How a Russian Dangle about Shadow Brokers Started Dictating NSA’s Twitter Feed

As you may know, we’ve been fostering dogs. Our current dog, June Bug (pictured above), is a terrorist. She’s really smart. She creates diversions so she can try to steal our food. We can only get her to play with dog toys if we “trick” her, by hiding them in boxes that she first destroys. But today, she got outfoxed (heh) by a squirrel. We were walking south towards a bush and a big oak and she saw the squirrel under the bush. While we were walking past the oak, the squirrel bolted up the oak so high that June Bug (who at least is better at understanding a third dimension than McCaffrey the Millennial Lab was) couldn’t see her. June Bug kept looking under the bush until finally she turned to the oak but by then the squirrel was well beyond her vision up in the oak.

This story, reported in both the Intercept and the NYT, on the CIA and NSA’s efforts to reach out to Russia to get Shadow Brokers tools feels like that exchange. Reading the two in tandem, it’s clear that the Russians learned the CIA and NSA were trying to buy back the tools released by Shadow Brokers, and used the channel the US set up with a Russian “businessman” to provide likely disinformation about Trump’s ties to Russia instead. NYT describes obtaining,

Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.


All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.

The Intercept said the government even obtained an FBI report that had been purloined.

Recently, the Russians have been seeking to provide documents said to be related to Trump officials and Russian meddling in the 2016 campaign, including some purloined FBI reports and banking records.

It’s equally clear that, as things soured, the source reached out to James Risen to make sure the story would come out with the spin that the CIA had cut off the exchange because it didn’t want to receive dirt on Trump. Note, the NYT story doesn’t include the agency split.

What’s perhaps most embarrassing about the story is that the NSA tweeted out pre-arranged tweets at least ten times (the Intercept describes which tweets they were) as a signal that the American businessman intermediary was really working on behalf of the US government. The last that Risen lists is one pertaining to Section 702 on December 13.

Effectively, Russia was yanking NSA’s chain, and possibly tracking communication pathways from the American intermediary through NSA to the Twitter feed.

The incident is interesting for several reasons. First, it may corroborate the “second source” theory I posited back in September (which I was pretty sure was in the neighborhood in any case given some curious attention the post got). It seems to confirm that the spooks at least came to believe that Russia was behind the Shadow Brokers and Vault 7 compromises (though Russia doesn’t appear to have shared any legitimate non-public files, so it’s not necessarily proven).

Trump is now using this effort at disinformation the same way he has used the Steele dossier: in a bid to claim his own innocence.

I’m perhaps most interested in the timing of this. The government seemed to treat the Nghia Hoang Pho plea in early December as its explanation for how the Shadow Brokers files got stolen. If that’s true, it should know what Russia or whoever else took (or they could at least ask Kaspersky nicely, which seems to have a pretty good idea of what was there). It wouldn’t need to chase this intermediary for two more months.

And yet they did.

16 replies
  1. Trip says:

    An interesting side note, although it provides no clarification, is the recent Pompeo meeting with 2, maybe 3 spy chiefs from Russia.

    And this comment, Asked if Russia would try to influence the mid-term elections, he said: ”Of course. I have every expectation that they will continue to try and do that”.

    Any chance you think someone via the urging of Pompeo did some of the leaking to Risen and NYT? He is definitely a political beast. The timing is odd with the Nunes memo fiasco. Nothing is straight forward anymore, it seems.

    Also, quite a cute terrorist you’ve got there. That story ties in nicely with the Trump administration always using the old “look, squirrel!” trick.

  2. Jim White says:

    I still can’t wrap my tiny mind around how the NSA tools that were stolen could be “bought back” with any kind of certainty. As software, surely it could be copied. How could NSA know they’re buying back all copies? Even more confusing, Risen’s article seems to refer to buying back “documents”. Again, there’s no way to verify all copies were provided. That all makes me think there was something more going on than we’ve learned yet from either story. It just doesn’t work for me yet.

    • Trip says:

      They wanted to see what was for sale, because they were uncertain how comprehensive the hack/theft was (which is scary in itself). But if you are dealing with an unknown source, they could hold back some and not show you everything that they’ve stolen.

      I think there’s more to the story too.

      Also remember this? Around the same time:

      WikiLeaks founder Julian Assange says he wants to give details about stolen CIA hacking tools to tech companies so they can patch security holes.

      Assange made the offer during a press conference Thursday. He said WikiLeaks has “a lot” of unpublished information about CIA hacking and spying that the organization will release if the tech companies fix security gaps.

      Julian Assange Says WikiLeaks May Release More CIA Hacking Tools

      WikiLeaks is considering releasing more CIA hacking tools if internet security professionals can first help make sure the cyber weapons can’t be used any further, the group’s founder, Julian Assange, said Thursday.

      Assange ridiculed the CIA for failing to guard information about its online arsenal, allowing it to be passed around within the intelligence community. That is how the material ended up in WikiLeaks’ hands ─ and, possibly, criminals’, he said.

      Doesn’t this correspond to the Risen article March timeline?

      • SpaceLifeForm says:

        There really is nothing pointing to Vault7/Vault8 (cia tools) as being of any substance in the entire comms and the money.

        Just TheShadowBrokers ‘stuff’.

        Why was CIA even mentioned?

    • SpaceLifeForm says:

      Yeah, there is no way to verify. And definitely no way to put the genie back in the bottle. There is no way to know how many copies exist.

      But the articles point to two Russians trying to make a buck. Carlos being one, the other that was met in Germany may be a Carlos cohort.

      @FBI, how is that opsec cleanup going?

  3. bell says:

    it is very difficult to know who is zooming who in a hall of mirrors, which is what so much of this looks like to me…

    ” the Americans are uncertain whether the Russians involved are part of a disinformation campaign orchestrated by Moscow, either to discredit Trump or to discredit efforts by American officials investigating Trump’s possible ties to Russia, including Special Counsel Robert Mueller.”

    too bad they were unwilling to offer the fellow immunity….
    “The hacker’s cooperation with the U.S. intelligence community broke down over his demands for full immunity from U.S. prosecution for his hacking activities — negotiations that failed largely because the hacker refused to provide his full personal identification to the Americans.” makes sense according to the nyt here though “The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.”

    however, it looks like they have bought into a lot more then they wanted all along using the various liars up for examination thanks the mueller investigation.. hopefully they didn’t have to pay for that too.. would have been better to take a pass on it..

  4. mister bunny says:

    Since Trump is admitting that Russia has participated in disrupting US democracy through (at least) disinformation against him, then it would make sense for him to enact/enforce the sanctions Congress has ordered to respond to such interference. No?

  5. earlofhuntingdon says:

    “Too lazy to get off their asses,” is the way Marine Gen. John Kelly describes Dreamers and those immigrants who want to be, forgetting that he can’t talk to his boss before 11.00 am because Trump is in bed watching television.

  6. HanTran says:

    Anyone care to comment on who this leak helps? It seems to me that the answer is Drumpf, am I missing something? Who had the access and would like to help Drumpf? Did Russians leak the leak? Would they have done so? Motivations for that could be either helping Drumpf and/or continuing to sew distrust of the US public in the US government. I think we may have paid Russians 100 grand to do exactly what they wanted to do.

Comments are closed.