national_security_agency_headquarters_fort_meade_maryland

CYBERCOM versus NSA: On Fighting Isis or Spying on Them

I keep thinking back to this story, in which people in the immediate vicinity of Ash Carter and James Clapper told Ellen Nakashima that they had wanted to fire Admiral Mike Rogers, the dual hatted head of CyberCommand and NSA, in October. The sexy reason given for firing Rogers — one apparently driven by Clapper — is that NSA continued to leak critical documents after Rogers was brought in in the wake of the Snowden leaks.

But further down in the story, a description of why Carter wanted him fired appears. Carter’s angry because Rogers’ offensive hackers had not, up until around the period he recommended to Obama Rogers be fired, succeeded in sabotaging ISIS’ networks.

Rogers has not impressed Carter with his handling of U.S. Cyber Command’s cyberoffensive against the Islamic State. Over the past year or so, the command’s operations against the terrorist group’s networks in Syria and Iraq have not borne much fruit, officials said. In the past month, military hackers have been successful at disrupting some Islamic State networks, but it was the first time they had done that, the officials said.

Nakashima presents this in the context of the decision to split CYBERCOM from NSA and — click through to read that part further down in the piece — with Rogers’ decision to merge NSA’s Information Assurance Directorate (its defensive wing) with the offensive spying unit.

The expectation had been that Rogers would be replaced before the Nov. 8 election, but as part of an announcement about the change in leadership structure at the NSA and Cyber Command, a second administration official said.

“It was going to be part of a full package,” the official said. “The idea was not for any kind of public firing.” In any case, Rogers’s term at the NSA and Cyber Command is due to end in the spring, officials said.

The president would then appoint an acting NSA director, enabling his successor to nominate their own person. But a key lawmaker, Sen. John McCain (R-Ariz.), the chairman of the Senate Armed Services Committee, threatened to block any such nominee if the White House proceeded with the plan to split the leadership at the NSA and Cyber Command.

I was always in favor of splitting these entities — CYBERCOM, NSA, and IAD — into three, because I believed that was one of the only ways we’d get a robust defense. Until then, everything will be subordinated to offensive interests. But Nakashima’s article focuses on the other split, CYBERCOM and NSA, describing them as fundamentally different missions.

The rationale for splitting what is called the “dual-hat” arrangement is that the agencies’ missions are fundamentally different, that the nation’s cyberspies and military hackers should not be competing to use the same networks, and that the job of leading both organizations is too big for one person.

They are separate missions: CYBERCOM’s job is to sabotage things, NSA’s job is to collect information. That is made clear by the example that apparently irks Carter: CYBERCOM wasn’t sabotaging ISIS like he wanted.

It is not explicit here, but the suggestion is that CYBERCOM was not sabotaging ISIS because someone decided it was more important to collect information on it. That sounds like an innocent enough trade-off until you consider CIA’s prioritization for overthrowing Assad over eliminating ISIS, and its long willingness to overlook that its trained fighters were fighting with al Qaeda and sometimes even ISIS. Add in DOD’s abject failure at training their own rebels, such that the job reverted to CIA along with all the questionably loyalties in that agency.

There was a similar debate way back in 2010, when NSA and CIA and GCHQ were fighting about what to do with Inspire magazine: sabotage it (DOD’s preference, based on the understanding it might get people killed), tamper with it (GCHQ’s cupcake recipe), or use it to information gather (almost certainly with the help of NSA, tracking the metadata associated with the magazine). At the time, that was a relatively minor turf battle (though perhaps hinting at a bigger betrayed by DOD’s inability to kill Anwar al-Alwaki and CIA’s subsequent success as soon as it had built its own drone targeting base in Saudi Arabia).

This one, however, is bigger. Syria is a clusterfuck, and different people in different corners of the government have different priorities about whether Assad needs to go before we can get rid of ISIS. McCain is clearly on the side of ousting Assad, which may be another reason — beyond just turf battles — why he opposed the CYBERCOM/NSA split.

Add in the quickness with which Devin Nunes, Donald Trump transition team member, accused Nakashima’s sources of leaking classified information. The stuff about Rogers probably wasn’t classified (in any case, Carter and Clapper would have been the original classification authorities on that information). But the fact that we only just moved from collecting intelligence on ISIS to sabotaging them likely is.

CYBERCOM and NSA do have potentially conflicting missions. And it sounds like that was made abundantly clear as Rogers chose to prioritize intelligence gathering on ISIS over doing things that might help to kill them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

emptywheel_02

The White House Attempts to Unring the Election Integrity Fearmongering

Over the weekend, the White House gave the NYT a statement on the integrity of our elections that deserves more attention. Here it is, in full:

The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect. Nevertheless, we stand behind our election results, which accurately reflect the will of the American people.

The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day. As we have noted before, we remained confident in the overall integrity of electoral infrastructure, a confidence that was borne out on election day. As a result, we believe our elections were free and fair from a cybersecurity perspective.

That said, since we do not know if the Russians had planned any malicious cyber activity for election day, we don’t know if they were deterred from further activity by the various warnings the U.S. government conveyed.

As the NYT noted in its introduction to this statement, the person who released this statement (my guess is Ned Price, but that’s just a wildarseguess) would not let him or herself be identified. While this is a long-time habit of the Obama Administration (one that merely exacerbated a Bush habit), consider what it means that a statement intended to increase confidence about our electoral process was issued anonymously.

You’re doing it wrong.

The statement itself highlights the perverse effect of all the fearmongering about Russia hacking our elections.

Let’s start with the last paragraph. “We do not know if the Russians had planned any malicious cyber activity for election day [… or] if they were deterred.” This suggests that at no time before the election did anyone in the White House know of plans to disrupt the election. That’s an important detail, because many sloppy journalists have consistently misread reports of the hacking of voter registration lists from a Russian hosting service but that may not have even been Russians must less the Russian state to mean that the Russian state was trying to hack the election itself. While there was one late report that suggests FBI may have gotten more reason to believe these polling list probes were Russian state entities, this statement seems to refute that.

Indeed, the second paragraph seems to back that. “The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day.” The White House, now explicitly speaking for the entire Federal government, says that there was no increased malicious cyber activity aimed at disrupting election day, regardless of the actor. While it’s certainly possible known probes of registration lists continued, according to this statement they didn’t accelerate as the election drew near. This makes it more likely these probes were identity theft related, not Russian state tampering.

If there was no there there to all the claims of Russian hacking our election infrastructure (which is distinct from claims that Russia hacked the DNC and other political organizations, which is something our spooks do as well), then why didn’t the White House stop all the fearmongering about the election infrastructure beyond the joint ODNI/DHS statement that admitted there was no conclusive evidence that was happening?

That’s where this statement starts.

The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions … would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect.

They’re not even saying “rais[ing] questions about the integrity of the election” is what “the Kremlin” (“the Kremlin” has served as a very sloppy metonymy throughout this discussion) had in mind. They’re just guessing that the intent existed.

Throughout the discussion of Russian hacking, the entire point of it has been one of the weakest points of the allegations: no one ever provided a credible explanation for how releasing validated copies of real emails could undermine the election. The strongest case I saw made is that the emails provided something that Trump himself, his true-believers, Macedonian teenagers, and Russian propagandists could hang false stories onto; but that’s no different from what happened to official Hillary emails released under FOIA (to say nothing of FBI leaks about same) or actual events like Hillary’s pneumonia. Those people can make lies up about anything and they don’t need Podesta emails to do so. Trump, as Republicans have for decades, turned out to be perfectly capable of raising baseless concerns about election integrity (as he did again last night).

So here, when asked why, after dick-waving about an imminent Russian hack of the election, the White House wasn’t backing a review of the vote, this White House official who wouldn’t go on the record instead effectively said, “Who knows? ‘The Kremlin’ probably figured the damage was done.”

Which brings me to my complaint about the way the Russian hacking has been dealt with — largely fed by a deliberate Hillary effort to emphasize Trump’s Russian ties rather than all his shady dealings generally.

Who is responsible for doubts about the integrity of our election? The hack-and-leakers? Trump? Or the national security officials (who, in this case, won’t even go on the record) making uncertain claims that the Russians intend to undermine confidence in elections? At some point, those pounding the war drums are the ones who are undermining confidence, not the Russian hackers themselves.

And none of those actions take place in a vacuum. Even as both the Russians (allegedly) were undermining faith in our elections and national security types were hyping up concerns that people might lose faith in our elections which likely helped undermine faith in our elections, there were real reasons why Americans shouldn’t have faith in their elections. Consider this line: “As a result, we believe our elections were free and fair from a cybersecurity perspective.” This anonymous person at the White House is asserting there were no hacks of the election. But he or she is not asserting the election was free and fair.

Of course not. That’s because in a number of states — notably, in swing states NC and WI — the Republicans undertook known, documented efforts to ensure the elections weren’t free and fair by making it harder for likely Democratic voters to vote than Republican voters.

Voters — especially students and voters of color normally targeted in suppression efforts — shouldn’t be complacent about the integrity of our elections. Numerous circuit courts have found evidence showing they’re not free and fair. Our elections were not going to be free and fair well before Russian hackers targeted the DNC.

But rather than focusing on the things closer to home that we need to improve, we’re all worried the Russians are coming … to do what decades of Republican efforts have already done.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

ap_514085205775-021470928390

The Self Serving Jill Stein Recount Scam

ap_514085205775-021470928390Jill Stein, admittedly, always struck me as a bit of a naive and somewhat unhinged candidate. But, Stein was the “Green Party” candidate and, once Bernie Sanders lost, became the go to darling for ill advised voters and activists that were far too willing to wreck the world with Donald Trump than consider the circumstances and vote for an eminently qualified, albeit terribly flawed, candidate in the form of Hillary Clinton. It is hard to argue with anarchist, blow it all up, demagogues when trying to protect a lame, and status quo, candidate. Even when the ultimate opponent is a raging racist, bigoted, misogynistic, female choice hating and torture loving shill like Donald Trump.

So many otherwise Democratic voters went off and voted for Stein and/or Gary Johnson. Did it make the “final difference”? I have no idea, but there is certainly an argument that could be made.

Was it the Jim Comey FBI factor from the stunningly inappropriate rogue actions by the FBI Director putting his self righteous thumb on the electoral scale in both the start of the critical summer elections season and, then, yet again in the last two weeks before the election? It is easy to make that argument, irrespective of any other factor.

Was it that Hillary did not expend personal and campaign time and dime in Wisconsin and other Rust Belt states when she did a lost, but very much growing, cause venue such as Arizona? Easy case for that argument as well.

The actual data and competent reportage seems to indicate that all of the above were significant factors. It strikes me that is right.

All of the above factors fed into the defeat of Clinton and the election loss by her, if only by the electoral college, at the tiny hands of Trump. So be it. That is what happened under the electoral laws and process (yes, let us not forget the pernicious meddling of Russia and/or Wikileaks, whether they are coupled or not) pertinent to the 2016 US Presidential election. But, like the result or not, that was all pursuant to the Constitution and election laws as are currently extant in the United States. There is not one competent piece of evidence that the actual vote itself was “hacked” or “rigged”. Just none.

Which brings us to the much ballyhooed action of Jill Stein to crowd fund and conduct audits and or recounts in the key states of Wisconsin, Michigan and Pennsylvania. The second she started her effort, I opined it was an attention grabbing craven play by Stein, and not a legitimate effort with any eye to any substantive results. On a more private forum I intoned:

But that is the thing: It IS bomb throwing, and stupidly so. There is NO evidentiary basis for fraud or mistake that I have seen. The guy who started it, [J. Alex] Halderman himself, admits as much legally when he says he thinks it is most likely poll inaccuracy, not anything nefarious.

I know all the beaten down, especially Clinton diehards, that cannot fathom how she blew this election, want to grasp for something. But it just isn’t there.

I stand by that completely. What Jill Stein is doing is blatant self promotion, list building, reputational repair where it is undeserved, and slush funding for an incoherent Green Party. It is detestable to the extreme. Stein has glommed onto this recount scam as a way to serve herself, she certainly is not serving anything else.

To quote a significant Democratic election law attorney, and longtime friend of this blog, Adam Bonin:

“If there were something to do here, there are a lot of us who would be jumping on it”

Early on the hashtag #AuditTheVote was attached to this chicanery. Here is the problem with that – two out of three of Stein’s target states already “audit the vote” as a regular matter of law without the need for Stein’s self serving injection into the matter. In fact, Stein’s primary target, Wisconsin, has a reasonably robust random audit provision in Wisconsin Revised Statute 7.08(6), which has been generally deigned to require:

The voting system audit procedures consist of two independent processes: an audit conducted by municipalities of reporting units randomly selected by the State Elections Board and an audit of reporting units conducted by the State Elections Board. Number of Reporting Units to Audit: Per the requirements of section 7.08(6), Wis. Stats., each type of electronic voting system in Wisconsin must be audited after the general election to ensure that each system does not exceed the error rate prescribed in the federal voting system guidelines. The State Elections Board will randomly select fifty (50) reporting units across Wisconsin which will be subject to municipal audit, including a minimum of five (5) reporting units for each voting system used in Wisconsin. If fewer than five (5) reporting units for any voting system are selected through the random selection process, then additional reporting units will be randomly selected by voting system until five reporting units per voting system have been selected. If there are fewer than 5 reporting units using a voting system the State Elections Board staff will audit those reporting units if the reporting units are not selected as part of the random draw. until five reporting units per voting system have been selected. If there are fewer than 5 reporting units using a voting system the State Elections Board staff will audit those reporting units if the reporting units are not selected as part of the random draw.

Well, that is actually pretty robust. And all of which would have been, and will be, performed without the preening self interjection of Jill Stein in her first state of concern, Wisconsin.

Just Wisconsin? Nope. Pennsylvania also has an inherent audit provision, though not quite as robust as Wisconsin. The bottom line is, though, there are already “audit the vote” provisions in two out of three of Jill Stein’s targets, even though she declined to say so in her propaganda seeking funding to stay in the spotlight and reconstruct her reputation. In fairness, Michigan has no such automatic audit provision, so there is that.

Next, you need to consider that there is a substantive difference between “audits” of the vote and flat out recounts. Stein has always been about recounts, despite the bogusly applied #AuditTheVote nomenclature applied by Stein and her glommers on. Recounts are expensive, labor intensive, and time consuming. And they are asinine where there is not a single shred of competent evidence to support fraud or mistake that could, even in the remotest possibility, change the outcome in a given state or states.

And, let us be crystal clear here, there is still NO competent evidence whatsoever of fraud, mistake or other irregularity that could change the result. None. And that is the thing, unless there is fraud, mistake or systematic error, recounts can do nothing to legally support a challenge to the election results. A challenge has to stand up in court. It cannot be thin and based upon rote supposition and suspicion. Even if Stein’s folly turns up a minor discrepancy here and there, that will not suffice.

The vote differential, again in Wisconsin for instance, between Clinton and Trump currently stands at 27,259 votes. Yes, that is less than the total of Stein, so despite the wild claim she threw the election that some Clinton supporters have thrown, I will not. Some Stein voters were never going to vote for Clinton; so while Stein’s vanity run deserves ridicule, it does not, in and of itself, “prove” Clinton would have won but for Stein. Close enough for ridicule given that Trump is the result? Sure. But, again that, too, holds for ridicule of Clinton’s own arrogant and detached campaign and the fatally pernicious effects of the completely rogue arbiter of his own justice, James Comey.

So, where does that leave us? With a Norma Desmond like self promoting grifter, dying to redeem her name and stay in some/any spotlight, in the form of Jill Stein. She was a cancer on the election (hey, her dinner with Putin and Mike Flynn was cool though!) that, at a minimum, helped elect Trump, and she is sticking around to create more hell now that said deed is done.

This is absurd. Jill Stein is a grifter and a fraud. And she is playing this opportunity to, first off, list build for herself and the Greens, secondly, resuscitate her and their name, thirdly, stay in the press, and lastly, create an amorphous slush fund to continue those things. Stein is succeeding beyond wildest expectations if your idea of the normal course of business is Donald Trumpian level grifting.

For a woman who raised only $3.5 million during her entire vanity run for President, Stein has now raised nearly $6 million dollars in far less than a week on this scam. That is NOT because Stein has dedicated Green Party followers wanting to bleed yet more money into their candidate after the election; no, it is because desperate Clintonians are seeking some way, any way, to stop Trump. And playing on that desperation is exactly the fraud of Jill Stein.

A common refrain I see is that, “golly, there is no harm, and much good, that can come from confirming the vote”. But that is just more self serving balderdash from the desperate and/or Stein acolytes. In fact, there is great harm that can come from Stein’s shenanigans. Here is Rick Hasen from the Election Law Blog, quoting the Wisconsin Journal Sentinel:

Wisconsin could be at risk of missing a Dec. 13 deadline to certify its 10 electoral votes if clerks can’t complete an expected recount by then.

Hitting the deadline could be particularly tricky if Green Party presidential nominee Jill Stein is able to force the recount to be conducted by hand, Wisconsin’s top election official said.

Stein — who received just 1% of the vote in Wisconsin — has promised to file for a recount by Friday’s 5 p.m. deadline in Wisconsin. She is also planning to ask for recounts in Michigan and Pennsylvania, which have deadlines next week.

A federal “safe harbor” law requires states to complete presidential recounts within 35 days of the election to ensure their electoral votes are counted. This year, that’s Dec. 13.

What is the upshot of this? Easy, Stein’s effort could easily place Wisconsin, in light of the December 13 deadline, of missing the deadline and disenfranchising all voters in Wisconsin. Yes, there are potential repercussions from actions like Stein is taking, especially when there is no known basis or grounds whatsoever evidentiary wise to support them. And that is just Wisconsin. Michigan and Pennsylvania are in even bigger jeopardy thanks to the self serving hubris of Jill Stein, should she actually continue on to file in those states as promised, without any rational basis for challenging the vote therein.

Lastly, while I have been writing the instant post, the attorney for the DNC and Clinton Campaign, Marc E. Elias, has weighed in on Medium with an official take for both himself and, by all appearances, the aforementioned campaign entities. The Reader’s Digest version, by my eyes, is that, while the DNC and Clinton camps are going to join into the Stein effort, they have never seen any basis for it, and are being dragged into a position of noticing their appearance and joinder simply in order to preserve their rights to be involved should Stein’s group go so far off the rails or, in the remotest of all potentialities, find anything. That is not joinder with enthusiasm, it is joinder to protect your legal voice. Trump is now doing the same for similar reasons. I do not blame either Clinton or Trump for doing so, in fact, Stein’s idiocy put both of said parties in that regrettable posture. Don’t cast your eye askew for one second at Elias and the Dems, nor even Trump and the Repubs, ….Stein and her idiotic self serving publicity play made them do it.

In short, this effort by Jill Stein is nothing more than a self promoting vanity play. If you want to donate to that grift, by all means, go ahead. But don’t blather about how it is going to help democracy or promote fair elections. That is absurd. In fact, just exactly as absurd as Jill Stein’s cynical grift on her current donors who are far different than her few and far between Green donors.

Stein is scamming the dispossessed. That is a Trumpian level fraud.

Bmaz is a rather large saguaro cactus in the Southwestern Sonoran desert. A lover of the Constitution, law, family, sports, food and spirits. As you might imagine, a bit prickly occasionally. Bmaz has attended all three state universities in Arizona, with both undergraduate and graduate degrees from Arizona State University, and with significant post-graduate work (in physics and organic chemistry, go figure) at both the University of Colorado in Boulder and the University of Arizona. Married, with both a lovely child and a giant Sasquatch dog. Bmaz has been a participant on the internet since the early 2000’s, including active participation in the precursor to Emptywheel, The Next Hurrah. Formally joined the Emptywheel blog as an original contributing member at its founding in 2007. Bmaz grew up around politics, education, sports and, most significantly, cars; notably around Formula One racing and Concours de Elegance automobile restoration and showing. Currently lives in the Cactus Patch with his lovely wife and beast of a dog, and practices both criminal and civil trial law.
mro-hirise-mars-dune-seasons-frost-pia18114-full

About that Russian Hacker Story

This story is going viral on social media. The CNN article, dated October 12, describes a compromise of a FL contractor they don’t situate in time.

Federal investigators believe Russian hackers were behind cyberattacks on a contractor for Florida’s election system that may have exposed the personal data of Florida voters, according to US officials briefed on the probe.

The hack of the Florida contractor comes on the heels of hacks in Illinois, in which personal data of tens of thousands of voters may have been stolen, and one in Arizona, in which investigators now believe the data of voters was likely exposed.
Later in the article, CNN makes it clear this is the same hack as described in this earlier ABC reporting, which expands on a story from several days earlier. ABC’s reporting doesn’t date the compromise either. Rather, it explains that FL was one of four states in which hackers had succeeded in compromising data, whereas hackers had scanned voting related systems — tried to hack systems — in half the states.

As ABC News first reported Thursday, hackers have recently tried to infiltrate voter registration systems in nearly half of the states across the country –- a significantly larger cyber-assault than U.S. officials have been willing to concede.

And while officials have publicly admitted Illinois and Arizona had their systems compromised, officials have yet to acknowledge that information related to at least two other states’ voters has also been exposed.

Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.

And ABC’s source at least claimed that all hackers did was copy voter data.

The voter information was exposed after cyber-operatives gained entry to at least one computer associated with a private company hired to administer voter information, the sources said.

A simple “phishing” scheme –- with a malicious link or attachment sent in an email –- is likely how it all started, one source said.

“The attack was successful only in the sense that they gained access to the database, but they didn’t manipulate any of the voter [information] in the database,” the source said.

So, in spite of what people might think given the fact that the CNN is going viral right now, it doesn’t refer to a hack in conjunction with the election. It refers to a hack that happened well over a month ago. It refers to a hack that — at least according to people who have an incentive to say so — resulted only in the theft of data, not its alteration.

Both CNN and ABC use language that suggests the Russian government was behind this hack. Here’s CNN:

FBI investigators believe the the hacks and attempted intrusions of state election sites were carried out by hackers working for Russian intelligence.

And here’s ABC:

Hackers working on behalf of the Russian government are suspected in the onslaught against election-related systems, according to sources with knowledge of the matter.

But (as CNN points out) the October 7 joint DNI/DHS statement on Russian hacking doesn’t attribute the voting rolls part to the Russian state.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

An earlier DHS one explicitly attributes them to cybercriminals.

(U//FOUO) DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

There were known instances of identity thieves hacking voting rolls going back some time, so it is possible that’s all this was about.

We learned recently that FBI Director Comey pointedly did not want to be included on the joint DNI/DHS statement, because it was too close to the election. So it’s possible there was disagreement about that part of it (which might explain the FBI-sourced leak to CNN).

Also note, I believe the known hackers used different methods, including both SQL injection and phishing. If in response to the earlier ones, DHS did a review of voting systems and found a number of phishes using the same methods as GRU, that may explain why FBI would say it was Russian.

In any case, we don’t know what happened, and at least public claims say the hackers didn’t alter any data.

But the CNN story, at least, is not about something that just happened.

Update: Fixed some typos and clarity problems.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

screen-shot-2016-10-30-at-8-18-27-am

Is FBI Still Fluffing Its Encryption Numbers?

Note: All the big civil liberties groups are fundraising “bigly” off of the election of Trump. If you are donating to them and are able, please consider supporting this work as well.  

Update: I went back to the FBI spox who originally told me that the 13% number cited in August included damaged phones, to clarify that this more recent one did. It does not. Here’s what he said:

It is true that damaged devices are provided to CART and RCFL for FBI assistance, but the 886 devices in FY16 that the FBI was not able to access (which is the number that GC Baker provided last week), does not include those damaged devices. It includes only those devices for which we encountered a password we were not able to bypass.

“[T]he data on the vast majority of the devices seized in the United States may no longer be accessible to law enforcement even with a court order or search warrant,” FBI Director Jim Comey wrote in a response to a question from Senate Judiciary Committee Chair Chuck Grassley in January. Grassley had asked whether Comey agreed with New York District Attorney’s Cy Vance’s estimate — made in Senate testimony the previous July — that “when smartphone encryption is fully deployed by Apple and Google, 71% of all mobile devices examined…may be outside the reach of a warrant.”

In Comey’s very next answer, however, he admitted the FBI was still trying to quantify the problem. “FBI is currently working on improving enterprise-wide quantitative data collection to better understand and explain the ‘data at rest’ problem.” Comey and Deputy Attorney General Sally Yates had promised to come up with real data at the July 2015 hearing.

Since that time, FBI has publicly created the impression they had real numbers on encryption.

In a speech at the end of August, Jim Comey claimed that the FBI had been unable to open 650 of the 5,000 devices it got in its forensics centers (remember, the fiscal year starts on October 1).

We believe in the FBI that we need a conversation. If at the end of the day the American people say, “You know what, we’re okay with that portion of the room being dark. We’re okay with”—to use one example—“the FBI, in the first 10 months of this year, getting 5,000 devices from state and local law enforcement and asked for assistance in opening them, and in 650 of those devices being unable to open those devices.” That’s criminals not caught, that’s evidence not found, that’s sentences that are far, far shorter for pedophiles and others because judges can’t see the true scope of their activity.

That left the impression that encryption thwarted the FBI in 13% of all cases.

According to Kevin Bankston, FBI General Counsel just provided an equivalent number at a National Academy of the Sciences working group on encryption (Baker only said these were inaccessible — he did not claim that was because of encryption, though that was the context of the number).

Interesting data point: Baker says over FY 2016, of 6814 mobile devices submitted by fed/state/local to FBI’s [Computer Analysis Response Teams and Regional Computer Forensic Laboratories for analysis 2095 of them req’d passcodes, defeated passcodes in 1210 cases, unable to (presumably due to crypto?) in 886 (885?) cases.

That reflects the same 13% failure rate.

I asked the FBI in September where they got this number. And at least at that point, the 13% was not a measure of how often encryption thwarted the FBI. A spokesperson told me,

It is a reflection of data on the number of times over the course of each quarter this year that the FBI or one of our law enforcement partners (federal, state, local, or tribal) has sought assistance from FBI digital forensic examiners with respect to accessing data on various mobile devices where the device is locked, data was deleted or encrypted, the hardware was damaged, or there were other challenges with accessing the data. I am not able to break that down by crime type.

In the San Bernardino case, for example, the FBI may not have been able to access 66% of the phones it seized from the culprits (there are actually varying reports on this). But in the end, encryption accounted for none of those phones being inaccessible: physical destruction accounted for all of it.

So unless the FBI, after I asked in early September, went back and recalculated their quarterly numbers (I’ve got a question in to clarify this point), then the FBI is presenting a false claim about encryption.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

rain_jadonbarnes-unsplash_28sep2016_bg-1500w

Monday: A Border Too Far

In this roundup: Turkey, pipelines, and a border not meant to be crossed.

It’s nearly the end of the final Monday of 2016’s General Election campaign season. This shit show is nearly over. Thank every greater power in the universe we made it this far through these cumulative horrors.

Speaking of horrors, this Monday’s movie short is just that — a simple horror film, complete with plenty of bloody gritty gore. Rating on it is mature, not for any adult content but for its violence. The film is about illegal immigrants who want more from life, but it plays with the concepts of alien identity and zombie-ism. Who are the illegals, the aliens, the zombies? What is the nature of the predator and their prey? Does a rational explanation for the existence of the monstrous legitimize the horror they perpetuate in any way?

The logline for this film includes an even shorter tag line: Some borders aren’t meant to be crossed. This is worth meditating on after the horrors we’ve seen this past six months. Immigrants and refugees aren’t the monsters. And women aren’t feeble creatures to be marginalized and counted out.

Should also point out this film’s production team is mostly Latin American. This is the near-future of American storytelling and film. I can’t wait for more.

Tough Turkey
The situation in Turkey is extremely challenging, requiring diplomacy a certain Cheeto-headed candidate is not up to handling and will screw up if he places his own interests ahead of that of the U.S. and the rest of the world.

  • Luxembourg’s foreign minister compares Erdoğan’s purge to Nazi Germany (Deutsche Welle) — Yeah, I can’t argue with this when a political party representing an ethnic minority and a group sharing religious dogma are targeted for removal from jobs, arrest and detention.
  • Op-Ed: Erdoğan targeting critics of all kinds (Guardian) — Yup. Media, judges, teachers, persons of Kurdish heritage or Gulenist religious bent, secularists, you name it. Power consolidation in progress. Democracy, my left foot.
  • HDP boycotts Turkish parliament after the arrest of its leaders (BBC) — Erdoğan claimed the arrested HDP leaders were in cahoot with the PKK, a Kurdish group identified as a terrorist organization. You’ll recall HDP represents much of Turkey’s Kurdish minority. But Erdoğan also said he doesn’t care if the EU calls him a dictator; he said the EU abets terrorism. Sure. Tell the cities of Paris and Brussels that one. Think Erdoğan has been taking notes from Trump.
  • U.S. and Turkish military leaders meet to work out Kurd-led ops against ISIS (Guardian) — Awkward. Turkish military officials were still tetchy about an arrangement in which Kurdish forces would act against ISIS in Raqqa, Syria, about 100 miles east of Aleppo. The People’s Protection Units (YPG) militia — the Kurdish forces — will work in concert with Arab members of Syrian Democratic Forces (SDF) coalition in Raqqa to remove ISIS. Initial blame aimed at the PKK for a car bomb after HDP members were arrested heightened existing tensions between Erdoğan loyalists and the Kurds, though ISIS later took responsibility for the deadly blast. Depending on whose take one reads, the Arab part of SDF will lead the effort versus any Kurdish forces. Turkey attacked YPG forces back in August while YPG and Turkey were both supposed to be routing ISIS.

In the background behind Erdoğan’s moves to consolidate power under the Turkish presidency and the fight to eliminate ISIS from Syria and neighboring territory, there is a struggle for control of oil and gas moving through or by Turkey.

Russia lost considerable revenue after oil prices crashed in 2014. A weak ruble has helped but to replace lost revenue based on oil’s price, Russia has increased output to record levels. Increase supply only reduces price, especially when Saudi Arabia, OPEC producers, and Iran cannot agree upon and implement a production limit. If Russia will not likewise agree to production curbs, oil prices will remain low and Russia’s revenues will continue to flag.

Increasing pipelines for both oil and gas could bolster revenues, however. Russia can literally throttle supply near its end of hydrocarbon pipelines and force buyers in the EU and everywhere in between to pay higher rates — the history of Ukrainian-Russian pipeline disputes demonstrates this strategy. Bypassing Ukraine altogether would help Russia avoid both established rates and conflict there with the west. The opportunities encourage Putin to deal with Erdoğan, renormalizing relations after Turkey shot down a Russian jet last November. Russia and Turkey had met in summer of 2015 to discuss a new gas pipeline; they’ve now met again in August and in October to return to plans for funding the same pipeline.

A previous pipeline ‘war’ between Russia and the west ended in late 2014. This conflict may only have been paused, though. Between Russia’s pressure to sell more hydrocarbons to the EU, threats to pipelines from PKK-attributed terrorism and ISIS warfare near Turkey’s southwestern border, and implications that Erdoğan has been involved in ISIS’ sales of oil to the EU, Erdoğan may be willing to drop pursuit of EU membership to gain more internal control and profit from Russia’s desire for more hydrocarbon revenues. In the middle of all this mess, Erdoğan has expressed a desire to reinstate the death penalty for alleged coup plotters and dissenters — a border too far for EU membership since death penalty is not permitted by EU law.

This situation requires far more diplomatic skill than certain presidential candidates will be able to muster. Certainly not from a candidate who doesn’t know what Aleppo is, and certainly not from a candidate who thinks he is the only solution to every problem.

Cybery miscellany

That’s it for now. I’ll put up an open thread dedicated to all things election in the morning. Brace yourselves.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
putin

NYT Ombud Calls for More Unproven Fearmongering

In an overly dramatic (and in key areas, fluff) piece promising voting related hacks long into the future, David Sanger includes this passage.

The steady drumbeat of allegations of Russian troublemaking — leaks from stolen emails and probes of election-system defenses — has continued through the campaign’s last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

“Most of the biggest stories of this election cycle have had a cyber component to them — or the use of information warfare techniques that the Russians, in particular, honed over decades,” said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. “From stolen emails, to WikiLeaks, to the hacking of the N.S.A.’s tools, and even the debate about how much of this the Russians are responsible for, it’s dominated in a way that we haven’t seen in any prior election.”

The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access.

On a day when results from North Carolina strongly suggest that efforts to suppress the African American vote have thus far worked, the NYT frames a story by arguing that cyber — not racism and voter suppression — accounts for “most of the biggest stories of the election cycle” (the story goes on to include Hillary’s email investigation in with the Russian hacks dealt with in the story).

It does so even while insintuating that the “probes of election-system defenses” are a Russian state-led effort, which the Intelligence Community pointedly did not say. Indeed, a DHS assessment dated September 20 — before that Intelligence Statement — (and publicly posted Saturday) attributes such probes to “cybercriminals and criminal hackers.”

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

Sanger posted his piece, claiming that cyber is the most important part of this election, in the wake of NYT’s ombud, Liz Spayd, posting her own piece judging — partly based off Sanger’s assessment — that the NYT should put someone on the Russian hacking story full time.

[W]hile several reporters have periodically contributed to the coverage, no one was dedicated to it full time. That’s too bad. In my view, The Times should have assembled a strike force and given it a mandate to make this story its top priority.

[snip]

I asked Sanger, a highly knowledgeable and seasoned hand on matters of cyberwarfare, about the challenges in covering information hacks. “American drone strikes and Russians bombing a hospital in Syria are immediate, gripping, tragic human stories,” he said. “A cyberstrike, by nature, is subtle, its effects often hidden for months, its importance usually a mystery. The bigger story here is that a foreign power has inserted itself in the fundamental underpinnings of American democracy using cybertechniques. We’ve never seen that before.”

That sounds like a pretty powerful argument for all-hands-on-deck coverage. After all, Trump’s treatment of women, Clinton’s email servers, the foundations of each candidate — all of it will soon fade out. The cyberwar, on the other hand, is only getting started.

Spayd makes a number of unproven or even false claims in her piece. Not only does she (like Sanger) claim that those probing voter poll sites are Russian (implying they are state hackers), she also implies the Shadow Brokers hack was done by Russia (which may be true but is far from proven).

So was the National Security Agency. Now, hackers are meddling with the voting systems in several states, leaving local officials on high alert.

She asks a question — were the Russians running Trump — she answers in her own piece.

And most critically, what has it done to try to establish whether Donald Trump was colluding with Russian intelligence, as Clinton suggests?

[snip]

The Times finally weighed in on this question last week, concluding that there is no compelling evidence linking Trump to the hackers. The piece, which ran on A21 and down page on the website, appeared to have been in the works for some time. Yet it was published just seven days before the election, and was unsatisfying in exploring the back story that led to its conclusions.

In a piece that notes there is no evidence the Russians are behind the poll probes, she suggests a Sanger piece suggesting they might have been should have been somewhere more prominent than page A15.

A piece laying out evidence that the Russians may be trying to falsify voting results in state databases ran on A15 and got minimal play digitally.

And she applauds a highly problematic piece claiming Julian Assange and Wikileaks always side with the Russians.

Led by David Sanger, The Times was first to link the Russians to the hacks, to examine the baffling role of Julian Assange and WikiLeaks and to smartly explore the options that the Obama administration could use to retaliate. I have no substantive complaints about the stories The Times has done.

In short, she points to a lot of problematic, hasty fearmongering the NYT has done on this front (as well as the one debunking much of that fearmongering, though she complains that doesn’t offer enough detail). And then says NYT should do more of it.

From the sounds of things, what she really wants is more cloak and dagger on the front pages of the NYT. Even if NYT has to invent a Russian tie to get it there.

Update: Egads.

The NYT just decided to tweet out its crappy Assange only does things Putin likes piece again.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

baseball_kaioberhauser-unsplash_02nov2016

Wednesday: Feliz Dia de los Muertos — Happy Day of the Dead!

In this Day of the Dead roundup: World Series Game 7, Rule 41, AT&T and net neutrality, Google spanks Microsoft, Slack smacks.

Happy All Saints’ Day Two — the second day of observation through Latin America as el Dia de los Muertos.

Was thinking of death and dying when I saw a post about one of my favorite movie soundtracks by one of my favorite contemporary composers. The Fountain, composed by Clint Mansell, was released today on vinyl. The 2006 film directed by Darren Aronofsky may not be everybody’s cup of tea, but the score surely must have wider appeal. The score features collaborative work of the contemporary classical chamber group Kronos Quartet and post-rock quartet Mogwai. The former provides most of the string work and the latter most of the rhythm, melding into some truly haunting music.

I think The Fountain is some of Mansell’s finest work; it was nominated for multiple awards including a Golden Globe. But do check out some of Mansell’s other film work, including that for Requiem for a Dream (especially the cut Lux Aeterna) and Black Swan. Stoker did not receive the recognition it should have; its presence is another character in the film. Granted, Mansell’s score for Stoker was only part of a soundtrack featuring other artists’ compositions.

World Series – Great Lakes Edition
So Game 7 is underway. I’d rather see Chicago Cubs up against Detroit Tigers, but the summer kitties let me down. I’m hoping for a Cubs win just because. What about you?

Cyber-y stuff

  • Less than a month before Rule 41 deadline (ZDNet) — Congress has diddled around after the Supreme Court created a potentially awful opportunity for law enforcement overreach. I can’t even imagine the foreign policy snafus this could create, let alone the fuckups which could happen from searching machines with spoofed identities and locations. I can think of a case where a political entity plopped on an IP address belonging to a major corporation — now imagine some huckleberry charging into that situation. FIX THIS, CONGRESS.
  • That’s not the airport, that’s the Kremlin! (MoscowTimes) — Speaking of spoofed identities, apparently the Kremlin’s location has been masked by a beacon emitting the GPS and GLONASS geolocation coordinates for the Vnokovo airport to prevent drones from snooping. An interesting bit, this…I wonder where/when else geolocation coordinates have been spoofed?
  • AT&T ‘zero-rating’ on DirecTV content should be reviewed (WSJ) — Favoring DirecTV — owned by AT&T — by lifting data caps on its content isn’t net neutrality when content streamed from other providers like Netflix does count against data limits.
  • AT&T already in the hot seat with USDOJ on Dodgers’ games (Bloomberg) — USDOJ sued AT&T and DirecTV for colluding with competitors to influence negotiations for Los Angeles Dodgers’ ball games. Imagine what this network will do if it owns content? Definitely not net neutrality — a perfect example of the conflict of interest between ISPs/network carriers and content creators.
  • Google takes Microsoft to the woodshed in full view of public (Threatpost) — I think Google is fed up with Microsoft’s buggy software and slow response which causes Google a mess of heartburn to plug on their end. Google told Microsoft of a new major zero-day vulnerability being actively exploited and then told the public 10 days after they told Microsoft. Apparently, MSFT hadn’t gotten a grip on a fix yet nor issued an advisory to warn users. By the way, guess when the next Patch Tuesday is? Election Day in the U.S. Uh-huh.
  • Slack takes out a full-page ad to welcome/razz Microsoft (WinBeta) — Microsoft is currently working on a competing group communication tool called Team, aimed at Slack’s market share. Slack welcomed the competition and gave MSFT some free pointers. Based on my experience, these pointers will go right over the head of MSFT’s management as they don’t mesh with their corporate culture.

That all for now, off to finish watching the Cubs who are giving it to Cleveland in a really fast-paced game that won’t last much longer at this rate. Must be all that Great Lakes water.

Blogger since 2002, political activist since 2003, geek since birth. Opinions informed by mixed-race, multi-ethnic, cis-female condition, further shaped by kind friends of all persuasions. Sci-tech frenemy, wannabe artist, decent cook, determined author, successful troublemaker. Mother of invention and two excessively smart-assed young adult kids. Attended School of Hard Knocks; Rather Unfortunate Smallish Private Business School in Midwest; Affordable Mid-State Community College w/evening classes. Self-employed at Tiny Consulting Business; previously at Large-ish Chemical Company with HQ in Midwest in multiple marginalizing corporate drone roles, and at Rather Big IT Service Provider as a project manager, preceded by a motley assortment of gigs before the gig economy was a thing. Blogging experience includes a personal blog at the original blogs.salon.com, managing editor for a state-based news site, and a stint at Firedoglake before landing here at emptywheel as technology’s less-virginal-but-still-accursed Cassandra.
screen-shot-2016-11-01-at-12-49-48-pm

My Boob Clinic Is Part of an International Spying Plot … but Hillary’s on It!

By now you’ve likely read or at least heard about this Slate story, which uses a bunch of innuendo arising from some metadata to suggest that Trump has a secret exclusive communication method with Russia’s biggest bank.

A number of people have debunked the technical claims in the article.

Former GCHQ employee Matt Tait did so in a series of tweets here. Consultant Naadir Jaawa laid out how it’s a marketing server here. Consultant Robert Graham not only lays out the same spam email explanation that both Spectrum Health and Mandiant describe in the story, but notes that other malware researchers question the data in the story.

Indeed, one journalist did call one of the public resolvers, and found other people queried this domain than the two listed in the Slate story — debunking it. I’ve heard from other DNS malware researchers (names remain anonymous) who confirm they’ve seen lookups for “mail1.trump-email.com” from all over the world, especially from tools like FireEye that process lots of spam email. One person claimed that lookups started failing for them back in late June — and thus the claim of successful responses until September are false.

Krypt3ia, in a post written in steps weeks ago, couldn’t get answers from the “Tea Leaves” behind the story and judged that the incriminating files — which were just text files — could be recreated.

These are the key files in the new dump but the problem I have is that they are just text files. Anyone with the know how could re-create these to look legit enough but yet still be questioned. I see no actual login to the shell and queries being run here so really coulda just done a find/replace on another query on any server you have access to.

In short, contrary to what Slate suggests, there are innocent explanations for this, and there’s good reason to distrust the provenance of the data behind it.

Update: The Intercept has now explained why they passed on the story; they include spam sent to both Alfa and Spectrum from Trump, which corroborates the theory everyone else technical is settling on.

Boob Clinics usually stay out of international spy plots

Most of these debunkings have focused on the technical aspects. I want to start with this passage from Slate.

A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers.

The story, remember, is that Trump has a super spooky exclusive hotline directly to a corrupt Russian bank. But most people covering this completely ignore that it’s not completely exclusive: over 10% of the traffic reported by the anonymous researchers involves Spectrum Health.

Spectrum Health is the largest employer in Grand Rapids and West Michigan generally. It includes the Helen DeVos Children’s Hospital and a Betty Ford Breast Care clinic. Spectrum Health is where I go to the doctor and Betty Ford is where I got my still cancer-free boobs squished this year. So for this story to make sense, you’ve got to explain why a children’s hospital and a boob clinic are in cahoots with Trump and a big Russian bank.

The original version of the story tried to make much of the tie to Spectrum, finding in the children’s hospital named after Richard DeVos’s wife a tie to Erik Prince (Helen’s daughter-in-law Betsy’s brother) and the DeVos family’s multinational pyramid scheme, the wealth from which has always — not just this year — been funneled into conservative causes.

The other frequent connection to Trump’s hidden server with the same distinctive human pattern is Spectrum Health, a Michigan hospital with close ties to the DeVos family (http://www.spectrumhealth.org/locations/helen-devos-childrens-hospital). The Devos family founded Amway / Alticor which operates in Russia including transactions with Alfa Bank such as buying insurance for 800 Alticor employees from Alfa Bank’s insurance subsidiary. The Devos family has given millions of dollars in the past few months to conservative super PACs (www.fec.gov). One member of the Devos family was a founder of Blackwater.

None of that makes sense, though, especially since — while some of the DeVoses do seem to be funding Trump now and Prince has bizarrely backed the Donald (though that may stem from being shut out of State business while Hillary was in charge) — the biggest commonality between the DeVoses (who are hard core Republicans) and Trump is their multinational scheming and fondness for sports teams.

They may both be awful conservatives, but they are different kinds of awful conservatives, and there’s little reason to believe they’d be in cahoots outside of belated efforts, post-dating these files, to fund Republican turnout in the state (and even there, Prince’s sister Betsy is withholding direct funding).

More importantly, the DeVoses no more run this hospital than Betty Ford does.

But without the conspiracy theories implicating the DeVoses, then innocent explanations sure look a lot more plausible.

Tellingly, however, most other treatments of this story (this is an exception) have simply ignored this detail. Because once you have to calculate how a children’s hospital and a boob clinic — even one, or perhaps especially one, named after Gerald Ford’s wife — has a tie to this international spy plot, things start falling apart.

The reason why the boob clinic part of the story is important is it’s a detail that should have led even non-technical people to at least think twice before running with the story. Slate, however, simply included Spectrum’s explanation for the files, the one that matched Mandiant’s working hypothesis, and careened ahead.

The FBI has its own doubts

After Slate published, the NYT posted a story that generally reveals the FBI hasn’t been able to substantiate any tie between Trump himself and Russia and has backed off its claims that Russia was trying to decide the election (a judgment I hope to return to).

It also reveals that the FBI largely agreed with what security experts concluded when they saw this claim.

In classified sessions in August and September, intelligence officials also briefed congressional leaders on the possibility of financial ties between Russians and people connected to Mr. Trump. They focused particular attention on what cyberexperts said appeared to be a mysterious computer back channel between the Trump Organization and the Alfa Bank, which is one of Russia’s biggest banks and whose owners have longstanding ties to Mr. Putin.

F.B.I. officials spent weeks examining computer data showing an odd stream of activity to a Trump Organization server and Alfa Bank. Computer logs obtained by The New York Times show that two servers at Alfa Bank sent more than 2,700 “look-up” messages — a first step for one system’s computers to talk to another — to a Trump-connected server beginning in the spring. But the F.B.I. ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts.

Note, this means that the FBI was already looking into this story when it got shopped to reporters in early October. So in addition to the four or so other entities that reviewed this story and found it wanting (including me), the FBI had already had a crack at it.

Hillary Clinton and her likely National Security Advisor jump on this story

Now, as with the Kurt Eichenwald story claiming to have found a smoking gun tying Trump to Putin, people on the left didn’t read the story very critically. Sure, this one is technically hard — up until you think about the boob clinic connection alleged in the middle of the spy plot.  But for all its breathlessness, the Slate story simply insinuated. It proved nothing.

Which is why I’m so troubled that Hillary Clinton tweeted it four times in three hours, including a statement her likely National Security Advisor Jake Sullivan put together.

I mean, I get that it’s election season and all. I get that Jim Comey gave Hillary a whopping October surprise on Friday. But one of the reasons we’re supposed to elect Hillary over Trump is that she is more measured and fact-based than Donald is.

Here, she jumped on a story that at least should have given pause and created two campaign messaging pieces around it, asserting as fact that “Donald Trump has a secret server … set up to communicate privately with a Putin-tied Russian bank.”

I’ll repeat again: Jake Sullivan — the guy who wrote the longer statement on this — is widely assumed to be set to take on the job from which Condi Rice started a war by warning about fictional mushroom clouds.

Who are these secret researchers, anyway

Which leads me to a final question a few of the security folks are asking about this story.

In addition to his technical debunking, Robert Graham made an equally important point: researchers shouldn’t be accessing this data for ad-lib investigations into presidential candidates, and it’s not even clear who would have access to it all except the NSA.

The big story isn’t the conspiracy theory about Trump, but that these malware researchers exploited their privileged access for some purpose other than malware research.

[snip]

In short, of all the sources of “DNS malware information” I’ve heard about, none of it would deliver the information these researchers claim to have (well, except the NSA with their transatlantic undersea taps, of course).

And in a second post this morning, Krypt3ia started wondering who’s behind this story.

This was a non story and this was someone’s troll or an IC operation of some kind. I left it at that… That is until last night when this fallacy laden report came out of Slate.

Anonymous Security Professionals

So here is what I believe happened with Slate and Foer. Tea, not happy with my ignoring their bullshit, went on to pimp at least five venues looking for a way to get this wide and Foer was the gullible one to do so. Now, with a live one on the line Tea spun their tale and added the new twist that they are in fact a group of “security professionals” with insider knowledge and that this story is really real. Of course once again they provided no real proof of Trumps servers being configured for this purpose, no evidence of actual emails, and no real forensically sound information that proves any of what they say can be proven in a court of law. This is a key thing and Slate may not care but others do. Even in the previous dumps on the i2p site that tea set up their diagram said “this is what it would look like” would is not proof, that there is speculation and not evidence.

[snip]

Meanwhile, the story spun by Tea and now Camp et al on Slate makes me wonder just who Tea is. Obviously Camp knows Tea and the others and this is a small world so let’s work out the connections shall we?

Camp –>Vixie –> ??? let’s just assume that Camp knows these persons well and if one starts to dig you could come up with a few names of people who “would” (there’s that would again) have the kind of access to DNS data that is needed.

Just sayin.

Of course, we have since learned that before Tea Leaves started pushing this story to the press, the FBI had been investigating it for two months.

Which, to my mind, raises even more questions about the anonymous researchers’ identities, because (small world and all) the FBI likely knows them, in which case they may have known that the FBI wasn’t jumping on the story by the time they started pitching it.

Or the FBI doesn’t know them, which raises still more questions about the provenance of these files.

Ah well, if President Hillary starts a war with Russia based off Iraq-War style dodgy documents, at least I’ll have the satisfaction of knowing my boob clinic is right there on the front lines.

Update: I’ve added language to clarify that the DeVoses don’t run Spectrum.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

screen-shot-2016-10-31-at-4-13-01-pm

Or Maybe the FBI Really Did Have a Reason to Stay Off the Russian Attribution?

The Comey whiplash continues.

In the latest development, a single source — a “former FBI official,” offered with no description of how he or she would know — told CNBC that weeks ago Jim Comey refused to join onto the Intelligence Community’s attribution of the DNC hacks to Russia because it was too close to the election.

FBI Director James Comey argued privately that it was too close to Election Day for the United States government to name Russia as meddling in the U.S. election and ultimately ensured that the FBI’s name was not on the document that the U.S. government put out, a former FBI official tells CNBC.

The official said some government insiders are perplexed as to why Comey would have election timing concerns with the Russian disclosure but not with the Huma Abedin email discovery disclosure he made Friday.

In the end, the Department of Homeland Security and The Office of the Director of National Intelligence issued the statement on Oct. 7, saying “The U.S. intelligence community is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations…These thefts and disclosures are intended to interfere with the US election process.”

[snip]

According to the former official, Comey agreed with the conclusion the intelligence community came to: “A foreign power was trying to undermine the election. He believed it to be true, but was against putting it out before the election.” Comey’s position, this official said, was “if it is said, it shouldn’t come from the FBI, which as you’ll recall it did not.”

In spite of what Hillary said at the most recent debate, the statement was billed as a “Joint Statement,” though it did claim to represent the view of the intelligence community.

Until someone else confirms this story — preferably with more than one source, one clearly placed in a position to know — I advise caution on this.

That’s true, first of all, because a bunch of people who likely harbor grudges against Jim Comey are coming out of the woodwork to condemn Comey’s Friday statement. Given the reasons they might resent Comey, I really doubt Alberto Gonzales or Karl Rove were primarily motivated to criticize him out of a concern for the integrity of our election process.

The same could be true here.

The other reason I’d wait is because of reporting going back to this summer on the case against Russia. As I’ve noted, reporters repeatedly reported that while there seemed little doubt that Russia had hacked the Democrats, the FBI had not yet proven some steps in the chain of possession. For example, at the end of July, FBI was still uncertain who or how the emails from DNC were passed onto WikiLeaks.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

As I noted, the IC attribution statement actually remained non-committal on precisely this step of the process, finding that the leaks of emails were consistent with stuff Russia’s GRU has done in the past, but stopping short of saying (as they had on the hack itself) that it is confident that Russia leaked the files.

Which is to say the same thing the FBI had questions about in July is something that remained non-committal in the October statement, which might be one of a number of reasons (including that FBI wants to retain the ability to prosecute whoever they charge with this, including if it is a currently unknown middleman) that the FBI might not want to be on the attribution. FBI was unwilling to fully commit to the accusation in July, and apparently unwilling to do so in October.

Note that CNBC’s anonymous source, even when confirming that Comey backed the statement, didn’t confirm he backed the whole content of it. The person contrasts the most aggressive quote from the IC statement:

… the U.S. intelligence community is confident that the Russian Government directed the recent compromises …

With this, allegedly from Comey:

A foreign power was trying to undermine the election

Those statements are not the same thing, and it may be that FBI continued to have perhaps not doubts, but unproven holes in the case, that led to caution on the Russia statement.

In any case, it’s not that I believe the anonymous CNBC statement to be impossible. But there is another perfectly consistent explanation for Comey hesitating to name FBI on that IC attribution.

Update: Ellen Nakashima has a version of this story (sourced to more than one person) now. Here’s an excerpt, but definitely read the whole thing for the logic (or lack thereof) FBI used.

In the debate over publicly naming Russia, the FBI has investigative interests to protect, officials said. At the same time, other officials said, the aim of public attribution was to stop Russia from undermining confidence in the integrity of the election.

[snip]

But the White House, Justice Department, State Department and other agencies debated for months whether to officially blame Moscow or not.

Comey’s instincts were to go with the public attribution even as late as August, said one participant in the debate. But as the weeks went by and the election drew nearer, “he thought it was too close,” the official said.

When, by early October, the decision was made, the talk shifted to who would make the announcement. In December 2014, it was the FBI that publicly pointed the finger at North Korea for hacking Sony Pictures Entertainment and damaging its computers. That was because the attribution to Pyongyang was based on the FBI investigation, said a senior administration official.

[snip]

The announcement did not mention the White House, which also had been very concerned about appearing to influence the election.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.