Tom Bossert Brings You … Axis of CyberEvil!

I was struck, when reviewing the NYT article on the KT McFarland email, how central Homeland Security Czar Tom Bossert was to the discussion of asking Russia not blow off Obama’s Russia sanctions.

“Key will be Russia’s response over the next few days,” Ms. McFarland wrote in an email to another transition official, Thomas P. Bossert, now the president’s homeland security adviser.


Mr. Bossert forwarded Ms. McFarland’s Dec. 29 email exchange about the sanctions to six other Trump advisers, including Mr. Flynn; Reince Priebus, who had been named as chief of staff; Stephen K. Bannon, the senior strategist; and Sean Spicer, who would become the press secretary.


Mr. Bossert replied by urging all the top advisers to “defend election legitimacy now.”


Obama administration officials were expecting a “bellicose” response to the expulsions and sanctions, according to the email exchange between Ms. McFarland and Mr. Bossert. Lisa Monaco, Mr. Obama’s homeland security adviser, had told Mr. Bossert that “the Russians have already responded with strong threats, promising to retaliate,” according to the emails.

There Tom Bossert was, with a bunch of political hacks, undercutting the then-President as part of an effort to “defend election legitimacy now.”

Which is one of the reasons I find Bossert’s attribution of WannaCry to North Korea — in a ridiculously shitty op-ed — so sketchy now, as Trump needs a distraction and contemplates an insane plan to pick a war with North Korea.

The guy who — well after it was broadly known to be wrong — officially claimed WannaCry was spread by phishing is now offering this as his evidence that North Korea is the culprit:

We do not make this allegation lightly. It is based on evidence.

A representative of the government whose tools created this attack, said this without irony.

The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.

And the guy whose boss has, twice in the last week, made googly eyes at Vladimir Putin said this as if he could do so credibly.

As we make the internet safer, we will continue to hold accountable those who harm or threaten us, whether they act alone or on behalf of criminal organizations or hostile nations.

Much of the op-ed is a campaign ad falsely claiming a big break with the Obama Administration.

Change has started at the White House. President Trump has made his expectations clear. He has ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people. He continued sanctions on Russian hackers and directed the most transparent and effective government effort in the world to find and share vulnerabilities in important software. We share almost all the vulnerabilities we find with developers, allowing them to create patches. Even the American Civil Liberties Union praised him for that. He has asked that we improve our efforts to share intrusion evidence with hacking targets, from individual Americans to big businesses. And there is more to come.

A number of the specific items Bossert pointed to to claim action are notable for the shoddy evidence underlying them, starting with the Behzad Mesri case and continuing to Kaspersky — which has consistently had more information on the compromises we blame it for than the US government.

When we must, the U.S. will act alone to impose costs and consequences for cyber malfeasance. This year, the Trump administration ordered the removal of all Kaspersky software from government systems. A company that could bring data back to Russia represents an unacceptable risk on federal networks. Major companies and retailers followed suit. We brought charges against Iranian hackers who hacked several U.S. companies, including HBO. If those hackers travel, we will arrest them and bring them to justice. We also indicted Russian hackers and a Canadian acting in concert with them. A few weeks ago, we charged three Chinese nationals for hacking, theft of trade secrets and identity theft. There will almost certainly be more indictments to come.

The Yahoo case, which is backed by impressive evidence, was based on evidence gathered under Obama, from whose Administration Bossert claims to have made a break.

And this kind of bullshit — in an op-ed allegedly focused on North Korea — is worthy of David Frum playing on a TRS-80.

Going forward, we must call out bad behavior, including that of the corrupt regime in Tehran.

Especially ending as it does with a thinly disguised call for war.

As for North Korea, it continues to threaten America, Europe and the rest of the world—and not just with its nuclear aspirations. It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world. Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.

I mean, maybe dirt poor North Korea really did build malware designed not to make money. But this is not the op-ed to credibly make that argument.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

19 replies
  1. seedeevee says:

    The North Koreans are the sole manufacturer of Googly Eyes and are thusly able to control anyone that wishes to make them at Vladimir Vladimirovich Putin.





  2. Peterr says:

    Which is one of the reasons I find Bossert’s attribution of WannaCry to North Korea — in a ridiculously shitty op-ed — so sketchy now, as Trump needs a distraction and contemplates an insane plan to pick a war with North Korea.

    Well, didn’t we learn on Saturday Night Live from Trump that since the War on Christmas was over, we could focus on the War with North Korea?

  3. Peterr says:

    After all those “we did . . . we will . . . we also . . .” things from Bossert:

    The Yahoo case, which is backed by impressive evidence, was based on evidence gathered under Obama, from whose Administration Bossert claims to have made a break.

    I suppose this is a more polite way to say “Who you calling ‘we’, Kemosabe?”

  4. dk says:

    All points taken and agreed esp. on this NK attribution seeming arbitrary…

    I think it’s a mistake to view state actors and other groups as completely independent or completely dependent.

    For one thing, state actors use independent groups, sometimes directly (for hire), sometimes indirectly (some common interests, mutual benefits). Deniability is always nice to have (yes we have the dox but we didn’t take them from the source ourselves). Also, states themselves have multiple groups (FBI/CIA/NSA/etc, FSB/SVR/etc) that do not always work in lockstep or close cooperation. I think this could be especially true in Russia where state departments may compete with each other for favor, power, connections. And of course the diversity of non-state actors in play online is staggering.

    Also, if a ransomware project becomes too public, it can reduce its efficacy. More attention means more efforts to mitigate, victims more prepared to go public and fight rather than pay. Blackmail operates on fear, in isolation and information vacuum. As many in OS InofSec have pointed out, WannaCry is not tightly targeted or controlled, as one would expect a primarily money-making project to be, and the big splash it made contributed to its early compromise.

    My point being that state attributions are inherently over-simplified in many, even most cases. The original or current nationality of actual perpetrators is not a sure indication of intent or loyalty, and especially not of control. Not letting states of the hook (esp when their compromised work contributes to he mess), but they’re not always the sole or primary initiator/origin of a particular exploit.

    PS big thanks to everyone at emptywheel, and best hopes for the coming year(s).

  5. earlofhuntingdon says:

    We do not make this allegation lightly. It is based on evidence.

    Good evidence that Bossert knows his statement is rarely true in the Trump administration.  It’s also likely to be hogwash: if it were true, rather than a repeat of Colin Powell-at-the-UN, he wouldn’t have felt the need to say it.

  6. earlofhuntingdon says:

    Going forward, we must call out bad behavior, including that of the corrupt regime in Mar-a-Lago Tehran.

    Pot, meet kettle.


  7. earlofhuntingdon says:

    Necessary OT from calling Trump on calling for war to distract from losing the presidency, he being such a winner.  Cable news has Republican congresscritters touting the new tax bill as a boon to corporations, who will be able to repatriate their “lost” cash from overseas and finally put it to use.  That’s a lie on par with some of Trump’s biggest lies, one that Yves Smith and Nicholas Shaxson have poked holes in before.

    Corporate treasurers and the CFOs to whom they report have full use of this cash worldwide.  The tens of billions that Apple and others hide from the taxman, parked in or through offshore tax havens, are fully available to them for any business purpose except use in the US (not of A).  (The last place these guys invest in, except to pay executives and to pay off resource extraction shareholders.)

    The cash is offshore only in a technical tax accounting sense.  The money isn’t sequestered in a bank in the Caymans or the BVI, only accounting entries are.  The money is in London or another global financial center.  The “books” for this aren’t even in remote tax havens; they are back at the head office or in some regional treasury/accounting center.  Donald Trump’s addiction to lying seems to be infectious.

    • earlofhuntingdon says:

      In the unlikely event that a CFO needs to invest in the US, she can simply borrow against her foreign assets – unrepatriated cash – and deduct the interest, too.  There’s nothing about this tax bill that hasn’t been worked six ways from Sunday by top corporate and wealth industry lobbyists.  Ask Bob Corker.

  8. Christopher says:

    T. Bossert: Axis of Cyberevil: kind of like spraying asphalt sealer on bad old cracked road: commuter lanes downsized and everybody can see and smell fresh asphalt sealer. When the smell of one states cyberevil attribution wears off will there be a new hacker free super cyber highway? Or early aggressor foundation building for necessary military/nuclear defense retaliation?

  9. earlofhuntingdon says:

    For trolls looking for an example of GOP projection, I give you Paul Ryan and his description of the tax bill as an example of his lifelong commitment to work for the average American Jane and Joe.  His success will come despite the awful, ideological lies from the Democrat Party.

    The white smoke emanating from the Capitol dome was not the election of a new pope; it came from the bibles boiling away at the parade of lies about what this bill will do and who it will do it for.  Ryan did everything but turn his head completely around and leave Father Merrin prostrate on the floor.

    Ryan also channeled Mel Gibson as he pranced back and forth in front of the troops, shouting, “We have one chance, just one chance to pass this barrel of tax pork….The voters may take our lives, but they’ll never take our FREEDOM! [(TM) Koch Bros., 2017]”  That would also explain where the horse manure came from.

    If its tax bill commentary is indicative of its new owners, CNN will be taken over not by AT&T, but by Rupert Murdoch’s WSJ.

  10. SpaceLifeForm says:

    OT: Tesla pulls a fast one! :-)

    Faster than Jimmy Johns!

    Not even one month into operation, and it has already proved itself.

    The interesting thing is that the battery farm was able to help maintain the AC frequency near 50Hz (not 60Hz like in US), responding in milliseconds to the loss of power from another plant far away.

    There was a bet that Elon Musk made.
    I bet people down under are happy he won the bet. As it is soon summer down under.

    When the freqs drop too much, electric motors can be easily damaged.

    The bet was made in March, when Musk tweeted to an incredulous Cannon-Brookes that Tesla could build and install a massive lithium-ion battery installation in “100 days or it is free.”

  11. Jake Murrin says:

    Uh… there’s no more evidence that Russia hacked the election than there is that North Korea was behind WannaCry.

  12. FunnyDiva says:

    “…this kind of bullshit — in an op-ed allegedly focused on North Korea — is worthy of David Frum playing on a TRS-80.”


    Pure comedy gold.  And I’m old enough to remember playing on a TRS-80!

Comments are closed.