emptywheel

1 2 3 927

SEKRIT Memo: Ix-Nay on the Artians-May

A mere two days ago, we got tantalizing news of sentient life in space.

An international team of scientists from the Search for Extraterrestrial Intelligence (SETI) is investigating mysterious signal spikes emitting from a 6.3-billion-year-old star in the constellation Hercules—95 light years away from Earth. The implications are extraordinary and point to the possibility of a civilization far more advanced than our own.

The unusual signal was originally detected on May 15, 2015, by the Russian Academy of Science-operated RATAN-600 radio telescope in Zelenchukskaya, Russia, but was kept secret from the international community. Interstellar space reporter Paul Gilster broke the story after the researchers quietly circulated a paper announcing the detection of “a strong signal in the direction of HD164595.”

[snip]

The signal’s strength indicates that if it in fact came from a isotropic beacon, the power source would have to be built by a Kardashev Type II civilization. (The Kardashev scale is used to determine the progress of a civilization’s technological development by measuring how much energy was used to transmit an interstellar message.) An ‘Isotropic’ beacon means a communication source emitting a signal with equal power in all directions while promoting signal strength throughout travel.

This created quite the tizzy among space watchers and had me warning it was a Russian plot to steal the election.

Oh, sure, there were warnings.

“The signal may be real, but I suspect it’s not ET,” Seth Shostak, senior astronomer at the SETI Institute, told GeekWire. “There are other possibilities for a wide-band signal such as this, and they’re caused by natural sources or even terrestrial interference.”

Nick Suntzeff, a Texas A&M University astronomer, agrees. “God knows who or what broadcasts at 11 GHz, and it would not be out of the question that some sort of bursting communication is done between ground stations and satellites,” he told Ars Technica, explaining that the signal was observed in the radio spectrum used by the military. “I would follow it if I were the astronomers, but I would also not hype the fact that it may be at SETI signal given the significant chance it could be something military.”

But nevertheless, last we heard — two whole days ago — America’s ET watchers were going to monitor that location permanently and telescopes in our hemisphere were turning their eye to watch the signal.

Still, he adds, “the signal is provocative enough that the RATAN-600 researchers are calling for permanent monitoring of this target.”

[snip]

In the meantime, the SETI Institute, based in Mountain View, California, directed its Allen Telescope Arraytoward HD 164595 on Sunday night, while METI International (Messaging Extraterrestrial Intelligence) did the same with the Boquete Optical SETI Observatory in Panama.

Turns out, two days into that permanent monitoring, the ET-watchers have decided it’s not ET.

We cautioned readers that, because the signal was measured at 11Ghz, there was a “significant chance” it was of terrestrial origin, likely due to some military activity.

Well, it apparently was. First, astronomers with the search for extraterrestrial intelligence downplayed the possibility of an alien civilization. “There are many other plausible explanations for this claimed transmission, including terrestrial interference,” Seth Shostak, a senior astronomer with SETI, wrote.

Now the Special Astrophysical Observatory of the Russian Academy of Sciences has concurred, releasing a statement on the detection of a radio signal at the RATAN-600 radio astronomy observatory in southern Russia. “Subsequent processing and analysis of the signal revealed its most probable terrestrial origin,” the Russian scientists said.

Or, to put it differently, after secretly monitoring this site 95 light years away for 15 months, the Russians have suddenly figured out that this is terrestrial origin.

Maybe even some kind of military activity.

All of which would seem to raise a bunch of other questions. Like who wrote the memo telling all the ET-watchers to Ix-Nay their stories of Artians-May? Or, if this is previously unseen military activity that Russians couldn’t identify for 15 months (but were might attentive to, mind you), whose military activity that might be? And what that previously unidentified military activity might be?

It probably means Russian martians aren’t going to steal our election. But the more interesting question is what this really was…

Breaking: Russians Claim They’ve Found Extraterrestrial Life to Tamper with Our Elections

Russians secretly found what might be a sign of life coming from a star 95 light years away and people are in a tizzy.

An international team of scientists from the Search for Extraterrestrial Intelligence (SETI) is investigating mysterious signal spikes emitting from a 6.3-billion-year-old star in the constellation Hercules—95 light years away from Earth. The implications are extraordinary and point to the possibility of a civilization far more advanced than our own.

The unusual signal was originally detected on May 15, 2015, by the Russian Academy of Science-operated RATAN-600 radio telescope in Zelenchukskaya, Russia, but was kept secret from the international community. Interstellar space reporter Paul Gilster broke the story after the researchers quietly circulated a paper announcing the detection of “a strong signal in the direction of HD164595.”

It turns out, however, that the story got way overhyped.

“No one is claiming that this is the work of an extraterrestrial civilization, but it is certainly worth further study,” wrote Paul Glister, who covers deep space exploration on the website Centauri Dreams. He seems to have missed headlines like “Alien Hunters Spot Freaky Radio Signal Coming From Nearby Star,” “Is Earth Being Contacted by ALIENS? Mystery Radio Signals Come From a Sun-like Star” and “SETI Investigating Mysterious, Extraterrestrial Signal From Deep Space Star System.”

[snip]

“God knows who or what broadcasts at 11 GHz, and it would not be out of the question that some sort of bursting communication is done between ground stations and satellites,” he told Ars Technica, explaining that the signal was observed in the radio spectrum used by the military. “I would follow it if I were the astronomers, but I would also not hype the fact that it may be at SETI signal given the significant chance it could be something military.”

In other words, there’s a good chance the signal is the product of terrestrial activity rather than a missive crafted by extraterrestrial life on a distant exoplanet. For those who prefer a different outcome, there are plenty of movies that can offer more thrilling narratives.

So in the spirit of the silly season that our election has become, I’m going to go one better, taking the word “Russia” and some very thin evidence and declare this an election year plot. Everything else that has thin evidence and the word Russia is an election year plot, after all.

Consider the latest panic, caused by someone leaking Michael Isikoff an FBI alert on two attacks on voter files that took place this summer. Isikoff wasted no time in finding a cyber contractor willing to sow panic about Russians stealing the election.

The FBI has uncovered evidence that foreign hackers penetrated two state election databases in recent weeks, prompting the bureau to warn election officials across the country to take new steps to enhance the security of their computer systems, according to federal and state law enforcement officials.

The FBI warning, contained in a “flash” alert from the FBI’s Cyber Division, a copy of which was obtained by Yahoo News, comes amid heightened concerns among U.S. intelligence officials about the possibility of cyberintrusions, potentially by Russian state-sponsored hackers, aimed at disrupting the November elections.

[snip]

“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”

Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks, including one just this month on the World Anti-Doping Agency.

Ellen Nakashima claimed the FBI had stated “Russians” were behind the attack and then talked about how Russia (rather than journalists overhyping the story) might raise questions about the integrity of our elections.

Hackers targeted voter registration systems in Illinois and Arizona, and the FBI alerted Arizona officials in June that Russians were behind the assault on the election system in that state.

The bureau described the threat as “credible” and significant, “an eight on a scale of one to 10,” Matt Roberts, a spokesman for Arizona Secretary of State Michele Reagan (R), said Monday. As a result, Reagan shut down the state’s voter registration system for nearly a week.

It turned out that the hackers had not compromised the state system or even any county system. They had, however, stolen the username and password of a single election official in Gila County.

Roberts said FBI investigators did not specify whether the hackers were criminals or employed by the Russian government.

[snip]

Until now, countries such as Russia and China have shown little interest in voting systems in the United States. But experts said that if a foreign government gained the ability to tamper with voter data — for instance by deleting registration records — such a hack could cast doubt on the legitimacy of U.S. elections.

She also cites the same Barger fellow that Isikoff did who might make a buck off sowing fear.

Then Politico quoted an FBI guy and someone who works with state election officials (who are not on the normal circulation lists for these alerts) stating that an alert of a kind that often goes to other recipients but which because we’ve recently decided election systems are critical infrastructure is now going to election officials is unprecedented.

But some cyber experts said the FBI’s alert, first revealed by Yahoo News on Monday, could be a sign that investigators are worried that foreign actors are attempting a wide-scale digital onslaught.

A former lead agent in the FBI’s Cyber Division said the hackers’ use of a particular attack tool and the level of the FBI’s alert “more than likely means nation-state attackers.” The alert was coded “Amber,” designating messages with sensitive information that “should not be widely distributed and should not be made public,” the ex-official said.

One person who works with state election officials called the FBI’s memo “completely unprecedented.”

“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.

Multiple former officials and security researchers said the cyberattacks on Arizona’s and Illinois’ voter databases could be part of a suspected Russian attempt to meddle in the U.S. election, a campaign that has already included successful intrusions at major Democratic Party organizations and the selective leaking of documents embarrassing to Democrats. Hillary Clinton’s campaign has alleged that the digital attacks on her party are an effort by Russian President Vladimir Putin’s regime to sway the election to GOP nominee Donald Trump. Moscow has denied any involvement.

Then David Sanger used a logically flawed Harry Reid letter calling for an investigation to sow more panic about the election (question: why is publishing accurate DNC documents considered “propaganda”?).

It turns out the evidence from the voting records hacks in the FBI alert suggests the hacks involved common tools that could have been deployed by anyone, and the Russian services were just one of several included in the hack.

Those clued-in to the incidents already knew that SQL Injection was the likely cause of attack, as anyone familiar with the process could read between the lines when it came to the public statements.

The notion that attackers would use public VPS / VPN providers is also a common trick, so the actual identity of the attacker remains a mystery. Likewise, the use of common SQL Injection scanners isn’t a big shock either.

The interesting takeaway in all of this is that a somewhat sensitive memo was leaked to the press. The source of the leak remains unknown, but flash memos coded to any severity other than Green rarely wind-up in the public eye. Doing so almost certainly sees access to such information revoked in the future.

And yet, there is nothing overly sensitive about the IOCs contained in this memo. The public was already aware of the attacks, and those in the industry were certain that something like SQL Injection was a possible factor. All this does is prove their hunches correct.

As for the attribution, that’s mostly fluff and hype, often used to push an agenda. Those working in the trenches rarely care about the Who, they’re more interested inWhat and How, so they can fix things and get the business back to operational status.

And Motherboard notes that stealing voter data is sort of common.

On Monday, Yahoo reported the FBI had uncovered evidence that foreign hackers had breached two US state election databases earlier this month. The article, based on a document the FBI distributed to concerned parties, was heavily framed around other recent hacks which have generally been attributed to Russia, including the Democratic National Committee email dump.

The thing is, voter records are not some extra-special commodity that only elite, nation-sponsored hackers can get hold of. Instead, ordinary cybercriminals trade this sort of data, and some states make it pretty easy to obtain voter data through legal means anyway.

In December of last year, CSO Online reported that a database of some 191 million US voter records had been exposed online. They weren’t grabbed through hacking, per se: the dump was available to anyone who knew where to look, or was happy to just cycle through open databases sitting on the internet (which, incidentally, common cybercriminals are).

In other words, by all appearances there is no evidence to specifically tie these hacks even to Russian criminals, much less the Russian state. But the prior panic about the DNC hack led to a lower trigger for alerts on a specific kind of target, voter rolls, which in turn has fed the panic such that most news outlets have some kind of story suggesting this is a Russian plot to steal our election (by stealing 200K voter files?). It’s like finding Russian life on Mars based on the shadows you see in the sand.

It’s not the Russians who are raising questions about the voting integrity — beyond questions that have persistently been raised for 15 years which have already justifiably lowered confidence in our voting system. It is shitty reporting.

So I’m going to join in. These ETs 95 light years away? I’m positive they want to steal our election.

Takedowns of Shadow Brokers Files Affirm Files as Stolen

I’ve been wondering something.

Almost immediately after the Shadow Brokers posted their Equation Group files, GitHub, Reddit, and Tumblr took down the postings of the actual files. In retrospect, it reminded me of the way Wikileaks was booted off PayPal in 2010 for, effectively, publishing files.

So I sent email to the three outlets asking on what basis they were taken down. GitHub offered the clearest reason. In refreshingly clear language, its official statement said,

Per our Terms of Service (section A8), we do not allow the auction or sale of stolen property on GitHub. As such, we have removed the repository in question.

Mind you, A8 prohibits illegal purpose, not the auction of stolen property:

You may not use the Service for any illegal or unauthorized purpose. You must not, in the use of the Service, violate any laws in your jurisdiction (including but not limited to copyright or trademark laws).

Moreover, at least in its Pastebin explanation, Shadow Brokers were ambiguous about how they obtained the files.

How much you pay for enemies cyber weapons? Not malware you find in networks. Both sides, RAT + LP, full state sponsor tool set? We find cyber weapons made by creators of stuxnet, duqu, flame. Kaspersky calls Equation Group. We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group. We find many many Equation Group cyber weapons. You see pictures. We give you some Equation Group files free, you see. This is good proof no? You enjoy!!! You break many things. You find many intrusions. You write many words. But not all, we are auction the best files.

They state they “found” the files, or at least traces of the files, and only say they “hacked” to obtain them to get to the latest stage. If they (in the Russian theory of the files) were “found” on someone’s own system, does that count as “stealing” property?

Tumblr wasn’t quite as clear as GitHub. They said,

Tumblr is a global platform for creativity and self-expression, but we have drawn lines around a few narrowly defined but deeply important categories of content and behavior, as outlined in our Community Guidelines. The account in question was found to be in violation of these policies and was removed.

But it’s not actually clear what part of their user guidelines Shadow Brokers violated. They’ve got a rule against illegal behavior.

I guess the sale of stolen property is itself illegal, but that goes back to the whole issue of Shadow Brokers’ lack of clarity of how they got what they got. Their property specific guidelines require someone to file a notice.

Intellectual property is a tricky issue, so now is as good a time as any to explain some aspects of the process we use for handling copyright and trademark complaints. We respond to notices of alleged copyright infringement as per our Terms of Service and the Digital Millennium Copyright Act; please see our DMCA notification form to file a copyright claim online. Please note that we require a valid DMCA notice before removing content. Parties asserting a trademark infringement claim should identify the allegedly infringing work and the legal basis for their claim, and include the registration and/or application number(s) pertaining to their trademark. Each claim is reviewed by a trained member of our Trust and Safety team.

If we remove material in response to a copyright or trademark claim, the user who posted the allegedly infringing material will be provided with information from the complainant’s notice (like identification of the rightsholder and the allegedly infringed work) so they can determine the basis of the claim.

The tech companies might claim copyright violations here (or perhaps CFAA violations?), but the files came down long before anyone had publicly IDed them as the victims. So the only “owner” here would  be the NSA. Did they call Tumblr AKA Verizon AKA a close intelligence partner of the NSA?

Finally, Shadow Brokers might be in violation of Tumblr’s unauthorized contests.

The guidelines say you can link to whackjob contest (which this is) elsewhere, but you do have to make certain disclosures on Tumblr itself.

One more thing about Tumblr, though. It claims it will give notice to a user before suspending their content.

Finally, there’s Reddit, which blew off my request altogether. Why would they take down Shadow Brokers, given the range of toxic shit they permit to be posted?

They do prohibit illegal content, which they describe as,

Content may violate the law if it includes, but is not limited to:

  • copyright or trademark infringement
  • illegal sexual content

Again, GitHub’s explanation of this as selling stolen property might fit this description more closely than copyright infringement, at least of anyone who would have complained early enough to have gotten the files taken down.

The more interesting thing about Reddit is they claim they’ll go through an escalating series of warning before taking down content, which pretty clearly did not happen here.

We have a variety of ways of enforcing our rules, including, but not limited to

  • Asking you nicely to knock it off
  • Asking you less nicely
  • Temporary or permanent suspension of accounts
  • Removal of privileges from, or adding restrictions to, accounts
  • Adding restrictions to Reddit communities, such as adding NSFW tags or Quarantining
  • Removal of content
  • Banning of Reddit communities

Now, don’t get me wrong. These are dangerous files, and I can understand why social media companies would want to close the barn door on the raging wild horses that once were in their stable.

But underlying it all appears to be a notion of property that I’m a bit troubled by. Even if Shadow Brokers stole these files from NSA servers — something not at all in evidence — they effectively stole NSA’s own tools to break the law. But if these sites are treating the exploits themselves as stolen property, than so would be all the journalism writing about it.

Finally, there’s the question of how these all came down so quickly. Almost as if someone called and reported their property stolen.

The Two Tales of Russia Hacking NYT

Yesterday, CNN posted this “first on CNN” story:

Hackers thought to be working for Russian intelligence have carried out a series of cyber breaches targeting reporters at The New York Times and other US news organizations, according to US officials briefed on the matter.

The intrusions, detected in recent months, are under investigation by the FBI and other US security agencies. Investigators so far believe that Russian intelligence is likely behind the attacks and that Russian hackers are targeting news organizations as part of a broader series of hacks that also have focused on Democratic Party organizations, the officials said.

Here’s what the NYT’s own account of the hacking (attempt) is:

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

[snip]

The New York Times’s Moscow bureau was the target of an attempted cyberattack this month. But so far, there is no evidence that the hackers, believed to be Russian, were successful.

“We are constantly monitoring our systems with the latest available intelligence and tools,” said Eileen Murphy, a spokeswoman for The Times. “We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised.”

So CNN tells an alarming story about specific reporters being targeted that fits into a larger narrative, citing both the FBI (in which Evan Perez has very good sources) and “other US security agencies,”  which presumably means the NSA. NYT tells an entirely different story, stating that an attack on its bureau in Russia was targeted unsuccessfully, relying solely on official sources as the FBI. One wonders why the NYT story required Nicole Perloth and David Sanger, and also why David Sanger didn’t cite any of his extensive sources at NSA, where these allegations appear to derive.

It’s quite possible both of these stories are misleading. But they do raise questions about why the spooks want to sensationalize these Russian hacks while NYT chooses to downplay them.

The Government Uses FISCR Fast Track to Put Down Judges’ Rebellion, Expand Content Collection

Since it was first proposed, I’ve been warning (not once but twice!) about the FISCR Fast Track, a part of the USA Freedom Act that would permit the government to immediately ask the FISA Court of Review to review a FISC decision. The idea was sold as a way to get a more senior court to review dodgy FISC decisions. But as I noted, it was also an easy way for the government to use the secretive FISC system to get a circuit level decision that might preempt traditional court decisions they didn’t like (I feared they might use FISCR to invalidate the Second Circuit decision finding the phone dragnet to be unlawful, for example).

Sure enough, that’s how it got used in its first incarnation — not just to confirm that the FISC can operate by different rules than criminal courts, but also to put down a judges rebellion.

As I noted back in 2014, the FISC has long permitted the government to collect Post Cut Through Dialed Digits using FISA pen registers, though it requires the government to minimize anything counted as content after collection. PCTDD are the numbers you dial after connecting a phone call — perhaps to get a particular extension, enter a password, or transfer money. The FBI is not supposed to do this at the criminal level, but can do so under FISA provided it doesn’t use the “content” (like the banking numbers) afterwards. FISC reviewed that issue in 2006 and 2009 (after magistrates in the criminal context deemed PCTDD to be content that was impermissible).

At least year’s semiannual FISC judges’ conference, some judges raised concerns about the FISC practice, deciding they needed to get further briefing on the practice. So when approving a standing Pen Register, the FISC told the government it needed further briefing on the issue.

Screen Shot 2016-08-22 at 5.39.13 PM

The government didn’t deal with it for three months until just as they were submitting their next application. At that point, there was not enough time to brief the issue at the FISC level, which gave then presiding judge Thomas Hogan the opportunity to approve the PRTT renewal and kick the PCTDD issue to the FISCR, with an amicus.

Screen Shot 2016-08-22 at 5.43.08 PM

This minimized the adversarial input, but put the question where it could carry the weight of a circuit court.

Importantly, when Hogan kicked the issue upstairs, he did not specify that this legal issue applies only to phone PRTTs.

Screen Shot 2016-08-22 at 5.45.02 PM

At the FISCR, Mark Zwillinger got appointed as an amicus. He saw the same problem as I did. While the treatment of phone PCTDD is bad but, if properly minimized, not horrible, it becomes horrible once you extend it to the Internet.

Screen Shot 2016-08-22 at 5.59.12 PM

The FISCR didn’t much care. They found the collection of content using a PRTT, then promising not to use it except to protect national security (and a few other exceptions to the rule that the government has to ask FISC permission to use this stuff) was cool.

Screen Shot 2016-08-22 at 5.47.34 PM

Along the way, the FISCR laid out several other precedents that will have really dangerous implications. One is that content to a provider may not be content.

Screen Shot 2016-08-22 at 5.55.29 PM

This is probably the issue that made the bulk PRTT dragnet illegal in the first place (and created problems when the government resumed it in 2010). Now, the problem of collecting content in packets is eliminated!

Along with this, the FISCR extended the definition of “incidental” to apply to a higher standard of evidence.

Screen Shot 2016-08-22 at 6.07.50 PM

Thus, it becomes permissible to collect using a standard that doesn’t require probable cause something that does, so long as it is “minimized,” which doesn’t always mean it isn’t used.

Finally, FISCR certified the redefinition of “minimization” that FISC has long adopted (and which is crucial in some other programs). Collecting content, but then not using it (except for exceptions that are far too broad), is all good.

Screen Shot 2016-08-22 at 6.01.41 PM

In other words, FISCR not only approved the narrow application of using calling card data but not bank data and passwords (except to protect national security). But they also approved a bunch of other things that the government is going to turn around and use to resume certain programs that were long ago found problematic.

I don’t even hate to say this anymore. I told privacy people this (including someone involved in this issue personally). I was told I was being unduly worried. This is, frankly, even worse than I expected (and of course it has been released publicly so the FBI can start chipping away at criminal protections too).

Yet another time my concerns have been not only borne out, but proven to be insufficiently cynical.

Breaking from Saudi Arabia!!! Two Month Old Misleading News

This Reuters exclusive is getting a lot of careless attention. Here’s what a careless reader learns:

Exclusive: U.S. withdraws staff from Saudi Arabia dedicated to Yemen planning

From that headline, particularly the use of the present tense, you might assume that the US is in the process of withdrawing its Yemen-related staff from Saudi Arabia, perhaps in response to the Saudi war crimes earlier this week.

But here’s what the story actually reports: the staff withdrawal happened in June, and was in no way a response to this week’s war crimes.

The June staff withdrawal, which U.S. officials say followed a lull in air strikes in Yemen earlier this year, reduces [sic] Washington’s day-to-day involvement in advising a campaign that has come under increasing scrutiny for causing civilian casualties.

In spite of the fact that this “exclusive” — which has since been reported by other outlets with similarly misleading headlines — describes two month old news, it nevertheless obscures that fact with its editorial choices, as here where it suggests the move “reduces,” in present tense, staff numbers, or the headline which hides that, in fact, the US already withdrew these staffers.

In fact, the report goes on to admit that this was not a response (which would have required a time machine in any case).

U.S. officials, speaking on condition of anonymity, said the reduced staffing was not due to the growing international outcry over civilian casualties in the 16-month civil war that has killed more than 6,500 people in Yemen, about half of them civilians.

But the Pentagon, in some of its strongest language yet, also acknowledged concerns about the conflict, which has brought Yemen close to famine and cost more than $14 billion in damage to infrastructure and economic losses.

“Even as we assist the Saudis regarding their territorial integrity, it does not mean that we will refrain from expressing our concern about the war in Yemen and how it has been waged,” Stump said.

I’d also suggest that reports about what non-uniformed US personnel are doing in Yemen’s immediate neighborhood would be a better gauge of the support we’re giving Saudi Arabia beyond refueling their aistrikes, the latter of which has not stopped at all.

It’s not until the last line two paragraphs of the story that we learn what this misleading news is really about:

U.S. Representative Ted Lieu, a Democrat from California and a colonel in the Air Force Reserve, said he believed such strikes could help galvanize votes for limiting arms transfers to Saudi Arabia.

“When its repeated air strikes that have now killed children, doctors, newlyweds, patients, at some point you just have to say: Either Saudi Arabia is not listening to the United States or they just don’t care,” Lieu said.

Not long ago, the US announced $1.5 billion in new arms sales to Saudi Arabia. Congress has a narrow window to affirmatively veto that sale, and people like Ted Lieu and Rand Paul and Chris Murphy are trying to do just that. The arms sale was announced such that Congress has just one day after they come back in session to reject the transfer. Stories like this — suggesting the US is not as involved in this war as it really is — will make the task all the more difficult.

The reality remains that the US, even the overt uniformed operations, continues to provide key support to Saudi Arabia’s war, and therefore to its war crimes. Selling it more arms in the wake of these most recent war crimes only doubles down on the complicity.

Wealthy Elites and Blowjobs

I haven’t seen this part of the Shadow Broker files get mentioned. The files themselves are addressed to, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!!” with a description of the auction for further files (which most people believe to be fake).

But at the end of the Pastebin file from them, they include this rant.

We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

Ostenisbly, the rant serves to warn that if such tools get out, people might target banks and financial systems, specifically mentioning the hacks on SWIFT (not to mention suggesting that if the other claimed files get out someone might target finance).

Along the way it includes a reference to elites having their top friends announcing “no law broken, no crime commit.” And right before it, this: “make promise future handjobs, (but no blowjobs).”

Maybe I’m acutely sensitive to mentions of blowjobs, especially those received by Bill Clinton, for reasons that are obvious to most of you. But the reference to handjobs but no blowjobs in the immediate proximity of getting off of a crime followed closely by a reference to running for President seems like an oblique reference to the Clintons.

If so, it would place this leak more closely in line with the structure of the other leaks targeting Hillary.

That’s in no way dispositive, but the blowjobs references does merit mentioning.

Where Are NSA’s Overseers on the Shadow Brokers Release?

As Rayne has been noting, a group calling itself the Shadow Brokers released a set of NSA hacking tools. The release is interesting for what it teaches us about NSA’s hacking and the speculation about who may have released so many tools at once. But I’m just as interested by Congress’ reticence about it.

Within hours of the first Snowden leak, Dianne Feinstein and Mike Rogers had issued statements about the phone dragnet. As far as I’ve seen, Adam Schiff is the only Gang of Four member who has weighed in on this

U.S. Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, also spoke with Mary Louise. He said he couldn’t comment on the accuracy of any reports about the leak.

But he said, “If these allegations were true, I’d be very concerned about the impact on the intelligence community. I’d also obviously want to know who the responsible parties were. … If this were a Russian actor — and again, this is multiple ‘ifs’ here — we’d have to ask what is causing this escalation.”

Say, Congressman Schiff. Aren’t you the ranking member of the House Intelligence Committee and couldn’t you hold some hearings to get to the bottom of this?

Meanwhile, both Feinstein (who is the only Gang of Four member not campaigning for reelection right now) and Richard Burr have been weighing in on recent events, but not the Shadow Brokers release.

The Shadow Brokers hack should be something the intelligence “oversight” committees publicly engage with — and on terms that Schiff doesn’t seem to have conceived of. Here’s why:

The embarrassing story that the VEP doesn’t work

Whatever else the release of the tools did (and I expect we’ll learn more as time goes on), it revealed that NSA has been exploiting vulnerabilities in America’s top firewall companies for years — and that whoever released these tools likely knew that, and could exploit that, for the last three years.

That comes against the background of a debate over whether our Vulnerabilities Equities Process works as billed, with EFF saying we need a public discussion today, and former NSA and GCHQ hackers claim we ignorant laypeople can’t adequately assess strategy, even while appearing to presume US strategy should not account for the role of tech exports.

We’re now at a point where the fears raised by a few Snowden documents — that the NSA is making tech companies unwitting (the presumed story, but one that should get more scrutiny) or witting partners in NSA’s spying — have born out. And NSA should be asked — and its oversight committees should be asking — what the decision-making process behind turning a key segment of our economy into the trojan horse of our spooks looks like.

Mind you, I suspect the oversight committees already know a bit about this (and the Gang of Four might even know the extent to which this involves witting partnership, at least from some companies). Which is why we should have public hearings to learn what they know.

Did California’s congressional representatives Dianne Feinstein, Adam Schiff, and Devin Nunes sign off on the exploitation of a bunch of CA tech companies? If they did, did they really think through the potential (and now somewhat realized) impact it would have on those companies and, with it, our economy, and with it the potential follow-on damage to clients of those firewall companies?

The embarrassing story of how NSA’s plumbers lost their toolbox

Then there’s the question of how the NSA came to lose these tools in the first place. While the initial (and still-dominant) presumption about the release is that somehow Russia did this, since then, there have been a lot of stories that feel like disinformation.

First there was David Sanger’s piece wondering about NSA being hacked — based entirely on speculative claims of three security experts (including Edward Snowden) — which nevertheless read like this.

Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden Snowden

Shortly thereafter, there were a series of stories based on anonymous former NSA people also speculating, which had the effect of denying that those tools would be available external to NSA in one place.

The source, who asked to remain anonymous, said that it’d be much easier for an insider to obtain the data that The Shadow Brokers put online rather than someone else, even Russia, remotely stealing it. He argued that “naming convention of the file directories, as well as some of the scripts in the dump are only accessible internally,” and that “there is no reason” for those files to be on a server someone could hack. He claimed that these sorts of files are on a physically separated network that doesn’t touch the internet; an air-gap. (Motherboard was not able to independently verify this claim, and it’s worth bearing in mind that an air-gap is not an insurmountable obstacle in the world of hacking).

That is this story serves to deny what I and others, including Snowden, think is most likely: that someone at the NSA forgot to pack his hammer and screwdriver in his toolbox and his toolbox in his truck after he “fixed” someone’s kitchen sink or, more accurately, a forward deployment got compromised. Which would be embarrassing because we shouldn’t let forward deployments get compromised before we burn all the interesting toys and documents there. But also, we may find out, we’re not supposed to be that far forward deployed. And if we have been, we sure as heck ought not let those we’re forward deploying against find out.

We may learn more about specific targets that make this more clear, which would seem to be the extra bonus that would make compromising all these tools and alerting the NSA that you had them.

The impact of NSA exploiting American firewall companies should have been the subject of public Intelligence Committee oversight hearings when we learned of Juniper Networks vulnerabilities (with whispered comments about the great deal of damage those vulnerabilities had done to US agencies and companies). Given this release, the urgency of some public accountability — from both those at NSA and those purporting to oversee NSA — is overdue.

DC Cooties

There have been a series of stories fed to the press this week intended to heighten concerns about Trump advisor Paul Manafort’s ties to Russian thugs (but not his numerous ties to other thugs). The NYT had a story about Manafort receiving cash payments from 2007 to 2012 (that is, well before Trump decided to run for President). And the AP has a story headlined, “AP Sources: Manafort tied to undisclosed foreign lobbying” that describes how Manafort’s partner, Rick Gates, funneled funds from a pro-Yanukovych non-profit to two DC lobbying firms.

Paragraph 10 of the story reveals that it relies on sources from the Podesta Group, one of the lobbying firms in question.

Paragraph 15 begins to explain salient information about the Podesta group: that its ties to the Clinton campaign are as close as Gates’ ties to the Trump campaign.

The founder and chairman of the Podesta Group, Tony Podesta, is the brother of longtime Democratic strategist John Podesta, who now is campaign chairman for Democratic nominee Hillary Clinton. The head of Mercury, Vin Weber, is an influential Republican, former congressman and former special policy adviser to Mitt Romney. Weber announced earlier this month that he will not support Trump.

After being introduced to the lobbying firms, the European nonprofit paid the Podesta Group $1.13 million between June 2012 and April 2014 to lobby Congress, the White House National Security Council, the State Department and other federal agencies, according to U.S. lobbying records.

[snip]

One former Podesta employee, speaking on condition of anonymity because of a non-disclosure agreement, said Gates described the nonprofit’s role in an April, 2012 meeting as supplying a source of money that could not be traced to the Ukrainian politicians who were paying him and Manafort.

In separate interviews, three current and former Podesta employees said disagreements broke out within the firm over the arrangement, which at least one former employee considered obviously illegal. Podesta, who said the project was vetted by his firm’s counsel, said he was unaware of any such disagreements.

In other words, the headline and lead of this story should say something to the effect of, “Trump’s campaign manager’s partner funneled potentially illegal funds to Hillary’s campaign manager’s brother.”

Or more succinctly: “DC is a corrupt, incestuous cesspool.”

But it doesn’t. Instead of telling the story about the broken foreign registry system that permits elites of both parties to take funding from some unsavory characters — some we like, some we hate — the story instead spins this as a uniquely Trump and Manafort problem.

Sure. Vladimir Putin is one scary bastard. But there are a lot of scary bastards, and they’re feeding both sides of the DC pig’s trough.

Six Years Later, the US Continues to Facilitate Saudi War Crimes

Over six years ago, according to a State Department cable liberated by Chelsea Manning, the US ambassador to Saudi Arabia met with Prince Khalid bin Sultan to complain about all the civilians the Saudis killed in an airstrike on a health clinic. Prince Khalid expressed regret about the dead civilians. But the Saudis “had to hit the Houthis very hard in order to ‘bring them to their knees.'”

USG CONCERNS ABOUT POSSIBLE STRIKES ON CIVILIAN TARGETS
——————————————— ———-

2. (S/NF) Ambassador Smith delivered points in reftel to Prince Khaled on February 6, 2010. The Ambassador highlighted USG concerns about providing Saudi Arabia with satellite imagery of the Yemen border area absent greater certainty that Saudi Arabia was and would remain fully in compliance with the laws of armed conflict during the conduct of military operations, particularly regarding attacks on civilian targets. The Ambassador noted the USG’s specific concern about an apparent Saudi air strike on a building that the U.S. believed to be a Yemeni medical clinic. The Ambassador showed Prince Khaled a satellite image of the bomb-damaged building in question.

IF WE HAD THE PREDATOR, THIS MIGHT NOT HAVE HAPPENED
——————————————— ——-

3. (S/NF) Upon seeing the photograph, Prince Khalid remarked, “This looks familiar,” and added, “if we had the Predator, maybe we would not have this problem.” He noted that Saudi Air Force operations were necessarily being conducted without the desired degree of precision, and recalled that a clinic had been struck, based on information received from Yemen that it was being used as an operational base by the Houthis. Prince Khalid explained the Saudi approach to its fight with the Houthis, emphasizing that the Saudis had to hit the Houthis very hard in order to “bring them to their knees” and compel them to come to terms with the Yemeni government. “However,” he said, “we tried very hard not to hit civilian targets.” The Saudis had 130 deaths and the Yemenis lost as many as one thousand. “Obviously,” Prince Khaled observed, “some civilians died, though we wish that this did not happen.”

If only the Saudis had more accurate targeting, Prince Khalid explained — not just satellite imagery from the Americans, but also Predator drones — such unfortunate accidents might not happen.

Six years later, over a year into Saudi Arabia’s latest war against the Houthis, now backed by US satellite imagery and a drone base on Saudi soil, the Saudis are still having unfortunate “accidents,” attacking at least the third of four MSF facilities attacked in Yemen in the last year (Saudis deny responsibility for one of these strikes).

A hospital supported by the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF) in northwestern Yemen was hit by an airstrike today, killing at least 11 people and injuring at least 19.

The attack on Abs Hospital, in Yemen’s Hajjah governorate, occurred at 3:45 pm local time and immediately killed nine people, including an MSF staff member. Two more patients died while being transferred to Al Jamhouri hospital. Five patients remain hospitalized. The hospital, supported by MSF since July 2015, was partially destroyed, and all the remaining patients and staff have been evacuated. The GPS coordinates of the hospital were repeatedly shared with all parties to the conflict, including the Saudi-led coalition, and its location was well- known.

“This is the fourth attack against an MSF facility in less than 12 months,” said Teresa Sancristóval, MSF emergency program manager for Yemen. “Once again, today we witness the tragic consequences of the bombing of a hospital. Once again, a fully functional hospital full of patients and MSF national and international staff members was bombed in a war that has shown no respect for medical facilities or patients.”

“Even with a recent United Nations resolution calling for an end to attacks on medical facilities and with the high-level declarations of commitment to International Humanitarian Law, nothing seems to be done to make parties involved in the conflict in Yemen respect medical staff and patients,” Sancristóval continued. “Without action, these public gestures are meaningless for today’s victims. Either intentional or as a result of negligence, this is unacceptable.”

MSF calls on all parties, and particularly the Saudi-led coalition responsible for the attack, guarantee that such attacks do not happen again.

Congress is finally beginning to complain about these serial war crimes, with Rand Paul and Chris Murphy attempting to block the latest $1.5 billion arms sale to the Saudis, and Ted Lieu issuing this scathing statement in support of an effort to do the same on the House side.

I have tried numerous times to work with the Administration to stop the United States from assisting Saudi Arabia in their indiscriminate killing of civilians in Yemen.  But when Saudi Arabia continues to kill civilians, and in this case children, enough is enough.  Having served on active duty, one of my responsibilities was to teach the Law of War.  I am also a graduate of Air War College.  The indiscriminate civilian killings by Saudi Arabia look like war crimes to me.  In this case, children as young as 8 were killed by Saudi Arabian air strikes. By assisting Saudi Arabia, the United States is aiding and abetting what appears to be war crimes in Yemen.  The Administration must stop enabling this madness now.

Nevertheless, six years later, we’re still getting this kind of lip service from the State Department.

QUESTION: All right. So just to clarify earlier what you said about Yemen in regards —

MS TRUDEAU: Yeah.

QUESTION: — to the hospital bombing this morning, you are – is it fair to say that you’re not coming out and condemning the attack; you’re saying we’re raising concerns with the coalition?

MS TRUDEAU: No, of course we would condemn any attack that hit civilians. We’re gravely concerned by any reports of civilian casualties. What we’re saying is we’ve seen these reports. Of course we would condemn any strike against a hospital.

QUESTION: Okay. Because, I mean, I’ve been hearing you all say for months now that we’re raising these concerns with the Saudi-led coalition, but this is the fourth attack on an MSF medical facility in Yemen in the past year, let alone countless others on clinics and hospitals. Are you concerned that these sort of stern conversations aren’t having the desired effect?

MS TRUDEAU: Well, what we would say – and we’d point you back to what we talked about earlier – is the Saudi-led coalition themselves have taken a look at these, they have done reports. One of those reports – I think one or two has been turned over to the UN. We’ve also called on them to make those reports public. And so there is more transparency in that accountability. We remain gravely concerned about civilian casualties anywhere in the world where they occur, and Yemen is no exception.

We’ve been (claiming to be) gravely concerned about Saudis bombing hospitals for six years now. Yet the only thing we do is throw more and more weapons at the Saudis to help them kill still more civilians.

1 2 3 927