Cybersecurity

The Just Right Fear Industry, in 18,000 Words

Steven Brill thinks we’re not worried enough about bioterrorism and dirty bombs. He makes that argument even while acknowledging that a dirty bomb attack launched in Washington DC would result in just 50 additional cancer deaths. And curiously, his extensive discussion about germ threats (inspired by a Scooter Libby report, no less!) doesn’t mention that the Russian military is currently struggling to contain an anthrax attack launched by a thawing reindeer.

That’s the problem with Brill’s opus: anthrax attacks only matter if they’re launched by Islamic extremist reindeers, not reindeers weaponized by climate change. (And if you were wondering, although he discusses it at length, Brill doesn’t mention that the 2001 anthrax attack, which was done with anthrax derived from a US lab, has never been solved.)

He makes a similar error when he spends 18 paragraphs focusing on what he (or his editors) dub “cyberterrorism” only to focus on OPM as proof the threat exists and includes this paragraph from Jim Comey admitting terrorists don’t yet have the capabilities to hurt us our Chinese and Russian adversaries do.

For his part, the FBI’s Comey worries more about a cyberterror onslaught directed at the private sector than one directed at the government. “These savages,” he says, “have so far only figured out how to use the internet to proselytize, not to wreak physical damage. What happens when they figure out how to use it to break into a chemical plant, or a blood bank and change the blood types? We know they are trying. And they don’t have to come here to do it.”

Biothreats and hacking are a threat. But it would be sheer idiocy to approach the problem, at this point, as primarily one of terrorism when climate change and nation-state adversaries clearly present a more urgent threat.

But it’s not just Brill who adopts some weird categorization. The article is perhaps most interesting for the really telling things he gets Comey to say, as when he suggests FBI drops investigations when they hear a “wing nut” making bomb threats in a restaurant.

“Think about it from our perspective,” Comey said when I asked about this. “Suppose someone is overheard in a restaurant saying that he wants to blow something up. And someone tells us about it. What should we do? Don’t we need to find out if he was serious? Or was he drunk? The way to do that is to have someone engage him in an undercover way, not show up with a badge and say, ‘What are your thoughts in regard to terrorism?’ ”

“Plenty of times it’s a wing nut or some drunk, and we drop it,” he continued.

I actually think the FBI, as an institution, is better than this. But to have the FBI Director suggest his bureau wouldn’t follow up if someone making bomb threats was deemed a radical but would if they were deemed a Muslim is really telling.

Which gets to the core of the piece. Over the course of the 18,000+ words, Brill admits — and quotes both President Obama and Comey admitting — that what makes terrorism different from the equally lethal attacks by other mentally unstable or “wing nut” types is the fear such attacks elicit.

President Obama described the difference to me this way: “If the perpetrator is a young white male, for instance—as in Tucson, Aurora, and Newtown—it’s widely seen as yet another tragic example of an angry or disturbed person who decided to lash out against his classmates, co-workers, or community. And even as the nation is shaken and mourns, these kinds of shootings don’t typically generate widespread fear. I’d point out that when the shooter or victims are African American, it is often dismissed with a shrug of indifference—as if such violence is somehow endemic to certain communities. In contrast, when the perpetrators are Muslim and seem influenced by terrorist ideologies—as at Fort Hood, the Boston Marathon bombing, San Bernardino, and Orlando—the outrage and fear is much more palpable. And yet, the fact is that Americans are far more likely to be injured or killed by gun violence than a terrorist attack.”

The FBI’s Comey agrees. “That the shooter in San Bernardino said he was doing it in the name of isil changed everything,” he told me. “It generates anxiety that another shooting incident, where the shooter isn’t a terrorist, doesn’t. That may be irrational, but it’s real.”

Nevertheless, all three — even Brill, in a piece where he takes Obama to task for not publicizing his change in dirty bomb response, refers to “deranged people and terrorists” obtaining assault weapons as if they are mutually exclusive categories — seem utterly unaware that part of the solution needs to be to stop capitulating to this fear. Stop treating terrorism as the unique, greatest threat when you know it isn’t. Channel the money being spent on providing tanks to local police departments to replacing lead pipes instead (an idea Brill floats but never endorses). Start treating threats to our infrastructure — both physical and digital — including those caused by weaponized reindeer as the threat they are.

And for chrissakes, don’t waste 18,000 words on a piece that at once scolds for fearmongering even while perpetuating that fear.

Friday: Little Fly

Friday jazz comes to us from vocalist and bassist Esperanza Spalding, one of my personal favorites. She’s the first jazz musician to ever win the Grammy Award for Best New Artist, awarded only a handful of months after this featured performance from 2010.

My favorite tune of the three she performs here is Apple Blossom — it never fails to make me sniffle. Spalding plays more than just the double bass; sample her more progressive work on electric bass here. Want something a bit more traditional? Try her upbeat bluesy rendition of On the Sunny Side of the Street. Or maybe a little pop rock slice with her tribute to Stevie Wonder, Overjoyed.

Wheels and steals
Volkswagen:

  • Whiny op-ed complains about poor, poor Volkswagen (WSJ) — Aw, poor fraudulent enterprise lied and ripped off the American public for a decade while other automakers in the U.S. complied with emissions laws. Murdoch-NewsCorp outlet Wall Street Journal wants us to take pity on the bastards who did not care one whit they were literally poisoning U.S. citizens while lying to customers and dealers, let alone poisoning and lying to tens of millions of customers abroad. Look, they broke U.S. laws for nearly ten years. They made interest and capital gains on the money they gained from their illegal efforts. They can make the customers they defrauded whole and they can do something to fix the damage they wreaked on our environment. And they should be punished for breaking laws on top of reparations. Anything less is a neoliberal blowjob to a company which cannot compete fairly inside the U.S.
  • VW passenger diesel owners need additional protections (Reuters) — The current settlement offered by VW in federal court does not provide a secondary level of protection to consumers says the consumer advocacy journal, needed if the proposed fix to the emissions cheating diesel vehicles does not work. These vehicle owners should be able to opt for buy-back. The amount offered also undervalues retail prices on alternative replacement vehicles, Consumer Reports said in its submission during the public comment period which ended today.

    Consumer Reports said it generally supported the settlement, but urged “regulators to wield robust oversight of Volkswagen to ensure that the company implements its recall, investment, and mitigation programs appropriately” and it called on “federal and state officials to assess tough civil penalties and any appropriate criminal penalties against the company in order to hold it fully accountable.”

  • South Korea halts sales of 80 VW vehicle models (NBCNews) — This is what the U.S. could have done to VW given the scale of fraud, emissions cheating, and the lack of actual “clean diesel” passenger technology available to remedy both 2.0L and 3.0L engine vehicles. The 80 models now banned for non-compliance with emissions and noise pollution laws as well as document forgery include VW, Audi and Bentley vehicles. VW has also been slapped with $16.06 million fine, which is extremely light considering VW broke not only emissions laws while fraudulently misrepresenting the vehicles’ attributes.
  • West Virginia’s suit against VW amended (Hastings Tribune) — WVa Attorney General expanded the suit to include VW parent group as well as Audi and Porsche brands. Bosch, the manufacturer of VW’s electronic control units which were programmed to defeat emissions controls, is included in the lawsuit.
  • Fewer Americans buying VW vehicles (Business Insider) — No surprise, given the emissions controls cheating scandal, the pricey labels, iffy reliability, and a product lineup that doesn’t match the U.S.’ market demand. It may be a long time before VW digs itself out of its hole here.

NOT Volkswagen:

  • Two Houston thieves hack Jeep and Dodge cars (Phys.org) — Hacking pirated computer software used by auto technicians and dealers, two men tweaked Fiat Chrylser model vehicles’ security codes so their key worked. The thieves were picked up driving a stolen Jeep Grand Cherokee after police focused on an area where a high number of vehicle thefts occured.
  • White hat hackers proved Chrysler’s anti-hack update breachable (The Register) — Last year Charlie Miller and Chris Valasek showed Fiat Chrysler’s wireless feature could be hacked remotely to take control of a car. At Black Hat 2016 this week the same duo showed how they could defeat Fiat Chrysler’s firmware update which the automaker pushed to patch the vulnerability. But in terms of ease and speed, the two thieves in Houston might actually have a faster approach to taking control of a vehicle.
  • 28-year-old cracks up his brother’s car while playing Pokémon GO (The Guardian) — Dude. Really? You’re lucky to be alive or that you didn’t kill someone else. This is the kind of generational stupid old-man-yelling-at-clouds Clint Eastwood should take a poke at instead of doubling down on his closeted racism.
  • Self-driving feature in Tesla X may have saved its driver (CNBC) — Driver suffered a pulmonary embolism while on the road; the vehicle took him to the hospital. Article says the driver “was able to steer the car the last few meters” suggesting he was conscious and in control if limited in capacity. No further details were included to describe how the vehicle switched from its original route to the hospital.

Because opening ceremonies begin tonight at the Rio Olympics, I’ll leave you here. Catch you Monday — have a safe and restful weekend!

Tear Up Texas, Tear Up Another Encryption Claim

Both the Intercept and the Daily Beast have reported on this eye-popping exchange from the criminal complaint charging Erick Hendricks with conspiracy to provide material support for terrorism, showing an undercover FBI employee advising one of the future Garland gunmen to “tear up Texas” in the days before the attack.

[Allegedly] Elton Simpson: Did u see that link I posted? About texas? Prob not.

UCE: [states he doesn’t have Simpson’s Twitter handle]

Simpson: [posts link to Draw Prophet Mohammed Contest

UCE: Tear up Texas.

Simpson: Bro, u don’t have to say that… U know what happened in Paris… I think … Yes or no …?

UCE: Right

Simpson: So that goes without saying … No need to be direct.

[snip]

UCE-1 subsequently traveled to Garland, Texas and was present on or about May 3, 2015, at the event.

[snip]

UCE-1 claimed to have been the “eyes” of Hendricks, to have seen Simpson and Soofi be killed, and stated that “Cops almost shot me.”

In other words, FBI had an officer onsite, scoping out the event, who was in communication with both Elton Simpson and Hendricks, the latter of whom may have been inciting a disruption (the evidence doesn’t clearly support he ordered the attack, though it is certainly possible; the complaint accuses hid of conspiring with someone DB IDed as Amir Said Abdul Rahman al-Ghazi, a cooperating witness, not the Garland shooters). Indeed, the undercover officer encouraged the attack with his “Tear up Texas.”

This raises big questions about the attack itself. But it also raises questions about a claim Jim Comey made in December 2015, when arguing about the dangers of encryption.

That morning, before one of those terrorists left and tried to commit mass murder, he exchanged 109 messages with an overseas terrorist. We have no idea what he said, because those messages were encrypted.

That’s interesting because the affidavit provides extensive details, based in part on Amir Said Abdul Rahman Al-Ghazi’s admissions to law enforcement, and based in part on one of Simpson’s phones obtained by the FBI, how Hendricks would coach people to move back and forth from Twitter to three other “secret” (presumably encrypted) messaging apps, as well as either Tor or a VPN. Certainly, the FBI has Simpson’s side of “secret” conversations. There’s no mention of the other Garland shooter, Nadir Soofi, but the affidavit at least appears to suggest Hendricks was playing a key broker role. So any communications with him would presumably be partly mirrored in what the Garland shooters said. Certainly, the FBI has a great deal of metadata that has been useful in filling in the network its 4 informants and 1 undercover officer haven’t already filled in.

That doesn’t mean the FBI was then or has since been able to crack these 109 encrypted messages.

But the claim sounds a lot less alarming when you say, “We weren’t able to decrypt 109 social media messages though we were watching other messages in real time and had an FBI officer present at the attack.”

Thursday: Move

Need something easy on the nerves today, something mellow, and yet something that won’t let a listener off too lightly. Guess for today that’s John Legend’s Tiny Desk Concert.

I promised reindeer tales today, haven’t forgotten.

From Anthrax to Zombies

  • First outbreak in 75 years forces evacuation of reindeer herders (The Siberian Times) — The last outbreak in the Siberian tundra was in 1941; news of this outbreak broke across mainstream media this past week, with some outlets referring to it as a “zombie” infection since it came back from dormancy, likely rising from a long-dead human or animal corpse.
  • Infected reindeer corpses to be collected and destroyed (The Barent Observer) — A lot of odd details about anthrax and its history pop up as the outbreak evolves. Like the mortality rate for skin anthrax (24%) and the alleged leak of anthrax from a Soviet bio-warfare lab in 1979. Reindeer deaths were blamed initially on unusually warm weather (~30C); the same unusually warm weather may have encouraged the release of long-dormant anthrax from the tundra.
  • Siberian outbreak may have started five weeks earlier (The Siberian Times) — Russia’s Federal Service for Veterinary and Phytosanitary Surveillance senior official is angry about the slow response to the first diagnosis; the affected region does not have strong veterinary service, and it took a herder four days’ walk across the tundra to inform authorities about an infection due to a lack of communications technology. The situation must be serious as the Health Minister Veronika Skvortsova has now been vaccinated against anthrax. Reports as of yesterday indicate 90 people have been hospitalized, 23 of which have been diagnosed with anthrax, and one child died. The form most appear infected with is intestinal; its mortality rate is a little over 50%. Infection is blamed on anthrax-contaminated meat; shipment of meat from the area is now banned. Russian bio-warfare troops have established a clean camp for the evacuated herder families until the reindeer corpses have been disposed of and inoculations distributed across the area’s population.
  • Important: keep in mind this Siberian outbreak may be unusual for its location, but not across the globe. In the last quarter there have been small anthrax outbreaks in Indonesia, Kazakhstan, Kenya, Bangladesh, and Bulgaria. Just search under Google News for “anthrax” stories over the last year.
  • Coincidentally, anthrax drug maker filed and received FDA’s ‘orphan status’ (GlobeNewsWire) — There have been so few orders for anthrax prophylaxis vaccine BioThrax that specialty biopharmaceutical company Emergent BioSolutions requested ‘orphan status’ from the FDA, granted to special therapies for rare conditions affecting less than 200,000 persons in the U.S. The status was awarded mid-June.
  • Investor sues anthrax drug maker for misleading expectations (Washington Business Journal) — Suit filed against the company and executives claims Emergent BioSolutions mislead investors into thinking the company would sell as many doses of BioThrax to the U.S. government during the next five years as the preceding five years. On the face of it, investor appears to expect Emergent BioSolutions to predict both actual vaccine demand in advance along with government funding (hello, GOP-led Congress?) and other new competitors in the same marketspace. Seems a bit much to me, like the investor feels entitled to profits without risk. Maybe they’ll get lucky and climate change will increase likelihood of anthrax infections — cha-ching.
  • Another coincidence: Last Friday marked 8 years since anthrax researcher Bruce Ivin’s death (Tulsa World) — And this coming Saturday marks six years since the FBI released its report on the anthrax attacks it blamed on Ivins.

Cybernia

  • Facebook let police shut down feed from negotiations resulting in another civilian-death-by-cop (The Mary Sue) –Yeah, we wouldn’t want to let the public see the police use deadly force against an African American mother and her five-year-old child instead of talking and waiting them out of the situation as they do so many white men in armed confrontations. And now police blame Instagram for her death. Since when does using Instagram come with an automatic death warrant?
  • Can GPS location signals be spoofed? Yep. (IEEE) — It’s possible the U.S. Navy patrol boats caught in Iran’s waters may have relied on spoofed GPS; we don’t know yet as the “misnavigating” incident is still under investigation. This article does a nice job explaining GPS spoofing, but it leaves us with a mystery. GPS signals are generated in civilian and military formats, the first is unencrypted and the second encrypted. If the “misnavigated” patrol boats captured by Iran in January were sent spoofed GPS location data, does this mean U.S. military encryption was broken? The piece also ask about reliability of GPS given spoofing when it comes to self-driving, self-navigating cars. Oh hell no.
  • Security firm F-Secure releases paper on trojan targeting entities involved in South China Sea dispute (F-Secure) — The Remote Access Trojan (RAT) has been called NanHaiShu, which means South China Sea Rat. The RAT, containing a VBA macro that executes an embedded JScript file, was spread via email messages using industry-specific terms. The targets were deliberately selected for spearfishing as the senders knew the users did not lock down Microsoft Office’s default security setting to prevent macro execution. The malware had been in the wild for about two years, but its activity synced with events related to the South China Sea dispute.

Tomorrow’s Friday, which means jazz. Guess I’d better start poking around in my files for something good. Catch you later!

Tuesday: Allez Vous F

J’adore Stromae. I’m not in the hip hop demographic, but Stromae — whose real name is Paul Van Haver — pulls me in. This multi-talented artist born to a Rwandan father and a Belgian mother pulls together multiple genres of music laced with compelling au courant lyrics presented with stunning visual effects — how could I not love him?

This particular song, Papatouai, has a strong psychic undertow. This song asks where Papa is; the lyrics and video suggest an emotionally or physically distant father. Van Haver’s own father was killed in the Rwandan genocide when he was not yet ten years old. Is this song about his own father, or about inaccessible fathers in general? The use of older African jazz rhythms emphasizes retrospection suggesting a look backward rather than forward for the missing father figure(s). More than a third of a billion views for this video say something important about its themes.

Much of Stromae’s work is strongly political, but it conveys the difficulty of youth who are multi-racial/multi-ethnic unsatisfied with the binaries and economic injustices forced on them by oldsters. A favorite among kids I know is AVF (Allez Vous Faire):

“Allez vous faire!”
Toujours les mêmes discours, toujours les mêmes airs,
Hollande, Belgique, France austère.
Gauches, ou libéraux, avant-centres ou centristes,
Ça m’est égal, tous aussi démagos que des artistes.


Go fuck yourselves!
Always the same words, always the same airs.
Holland, Belgium, France, austere.
Right or Left? Moderate or Extremist?
They’re all the same to me – the demagogues and the artists.

Remarquable et pertinent, non? I’m also crazy about Tous Les Mêmes, a trans- and cis-feminist song with a marvelous old school Latin beat simmering with frustration. But there’s not much I don’t like by Stromae; I can’t name a song I wouldn’t listen to again and again.

If you’re ready for more Stromae, try his concert recorded in Montreal this past winter. So good.

Expedition to the Cyber Pass

  • UK wireless firm O2 customer data breached and sold (BBC) — O2 customers who were gamers at XSplit had their O2 account data stolen. The approach used, credential stuffing, relies on users who employ the same password at multiple sites. Wonder how Verizon’s recent hiring of O2’s CEO Ronan Dunne will play out during the integration of Yahoo into Verizon’s corporate fold, given Verizon’s data breach? Will Dunne insist on mandatory 2FA policy and insure Verizon and Yahoo accounts can’t use the same passwords?
  • Speaking of Yahoo: 200 million credentials for sale (Motherboard) — Yahoo’s Tumblr had already been involved in a massive breach, now there’s Yahoo accounts available on the dark web. Given the Verizon breach already mentioned, it’s just a matter of time before these accounts are cross-matched for criminal use.
  • Oracle’s not-so-good-very-bad-too-many 276 vulnerabilities patched (Threatpost) — Whew. Two. Hundred. Seventy. Six. That’s a lot of risk. Good they’re all patched, but wow, how did Oracle end up with so many to begin with? Some of them are in products once owned by Sun Microsystems, including Java. Maybe Oracle ought to rethink Java’s licensing and work with the software community to develop a better approach to patching Java?
  • F-35 ready, says USAF — kind of (Bloomberg) — Massively expensive combat jet now up for ‘limited combat use’, except…
    The initial aircraft won’t have all the electronic combat, data fusion, weapons capacity or automated maintenance and diagnostics capabilities until the most advanced version of its complex software is fielded by 2018.

    Uh, what the hell did we spend a gazillion-plus bucks on if we don’t have aircraft with competitive working electronics?

Light load today, busy here between getting youngest ready for college and primary day in Michigan. YES, YOU, MICHIGANDER, GO VOTE IN THE PRIMARY! Polls close at 8:00 p.m. EDT, you still have time — check your party for write-in candidates. You can check your registration, precinct, ballot at this MI-SOS link.

The rest of you: check your own state’s primary date and registration deadlines. Scoot!

Did Wikileaks Do US Intelligence Bidding in Publishing the Syria Files?

Consider this nutty data point: between CNN’s Reliable Sources and NBC’s Meet the Press, Julian Assange was on more Sunday shows today than John McCain, with two TV appearances earlier this week.

Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.

Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:

CHUCK TODD:

All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?

JULIAN ASSANGE:

Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–

[snip]

CHUCK TODD:

Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?

JULIAN ASSANGE:

Well, it’s an interesting speculative question that’s for the press and others to perhaps–

CHUCK TODD:

That doesn’t bother you? That is not part of the WikiLeaks credo?

JULIAN ASSANGE:

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]

Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.

But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.

An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

[snip]

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.

Friday: Possibility

Let’s try a Swedish import today, a little something I can’t really classify by a particular genre. This piece is one of my favorites, one of the most haunting tunes I’ve ever heard. It’s probably dream pop for lack of a better label. Lykke Li’s most popular works tend toward indie and synth-pop, sharing a strong rhythm and English lyrics melded with Lykke Li’s unearthly vocals.

Try out I Follow Rivers (dance/synth-pop) and Sadness Is A Blessing (retro indie pop) for comparison. The latter in particular has a funky video featuring another famous Swedish artist, Stellan Skarsgård. Love his understated effort which acts like a punctuation to the singer’s work.

Speaking of Sweden…

Carl Bildt, a former prime minister of Sweden (1991-1994) and former Minister for Foreign Affairs (2006-2014), tweeted on Wednesday:

I never thought a serious candidate for US President could be a serious threat against the security of the West. But that’s where we are.

Bildt is known for his conservative politics and neoliberal business ethics. Pretty sure he wasn’t referring to Clinton.

Turkic troubles

  • Insane numbers of people arrested or detained after Turkey’s anti-Gülenist crackdown (EWN) — Graphic in article offers a breakdown. Doesn’t break out the journalists arrested; see Mahir Zeynalov’s timeline for a journo-by-journo roll call.
  • UN Special Rapporteur and OSCE worried about Turkey’s journalists (OSCE) — UN Special Rapporteur on the right to freedom of opinion and expression and the Organization for Security and Cooperation in Europe Representative on Freedom of the Media condemned President Erdoğan’s purge of journalism attacking free speech. The numbers bolster their concerns:
    Reports indicate that the Government ordered the closure of three news agencies, 16 TV channels, 23 radio channels, 45 papers and 15 magazines. Since the attempted coup, authorities have issued arrest warrants against 89 journalists and have already arrested several of them, blocked access to more than 20 news websites, revoked the licenses of 29 publishing houses, and cancelled a number of press accreditations.

  • Generals stepped down as military rejiggered (Euronews) — Looks like the president is grabbing power over the military in the same way the judiciary’s independence has now been smashed by removals from office. Hey, anybody worried at all about Incirlik air base while the Turkish military is reformulated?

Economic emesis

  • Investors ‘totally lost’ (Business Insider) — Credit Suisse’s clients are casting about for direction because there’s no strong performance in the market across any industry, and indicators are confusing:
    Here’s a summary of what clients are worried about: workers fighting back in the US, hitting earnings; equities still not cheap; US growth mixed; China still screwed; central banks’ empty policy cupboards; politics being nuts (protectionism, anti-immigration moves, anticorporate feeling); and technology running rampant and destroying business models.

    Yeah, about the “workers fighting back”…perhaps if workers were better paid, making a living wage, all of the confusion would evaporate as consumption improved. There’s a reason home ownership rates have dropped below 1965 levels and it’s not because Millennials don’t want them (really crappy blame-casting, CNBC, catch the cluestick).

  • Nevada utilities commish not reappointed due to solar energy rate structure (Las Vegas Sun) — Something about this story tweaks my hinky-meter. Maybe a certain commissioner has friends who don’t want solar energy to become competitive? Which is really a shame considering the Tesla’s new Wonderwall battery plant now in the Reno area.
  • Five-year-long shortage of cancer drug forces reliance on disqualified Chinese maker (Bloomberg) — There’s been a shortage of doxorubicin since 2011, and companies the size of Pfizer — the largest pharma company in the world — rely on a facility in China banned by the FDA because of quality problems like contamination. What the hell is wrong with this picture?
  • Kazahk emigre sentenced for export violations (The Hill) — How did this guy pull off exporting dual-use technology to Russia for ten years? Doesn’t look like it took much effort based on available information. Have we cut regulatory oversight so much and been so distracted at the same time that we’ve given away the farm?

Something STEMmed

  • TSA’s keys compromised (TechCrunch) — Hacking’s not just for software. All seven of TSA’s master keys have been cloned; anybody can 3D print one and unlock baggage with TSA-approved padlock. Why even bother locking stuff? Of course bags can be so damaged during handling the lock may be worthless anyhow. Makes you wonder how many other physical security devices can be defeated with 3D printing.
  • Bees’ sperm dramatically affected by insecticides (SFGate) — Hey dudes, especially you in Congress. Maybe you ought to ask if insecticides reduce bees’ sperm production by 40% whether human sperm might also be similarly affected? Just sayin’.
  • Huge great white shark trolls family’s boat off east coast (Cape Cod Chronicle) — But there’s an app for that; they could ‘see’ him coming, thanks to an app which monitored the tag. Mixed feelings on this: glad the family was safe, but jeepers, how else can this tag be used?

Oikonomia
How screwed up is the United Kingdom post-referendum vote and how jacked up is the current economic system, when a disabled theoretical physicist and cosmologist must beg in an op-ed for his country to reconsider its understanding and reaction to wealth?

Worth recalling the word ‘economics’ originated from the Greek ‘oikonomia’, meaning “household management.”

Have a safe, relaxing weekend!

Mix and Match Cyber-Priorities Likely Elevates Gut Check To National Level

As I Screen Shot 2016-07-27 at 5.34.29 PMnoted yesterday, earlier this week President Obama rolled out a new Presidential Policy Directive, PPD 41, which made some changes to the way the US will respond to cyberattacks.(PPD, annex, fact sheet, guideline) I focused yesterday on the shiny new Cyber Orange Alert system. But the overall PPD was designed to better manage the complexity of responding to cyberattacks — and was a response, in part, to confusion from private sector partners about the role of various government agencies.

That experience has allowed us to hone our approach but also demonstrated that significant cyber incidents demand a more coordinated, integrated, and structured response.  We have also heard from the private sector the need to provide clarity and guidance about the Federal government’s roles and responsibilities.   The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects,

The PPD integrates response to cyberattacks with the existing PPD on responding to physical incidents, which is necessary (actually, the hierarchy should probably be reversed, as our physical infrastructure is in shambles) but is also scary because there’s a whole lot of executive branch authority that gets asserted in such things.

And the PPD sets out clear roles for responding to cyberattacks: “threat response” (investigating) is the FBI’s baby; “asset response” (seeing the bigger picture) is DHS’s baby; “intelligence support” (analysis) is ODNI’s baby, with lip service to the importance of keeping shit running, whether within or outside of the federal government.

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

  • Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.
  • Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities.  The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.
  • Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities.  The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident.  We recognize that for the victim, these activities may well be the most important.  Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort.  In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Thus far, this just seems like an effort to stop everyone from stepping on toes, though it also raises concerns for me whether this is the first step (or the public sign) of Obama implementing a second portal for CISA, which would permit (probably) FBI to get Internet crime data directly without going through DHS’s current scrub process. Unspoken, of course, is that necessity for a new PPD means there has been toe-stepping in incident response in the last while, which is particularly interesting when you consider the importance of the OPM breach and the related private sector hacks. Just as one example, is it possible that no one took the threat information from the Anthem hack and started looking around to see where else it was happening.

So yeah, some concerning things here, but I can see the interest in minimizing the toe-stepping as we continue to get pwned in multiple breaches.

Also, there’s no mention of NSA here. Shhhh. They’re here, as soon as an entity asks them for help and (from an intelligence perspective with data laundered through FBI and ODNI and DHS) from an intelligence perspective.

Here’s what I find particularly interesting about all this.

The PPD — along with the fancy Cyber Orange Alert system — came out less than a week after DOJ’s Inspector General released a report on the FBI’s means of prioritizing cyber threats (which is different than cyber attacks). The report basically found that the FBI has improved its cyber response (there’s some interesting discussion about a 2012 reorganization into threat type rather than attack location that I suspect may have implications for both criminal venue and analytical integrity, including for the attack on the DNC server), but that the way in which it prioritized its work didn’t result in prioritizing the biggest threats, in part because it was basically a “gut check” and in part because the ranking process wasn’t done frequently enough to reflect changes in the nature of a given threat (there was a classified example of a threat that had grown but been missed and of conflicting measures in the two ways FBI assesses threats, both of which are likely very instructive). The report does mention the OPM hack as proof that the threat is getting bigger, which does not confirm nor deny that it was one of the classified issues redacted.

The FBI conducts a bureau-wide Threat Review and Prioritization (TRP) process, of which cyber is a part, which happens to have the same number of outcomes as the PPD 41 does, 6, though it is more of a table cross-referencing impact with mitigation (the colors come from DOJ IG so comparing them would be meaningless).

Screen Shot 2016-07-28 at 5.45.21 PM

And the FBI TRP asks some of the same questions as the PPD’s Cyber Orange Alert system does.

The FBI’s Directorate of Intelligence (DI) manages the TRP process and publishes standard guidance for the operational divisions and field offices to use; including the criteria for the impact level of the threat and the mitigation resources needed to address the threat. The FBI impact level criteria attempt to measure the likely damage to U.S. critical infrastructure, key resources, public safety, U.S. economy, or the Integrity and operations of government agencies in the coming ear based upon FBI’s current understanding of the threat issue. Impact level criteria seek to represent the negative consequences of the threat issue, nationally. The impact level criteria include: (1) these threat issues are likely to cause he greatest damage to national interests or public safety in the coming year; (2) these threat issues are likely to cause great damage to national interests or public safety in the coming year; (3) these threat issues are likely to cause moderate damage to national interests or public safety in the coming year; or (4) these threat issues are likely to cause minimal damage to national interests or public safety in he coming year (FBI emphasis added). 12 One FBI official told us that these impact criteria questions, which are developed and controlled by the Directorate of Intelligence, are designed to be interpreted by the operational divisions.

The three levels of mitigation criteria, which also are standard across the FBI, measure the effectiveness of current FBI investigative and intelligence activity based upon the following general criteria: ( 1) effectiveness of FBI operational activities; (2} operational division understanding of the threat issue at the national level; and {3) evolution of the threat issue as it pertains to adapting or establishing mitigation action.

This is the system that people DOJ IG interviewed described as a “gut check.”

While the criteria are standardized, we found that they were inherently subjective. One FBI official told us that the prioritization of the threats was essentially a “gut check.” Other FBI officials told us that the TRP is vague and arbitrary. The Cyber Division Assistant Director told us that the TRP criteria are subjective and assessments can be based on the “loudest person in the room.”

There was some tweaking of this system in March, but DOJ IG said it didn’t affect the findings of this report.

FBI has another newer system called Threat Examination and Scoping (TExAS; it claimed it was far more advanced in its own 9/11 review report a few years back), which they also only use once a year, but which at least is driven by objective questions to carry out the prioritization. DOJ IG basically found this better system suffered the things you always find at FBI: data entry problems, a lack of standard operating procedures, stove-piped management, disconnection from FBI’s other data system. But it said that if TExAS fixed those issues and made it more objective it would be the tool the FBI needs to properly prioritize threats.

There’s one detail of particular interest. The report narrative described one advantage of TExAS as that it could integrate information from other agencies, foreign, or private partners.

According to FBI officials, TExAS has the capability to include intelligence from other agencies, the United States Intelligence Community, private industry, and foreign partners to inform FBI’s prioritization and strategy. For example, a response in TExAS can be supported with documentation from a United States Intelligence Community partner for a threat as to which the FBI lacks visibility. The tool also is capable of providing data visualizations, which can help inform FBI decision makers about prioritizing or otherwise allocating resources toward new national security cyber intrusion threats, or towards national security intrusion threats where more intelligence is needed.

But way down in the appendix, it describes what appears to be this same ability to integrate information on which the “FBI lacks visibility” as a “classification limitation” that requires analysts to review the rankings to tweak them to account for the classified information.

Screen Shot 2016-07-28 at 5.59.33 PM

In other words, because of classification issues (see?? I told you NSA was here!!), even the system that might become objective will still be subject to these reviews by analysts who are privy to the secret information.

Now I’m not sure that makes PPD 41’s own prioritization system fatal — aside from the fact that it seems like it will be a gut check, too. Though it does lead me to wonder whether FBI didn’t adequately prioritize some growing threat (cough, OPM) and as a result — the DOJ IG report admits — FBI simply wouldn’t dedicate the resources to investigate it until it really blew up. Under PPD-41, it would seem ODNI would do some of this anyway, which would eliminate some of the visibility problems.

I point all this out, mostly, because of the timing. Last week, DOJ IG said FBI needed to stop gut checking which cyber threats were most important. This week, the White House rolled out a broad new PPD, including a somewhat different assessment system that determines how many federal agencies get to step on cyber-toes.

On Responsible Sourcing for DNC Hack Stories

For some reason Lawfare thinks it is interesting that the two Democratic members of the Gang of Four — who have apparently not figured out there’s a difference between the hack (allegedly done by Russia) and the dissemination (done by Wikileaks, which has different motivations) are calling for information on the DNC hack to be released.

The recent hack into the servers of the Democratic National Committee (DNC) and the subsequent release via WikiLeaks of a cache of 20,000 internal e-mails, demonstrated yet again the vulnerability of our institutions to cyber intrusion and exploitation.  In its timing, content, and manner of release, the email dissemination was clearly intended to undermine the Democratic Party and the presidential campaign of Secretary Hillary Clinton, and disrupt the Democratic Party’s convention in Philadelphia.

[snip]

Specifically, we ask that the Administration consider declassifying and releasing, subject to redactions to protect sources and methods, any Intelligence Community assessments regarding the incident, including any that might illuminate potential Russian motivations for what would be an unprecedented interference in a U.S. Presidential race, and why President Putin could potentially feel compelled to authorize such an operation, given the high likelihood of eventual attribution.

For some equally bizarre reason, WaPo thinks Devin Nunes’ claim — in the same breath as he claims Donald Trump’s repeated calls on Russia to release Hillary’s email were sarcastic — that there is “no evidence, absolutely no evidence” that Russia hacked the DNC to influence the election is credible.

Rep. Devin Nunes (R-Calif.), the chairman of the House Intelligence Committee, told The Washington Post in an interview Wednesday that speculation about Russian attempts to sway the presidential election is unfounded.

“There is no evidence, absolutely no evidence, that the Russians are trying to influence the U.S. election,” Nunes said, repeatedly swatting away the suggestion made by some Democrats that the Russians may be using their intelligence and hacking capabilities to boost Donald Trump’s chances.

“There is evidence that the Russians are actively trying to hack into the United States — but it’s not only the Russians doing that. The Russians and the Chinese have been all over our networks for many years.”

These are two obvious (because they’re on the record) examples of partisans using their access to classified information to try to boost or refute a narrative that the Hillary Clinton campaign has explicitly adopted: focusing on the alleged Russian source of the hack rather on the content of the things the hack shows.

Kudos to Richard Burr, who is facing a surprisingly tough reelection campaign, for being the one Gang of Four member not to get involved in the partisan bullshit on this.

There are plenty of people with no known interest in either seeing a Trump or a Clinton presidency that have some measure of expertise on this issue (this is the rare moment, for example, when I’m welcoming the fact that FBI agents are sieves for inappropriate leaks). So no outlet should be posting something that obviously primarily serves the narrative one or the other candidate wants to adopt on the DNC hack without a giant sign saying “look at what partisans have been instructed to say by the campaign.” That’s all the more true for positions, like the Gang of Four, that we’d prefer to be as little politicized as possible. Please don’t encourage those people to use their positions to serve a partisan narrative, I beg of you!

For the same reason I’m peeved that Harry Reid suggested the Intelligence Community give Trump fake intelligence briefings. Haven’t we learned our lesson about politicizing intelligence?

More generally, I think journalists should be especially careful at this point to make it clear whether their anonymous sources have a partisan dog in this fight, because zero of those people should be considered to be unbiased when they make claims about the DNC hack.

A very special case of that comes in stories like this, where Neocon ideologue Eliot Cohen, identified as Bush appointee, is quoted attacking Trump for suggesting Russia should leak anymore emails.

But now Republican-aligned foreign policy experts are also weighing in along similar lines.

“It’s appalling,” Dr. Eliot A. Cohen, who was counselor of the State Department during the second term of George W. Bush’s presidency, said to me today. “Calling on a foreign government to go after your opponent in an American election?”

Cohen recently organized an open letter from a range of GOP national security leaders that denounced Trump in harsh terms, arguing that Trump’s “own statements” indicate that “he would use the authority of his office to act in ways that make America less safe, and which would diminish our standing in the world.” The letter said: “As committed and loyal Republicans, we are unable to support a Party ticket with Mr. Trump at its head. We commit ourselves to working energetically to prevent the election of someone so utterly unfitted to the office.”

But this latest from Trump, by pushing the envelope once again, raises the question of whether other prominent Republicans are ever going to join in.

For instance, to my knowledge, top national security advisers to George W. Bush, such as Stephen Hadley and Condoleezza Rice (who was also secretary of state), have yet to comment on anything we’ve heard thus far from Trump. Also, there could theoretically come a point where figures like former Defense Secretary Donald Rumsfeld and possibly even Dubya and George H.W. Bush feel compelled to weigh in.

Meanwhile, senior Republican elected officials who have backed Trump continue to refrain from taking on his comments forcefully or directly. Some Republicans actually defended Trump’s comments today. Paul Ryan’s spokesman issued a statement saying this: “Russia is a global menace led by a devious thug. Putin should stay out of this election.”

I feel differently about Trump’s asinine comment than I do about attribution of the attack. I’m all in favor of Hillary’s campaign attacking Trump for it, and frankly Cohen is a far more credible person to do so than Jake Sullivan and Leon Panetta, who also launched such attacks yesterday, because as far as I know Cohen has not mishandled classified information like the other two have.

But I would prefer if, rather than IDing Cohen as one of the Republicans who signed a letter opposing Trump, Greg Sargent had IDed him as someone who has also spoken affirmatively for Hillary.

On foreign policy, Hillary Clinton is far better: She believes in the old consensus and will take tough lines on China and, increasingly, Russia. She does not hesitate to make the case for human rights as a key part of our foreign policy. True, under pressure from her own left wing, she has backtracked on the Trans-Pacific Partnership, a set of trade deals that supports American interests by creating a counterbalance to China and American values by protecting workers’ rights. But she might edge back toward supporting it, once in.

Admittedly, this was at a time when Cohen and others still hoped some Mike Bloomberg like savior would offer them a third choice; that was before Bloomberg gave a very prominent speech endorsing Hillary last night.

Here’s the thing. The Neocons (led by Robert Kagan, who’s wife got named as a target of Russian aggression in the Feinstein-Schiff letter) are functioning as surrogates for Hillary just like top Democrats are. They are, just like Democrats are, now scrambling to turn their endorsements into both policy and personnel wins. Therefore we should no more trust the independence of a pro-Hillary Neocon — even if he did work for George Bush — than we would trust the many Democrats who have used their power to help Hillary win this election. Progressives should be very wary about the promises Hillary has made to get the growing number of Neocons (and people like Bloomberg) to so aggressively endorse her. Because those endorsements will come with payback, just like union or superdelegate endorsements do.

In any case, it’s hard enough to tease out attribution for two separate hacks and the subsequent publication of the hacked data by Wikileaks. Relying on obviously self-interested people as sources only further obscures the process.

Update: The Grammar Police actually nagged me to fix “whose/who’s” error in the Kagan sentence. Fun!