February 10, 2018 / by emptywheel


How a Russian Dangle about Shadow Brokers Started Dictating NSA’s Twitter Feed

As you may know, we’ve been fostering dogs. Our current dog, June Bug (pictured above), is a terrorist. She’s really smart. She creates diversions so she can try to steal our food. We can only get her to play with dog toys if we “trick” her, by hiding them in boxes that she first destroys. But today, she got outfoxed (heh) by a squirrel. We were walking south towards a bush and a big oak and she saw the squirrel under the bush. While we were walking past the oak, the squirrel bolted up the oak so high that June Bug (who at least is better at understanding a third dimension than McCaffrey the Millennial Lab was) couldn’t see her. June Bug kept looking under the bush until finally she turned to the oak but by then the squirrel was well beyond her vision up in the oak.

This story, reported in both the Intercept and the NYT, on the CIA and NSA’s efforts to reach out to Russia to get Shadow Brokers tools feels like that exchange. Reading the two in tandem, it’s clear that the Russians learned the CIA and NSA were trying to buy back the tools released by Shadow Brokers, and used the channel the US set up with a Russian “businessman” to provide likely disinformation about Trump’s ties to Russia instead. NYT describes obtaining,

Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.


All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.

The Intercept said the government even obtained an FBI report that had been purloined.

Recently, the Russians have been seeking to provide documents said to be related to Trump officials and Russian meddling in the 2016 campaign, including some purloined FBI reports and banking records.

It’s equally clear that, as things soured, the source reached out to James Risen to make sure the story would come out with the spin that the CIA had cut off the exchange because it didn’t want to receive dirt on Trump. Note, the NYT story doesn’t include the agency split.

What’s perhaps most embarrassing about the story is that the NSA tweeted out pre-arranged tweets at least ten times (the Intercept describes which tweets they were) as a signal that the American businessman intermediary was really working on behalf of the US government. The last that Risen lists is one pertaining to Section 702 on December 13.

Effectively, Russia was yanking NSA’s chain, and possibly tracking communication pathways from the American intermediary through NSA to the Twitter feed.

The incident is interesting for several reasons. First, it may corroborate the “second source” theory I posited back in September (which I was pretty sure was in the neighborhood in any case given some curious attention the post got). It seems to confirm that the spooks at least came to believe that Russia was behind the Shadow Brokers and Vault 7 compromises (though Russia doesn’t appear to have shared any legitimate non-public files, so it’s not necessarily proven).

Trump is now using this effort at disinformation the same way he has used the Steele dossier: in a bid to claim his own innocence.

I’m perhaps most interested in the timing of this. The government seemed to treat the Nghia Hoang Pho plea in early December as its explanation for how the Shadow Brokers files got stolen. If that’s true, it should know what Russia or whoever else took (or they could at least ask Kaspersky nicely, which seems to have a pretty good idea of what was there). It wouldn’t need to chase this intermediary for two more months.

And yet they did.

Copyright © 2018 emptywheel. All rights reserved.
Originally Posted @ https://www.emptywheel.net/2018/02/10/how-a-russian-dangle-about-shadow-brokers-started-dictating-nsas-twitter-feed/