1 2 3 925

What Are the DNC Hack(s) Rated on Obama’s New Cyber-Orange Alert System?

Screen Shot 2016-07-27 at 5.34.29 PMYesterday, President Obama rolled out yet another new cyber-directive, this one aiming to better coordinate response to attacks. (PPD, annex, fact sheet) Along with all that, the White House released a guideline on the ranking of cyberattacks, including the Orange Alert type table that reminds me of Tom Ridge’s discredited system.

I’m going to post at more length about this prioritization system and the PPD.

But for the moment I wanted to post the table separately to ask what you think the DNC hack(s) (remember there were two) would rank on the system. My guess is the initial hack (APT29, alleged to be FSB) would be Level 1 or even 0. State actors spy on political parties all the time, and that’s all we’ve been told APT29 was doing.

The real question is APT28, which is the hack alleged to have ties to Guccifer and therefore to the Wikileaks posting of all the emails. It’s not yet clear the hack was intended to elect Trump (assuming it is Russian); I think it more likely to be retaliation for the Ukrainian coup. It’s not clear how important it will be on the election (and I expect more damaging documents to be released closer to the election). And it’s not clear how much this really has affected public confidence.

The question is still more problematic if you try to grade the OPM hack, which has to be far closer to a Level 4 (because of the risk it placed clearance holders under). But do you also lump it in with, say, the hack of Anthem, which is understood to be related?

I will ask the White House tomorrow if it has ranked the DNC hack(s). But for now, where do you think it would rate?

ISIS’ 4 Terabyte Cache of Un- or Badly Encrypted Data

Reuters just published a story about a big cache of data ISIS left as it retreated from Manbij. It’s great news that the military got these materials, as it will helps us defeat ISIS. Just as important is this part.

The material, gathered as fighters moved from village to village surrounding the town of Manbij, includes notebooks, laptops, USB drives, and even advanced math and science textbooks rewritten with pro-Islamic State word problems, Colonel Chris Garver, the U.S. military spokesman in Iraq, said in a news briefing.

The U.S.-backed fighters – an alliance of Kurdish and Arab forces – have gathered more than 4 terabytes of digital information, and the material, most of it in Arabic, is now being analyzed by the U.S-led coalition fighting the militant group.

This retreat is happening as we speak. That means that US forces were able to exploit the data almost immediately on seizing it. And that, in turn, either means it is not encrypted, it is badly encrypted, or the US also got passwords for encrypted files along with the rest of the stash.

Perhaps this can put to rest the calls to weaken encryption because ISIS is using it to great effect?

Update: Here’s another story on this making it clear the US is exploiting this data right away.

The Other Factor in the DNC Hack: WikiLeaks’ Personal War with Hillary Clinton

Since yesterday, both Jack Goldsmith and Peter Singer have had offered some interesting perspective on the alleged Russian hack of the DNC.

Singer had a bit of a Twitter rant.

Screen Shot 2016-07-26 at 2.37.08 PM

Screen Shot 2016-07-26 at 2.44.15 PM

His linked (recent) Oversight testimony which discussed how much more complex cyber deterrence is than Cold War nuclear deterrence is.

For his part, Goldsmith first considered what was old and new in the hack, finding the only real new thing was releasing the emails.

While there is nothing new in one nation using its intelligence services to try to influence an election in another, doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.

He then dismissed the notion — floated elsewhere — that this amounts to cyberwar while implying that the US has to get far better at defending our own networks and systems.

How seriously do you think the government takes issues of cyberwarfare? Do you feel confident about our defensive capabilities and competence?

“Cyberwar” is a misleading term—the Russian hack, if it is that, is not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information. That said, the U.S. government takes all major cyberoperations against it and its major public and private institutions very seriously. My confidence about our defensive capabilities and competence depends on what institutions you are talking about. Today, some components of the government (e.g. the Defense Department) do better than others (e.g. the Office of Personnel Management, which recently suffered an very damaging hack). And private sector defenses, even of important critical infrastructure networks, are a very mixed bag. The scale of the challenge is enormous, and offense has many advantages over defense. I don’t know anyone who is sanguine about our defensive capabilities overall.

Then he went on a Twitter rant directed at the hand-wringing about how unusual this is.

1/ In assessing the DNC hack, remember that USG is no innocent when it comes to infiltrating foreign computer networks.

2/ The cyber-attack on Iranian nuclear centrifuges was one of the most consequential in history.

3/ USG openly & aggressively supports technologies that weaken foreign gov’t control over networks.


6/ It’s also well known that US has in past used covert ops to influence foreign elections.

7/ Current U.S. cyber-espionage almost certainly extends to political organizations in adversary states.


11/ The point is that USG plays rough in cyberspace, and should expect others to do so as well.

12/  And yet USG seems perpetually unprepared. DNC hack is tiny tip of iceberg of possible electoral disruptions via cyber.

In short, both think this is something other than cyberwar, but view the importance of it differently (even while both provide suggestions for a policy framework to respond), particularly the uniqueness of the perceived sabotage of the election. But their discussion (along with virtually everyone else’s) has pitched this as a two-front question, us against Russia, though Singer’s testimony has a lot of discussion about how much more complexity there is to this issue, including the non-state actors who might be involved.

After having dismissed the unthinking equation of 2 intelligence hacks = Guccifer = Russia = WikiLeaks = Russia story, I want to return to it to complicate matters somewhat, to talk about Wikileaks role whether or not it cooperated with Russia on this. First, what follows is in no way meant to be a defense of Wikileaks’ action here, which included the inclusion of credit card and social security information in the dump. Particularly against the background of what it recently did with Turkish documents: in the guise of releasing a bunch of Erdogan documents, it also dumped voting information on most women in Turkey, including whether or not they were members of Erdogan’s AKP.

WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.

Yes — this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan’s ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. The Istanbul file alone contains more than a million women’s private information, and there are 79 files, with most including information of many hundreds of thousands of women.


Another file appears to contain sensitive information, including Turkish citizenship IDs of what appears to be millions of AKP members, listed as active or deceased. Yet another file contains the full names, citizenship IDs and cellphone numbers of hundreds of thousands of AKP election monitors — the most active members of the party.

As Zeynep Tufekci points out, in the wake of the failed coup and Erdogan’s retaliation, this has the possibility of endangering a great number of people.

She blames the dump on Wikileaks’ failure to work with locals, who could have explained that the emails themselves were virtually worthless. Perhaps. Perhaps Wikileaks served as someone else’s useful idiots — or even, if you believe there’s something more deliberate behind the coup and counter-coup, perhaps Wikileaks played a more active role.

So Wikileaks has done two things that were egregious and damaging. I do not defend that. I condemn it (and the sloppy journalism that enabled it).

Update: see this post on where the Turkey files came from, which came from Phineas Fisher; it wasn’t Wikileaks.

But I want to consider how different its role is with the target of this leak — Hillary Clinton (and Democrats more generally) — and Turkey.

Most of the discussion about the where and whyfor of the leak assumes it is all about Russia’s interest (assuming, of course, that this was a Russian state hack). But consider why Wikileaks might want to leak in this way and at this time.

Hillary was, of course, Secretary of State when Wikileaks leaked the State department cables and pushed aggressively for Chelsea Manning’s prosecution (as Charlie Savage wrote in a piece published just before I finished this, this is a point Assange made when he discussed the emails 6 weeks ago). She has, since then, been found to treat information claimed to be far more sensitive in careless fashion (as has the State Department generally).

Very importantly, State worked closely with DOJ as it investigated Wikileaks. There is very good reason to believe that as part of that investigation, DOJ mapped out Wikileaks’ supporters and, possibly, financial contributors — that is, precisely the kind of people, to the DNC, that Wikileaks just doxxed. That’s arguably a violation of Section 215, which includes First Amendment protections.

We also know that GCHQ was (at least as a SIGDEV research project, but those often serve to conduct surveillance that wouldn’t really fly within other legal guidelines) collecting log files of people who visit Wikileaks.

We know that under pressure from the US government, traditional funding sources stopped taking donations for Wikileaks. I’ve seen hints of some legally dubious action that may be worse, as well. In addition, in 2012, the FBI considered Bitcoin donations to Wikileaks among the many nefarious things one could do with Bitcoin.

Screen Shot 2016-07-26 at 7.59.01 PM

Love or hate Wikileaks, but it — and its political and financial supporters — were tracked. Its sources of funding were cut off. And then the government realized that Wikileaks (at that point, at least) was engaging in what a lot of media outlets also do and conceded it couldn’t charge Assange for those activities.

Now I’m not trying to say two wrongs make a right — that because FBI collected data implicating innocent supporters of Wikileaks, it is okay for Julian Assange to dox all the DNC’s supporters.

Rather, I’m trying to raise this in the context of the issues that Singer and Goldsmith lay out. Whether Wikileaks cooperated with Russia (if Russia did the hack) or not, it is a key player in this leak. Even if Russia did this to help Trump, Assange executed the leaks to maximal damage to Hillary (and I suspect Wikileaks will continue to do more damage with further leaks). What does this say about issues of retaliation against non-state actors working with the sphere of state actors, as people consider information war in the era of cyber?

I don’t know the answer to that, but as we raise the question, those issues need to be addressed as readily as the state actor question. The way this rolls out may be as much a question of a non-state actor retaliating against a political figure as it is a state actor trying to elect its preferred candidate.


NSA and CIA Hacked Enrique Peña Nieto before the 2012 Election

Part of the frenzied discussion about the possibility that Russia hacked the DNC includes claims that the US would never do something so dastardly.

Except that the Foreign Government Section 702 Certificate makes it clear the NSA is authorized to spy on foreign based political organizations even within the US (and would have far more liberty under EO 12333). Among the parties specifically authorized for targeting in 2010 was Pakistan’s People Party, the incumbent party in a nominal ally.

Indeed, the Snowden documents have an even better example of the US spying in advance of an election — when, in June 2012, NSA targeted the texts between Enrique Peña Nieto and nine of his closest associates.

The NSA’s intelligence agents in Texas must have been asking themselves such questions when they authorized an unusual type of operation known as structural surveillance. For two weeks in the early summer of 2012, the NSA unit responsible for monitoring the Mexican government analyzed data that included the cell phone communications of Peña Nieto and “nine of his close associates,” as an internal presentation from June 2012 shows. Analysts used software to connect this data into a network, shown in a graphic that resembles a swarm of bees. The software then filtered out Peña Nieto’s most relevant contacts and entered them into a databank called “DishFire.” From then on, these individuals’ cell phones were singled out for surveillance.

According to the internal documents, this led to the agency intercepting 85,489 text messages, some sent by Peña Nieto himself and some by his associates. This technology “might find a needle in a haystack,” the analysts noted, adding that it could do so “in a repeatable and efficient way.”

This would have been in the weeks leading up to the election on July 1.

There is one difference: We don’t know what our spooks did with the information gleaned from the 85,489 texts kept from candidate EPN (it was a close election, and I presume we preferred EPN to Andrés Manuel López Obrador). NSA and CIA (with which NSA partnered on this hack) certainly did not release any information we know of from those texts. A more interesting question, in this case, is whether the US used anything from those texts to reassure ourselves — or ensure — that EPN’s campaign promises to change Mexico’s level of cooperation in the war on drugs (which of course also means spying) would change once he won the election, as they did.

None of this excuses Russia if it hacked the DNC. But it does provide a very concrete example where the US hacked the most intimate network of a person running for office — and of an ally, no less.

Spies steal information, even from political candidates. Including American spies.

The Two Intelligence Agency Theory of Handing Trump the Election

There has been a lot written about Russia intelligence agencies allegedly hacking the DNC server and — by leaking it — attempting to influence the election. Some observers have, based on that assumption, called the hack an act of war.

I’m agnostic on whether Russian intelligence did one or both of the hacks, in part for reasons I’m still working through. I’m even more skeptical of some of the claims made about Russia’s motivations in launching this attack to put Trump in the presidency (which is not to say Trump wouldn’t be horrible for a whole slew of other reasons); on that topic, see this Josh Marshall piece and a fact-checking of it. And I’m frankly amused that, after using several other outlets for publicity and to release documents, the hacker(s’) cooperation with WikiLeaks (which irresponsibly released credit card and social security information on Democratic donors, but which almost certainly had its donors investigated by DOJ with the heavy involvement of Clinton after Wikileaks published the State cables) itself is a sign of Russian involvement. Does Russia also run The Hill, the last outlet used by DNC hacker(s)?

In short, there are a whole bunch of claims being made, all serving a narrative that Putin is playing in our elections, with little scrutiny of how you get from one level (what have been described as two separate hacks) to another (to Guccifer 2, to help Putin) to another (with the help of Wikileaks). It’s like the Rosetta stone of Cold War 2.0 paranoia. All may be true, but the case is thus far still fragile.

This post, from Thomas Rid, is the most sober analysis of the claim that Russian hackers hacked the DNC. Even still, there are some logical problems with the analysis (that are sadly typical of the underlying cybersecurity consultants). Take these two passages, for example.

The DNC knew that this wild claim would have to be backed up by solid evidence. APost story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.


The metadata in the leaked documents are perhaps most revealing: one dumped document was modified using Russian language settings, by a user named “Феликс Эдмундович,” a code name referring to the founder of the Soviet Secret Police, the Cheka, memorialised in a 15-ton iron statue in front of the old KGB headquarters during Soviet times. The original intruders made other errors: one leaked document included hyperlink error messages in Cyrillic, the result of editing the file on a computer with Russian language settings. After this mistake became public, the intruders removed the Cyrillic information from the metadata in the next dump and carefully used made-up user names from different world regions, thereby confirming they had made a mistake in the first round.

They argue (based in part on CrowdStrike’s claims of expertise) both that the hacker(s) were really sophisticated and that they deliberately adopted a Russian name but accidentally left Russian metadata in the files. Particularly with regards to the Russian metadata, you don’t both adopt a notable Russian spook’s ID while engaging in a false flag but then “accidentally” leave metadata in the files, although the second paragraph here pertains to Guccifer 2 and not the Crowdstrike IDed hackers.

If Guccifer were a true false flag, he might well be pretending to be Russian to hide his real identity.

Add to that this post (from June), which notes some confirmation bias in the way that FireEye first attributed APT 28 (which CrowdStrike believes to be GRU, Russia’s military intelligence).

I chose to look at Fancy Bear (APT28 in FireEye’s ecosystem). The most comprehensive report on that threat actor was written by FireEye and released last October, 2014 so I started with that. To my surprise, the report’s authors declared that they deliberately excluded evidence that didn’t support their judgment that the Russian government was responsible for APT28’s activities:

“APT28 has targeted a variety of organizations that fall outside of the three themes we highlighted above. However, we are not profiling all of APT28’s targets with the same detail because they are not particularly indicative of a specific sponsor’s interests.” (emphasis added)

That is the very definition of confirmation bias. Had FireEye published a detailed picture of APT28’s activities including all of their known targets, other theories regarding this group could have emerged; for example, that the malware developers and the operators of that malware were not the same or even necessarily affiliated.

And even if you took the underlying report as definitive, APT 28 was primarily focused on military targets, which by itself ought to raise questions about why they’d go after the DNC.

Screen Shot 2016-07-25 at 12.42.18 PM

To make the argument based on targets that APT 28 is GRU you need to do even more adjusting of motivation (though more recent APT 28 attributed attacks are more similar to this one).

But one reason I find the Rid piece sober and useful is it emphasizes something that has been ignored by much of the inflamed reporting. First, even CrowdStrike claims that DNC was hacked twice, by two different Russian entities, which did not appear to be coordinating during the hack. From the CrowdStrike report:

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

And, as Rid points out, the proof that Guccifer is tied to Russia (it would be to GRU or APT 28 if the tie were real, so the less persistent of the two apparently unrelated hacks) is even less clear, though there still is a lot of circumstantial evidence.

The evidence linking the Guccifer 2.0 account to the same Russian operators is not as solid, yet a deception operation—a GRU false flag, in technical jargon—is still highly likely. Intelligence operatives and cybersecurity professionals long knew that such false flags were becoming more common. One noteworthy example was the sabotage of France’s TV5 Monde station on 9/10 April 2015, initially claimed by the mysterious “CyberCaliphate,” a group allegedly linked to ISIS. Then, in June, the French authoritiessuspected the same infamous APT 28 group behind the TV5 Monde breach, in preparation since January of that year. But the DNC deception is the most detailed and most significant case study so far. The technical details are as remarkable as its strategic context.


Other features are also suspicious. One is timing, as ThreatConnect, another security company, has pointed out in a useful analysis: various timestamps indicate that the Guccifer-branded leaking operation was prompted by the DNC’s initial publicity, with preparation starting around 24 hours after CrowdStrike’s report came out. Both APT 28 and Guccifer were using French infrastructure for communications. ThreatConnect then pointed out that both the self-proclaimed hacker’s technical statements on the use of 0-day exploits as well as the alleged timeline of the DNC breach are most likely false. Another odd circumstantial finding: sock-puppet social media accounts may have been created specifically to amplify and extend Guccifer’s reach, as UK intelligence startup Ripjar told me.

Perhaps most curiously, the Guccifer 2.0 account, from the beginning, was not simply claiming to have breached the DNC network—but claiming that two Russian actors actually were not on the DNC network at the same time. It is common to find multiple intruders in tempting yet badly defended networks. Nevertheless the Guccifer 2.0 account claimed confidently, and with no supporting evidence, that the breach was simply a “lone hacker”—a phrasing that seems designed to deflect blame from Russia. Guccifer 2.0’s availability to the journalists was also surprising, and something new altogether.

The combative yet error-prone handling of the Guccifer account is in line with the GRU’s aggressive and risk-taking organizational culture and a wartime mindset prevalent in the Russian intelligence community. Russia’s agencies see themselves as instruments of direct action, working in support of a fragile Russia under siege by the West, especially the United States.

Now, again, I’m not saying the Russians didn’t do this hack, nor am I dismissing the idea that they’d prefer Trump to Hillary. By far the most interesting piece of this is the way those with the documents — both the hackers and Wikileaks — held documents until a really awkward time for some awkward disclosures, with what may be worse to come.

But discussions that want to make the case should explain several things: Which of the two agencies alleged to have hacked DNC are behind the operation — or are they both, even though they weren’t, at least according to the report that everyone is relying on without question, apparently cooperating? How certain can they be that the GRU is Guccifer, and if Guccifer is supposed to be a false flag why was it so incompetently done? What explains Guccifer’s sort of bizarre strategy along the way, encompassing both Wikileaks (an obvious one) and The Hill?

Again, I absolutely don’t put this kind of thing beyond Putin. Russia has used hacking to influence outcomes of elections and authority in various countries in the past and the only thing new here is that 1) we wouldn’t already be playing the other side and 2) we’re big and can fight back. But the story, thus far, is more complex than being laid out.

Update: Here’s an amusing debunking of a lot of the metadata analyses.

Meanwhile, after the WaPo story hit the wires the “lone hacker” created his wordpress site and dropped dox as we say on the intertubes. Shortly after the drop people were inspecting, detecting, infecting, and making circles and arrows with captions on the back to describe what you were seeing! … And the conspiracy theory machine went into overdrive. Pwnallthethings made some good comments on the metadata in the dropped dox but really, concluding that this is a Russian disinformation operation from metadata stripped documents on the idea that the machine name was cyrillic for Felix Dzerzhinsky (Феликс Эдмундович)  Really? Now that is fucking SOLID work man! Stellar! FUCK LET’S GO BOMB RUSSIA NOW!



You know at least Crowdstrike has like actual data, ya know, C2’s, malware, and shit like that. Anything else is totally speculative, I mean even more speculative than most attribution that these companies make with real data! Anyway, I took a look at the metadata on the documents and here is what I have found…

  • Much of the data was stamped out in saving from format to format
  • Emails of users though were still embedded in the excel files
  • The word docs have no more metadata than the Iron Felix machine name save, which, gee, kinda leads one to wonder…
  • The image files have no metadata.. none.. niente clean.
  • Grizzli777 is just someone who pirates

Yep, not a lot to see there and people are hanging their collective hats on the deliberate placement of Феликс Эдмундович as the machine name to it’s quite OBVIOUSLY being Mother Russia’s exclusive secret services.

*squint.. takes drag of cigarette*

So here’s my assessment…. Maybe Russia did it… OR Maybe this actor is the real thing and happens to want to take credit. The facts that this person(s) reads, writes, has, cyrillic on their machine and names it after the founder of the KGB is as reliable a means to saying it was Russia as it is to say that aliens built the pyramid because people just were fucking too stupid back then!

35 Years after Saint Reagan’s Order, Treasury Still Dawdles

The other day, I Con the Record released an updated index of the procedures intelligence components use to comply with Executive Order 12333’s rules on sharing information about US persons. As is typical of I Con the Record, it didn’t admit that this new “transparency” really just incorporates information demanded under FOIA. In this case, the index released three newly available documents liberated by ACLU in their 12333 FOIA. I Con the Record also misrepresented how long the renewed effort to make sure agencies have such procedures in place has gone on; as I’ve noted, PCLOB has been pursuing this issue since 2013.

But one thing hasn’t changed. 35 years after Ronald Reagan ordered the intelligence community to come up with such procedures, Treasury continues to operate without them (and DEA continues to operate with badly outdated ones.

Screen Shot 2016-07-22 at 4.10.40 AM

It’s almost as if Treasury doesn’t believe it needs to comply with the terms of Saint Reagan’s EO.

Chris Christie and Karl Rove’s US Attorney Project

The Republicans were supposed to talk about how they plan to Make America Work Again last night. And I supposed Paul Ryan — and to a lesser extent Mitch McConnell, when he wasn’t being booed — presented a vision of how they think Republicans run the economy. That vision doesn’t actually resemble the protectionist big government approach Donald Trump has been running on. But given the revelation that Trump offered to let John Kasich run both domestic and foreign policy if he would be his VP candidate (Kasich was still reluctant), perhaps we should focus more on how Mike Pence wants to suffocate the economy.

Instead, as most people have focused, Republicans continued to attack Hillary (Hillary continues to attack Trump, though I suspect she will focus somewhat more on policy next week than Republicans have thus far). Many people have unpacked Chris Christie’s rabble inciting witch hunt last night, but Dan Drezner backs his review of it with some data on the risks to democracy (click through to read all of, which is worth reading).

Gov. Chris Christie’s speech garnered particular attention. It triggered similar reactions from The Weekly Standard and Vox, two outlets not known to agree on all that much.

The climax of Christie’s speech was a call-and-response with the crowd listing Clinton’s various misdeeds.


Indeed, political events in both Turkey and the United States makes one somewhat concerned about the future of democracy as a political institution. Francis Fukuyama has banged on in recent years on the problems of political decay in the advanced industrialized democracies. He’s a bit more sanguine about this election cycle than most, but the erosion of accepted norms of political behavior is an extremely disturbing trend. Donald Trump (and his campaign manager) certainlyepitomizes this contempt for such minor things as the Constitution and the rule of law:

As the cherry on the top of this worry sundae, the Journal of Democracy has just published an article by Roberto Stefan Foa and Yascha Mounk entitled, “The Danger of Deconsolidation: The Democratic Disconnect.” Foa and Mounck have previewed their findings here and here over the past year, and their thesis is pretty damn sobering: 


What we find is deeply concerning. Citizens in a number of supposedly consolidated democracies in North America and Western Europe have not only grown more critical of their political leaders. Rather, they have also become more cynical about the value of democracy as a political system, less hopeful that anything they do might influence public policy, and more willing to express support for authoritarian alternatives. The crisis of democratic legitimacy extends across a much wider set of indicators than previously appreciated….

In theory, it is possible that, even in the seemingly consolidated democracies of North America and Western Europe, democracy may one day cease to be the “only game in town”: Citizens who once accepted democracy as the only legitimate form of government could become more open to authoritarian alternatives.


By all means, read the whole thing. As an American, I find it particularly troubling that Ronald Inglehart’s rebuttal essay says that Foa and Mounck are exaggerating because this phenomenon is limited to the United States.

Foa and Mounck’s data ends in 2010. One could argue that things have only gotten worse since then, as Christie’s show trial speech suggests. But if I have a sliver of optimism, it is that the Trump campaign is America’s moment of staring into the anti-system abyss and seeing the ugliness that would await.

I will be curious if, after this election cycle, there is a greater appreciation for the democratic institutions that have made America great for more than a century.

I’m sympathetic to the notion that democracy is becoming delegitimized here and elsewhere, and in part blame the elites who have divorced policy outcomes from democratic accountability and therefore from benefits for average voters.

But the Chris Christie witch hunt is a special case. After all, this is a former US Attorney, a former top embodiment of America’s criminal justice system (and Christie’s attack was far more irrational than that of another US Attorney, Rudy Giuliani, earlier in the night).

And he’s not just any US Attorney. He’s a US Attorney who got that role largely off his fundraising for George W Bush, even in spite of concerns about his experience. Christie was, in some ways, one of the early test cases for Karl Rove’s theory that US Attorney positions would make great launching pads for further political advancement — and it worked, to some degree. After prosecuting a bunch of Democrats in an equal opportunity political corruption state, Christie won the governorship and started abusing his power, most spectacularly with Bridgegate. He came close to winning the VP nomination with Trump (and if last night is any indication, perhaps he should have). Along the way he pioneered Deferred Prosecution Agreements, making monitor positions another piece of pork for loyal Republicans.

In other words, Christie is the personification of a Republican effort to politicize a position that — while political — had previously been treated with some respect for precedent and neutrality.

No longer. Last night, Christie broke down all remaining barriers between law enforcement and political prosecution. It was the inevitable outcome of Rove’s little project.

Like Drezner, I’m worried generally about the state of our democracy (though unlike him I think the elite have a lot to answer for letting it happen). But the Christie witch hunt is a development above and beyond that general trend.

FBI Established Saudi Task Force Just before Joint Inquiry Release

The House Intelligence Committee just released the 28 pages detailing Saudi involvement in 9/11.

The pages are actually more damning than I expected. It lays out many damning details we already knew of: including that Bandar bin Sultan’s wife was providing money to one of the suspect Saudi intelligence people, several Saudi apparent agents provided support for the hijackers, and an apparent dry run for the attack was conducted by someone paid by the Saudis.

One really damning detail that I didn’t know, however (or had forgotten if covered in Bob Graham’s book), is that it wasn’t until the Joint Inquiry focused on the Saudis that FBI established task force to look into Saudi Arabia’s role in the attack.

Screen Shot 2016-07-15 at 4.10.50 PM

That means over a year elapsed before the FBI really started investigating this angle. It goes on to reveal FBI was not focusing any counterintelligence resources on Saudis before 9/11, because “FBI received ‘no reporting from any member of the Intelligence Community’ that there was a [redacted] presence in the United States.” A very heavily redacted passage implies that’s because they were an “ally” [scare quotes original].

Screen Shot 2016-07-15 at 4.23.12 PM

It goes on to note that CIA did have records of such ties (we knew that); it makes no mention of NSA, though they knew of Saudi ties as well.

The report even reveals that Robert Mueller learned about the Saudi role in the attack from the Joint Inquiry:

Screen Shot 2016-07-15 at 5.31.41 PM

This is fairly unbelievable, but all too believable.

The end of the report provides multiple reports of Saudi refusal to cooperate in the investigation.

Screen Shot 2016-07-15 at 4.48.26 PM

I’m particularly interested in the detail that they demanded information that would show sources and methods. I know that the Saudis had notice of Stellar Wind well before it got exposed in 2005. That means they were getting tips on what we knew even as refusing to tell what they knew.

Between that and the failure to investigate, it explains how the Saudis could get away with assisting an attack on the US.

Update: Kristin Breitweiser rightly rails on mainstream coverage of the report that dismiss the seriousness of the allegations in the report.

When CIA Director John Brennan states that he believes the 29 pages prove that the government of Saudi Arabia had no involvement in the 9/11 attacks, recognize that John Brennan is not a man living in reality — he is delusional by design, feeding and protecting his Saudi vice.

When Assistant Secretary of State for Near Eastern Affairs, Anne W. Patterson, testifies — under oath — that the Kingdom of Saudi Arabia is an ally that does everything they can to help us fight against Islamic terrorism, recognize that her deep, steep Saudi pandering serves and protects only her Saudi vice.

Read the 29 pages and know the facts.

Do not let any person in our government deny the damning reality of the 29 pages.

And as you read the 29 pages remember that they were written during 2002 and 2003.

Key Area of Dispute on Drone Numbers: Number of Strikes

Dianne Feinstein is out with a statement applauding that I Con the Record has released drone kill numbers that — she suggests — proves the spooks know something we don’t and that the number of civilian casualties hasn’t been that high.

“I want to commend the administration for taking this important step toward transparency by releasing information on the number of civilian deaths as a result of U.S. drone strikes. I believe more can be done, but this release of data is a good start.

“I’ve been calling on the administration to release drone strike data for years. Varying numbers have been tallied by outside organizations but as today’s report makes clear, the government has access to unique information to help determine the number of civilian deaths. The American people should be able to weigh the necessity of counterterrorism programs with as much information as possible.

“I do believe that great care is taken to avoid noncombatant casualties during drone strike operations. Since 2009, the Senate Intelligence Committee has devoted significant time and attention to targeted strikes by drones, with a specific focus on civilian casualties.

“While a single civilian death is one too many, I believe this program is more precise than many alternatives such as strikes with cruise missiles, where far more civilians would be at risk.”

A fair response to Feinstein, I think, is to point to this piece from the Human Rights Watch researcher who tallied their count of civilian deaths in Yemen. As she notes, counting just the cases she has investigated on the ground would say there were only 7 other civilian casualties later in Yemen and in other theaters.

The US strikes on Al-Majalah in December 2009 killed 14 fighters with Al-Qaeda in the Arabian Peninsula—but they also killed 41 Bedouin civilians, more than two-thirds of them women and children, according to a Yemeni government probe. In an investigation for Human Rights Watch, I tallied the same toll. Yet the US government has never publicly acknowledged the Al-Majalah killings. Instead, two classified diplomatic cables released by Wikileaks revealed, the Obama administration made a concerted effort to conceal its role in the attack.

The White House release on July 1 of casualty figures for airstrikes outside conventional war zones since 2009 should have shed light on how many civilians were killed in attacks such as the one in Al-Majalah. Instead, its data dump, at the start of a holiday weekend, continues President Barack Obama’s obfuscation of its lethal strike program against armed groups such as Islamic State and Al-Qaeda. Even if the government’s definition of a “combatant” were fully consistent with international law, which only applies to armed conflict situations, the release raises more questions than it answers.


Did the US kill only 7 civilians in 466 strikes? In 2012-13, I led Human Rights Watch investigations into seven of the US counterterrorism strikes in Yemen from 2009 to 2013 that were alleged to have killed civilians. We visited strike sites when possible, examined the remnants of ordnance, and interviewed a range of witnesses, relatives, tribal leaders and Yemeni officials—corroborating our findings in ways that the DNI cannot simply dismiss. We found that at least 57 of those killed were civilians, along with possibly 14 others, 12 of them in a strike on a wedding convoy. Subtracting our numbers from the DNI’s minimum estimates leaves only seven civilian deaths in the 466 strikes that we did not investigate. That would be a remarkably low toll. But based on the obscure data the Obama administration revealed last week, we cannot know if it is accurate.

Viewed this way, it’s easy to see how ODNI’s numbers cannot add up. There must be some more basic reason their numbers are so different from every other outlet, having to do with methodology or scope. I’ve pointed to some potential explanations: CIA didn’t hand over all their numbers to ODNI, they didn’t include everything we’d include in terms of areas outside active hostilities, some strikes (and the al-Majalah one would be a likely candidate) were attributed to either the home country or some other ally (cough, KSA), even if the US conducted the strike; remember the US did a lot of “side payment” strikes in Pakistan to win the right to do our own strikes.

In other words, if “side payment” strikes — in Pakistan and Yemen (some of the latter of which may have been done for Saudi Arabia) — were the ones that killed a bunch of civilians, they might not show up in I Con the Record’s numbers.

But here’s how it would seem we could move forward: try to come to some agreement as to how many actual strikes are.

As Micah Zenko pointed out, there is a very big discrepancy between the numbers of total strikes counted by NGOs and the government. Effectively, the Administration doesn’t count 18% of the known air strikes as their own (based off the NGO average).

It’s easy to see where a disagreement about individual casualties, and of what type, would come from, but not of airstrikes themselves. Unless airstrikes generally assumed to be US airstrikes are being counted as someone else’s.

Update: Fixed that Yemen would be the recipient of side payment strikes, not Saudi Arabia.

As Part of Confirmation Process, Loretta Lynch Suggested DOJ Didn’t Have Enough Evidence to Prosecute HSBC

The WSJ has a story reporting what we long pretty much knew: DOJ decided not to prosecute HSBC for helping drug kingpins (this report, like most others and like DOJ’s settlement itself, forgets to mention HSBC also materially supported terrorism) because doing so might create global financial havoc.

U.S. Justice Department officials overruled their prosecutors’ recommendation to pursue criminal charges against  HSBC Holdings PLC over money-laundering failings, according to a House committee report prepared by Republicans that sheds new light on the bank’s 2012 settlement.

The report, which was reviewed by The Wall Street Journal and prepared by the Republican staff of the Financial Services Committee, concluded that former Attorney General Eric Holder overruled the internal recommendation and subsequently misled Congress about the Justice Department’s decision not to prosecute the U.K. bank.

“Rather than lacking adequate evidence to prove HSBC’s criminal conduct, internal Treasury documents show that DOJ leadership declined to pursue [the] recommendation to prosecute HSBC because senior DOJ leaders were concerned that prosecuting the bank ‘could result in a global financial disaster,’ ” the 282-page report stated.


Holder later said those comments were misconstrued and that the Justice Department doesn’t believe any institution is too large to face legal punishment. “If we find a bank or a financial institution that has done something wrong, if we can prove it beyond a reasonable doubt, those cases will be brought,” Mr. Holder said at a 2013 House hearing.

The report, which was expected to be released Monday, concluded those comments were misleading because lower-level prosecutors had recommended the department prosecute HSBC, according to Treasury Department emails subpoenaed by the committee.

The report blames Eric Holder for the decision, not Loretta Lynch, who oversaw the case as US Attorney. Indeed, her name doesn’t appear in the WSJ story at all.

But given the claim that line prosecutors believed they had plenty of evidence to charge HSBC, consider how Lynch answered a question about the topic during her confirmation process.

38. As United States Attorney for the Eastern District of New York, you helped secure nearly $2 billion from HSBC over its failure to establish proper procedures to prevent money laundering by drug cartels and terrorists. You were quoted in a DOJ press release saying, “HSBC’s blatant failure to implement proper anti-money laundering controls facilitated the laundering of at least $881 million in drug proceeds through the U.S. financial system.”

You stated that the bank’s “willful flouting of U.S. sanctions laws and regulations resulted in the processing of hundreds of millions of dollars in [Office of Foreign Assets Control]-prohibited transactions.” Still, no criminal penalties have been assessed for any executive who may have been involved.

a. Did you make any decision or recommendation on charging any individual with a crime?

i. If so, please describe any and all decisions or recommendations you made.

ii. Please explain why such decisions or recommendations were made.

b. If you did not make any decision or recommendation on charging any individual with a crime, who made the decision not to prosecute?

RESPONSE: On December 11, 2012, the Department filed an information charging HSBC Bank USA with violations of the Bank Secrecy Act and HSBC Holdings with violating U.S. economic sanctions (the two entities are collectively referred to as “HSBC”). Pursuant to a deferred prosecution agreement (“DPA”), HSBC admitted its wrongdoing, agreed to forfeit $1.256 billion, and agreed to implement significant remedial measures, including, among other things, to follow the highest global anti-money laundering standards in all jurisdictions in which it operates. As the United States District Judge who approved the deferred prosecution found, “the DPA imposes upon HSBC significant, and in some respect extraordinary, measures” and the “decision to approve the DPA is easy, for it accomplishes a great deal.” Although grand jury secrecy rules prevent me from discussing the facts involving any individual or entity against whom we decided not to bring criminal charges, as I do in all cases in which I am involved, I and the dedicated career prosecutors handling the investigation carefully considered whether there was sufficient admissible evidence to prosecute an individual and whether such a prosecution otherwise would have been consistent with the principles of federal prosecution contained in the United States Attorney’s Manual.

I want to reiterate, particularly in the context of recent media reports regarding the release of HSBC files pertaining to its tax clients, that the Deferred Prosecution Agreement reached with HSBC addresses only the charges filed in the criminal violations of the Bank Secrecy Act for failures to maintain an adequate anti-money laundering program and for sanctions violations. The DPA explicitly does not provide any protection against prosecution for conduct beyond what was described in the Statement of Facts. Furthermore, I should note the DPA explicitly mentions that the agreement does not bind the Department’s Tax Division, nor the Fraud Section of the Criminal Division. information, which are limited to violations of the Bank Secrecy Act for failures to maintain an adequate anti-money laundering program and for sanctions violations. The DPA explicitly does not provide any protection against prosecution for conduct beyond what was described in the Statement of Facts. Furthermore, I should note the DPA explicitly mentions that the agreement does not bind the Department’s Tax Division, nor the Fraud Section of the Criminal Division. [my emphasis]

To be fair to Lynch, hers was basically a non-answer. She said she and career prosecutors review the evidence. She implied that there was insufficient admissible evidence to prosecute, but did not say it.

But if the WSJ report is correct (and we should find out soon enough) in fact at least her prosecutors recommended prosecuting.

1 2 3 925