas and participated by videoconference.

To some, the “tabledrop” term has a tactical connotation beyond the obvious. It is sometimes used as a means of securing approval of an idea by introducing it before opponents have a chance to form counterarguments.

“We thought this was a good sign,” a former State Department official said.

But as soon as McDonough introduced the proposal for a commission, he began criticizing it, arguing that it would be perceived as partisan and almost certainly blocked by Congress.

Obama then echoed McDonough’s critique, effectively killing any chance that a Russia commission would be formed.

Effectively, McDonough upended the table on those (which presumably includes the CIA) who wanted to preempt regular process.

Finally, even after  these three WaPo journalists foreground their entire narrative with CIA’s super duper scoop (that NSA is still not 100% convinced is one), they don’t describe their own role in changing the tenor of the response on December 9 by reporting the first iteration of this story.

“By December, those of us working on this for a long time were demoralized,” said an administration official involved in the developing punitive options.

Then the tenor began to shift.

On Dec. 9, Obama ordered a comprehensive review by U.S. intelligence agencies of Russian interference in U.S. elections going back to 2008, with a plan to make some of the findings public.

The WaPo’s report of the CIA’s intelligence changed the tenor back in December, and this story about the absence of a response might change the tenor here.

Presenting the politics ahead of the intelligence

The WaPo’s foregrounding of Brennan’s August scoop is also important for the way they portray the parallel streams of the intelligence and political response. It portrays the Democrats’ political complaints about Republicans in this story, most notably the suggestion that Mitch McConnell refused to back a more public statement about the Russian operation when Democrats were pushing for one in September. That story, in part because of McConnell’s silence, has become accepted as true.

Except the WaPo’s own story provides ample evidence that the Democrats were trying to get ahead of the formal intelligence community with respect to attribution, both in the summer, when Clapper only alluded to Russian involvement.

Even after the late-July WikiLeaks dump, which came on the eve of the Democratic convention and led to the resignation of Rep. Debbie Wasserman Schultz (D-Fla.) as the DNC’s chairwoman, U.S. intelligence officials continued to express uncertainty about who was behind the hacks or why they were carried out.

At a public security conference in Aspen, Colo., in late July, Director of National Intelligence James R. Clapper Jr. noted that Russia had a long history of meddling in American elections but that U.S. spy agencies were not ready to “make the call on attribution” for what was happening in 2016.

And, more importantly, in the fall, when the public IC attribution came only after McConnell refused to join a more aggressive statement because the intelligence did not yet support it (WaPo makes no mention of it, but DHS’s public reporting from late September still attributed the the threat to election infrastructure to “cybercriminals and criminal hackers”).

Senate Majority Leader Mitch McConnell (R-Ky.) went further, officials said, voicing skepticism that the underlying intelligence truly supported the White House’s claims. Through a spokeswoman, McConnell declined to comment, citing the secrecy of that meeting.

Key Democrats were stunned by the GOP response and exasperated that the White House seemed willing to let Republican opposition block any pre-election move.

On Sept. 22, two California Democrats — Sen. Dianne Feinstein and Rep. Adam B. Schiff — did what they couldn’t get the White House to do. They issued a statement making clear that they had learned from intelligence briefings that Russia was directing a campaign to undermine the election, but they stopped short of saying to what end.

A week later, McConnell and other congressional leaders issued a cautious statement that encouraged state election officials to ensure their networks were “secure from attack.” The release made no mention of Russia and emphasized that the lawmakers “would oppose any effort by the federal government” to encroach on the states’ authorities.

When U.S. spy agencies reached unanimous agreement in late September that the interference was a Russian operation directed by Putin, Obama directed spy chiefs to prepare a public statement summarizing the intelligence in broad strokes.

I’m all in favor of beating up McConnell, but there is no reason to demand members of Congress precede the IC with formal attribution for something like this. So until October 7, McConnell had cover (if not justification) for refusing to back a stronger statement.

And while the report describes Brennan’s efforts to brief members of Congress (and the reported reluctance of Republicans to meet with him), it doesn’t answer what remains a critical and open question: whether Brennan’s briefing for Harry Reid was different — and more inflammatory — than his briefing for Republicans, and whether that was partly designed to get Reid to serve as a proxy attacker on Jim Comey and the FBI.

Brennan moved swiftly to schedule private briefings with congressional leaders. But getting appointments with certain Republicans proved difficult, officials said, and it was not until after Labor Day that Brennan had reached all members of the “Gang of Eight” — the majority and minority leaders of both houses and the chairmen and ranking Democrats on the Senate and House intelligence committees.

Nor does this account explain another thing: why Brennan serially briefed the Gang of Eight, when past experience is to brief them in groups, if not all together.

In short, while the WaPo provides new details on the parallel intelligence and political tracks, it reinforces its own narrative while remaining silent on some details that are critical to that narrative.

The compartments

The foregrounding of CIA in all this also raises questions about a new and important detail about (what I assume to be the subsequently publicly revealed, though this is not made clear) Task Force investigating this operation: it lives at CIA, not FBI.

Brennan convened a secret task force at CIA headquarters composed of several dozen analysts and officers from the CIA, the NSA and the FBI.

The unit functioned as a sealed compartment, its work hidden from the rest of the intelligence community. Those brought in signed new non-disclosure agreements to be granted access to intelligence from all three participating agencies.

They worked exclusively for two groups of “customers,” officials said. The first was Obama and fewer than 14 senior officials in government. The second was a team of operations specialists at the CIA, NSA and FBI who took direction from the task force on where to aim their subsequent efforts to collect more intelligence on Russia.

Much later in the story, WaPo reveals how, in the wake of Obama calling for a report, analysts started looking back at their collected intelligence and learning new details.

Obama’s decision to order a comprehensive report on Moscow’s interference from U.S. spy agencies had prompted analysts to go back through their agencies’ files, scouring for previously overlooked clues.

The effort led to a flurry of new, disturbing reports — many of them presented in the President’s Daily Brief — about Russia’s subversion of the 2016 race. The emerging picture enabled policymakers to begin seeing the Russian campaign in broader terms, as a comprehensive plot sweeping in its scope.

It’s worth asking: did the close hold of the original Task Force, a hold that appears to have been set by Brennan, contribute to the belated discovery of these details revealing a broader campaign?

The surveillance driven sanctions

I’m most interested in the description of how the Obama Admin chose whom to impose sanctions on, though it includes this bizarre claim.

But the package of measures approved by Obama, and the process by which they were selected and implemented, were more complex than initially understood.

The expulsions and compound seizures were originally devised as ways to retaliate against Moscow not for election interference but for an escalating campaign of harassment of American diplomats and intelligence operatives. U.S. officials often endured hostile treatment, but the episodes had become increasingly menacing and violent.

Several of the details WaPo presents as misunderstood (including that the sanctions were retaliation for treatment of diplomats) were either explicit in the sanction package or easily gleaned at the time.

One of those easily gleaned details is that the sanctions on GRU and FSB were mostly symbolic. WaPo uses the symbolic nature of the attack on those who perpetrated the attack as a way to air complaints that these sanctions were not as onerous as those in response to Ukraine.

“I don’t think any of us thought of sanctions as being a primary way of expressing our disapproval” for the election interference, said a senior administration official involved in the decision. “Going after their intelligence services was not about economic impact. It was symbolic.”

More than any other measure, that decision has become a source of regret to senior administration officials directly involved in the Russia debate. The outcome has left the impression that Obama saw Russia’s military meddling in Ukraine as more deserving of severe punishment than its subversion of a U.S. presidential race.

“What is the greater threat to our system of government?” said a former high-ranking administration official, noting that Obama and his advisers knew from projections formulated by the Treasury Department that the impact of the election-related economic sanctions would be “minimal.”

Three things that might play into the mostly symbolic targeting of FSB, especially, are not mentioned. First, WaPo makes no mention of the suspected intelligence sources who’ve been killed since the election, most credibly Oleg Erovinkin, as well as a slew of other suspect and less obviously connected deaths. It doesn’t mention the four men Russia charged with treason in early December. And it doesn’t mention DOJ’s indictment of the Yahoo hackers, including one of the FSB officers, Dmitry Dokuchaev, that Russia charged with treason (not to mention the inclusion within the indictment of intercepts between FSB officers). There’s a lot more spy vs. spy activity going on here that likely relates far more to retaliation or limits on US ability to retaliate, all of which may be more important in the medium term than financial sanctions.

Given the Yahoo and other indictments working through San Francisco (including that of Yevgeniey Nikulin, who claims FBI offered him a plea deal involving admitting he hacked the DNC), I’m particularly interested in the shift in sanctions from NY to San Francisco, where Nikulin and Dokuchaev’s victims are located.

The FBI was also responsible for generating the list of Russian operatives working under diplomatic cover to expel, drawn from a roster the bureau maintains of suspected Russian intelligence agents in the United States.

[snip]

The roster of expelled spies included several operatives who were suspected of playing a role in Russia’s election interference from within the United States, officials said. They declined to elaborate.

More broadly, the list of 35 names focused heavily on Russians known to have technical skills. Their names and bios were laid out on a dossier delivered to senior White House officials and Cabinet secretaries, although the list was modified at the last minute to reduce the number of expulsions from Russia’s U.N. mission in New York and add more names from its facilities in Washington and San Francisco.

And the WaPo’s reports confirm what was also obvious: the two compounds got shut down (and were a priority) because of all the spying they were doing.

The FBI had long lobbied to close two Russian compounds in the United States — one in Maryland and another in New York — on the grounds that both were used for espionage and placed an enormous surveillance burden on the bureau.

[snip]

Rice pointed to the FBI’s McCabe and said: “You guys have been begging to do this for years. Now is your chance.”

The administration gave Russia 24 hours to evacuate the sites, and FBI agents watched as fleets of trucks loaded with cargo passed through the compounds’ gates.

Finally, given Congress’ bipartisan fearmongering about Kaspersky Lab, I’m most interested that at one point Treasury wanted to include them in sanctions.

Treasury Department officials devised plans that would hit entire sectors of Russia’s economy. One preliminary suggestion called for targeting technology companies including Kaspersky Lab, the Moscow-based cybersecurity firm. But skeptics worried that the harm could spill into Europe and pointed out that U.S. companies used Kaspersky systems and software.

In spite of all the fearmongering, no one has presented proof that Kaspersky is working for Russia (there are even things, which I won’t go in to for the moment, that suggest the opposite). But we’re moving close to de facto sanctions against Kaspersky anyway, even in spite of the fact (or perhaps because) they’re providing better intelligence on WannaCry than half the witnesses called as witnesses to Congress. But discrediting Kaspersky undercuts one of the only security firms in the world who, in addition to commenting on Russian hacking, will unpack America’s own hacking. You sanction Kaspersky, and you expand the asymmetry with which security firms selectively scrutinize just Russian hacking, rather than all nation-state hacking.

The looming cyberattack and the silence about Shadow Brokers

Which brings me to the last section of the article, where, over 8000 words in, the WaPo issues a threat against Russia in the form of a looming cyberattack Obama approved before he left.

WaPo’s early description of this suggests the attack was and is still in planning stages and relies on Donald Trump to execute.

Obama also approved a previously undisclosed covert measure that authorized planting cyber weapons in Russia’s infrastructure, the digital equivalent of bombs that could be detonated if the United States found itself in an escalating exchange with Moscow. The project, which Obama approved in a covert-action finding, was still in its planning stages when Obama left office. It would be up to President Trump to decide whether to use the capability.

But if readers make it all the way through the very long article, they’ll learn that’s not the case. The finding has already been signed, the implants are already being placed (implants which would most likely be discovered by Kaspersky), and for Trump to stop it, he would have to countermand Obama’s finding.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

Officials familiar with the measures said that there was concern among some in the administration that the damage caused by the implants could be difficult to contain.

As a result, the administration requested a legal review, which concluded that the devices could be controlled well enough that their deployment would be considered “proportional” in varying scenarios of Russian provocation, a requirement under international law.

The operation was described as long-term, taking months to position the implants and requiring maintenance thereafter. Under the rules of covert action, Obama’s signature was all that was necessary to set the operation in motion.

U.S. intelligence agencies do not need further approval from Trump, and officials said that he would have to issue a countermanding order to stop it. The officials said that they have seen no indication that Trump has done so.

Whatever else this article is designed to do, I think, it is designed to be a threat to Putin, from long gone Obama officials.

Given the discussion of a looming cyberattack on Russia, it’s all the more remarkable WaPo breathed not one word about Shadow Brokers, which is most likely to be a drawn out cyberattack by Russian affiliates on NSA. Even ignoring the Shadow Brokers’ derived global ransomware attack in WannaCry, Shadow Brokers has ratcheted up the severity of its releases, including doxing NSA’s spies and hacks of the global finance system, It has very explicitly fostered tensions between the NSA and private sector partners (as well as the reputational costs on those private sector partners). And it has threatened to leak still worse, including NSA exploits against current Microsoft products and details of NSA’s spying on hostile nuclear programs.

The WaPo is talking about a big cyberattack, but an entity that most likely has close ties to Russia has been conducting one, all in plain sight. I suggested back in December that Shadow Brokers was essentially holding NSA hostage in part as a way to constrain US intelligence retaliation against Russia. Given ensuing events, I’m more convinced that is, at least partly, true.

But in this grand narrative of CIA’s early warning and Obama’s inadequate response, details like that remain unsaid.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

56 replies
  1. RickR says:

    EW Tweet: Why not Lisa Monaco in 1st briefing?

    Perhaps because she was to attend upcoming Bilderberg meeting (06/01/17)?
    Seems a bit far out on the calendar to affect this but?
    Could not find out how far in advance invitations go out. Up to a year wouldn’t surprise me.

    • SpaceLifeForm says:

      Year or two. Security planning.
      All ‘Super Duper Top Secret’ of course until it becomes obvious or leaked.

      Next one will not be at Trump Tower based on latest intel.

      • RickR says:

        Hard info or educated guess? I’d understand that far out for planning but seems invitees would be shorter notice. I expect it varies. If Monaco was an early invitee we might wonder if her presence in O’s admin was more than meets the eye.

        Attendees this year:
        http://www.bilderbergmeetings.org/participants.html

        Note David Patraeus back from the dead.
        Especially interesting Lindsey Graham & Tom Cotton. Seems a little early in the Cotton career. They’re sizing up the rising star? Thought we might get some clues to what the MoU’s are thinking from these two after Bilderberg. Cotton seems to be biz as usual kick-ass GOP. Graham, though, seems a bit less vocal but more serious in demeanor than he was pre-Bilderberg.

        • SpaceLifeForm says:

          My ref to TT and the intel was snarky, I admit.
          But almost certainly fact due to three reasons.

          1. Last meeting three weeks ago was at the Westfields Marriott in Chantilly, Virginia, not far from White House.

          2. President Trump was a heavy topic of discussion.

          3. Almost certainly, next years meeting will be Europe.

          I can not find a link to where I read about the one year ahead (at lesst). I probably read it twenty years ago, so the site may be gone.

          But this will tell you that the planning almost certainly has to be a minimum of one year.

          http://www.sourcewatch.org/index.php/Bilderberg

          Resorts and hotels where the meetings are held are cleared of residents and visitors and surrounded by soldiers, armed guards, Secret Service, state and local police. Conference areas are scanned for bugging devices prior to every meeting.

  2. SpaceLifeForm says:

    Some group is definitely trying to sell a story.
    I wonder if they are trying to corner the market on red herrings. Maybe by causing the flash crash on ether cryptocurrency this past week?
    (Of course one should not trade on margin)

    Brennan serial briefings. Two possible reasons: Sow disinformation/confusion and/or attempt to find leakers (secret intel verbal watermarking). Do not know his motive for this approach, but suspect most leaks are coming from within IC agencies, not Go8.

    Brennan secret task force convened before or after Obama updated EO12333 for intel sharing?

    No way Trump could countermand a looming cyberattack. Just can not see it happening.
    Hell, he would have to be aware of it and then it would look horrible for him politically because the order to do so would certainly be leaked. Note Russia was hit hard by Wannacry. It was a warning.

    I believe the implants most likely are already deployed. Even if Trump were to order cancel of op, it could still occur at a future point in time. It is just a matter of time before it is discovered, and then can be exploited anyway regardless of the view of any current or future U.S. president. SB possibly know how to do it at this point, There are so many hints out there that given enough time, money, and brainpower, sufficient effort will find it.

    I can think of multiple ways of how it can be done, already buried in silicon.

    Wannacry?

      • SpaceLifeForm says:

        Thank you. Excellent report. I hope everyone here reads it even if they do not completely understand the tech. It is damning enough that just by reading the article a non-techie should be able to appreciate the looming danger. Hopefully.

        A couple of things. NSA had/gave bad info and FBI distracted. See my post(s) below on the MS source code dump.

        The NSA person (CIA mole?) gave out bad info with regard to antivirus. You should only run one antivirus if any. A lot of times, they will conflict with each other. But, more importantly, it increases the attack surface because the antivirus code already has elevated privilege and it just makes it easier for an attacker.

        Note: The attack vector for EternalBlue and DoublePulsar may have nothing to do with any antivirus attack surface. I really doubt it.
        At this point in time, imho, running any antivirus software on a Windows computer is just security theatre. You may be better off *NOT* running any antivirus software at all and just using common sense. Not opening anything recieved unless you were expecting it and it came from a trusted source. Even then, you can not trust.

        Six years ago, Mr. Ben-Oni had a chance meeting with an N.S.A. employee at a conference and asked him how to defend against modern-day cyberthreats. The N.S.A. employee advised him to “run three of everything”: three firewalls, three antivirus solutions, three intrusion detection systems. And so he did.

        But in this case, modern-day detection systems created by Cylance, McAfee and Microsoft and patching systems by Tanium did not catch the attack on IDT. Nor did any of the 128 publicly available threat intelligence feeds that IDT subscribes to. Even the 10 threat intelligence feeds that his organization spends a half-million dollars on annually for urgent information failed to report it. He has since threatened to return their products.

        [Defense in depth – fail]

        Last month, he personally briefed the F.B.I. analyst in charge of investigating the WannaCry attack. He was told that the agency had been specifically tasked with WannaCry, and that even though the attack on his company was more invasive and sophisticated, it was still technically something else, and therefore the F.B.I. could not take on his case.

        [So, Wannacry is also a distraction and resource waster for FBI. Chasing ghosts]

  3. P J Evans says:

    Kaspersky has a lot of the PC security market outside of business. I wonder how – or if – that plays into this.

  4. seedeevee says:

    “As a result, the administration requested a legal review”

     

    Hahahahah!  I’m sure Obama, Brennan and Rice made sure it was all on the up and up.

  5. SpaceLifeForm says:

    Hmmmmmmm. Note those not mentioned.

    Under pressure, Western tech firms bow to Russian demands to share cyber secrets

    http://mobile.reuters.com/article/idUSKBN19E0XB

    Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found.

  6. SpaceLifeForm says:

    OT: Is Gannon the new Yoo?

    http://www.npr.org/2017/06/21/533822177/democrats-seek-records-on-jared-kushner-as-administration-tries-to-stifle-oversi

    “It is unclear why Mr. Kushner continues to have access to classified information while these allegations are being investigated,” says the letter, which seeks similar records on former national security adviser Michael Flynn

    ….

    The Trump administration has ignored hundreds of congressional letters of inquiry.

    It is also brandishing a legal opinion, crafted by the Justice Department, holding that most of Congress lacks the constitutional power to conduct oversight of the executive branch.

    [Most of Congress? I must disagree]

  7. GKJames says:

    Is that a bit naive re: McConnell? It’s a certainty that Mitch’s response would have been different if the allegation — however thin — were that it was Clinton whom the Kremlin was aiming to get elected.

  8. SpaceLifeForm says:

    Finally, some traction. Thank you Zack for covering. Been saying this has been going on for years, nee decades. Since y2k.
    (Hope you caught that an article your wrote about a hack dump included you in the dump. I wrote about it here)

    This is about BGP hijacking and control of ‘upstream’ routers. And insecure DNS. Many or most ‘upstream’ routers and/or DNS servers under control or influence via IC-Spycorp partnerships. This is why FISC is useless, because via this 12333 route (no pun intended), FISC is just security theatre.

    NSA’s use of ‘traffic shaping’ allows unrestrained spying on Americans

    By using a “traffic shaping” technique, the National Security Agency sidestepped legal restrictions imposed by lawmakers and the surveillance courts.

    http://www.zdnet.com/google-amp/article/legal-loopholes-unrestrained-nsa-surveillance-on-americans/

    A new analysis of documents leaked by whistleblower Edward Snowden details a highly classified technique that allows the National Security Agency to “deliberately divert” US internet traffic, normally safeguarded by constitutional protections, overseas in order to conduct unrestrained data collection on Americans.

    According to the new analysis, the NSA has clandestine means of “diverting portions of the river of internet traffic that travels on global communications cables,” which allows it to bypass protections put into place by Congress to prevent domestic surveillance on Americans.

    [Note: FISC is totally powerless to stop this]

  9. lefty665 says:

    Nice analysis Marcy. Looks like the Wash Post is up to its usual tricks. In all a lot more flash and smoke mixed with some inside the administration process that may compromise sources and methods, but very little more substance. All seems designed to fuel “The Russians did it, and Trump’s people talked to (gasp) Russians” hysteria.

    Although buried deep in the article, the NSA’s lack of confidence in Brennan’s CIA super secret Putin poop leapt off the page at me when I read it. Don’t suppose the Israelis would use Brennan to further their own interests do you? Perish that thought, or that he might be working for them.

    We can expect the GRU and FSB to be working in support of Russian interests just as the NSA and FBI do for the US. It is a long way from there to Trump collaborating with the Ruskies to overturn the election. Who knows? Da Shadow (Brokers) knows. Also nice to see that Kerry’s neocon driven predilection for flying off the handle got squelched once again.

     

    • DFC says:

      Interesting analysis.

      It appears WaPo has revealed two hugely classified pieces of information. 1] That the CIA has penetrated Putin’s elaborate security screen (mole, bug, or whatever) and alerted him to this. 2] That Washington has countermeasures in place (implants) ready to go to take down Russian infrastructure and have alerted the Russians to this as well. Yet, it was “too classified” for WaPo to leak to the public that Trump was not currently under investigation after the election? That’s just too rich / asymmetric.

      Furthermore, about McConnell’s reticence, after having watched Comey,s July 5th press conference, that cleared Hillary just after laying out a case to indict her, my bet is McConnell had little trust in any of the Obama Administration’s intelligence services. He probably rolled his eyes and thought, “what are these guys up to now?”.

      • bmaz says:

        There was no “case to indict her” under the clear charging standards applicable to DOJ  under both general prosecutorial ethical standards, not to mention the specific requirements under the USAM. I know it makes some people feel better to clack that tripe, but it is complete and utter nonsense.

        • lefty665 says:

          Hi bmaz, help please, you’re the lawyer, I’m not, nor do I pretend to be.

          It is my understanding of the history that 793(f) was enacted specifically to prevent people who mishandled classified information from exclaiming “Golly gee, did I do that? I sure didn’t mean to give away the keys to the kingdom” and waltzing away scott free. Congress explicitly made mishandling classified information a crime.

          Comey described specific violations of the law before declaring them non crimes because he did not find intent.  It would seem if there was intent, as in helping another country, the charge would be espionage.

          You clearly believe Comey resolved the email investigation appropriately.  I would appreciate it if you would be kind enough to explain (in short words for us non lawyers) why what seems to be a straightforward section of the law is not applied as it is written, apparently intended, and enforced in other cases like Drake and Sterling.

      • SpaceLifeForm says:

        Please, when referencing events, please try to use ISO8601 date format to eliminate ambiguity. I.E., YYYY-MM-DD format.

        Your reference to July 5, in this case meaning 2016-07-05, could be misinterpreted in less than two weeks.

        Ever notice how dates have disappeared from a lot of websites over the years?

        It is an attack (by websites, not picking on you). It is a loss of extremely valuable data.
        It is extremely valuable to know immediately if you are reading new or old info.

        Totally pisses me off when I have to waste time reading to gather the context and realize the webpage is not what I am looking for. Of course, I may be looking for something old too. Still pisses me off that some websites can not spare the extra 11 bytes of bandwidth.

        • Procopius says:

          Nice point. When I saw the WaPo article the first thing I did was look for a date and didn’t find one. I also looked for a byline, and didn’t see one, but emptywheel named the reporters in the above article, so there must have been one somewhere.

  10. RickR says:

    Picking up on SpaceLifeForm’s comment (06/23 @ 9:45PM – Thanks!) in the “Penetrated…” post:

    8300 word WaPo opus and no mention of Mike Rogers at all? NSA was mentioned. He’s been head of NSA and Cyber Command since 04/14. Still is. Was he firewalled? Wouldn’t WaPo have asked that and commented on whatever answer they got?
    Recall that WaPo (11/19/16) reported that Carter and Clapper had recommended that Rogers be terminated for poor performance in internal security and leadership style. Recall too that Rogers met with Trump shortly after the election without notifying his supervisors; odd for a military guy.

    Now Trump says, “Well I just heard today for the first time that Obama knew about Russia a long time before the election, and he did nothing about it.”

    Really? Did Rogers just hear it today too? Do he and Trump speak?
    I gotta think Trump’s “…. just heard today for the first time….” ain’t quite true.

  11. trevanion says:

    No doubt a suitably higher church explanation for all of this will soon be provided via some David Ignatius stenography.

  12. lefty665 says:

    Who would anyone believe anything coming out of CIA? Their mission is propaganda, deception and manipulation. No matter the issue they are always grinding an axe. A reasonable expectation is that there is an inverse correlation between the drama a CIA presentation is wrapped in and truth.

     

  13. SpaceLifeForm says:

    Opps. Microsoft source code dump. Enough at least for new exploits.

    https://www.theregister.co.uk/2017/06/23/windows_10_leak/

    The leaked code is Microsoft’s Shared Source Kit: according to people who have seen its contents, it includes the source to the base Windows 10 hardware drivers plus Redmond’s PnP code, its USB and Wi-Fi stacks, its storage drivers, and ARM-specific OneCore kernel code.

    • SpaceLifeForm says:

      A strange game.

      Thinking leaked on purpose.

      I recommend that you have a working up-to-date Linux or MacOS computer on your LAN. Just in case. Even then, things could go sideways anyway.

      If possible, try to have a Linux or BSD firewalll/router in place too.

      • SpaceLifeForm says:

        And this would to me explain why it was intentional.

        Note that the hole that allows the exploit is likely so old (64 bit XP), that Vista and Win 7 would be targetable, besides 8 and 10.

        Sounds like the vector for Wannacry I have been looking for. And, as noted above, how IDT was attacked and FBI is being distracted,
        Wannacry was just a warning, and now everyone that was hit by Wannacry most certainly should assume at tbis point that their machine already has a persistent rootkit installed, ready to participate in a massive DDoS.

        Anyone hitt by Wannacry, even if only one machine on their LAN, should at this point assume their entire LAN had been compromised.

        https://en.m.wikipedia.org/wiki/Kernel_Patch_Protection

        Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of 64-bit (x64) editions of Microsoft Windows that prevents patching the kernel. It was first introduced in 2005 with the x64 editions of Windows XP and Windows Server 2003 Service Pack 1.

        https://www.theregister.co.uk/2017/06/22/ms_patchguard_flaw_rootkit_risk/

        GhostHook is nonetheless dangerous because it runs under the radar at such a low level that it avoids detection by antivirus or personal firewall technologies. Attack scenarios would include using malware or a hacking tool to compromise a target system before deploying GhostHook to establish a permanent, stealthy presence on a compromised x64 Windows 10 computer.

        Attackers might be able to use the method to plant a rootkit in the kernel – completely undetectable to third-party security products and invisible to Microsoft’s PatchGuard itself.

      • SpaceLifeForm says:

        And make sure your non-Windows boxen on your LAN are up-to-date, as in real soon now.

        Also tells you that ASLR on 64 bit machines is just more security theatre.

        If you do not understand the tech, you probably will not want to read thIs.

        But, you want your non-Windows machines to be up to date, because they may be your only working machines at some point.

        https://threatpost.com/stack-clash-vulnerability-in-linux-bsd-systems-enables-root-access/126355/

  14. SpaceLifeForm says:

    LOL Good to see someone elected not buying the BS someone is trying to sell these days.

    Perhaps SB is dumping and attacking because no one has joined the wine-of-the-month club?

    Or maybe they are trying to drive up pub sales?

    From @HenrySmithUK

    https://mobile.twitter.com/HenrySmithUK/status/878625951025950721

    Sorry no parliamentary email access today – we’re under cyber attack from Kim Jong Un, Putin or a kid in his mom’s basement or something…

    • RickR says:

      HuffPo released story as “exclusive” early afternoon here in eastern US. Now almost 0300 UTC but still no mention on BBC or The Guardian. Weird.

  15. P J Evans says:

    But this will tell you that the planning almost certainly has to be a minimum of one year.

    They probably need a year for the space itself, if it’s in any kind of busy hotel/meeting center. (I’ve been involved with conventions that start planning operations two to three years in advance – they need to reserve space that far ahead, and they were in the range of 5 to 10K attendees, which is too small for most convention centers.)

  16. b says:

    Hmm,

    it seems to me that the super duper Brennan intelligence in August 2016 is nothing else but the Steele dossier, a MI6 fantasy collection. “Putin personally ordered”? This is another Hitler diary fake. No wonder the NSA says its “not convinced”.

    Also lets note and keep in mind that Brennan as well as Clapper are known as avid liars – even under oath before Congress.

    I call bullshit on this whole WaPo story. It is just another warm up of the whole fake “Russian hacking” story.

    • bmaz says:

      Excellent. I mean seriously. Let’s see here, you are accusing Clapper, Brennan, Comey, Rosenstein, Mike Rogers, Mike Pompeo, and a host of others, of not just false statements in violation of 18 USC §1001, but outright perjury under 18 USC §1621. Wait! That is in addition, as far as I can gather from your comment, of conspiracy in violation of 18 USC §371.

      That is one hell of a position based upon not much more than you’re anti-government conspiracy theory bullshit. But, yahtehey, right b? This is without even delving into the unanimous false statements violations you are accusing all 17 IC members of.

      You got some Thermite to add to your explosive bullshit?

      • b says:

        – That Clapper and Brennan have lied under oath to Congress is well documented history. Are you saying that, besides lying under oath to Congress, they are always telling the truth and nothing but the truth?

        – I have said nothing about Comey, Rogeres, Pompeo, Rosenstein and “a host of others”.

        – The three agency statement (not 17) of alleged Russian hacking is a collection of “assessments” and guesses. Weasel words with nothing concrete in there. Read it yourself. It is empty of facts as are all the other “Russian hacking” stories I have digested.

        Now that aside, Bmaz.

        Why are you diverting from the main claim I make? That the super duper intelligence Brennan presented to Trump in August, and which the NSA did not endorse (says the WaPo piece),  is in fact the made up Steele dossier?

        You believe, based on that, that Putin ordered the hacking ? You then must also believe that Trump had prostitutes in a Russian hotel pee on each other for him. You then must also believe that Steele has very high up trustworthy sources in Moscow even though he has not been there for over a decade.

        Steele peddled his bullshit, for months, to various U.S. and UK news-outlets  of which none printed it because it was completely unconfirmable nonsense he had been paid to “collect”. But you know that the stuff he peddled is true? Really?

        Why are you trying to blame and shame me Bmaz? Who are you to do that?

        Now is the WaPo story and the August Brennan intelligence based on the Steele dossier or not?

        Please say!

        My best, and well informed, opinion is that it is based on the Steele dossier and thereby on bullshit. Why do you think i am wrong?

        Please let us know.

        • John Casper says:

          b:

          You wrote “–That Clapper and Brennan have lied under oath to Congress is well documented history.”

          Agree.

          1. Why hasn’t Trump’s DOJ, McConnell, and Ryan opened investigations?

          1.1 Why hasn’t Congress questioned them in open and closed session?

          2. What better way to take media oxygen away from “…the whole fake ‘Russian hacking’ story.”

          3. Why not take the CIA’s cloud contract away from Amazon/Bezos/Wapo?

          Thanks in advance.

          • SpaceLifeForm says:

            Good questions. Some dots.

            [Keywords to remember: FakeIntel, NWO, CFR, CIA, Bilderberg – Almost everything relates]

            Amazon security (AWS) has had at least two failures recently.

            CIA funded first Bilderberg conference in 1954. Check out the players:

            http://www.sourcewatch.org/index.php/Bilderberg

            One of founding members – General Walter Bedell Smith, former U.S. Ambassador to Moscow and CIA Director.

            Stansfield Turner

            http://www.sourcewatch.org/index.php/Stansfield_Turner

            “In February 1977 President Jimmy Carter nominated him to be Director of Central Intelligence. In this capacity, he headed both the Intelligence Community (composed of all of the foreign intelligence agencies of the United States) and the Central Intelligence Agency. He was responsible for developing new procedures for closer oversight of the Intelligence Community by the Congress and the White House; he led the Intelligence Community in adapting to a new era of real-time photographic satellites; and, he instituted major management reform at the CIA. On completion of these duties in January 1981, President Carter presented him the National Security Medal.

            [so, everything going south since then. Do not know how Carter was sold on this idea, but obviously a horrible decision in retrospect. Oversight? Nope, none today. Management? To what ends?]

            Continuing… [good read next link]

            There were two ex-CIA chiefs at this year’s conference: General David Petraeus and John Brennan, both of whom now work in the private sector. There was the current US national security adviser, HR McMaster, and a former director of MI6, Sir John Sawers, who now sits on the board of BP.

            https://www.theguardian.com/world/2017/jun/05/bilderberg-conference-ryanair-trump

            Other attendees:

            https://www.thenewamerican.com/world-news/north-america/item/26162-top-trump-officials-attend-globalist-bilderberg-summit-why

            Wilbur Ross. Nadia Schadlow, Peter Thiel, Chris Liddell, and Henry Kissinger.

            Of the Trump officials in attendance, most have well-documented links to the establishment swamp Trump promised to drain throughout his campaign. Lieutenant General McMaster, for example, is still listed as a member of the globalist Council on Foreign Relations — an organization that even former members have described as a subversive outfit working to destroy U.S. sovereignty in exchange for “global government.”

        • bmaz says:

          The mere fact that you think and assert that Clapper was under oath (and, therefore, could ever be “guilty” of perjury) at the SSCI hearing is enough to show how sloppy you are here. And, yes, by referring to the WaPo story, and the background that preceded it, you certainly did imply the others. You may not have spelled out their names, but you absolutely implied them, and it is beyond ridiculous of you to deny the same.

          And, yes, it IS 17, not “3” as you deceptively try to fool people into. Here is a report going back to October 2016. There are hundreds more since then. Do you want me to embarrass you with those? You can deny that report, and those statements, all you want, but you are blowing shit. Listen Bernard, you can, as many do, mentally confuse the weight and sufficiency of evidence with the existence of the same, but that is the errand of a legal novice.

          And who the hell is “us”, b? I am talking to you, you do not speak for this blog.

          Again, are you slurping some Thermite or something?

          • b says:

            Seems the Captcha ate my (long) response comment.

            Anyway – the short form again.

            Dear Bmaz,

            you still did not response to my original claim:

            In early August 2016 Brennan presented Obama with “intelligence” from the Steele dossier which was made-up bullshit. WaPo is selling that as “intelligence bombshell” and blames Obama for not reacting to it.

            Is that claim I make correct or not? What is your opinion about it?

             

             

             

  17. MaDarby says:

    WMD no doubt about it Emptywheel – when would you like the nuclear war to start? Rid the world of the evil godless commies – oh the USSR doesn’t exist any more? No matter Russia is clearly godless and must be brought under Calvinist vicious ideology – it is the very Midwestern Calvinism so vividly on display here along with the rest of the Privileged Press which has justified the slaughter the US has carried out sense WWII. Not a day has gone by sense WWII when the US has not killed anyone. The US in the name of extreme Calvinist ideological “exceptionalism” has slaughtered tens of millions of people dropping, for example, more bombs on Laos than any other nation. Chemical weapons, agent orange, napalm, white phosphorous, torture day in day out. Billions of people across the globe deliberately kept in poverty – starvation and the spread of disease as weapons in the US arsenal.

    Of course, then it’s the Russians who are evil. They hacked our “elections” their only purpose in life is to destroy our extremist Calvinist righteousness and take our “freedom.”

    Oh, and by the way, ISIS is just the name for a division of the US army.

  18. Mitchell says:

    Yet again (unless I’m missing something), like for decades, our intel agencies operate with little intelligence. The focus is on sucking up all available data and info and not enough on, well, analyzing the crap.

    Another factor in all this is that if there was significant Russian interference that actually significantly affected the election — Congressional and POTUS — I’m sure that much of the intel community would be happy with the GOP blowout that resulted.

    Too, a far bigger problem, for me, is that a huge percentage of voters, for decades now, have been willing to vote against their own (and the nation’s) interests.

  19. Bay State Librul says:

    Lefty,

    You continue to indirectly support Trump.
    Now you think the WAPO is up to no good.
    Man, get rid of your cynicism

    • John Casper says:

      “Lefty” ain’t stopping, but the WaPo–Jeff Bezos, who makes a ton off CIA contracts to build their cloud–is in this piece “up to no good.”

    • lefty665 says:

      BS BS Librul. Trump has plenty to answer for, but I do not subscribe to knee jerk anti Trump, the Ruskies did it, neocon and neolib elite Dem hysteria.

      The Wash Post has been a right wing, warmongering mouthpiece and propaganda vehicle since Katherine Graham turned it over to her son Donald almost 40 years ago. When the neocon label came around Donald was right there in line to get it tattooed on his forehead. His successor Bezos may be right, “Democracy dies in darkness” and he is spreading darkness as fast as he can. It has been sad watching my hometown paper turn into a right wing, warmongering, neocon propaganda mill. Realistic, yes, cynical, no, not yet, and trying hard not to get there.

       

  20. SpaceLifeForm says:

    “The focus is on sucking up all available data and info and not enough on, well, analyzing the crap.”

    Actually, the focus is on sucking up the money.

    You are correct, there is little analysis.

    • Procopius says:

      I think there is too little analysis because there is far too much data. I don’t think Big Data is feasible. Computers do exactly what they are told to do. You can’t dump data into a program and have it find new and unexpected patterns. The program is going to return patterns the programmer told it to look for or create. Human beings miss important patterns. Please recall that none of the intelligence agencies foresaw the collapse of the Soviet Union. That was when they had thousands of analysts. Since 9/11 they’ve fired lots of those analysts to pay for torturers (Jessen and Mitchell were paid $81 million, although in fairness they hired some hundreds of people).

  21. Bay State Librul says:

    Lefty,

    The editor of the WAPO is Marty Baron, a fine journalist, and formerly of the Boston Globe.
    Again, all you do is complain. You want a Revolution. Peace brother we are all family. Get on the right side of this fight. There is still time

    • lefty665 says:

      If Baron is as you assert “a fine journalist” he has fallen in with very bad company in the person of  neocon Wash Post editorial page editor Fred Hiatt, and lacks the judgement required of an editor. Perhaps Baron should be back on a beat to exercise his “fine journalist(ic)” skills rather than promoted beyond beyond them.

      I ain’t family with neocons who have brought us close to two decades of wars of aggression and constantly agitate for more.  In this thread Marcy dissects the holes and ommissions baked into the Wash Post’s propaganda. That propaganda likely compromises intelligence sources and methods while it fuels the anti Russian hysteria that is currently consuming us much as McCarthyism did in the early 50’s. Your revered Baron is part of the crew purveying that crap.

      I ain’t family with neolib elites that have long abandoned their New Deal middle class roots and belief that workers deserve to share in fruits of their labor.

      I am on the right side of this fight, and I do not want a revolution. What I do want is much simpler. That is for neocon, neolib elites who have abandoned their souls to rediscover them, to regain their common sense, and to return to their New Deal roots. In short, to take the BS out of Librul.  A tune from the Viet Nam era went, “I’ve something to live for, what about you?” Now as then “something to live for” is not more “Same”.  The Repubs are hopeless, so working to help well meaning but misguided neocon, neolib Dem elites see the error of their ways is both something to live for and hope for the future. Pax vobiscum.

       

       

      • lefty665 says:

        B S Librul, Here is a link to a post on issues with MSM like the NYT and Wash Post. https://consortiumnews.com/2017/06/24/policing-truth-to-restore-trust/

        Consortium News is tabbed right behind emptywheel on my browser. They are both daily required reading for me. Straight up reporting and analysis are hard to find these days.  How hard you might ask.  So hard that Sy Hersh had to take his reporting on Khan Sheikhoun to Germany to get it published.

        https://www.welt.de/politik/ausland/article165905578/Trump-s-Red-Line.html

        Your idol Marty Baron won’t publish it, “fine journalism” at work. The Wash Post did eventually acknowledge Hersh’s award winning reporting exposing My Lai and Abu Ghraib. But that was then when journalistic standards were apparently far lower.

        • SpaceLifeForm says:

          Keep in mind when measuring reporters, that many of them have their ‘sources’, and readers can be easily confused because the outlet they ‘trust’ is reporting stuff via various writers with their ‘sources’, and they will conflict.

          I’m not just talking about wapo. Nyt, cnn, fox, and more.

          The writers ‘sources’ at one given outlet can all
          be IC, all leaking their misinfo of the day.

          And they will be conflicting. At same paper on same day.

          Spy vs Spy.

  22. Harry Shearer says:

    What else was left out of this lengthy piece?   There was one sentence pertaining to Putain’s motive: It said he loathed/despised Hillary Clinton.   There was nothing in the piece about why that might be…

Comments are closed.