Monday: A Border Too Far

/1 Comment/in , , , , /by

In this roundup: Turkey, pipelines, and a border not meant to be crossed.

It’s nearly the end of the final Monday of 2016’s General Election campaign season. This shit show is nearly over. Thank every greater power in the universe we made it this far through these cumulative horrors.

Speaking of horrors, this Monday’s movie short is just that — a simple horror film, complete with plenty of bloody gritty gore. Rating on it is mature, not for any adult content but for its violence. The film is about illegal immigrants who want more from life, but it plays with the concepts of alien identity and zombie-ism. Who are the illegals, the aliens, the zombies? What is the nature of the predator and their prey? Does a rational explanation for the existence of the monstrous legitimize the horror they perpetuate in any way?

The logline for this film includes an even shorter tag line: Some borders aren’t meant to be crossed. This is worth meditating on after the horrors we’ve seen this past six months. Immigrants and refugees aren’t the monsters. And women aren’t feeble creatures to be marginalized and counted out.

Should also point out this film’s production team is mostly Latin American. This is the near-future of American storytelling and film. I can’t wait for more.

Tough Turkey
The situation in Turkey is extremely challenging, requiring diplomacy a certain Cheeto-headed candidate is not up to handling and will screw up if he places his own interests ahead of that of the U.S. and the rest of the world.

  • Luxembourg’s foreign minister compares Erdoğan’s purge to Nazi Germany (Deutsche Welle) — Yeah, I can’t argue with this when a political party representing an ethnic minority and a group sharing religious dogma are targeted for removal from jobs, arrest and detention.
  • Op-Ed: Erdoğan targeting critics of all kinds (Guardian) — Yup. Media, judges, teachers, persons of Kurdish heritage or Gulenist religious bent, secularists, you name it. Power consolidation in progress. Democracy, my left foot.
  • HDP boycotts Turkish parliament after the arrest of its leaders (BBC) — Erdoğan claimed the arrested HDP leaders were in cahoot with the PKK, a Kurdish group identified as a terrorist organization. You’ll recall HDP represents much of Turkey’s Kurdish minority. But Erdoğan also said he doesn’t care if the EU calls him a dictator; he said the EU abets terrorism. Sure. Tell the cities of Paris and Brussels that one. Think Erdoğan has been taking notes from Trump.
  • U.S. and Turkish military leaders meet to work out Kurd-led ops against ISIS (Guardian) — Awkward. Turkish military officials were still tetchy about an arrangement in which Kurdish forces would act against ISIS in Raqqa, Syria, about 100 miles east of Aleppo. The People’s Protection Units (YPG) militia — the Kurdish forces — will work in concert with Arab members of Syrian Democratic Forces (SDF) coalition in Raqqa to remove ISIS. Initial blame aimed at the PKK for a car bomb after HDP members were arrested heightened existing tensions between Erdoğan loyalists and the Kurds, though ISIS later took responsibility for the deadly blast. Depending on whose take one reads, the Arab part of SDF will lead the effort versus any Kurdish forces. Turkey attacked YPG forces back in August while YPG and Turkey were both supposed to be routing ISIS.

In the background behind Erdoğan’s moves to consolidate power under the Turkish presidency and the fight to eliminate ISIS from Syria and neighboring territory, there is a struggle for control of oil and gas moving through or by Turkey.

Russia lost considerable revenue after oil prices crashed in 2014. A weak ruble has helped but to replace lost revenue based on oil’s price, Russia has increased output to record levels. Increase supply only reduces price, especially when Saudi Arabia, OPEC producers, and Iran cannot agree upon and implement a production limit. If Russia will not likewise agree to production curbs, oil prices will remain low and Russia’s revenues will continue to flag.

Increasing pipelines for both oil and gas could bolster revenues, however. Russia can literally throttle supply near its end of hydrocarbon pipelines and force buyers in the EU and everywhere in between to pay higher rates — the history of Ukrainian-Russian pipeline disputes demonstrates this strategy. Bypassing Ukraine altogether would help Russia avoid both established rates and conflict there with the west. The opportunities encourage Putin to deal with Erdoğan, renormalizing relations after Turkey shot down a Russian jet last November. Russia and Turkey had met in summer of 2015 to discuss a new gas pipeline; they’ve now met again in August and in October to return to plans for funding the same pipeline.

A previous pipeline ‘war’ between Russia and the west ended in late 2014. This conflict may only have been paused, though. Between Russia’s pressure to sell more hydrocarbons to the EU, threats to pipelines from PKK-attributed terrorism and ISIS warfare near Turkey’s southwestern border, and implications that Erdoğan has been involved in ISIS’ sales of oil to the EU, Erdoğan may be willing to drop pursuit of EU membership to gain more internal control and profit from Russia’s desire for more hydrocarbon revenues. In the middle of all this mess, Erdoğan has expressed a desire to reinstate the death penalty for alleged coup plotters and dissenters — a border too far for EU membership since death penalty is not permitted by EU law.

This situation requires far more diplomatic skill than certain presidential candidates will be able to muster. Certainly not from a candidate who doesn’t know what Aleppo is, and certainly not from a candidate who thinks he is the only solution to every problem.

Cybery miscellany

That’s it for now. I’ll put up an open thread dedicated to all things election in the morning. Brace yourselves.

NYT Ombud Calls for More Unproven Fearmongering

/7 Comments/in , , /by

In an overly dramatic (and in key areas, fluff) piece promising voting related hacks long into the future, David Sanger includes this passage.

The steady drumbeat of allegations of Russian troublemaking — leaks from stolen emails and probes of election-system defenses — has continued through the campaign’s last days. These intrusions, current and former administration officials agree, will embolden other American adversaries, which have been given a vivid demonstration that, when used with some subtlety, their growing digital arsenals can be particularly damaging in the frenzy of a democratic election.

“Most of the biggest stories of this election cycle have had a cyber component to them — or the use of information warfare techniques that the Russians, in particular, honed over decades,” said David Rothkopf, the chief executive and editor of Foreign Policy, who has written two histories of the National Security Council. “From stolen emails, to WikiLeaks, to the hacking of the N.S.A.’s tools, and even the debate about how much of this the Russians are responsible for, it’s dominated in a way that we haven’t seen in any prior election.”

The magnitude of this shift has gone largely unrecognized in the cacophony of a campaign dominated by charges of groping and pay-for-play access.

On a day when results from North Carolina strongly suggest that efforts to suppress the African American vote have thus far worked, the NYT frames a story by arguing that cyber — not racism and voter suppression — accounts for “most of the biggest stories of the election cycle” (the story goes on to include Hillary’s email investigation in with the Russian hacks dealt with in the story).

It does so even while insintuating that the “probes of election-system defenses” are a Russian state-led effort, which the Intelligence Community pointedly did not say. Indeed, a DHS assessment dated September 20 — before that Intelligence Statement — (and publicly posted Saturday) attributes such probes to “cybercriminals and criminal hackers.”

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

Sanger posted his piece, claiming that cyber is the most important part of this election, in the wake of NYT’s ombud, Liz Spayd, posting her own piece judging — partly based off Sanger’s assessment — that the NYT should put someone on the Russian hacking story full time.

[W]hile several reporters have periodically contributed to the coverage, no one was dedicated to it full time. That’s too bad. In my view, The Times should have assembled a strike force and given it a mandate to make this story its top priority.

[snip]

I asked Sanger, a highly knowledgeable and seasoned hand on matters of cyberwarfare, about the challenges in covering information hacks. “American drone strikes and Russians bombing a hospital in Syria are immediate, gripping, tragic human stories,” he said. “A cyberstrike, by nature, is subtle, its effects often hidden for months, its importance usually a mystery. The bigger story here is that a foreign power has inserted itself in the fundamental underpinnings of American democracy using cybertechniques. We’ve never seen that before.”

That sounds like a pretty powerful argument for all-hands-on-deck coverage. After all, Trump’s treatment of women, Clinton’s email servers, the foundations of each candidate — all of it will soon fade out. The cyberwar, on the other hand, is only getting started.

Spayd makes a number of unproven or even false claims in her piece. Not only does she (like Sanger) claim that those probing voter poll sites are Russian (implying they are state hackers), she also implies the Shadow Brokers hack was done by Russia (which may be true but is far from proven).

So was the National Security Agency. Now, hackers are meddling with the voting systems in several states, leaving local officials on high alert.

She asks a question — were the Russians running Trump — she answers in her own piece.

And most critically, what has it done to try to establish whether Donald Trump was colluding with Russian intelligence, as Clinton suggests?

[snip]

The Times finally weighed in on this question last week, concluding that there is no compelling evidence linking Trump to the hackers. The piece, which ran on A21 and down page on the website, appeared to have been in the works for some time. Yet it was published just seven days before the election, and was unsatisfying in exploring the back story that led to its conclusions.

In a piece that notes there is no evidence the Russians are behind the poll probes, she suggests a Sanger piece suggesting they might have been should have been somewhere more prominent than page A15.

A piece laying out evidence that the Russians may be trying to falsify voting results in state databases ran on A15 and got minimal play digitally.

And she applauds a highly problematic piece claiming Julian Assange and Wikileaks always side with the Russians.

Led by David Sanger, The Times was first to link the Russians to the hacks, to examine the baffling role of Julian Assange and WikiLeaks and to smartly explore the options that the Obama administration could use to retaliate. I have no substantive complaints about the stories The Times has done.

In short, she points to a lot of problematic, hasty fearmongering the NYT has done on this front (as well as the one debunking much of that fearmongering, though she complains that doesn’t offer enough detail). And then says NYT should do more of it.

From the sounds of things, what she really wants is more cloak and dagger on the front pages of the NYT. Even if NYT has to invent a Russian tie to get it there.

Update: Egads.

The NYT just decided to tweet out its crappy Assange only does things Putin likes piece again.

Wednesday: Feliz Dia de los Muertos — Happy Day of the Dead!

/7 Comments/in , /by

In this Day of the Dead roundup: World Series Game 7, Rule 41, AT&T and net neutrality, Google spanks Microsoft, Slack smacks.

Happy All Saints’ Day Two — the second day of observation through Latin America as el Dia de los Muertos.

Was thinking of death and dying when I saw a post about one of my favorite movie soundtracks by one of my favorite contemporary composers. The Fountain, composed by Clint Mansell, was released today on vinyl. The 2006 film directed by Darren Aronofsky may not be everybody’s cup of tea, but the score surely must have wider appeal. The score features collaborative work of the contemporary classical chamber group Kronos Quartet and post-rock quartet Mogwai. The former provides most of the string work and the latter most of the rhythm, melding into some truly haunting music.

I think The Fountain is some of Mansell’s finest work; it was nominated for multiple awards including a Golden Globe. But do check out some of Mansell’s other film work, including that for Requiem for a Dream (especially the cut Lux Aeterna) and Black Swan. Stoker did not receive the recognition it should have; its presence is another character in the film. Granted, Mansell’s score for Stoker was only part of a soundtrack featuring other artists’ compositions.

World Series – Great Lakes Edition
So Game 7 is underway. I’d rather see Chicago Cubs up against Detroit Tigers, but the summer kitties let me down. I’m hoping for a Cubs win just because. What about you?

Cyber-y stuff

  • Less than a month before Rule 41 deadline (ZDNet) — Congress has diddled around after the Supreme Court created a potentially awful opportunity for law enforcement overreach. I can’t even imagine the foreign policy snafus this could create, let alone the fuckups which could happen from searching machines with spoofed identities and locations. I can think of a case where a political entity plopped on an IP address belonging to a major corporation — now imagine some huckleberry charging into that situation. FIX THIS, CONGRESS.
  • That’s not the airport, that’s the Kremlin! (MoscowTimes) — Speaking of spoofed identities, apparently the Kremlin’s location has been masked by a beacon emitting the GPS and GLONASS geolocation coordinates for the Vnokovo airport to prevent drones from snooping. An interesting bit, this…I wonder where/when else geolocation coordinates have been spoofed?
  • AT&T ‘zero-rating’ on DirecTV content should be reviewed (WSJ) — Favoring DirecTV — owned by AT&T — by lifting data caps on its content isn’t net neutrality when content streamed from other providers like Netflix does count against data limits.
  • AT&T already in the hot seat with USDOJ on Dodgers’ games (Bloomberg) — USDOJ sued AT&T and DirecTV for colluding with competitors to influence negotiations for Los Angeles Dodgers’ ball games. Imagine what this network will do if it owns content? Definitely not net neutrality — a perfect example of the conflict of interest between ISPs/network carriers and content creators.
  • Google takes Microsoft to the woodshed in full view of public (Threatpost) — I think Google is fed up with Microsoft’s buggy software and slow response which causes Google a mess of heartburn to plug on their end. Google told Microsoft of a new major zero-day vulnerability being actively exploited and then told the public 10 days after they told Microsoft. Apparently, MSFT hadn’t gotten a grip on a fix yet nor issued an advisory to warn users. By the way, guess when the next Patch Tuesday is? Election Day in the U.S. Uh-huh.
  • Slack takes out a full-page ad to welcome/razz Microsoft (WinBeta) — Microsoft is currently working on a competing group communication tool called Team, aimed at Slack’s market share. Slack welcomed the competition and gave MSFT some free pointers. Based on my experience, these pointers will go right over the head of MSFT’s management as they don’t mesh with their corporate culture.

That all for now, off to finish watching the Cubs who are giving it to Cleveland in a really fast-paced game that won’t last much longer at this rate. Must be all that Great Lakes water.

My Boob Clinic Is Part of an International Spying Plot … but Hillary’s on It!

/26 Comments/in , /by

By now you’ve likely read or at least heard about this Slate story, which uses a bunch of innuendo arising from some metadata to suggest that Trump has a secret exclusive communication method with Russia’s biggest bank.

A number of people have debunked the technical claims in the article.

Former GCHQ employee Matt Tait did so in a series of tweets here. Consultant Naadir Jaawa laid out how it’s a marketing server here. Consultant Robert Graham not only lays out the same spam email explanation that both Spectrum Health and Mandiant describe in the story, but notes that other malware researchers question the data in the story.

Indeed, one journalist did call one of the public resolvers, and found other people queried this domain than the two listed in the Slate story — debunking it. I’ve heard from other DNS malware researchers (names remain anonymous) who confirm they’ve seen lookups for “mail1.trump-email.com” from all over the world, especially from tools like FireEye that process lots of spam email. One person claimed that lookups started failing for them back in late June — and thus the claim of successful responses until September are false.

Krypt3ia, in a post written in steps weeks ago, couldn’t get answers from the “Tea Leaves” behind the story and judged that the incriminating files — which were just text files — could be recreated.

These are the key files in the new dump but the problem I have is that they are just text files. Anyone with the know how could re-create these to look legit enough but yet still be questioned. I see no actual login to the shell and queries being run here so really coulda just done a find/replace on another query on any server you have access to.

In short, contrary to what Slate suggests, there are innocent explanations for this, and there’s good reason to distrust the provenance of the data behind it.

Update: The Intercept has now explained why they passed on the story; they include spam sent to both Alfa and Spectrum from Trump, which corroborates the theory everyone else technical is settling on.

Boob Clinics usually stay out of international spy plots

Most of these debunkings have focused on the technical aspects. I want to start with this passage from Slate.

A small portion of the logs showed communication with a server belonging to Michigan-based Spectrum Health. (The company said in a statement: “Spectrum Health does not have a relationship with Alfa Bank or any of the Trump organizations. We have concluded a rigorous investigation with both our internal IT security specialists and expert cyber security firms. Our experts have conducted a detailed analysis of the alleged internet traffic and did not find any evidence that it included any actual communications (no emails, chat, text, etc.) between Spectrum Health and Alfa Bank or any of the Trump organizations. While we did find a small number of incoming spam marketing emails, they originated from a digital marketing company, Cendyn, advertising Trump Hotels.”)

Spectrum accounted for a relatively trivial portion of the traffic. Eighty-seven percent of the DNS lookups involved the two Alfa Bank servers.

The story, remember, is that Trump has a super spooky exclusive hotline directly to a corrupt Russian bank. But most people covering this completely ignore that it’s not completely exclusive: over 10% of the traffic reported by the anonymous researchers involves Spectrum Health.

Spectrum Health is the largest employer in Grand Rapids and West Michigan generally. It includes the Helen DeVos Children’s Hospital and a Betty Ford Breast Care clinic. Spectrum Health is where I go to the doctor and Betty Ford is where I got my still cancer-free boobs squished this year. So for this story to make sense, you’ve got to explain why a children’s hospital and a boob clinic are in cahoots with Trump and a big Russian bank.

The original version of the story tried to make much of the tie to Spectrum, finding in the children’s hospital named after Richard DeVos’s wife a tie to Erik Prince (Helen’s daughter-in-law Betsy’s brother) and the DeVos family’s multinational pyramid scheme, the wealth from which has always — not just this year — been funneled into conservative causes.

The other frequent connection to Trump’s hidden server with the same distinctive human pattern is Spectrum Health, a Michigan hospital with close ties to the DeVos family (http://www.spectrumhealth.org/locations/helen-devos-childrens-hospital). The Devos family founded Amway / Alticor which operates in Russia including transactions with Alfa Bank such as buying insurance for 800 Alticor employees from Alfa Bank’s insurance subsidiary. The Devos family has given millions of dollars in the past few months to conservative super PACs (www.fec.gov). One member of the Devos family was a founder of Blackwater.

None of that makes sense, though, especially since — while some of the DeVoses do seem to be funding Trump now and Prince has bizarrely backed the Donald (though that may stem from being shut out of State business while Hillary was in charge) — the biggest commonality between the DeVoses (who are hard core Republicans) and Trump is their multinational scheming and fondness for sports teams.

They may both be awful conservatives, but they are different kinds of awful conservatives, and there’s little reason to believe they’d be in cahoots outside of belated efforts, post-dating these files, to fund Republican turnout in the state (and even there, Prince’s sister Betsy is withholding direct funding).

More importantly, the DeVoses no more run this hospital than Betty Ford does.

But without the conspiracy theories implicating the DeVoses, then innocent explanations sure look a lot more plausible.

Tellingly, however, most other treatments of this story (this is an exception) have simply ignored this detail. Because once you have to calculate how a children’s hospital and a boob clinic — even one, or perhaps especially one, named after Gerald Ford’s wife — has a tie to this international spy plot, things start falling apart.

The reason why the boob clinic part of the story is important is it’s a detail that should have led even non-technical people to at least think twice before running with the story. Slate, however, simply included Spectrum’s explanation for the files, the one that matched Mandiant’s working hypothesis, and careened ahead.

The FBI has its own doubts

After Slate published, the NYT posted a story that generally reveals the FBI hasn’t been able to substantiate any tie between Trump himself and Russia and has backed off its claims that Russia was trying to decide the election (a judgment I hope to return to).

It also reveals that the FBI largely agreed with what security experts concluded when they saw this claim.

In classified sessions in August and September, intelligence officials also briefed congressional leaders on the possibility of financial ties between Russians and people connected to Mr. Trump. They focused particular attention on what cyberexperts said appeared to be a mysterious computer back channel between the Trump Organization and the Alfa Bank, which is one of Russia’s biggest banks and whose owners have longstanding ties to Mr. Putin.

F.B.I. officials spent weeks examining computer data showing an odd stream of activity to a Trump Organization server and Alfa Bank. Computer logs obtained by The New York Times show that two servers at Alfa Bank sent more than 2,700 “look-up” messages — a first step for one system’s computers to talk to another — to a Trump-connected server beginning in the spring. But the F.B.I. ultimately concluded that there could be an innocuous explanation, like a marketing email or spam, for the computer contacts.

Note, this means that the FBI was already looking into this story when it got shopped to reporters in early October. So in addition to the four or so other entities that reviewed this story and found it wanting (including me), the FBI had already had a crack at it.

Hillary Clinton and her likely National Security Advisor jump on this story

Now, as with the Kurt Eichenwald story claiming to have found a smoking gun tying Trump to Putin, people on the left didn’t read the story very critically. Sure, this one is technically hard — up until you think about the boob clinic connection alleged in the middle of the spy plot.  But for all its breathlessness, the Slate story simply insinuated. It proved nothing.

Which is why I’m so troubled that Hillary Clinton tweeted it four times in three hours, including a statement her likely National Security Advisor Jake Sullivan put together.

I mean, I get that it’s election season and all. I get that Jim Comey gave Hillary a whopping October surprise on Friday. But one of the reasons we’re supposed to elect Hillary over Trump is that she is more measured and fact-based than Donald is.

Here, she jumped on a story that at least should have given pause and created two campaign messaging pieces around it, asserting as fact that “Donald Trump has a secret server … set up to communicate privately with a Putin-tied Russian bank.”

I’ll repeat again: Jake Sullivan — the guy who wrote the longer statement on this — is widely assumed to be set to take on the job from which Condi Rice started a war by warning about fictional mushroom clouds.

Who are these secret researchers, anyway

Which leads me to a final question a few of the security folks are asking about this story.

In addition to his technical debunking, Robert Graham made an equally important point: researchers shouldn’t be accessing this data for ad-lib investigations into presidential candidates, and it’s not even clear who would have access to it all except the NSA.

The big story isn’t the conspiracy theory about Trump, but that these malware researchers exploited their privileged access for some purpose other than malware research.

[snip]

In short, of all the sources of “DNS malware information” I’ve heard about, none of it would deliver the information these researchers claim to have (well, except the NSA with their transatlantic undersea taps, of course).

And in a second post this morning, Krypt3ia started wondering who’s behind this story.

This was a non story and this was someone’s troll or an IC operation of some kind. I left it at that… That is until last night when this fallacy laden report came out of Slate.

Anonymous Security Professionals

So here is what I believe happened with Slate and Foer. Tea, not happy with my ignoring their bullshit, went on to pimp at least five venues looking for a way to get this wide and Foer was the gullible one to do so. Now, with a live one on the line Tea spun their tale and added the new twist that they are in fact a group of “security professionals” with insider knowledge and that this story is really real. Of course once again they provided no real proof of Trumps servers being configured for this purpose, no evidence of actual emails, and no real forensically sound information that proves any of what they say can be proven in a court of law. This is a key thing and Slate may not care but others do. Even in the previous dumps on the i2p site that tea set up their diagram said “this is what it would look like” would is not proof, that there is speculation and not evidence.

[snip]

Meanwhile, the story spun by Tea and now Camp et al on Slate makes me wonder just who Tea is. Obviously Camp knows Tea and the others and this is a small world so let’s work out the connections shall we?

Camp –>Vixie –> ??? let’s just assume that Camp knows these persons well and if one starts to dig you could come up with a few names of people who “would” (there’s that would again) have the kind of access to DNS data that is needed.

Just sayin.

Of course, we have since learned that before Tea Leaves started pushing this story to the press, the FBI had been investigating it for two months.

Which, to my mind, raises even more questions about the anonymous researchers’ identities, because (small world and all) the FBI likely knows them, in which case they may have known that the FBI wasn’t jumping on the story by the time they started pitching it.

Or the FBI doesn’t know them, which raises still more questions about the provenance of these files.

Ah well, if President Hillary starts a war with Russia based off Iraq-War style dodgy documents, at least I’ll have the satisfaction of knowing my boob clinic is right there on the front lines.

Update: I’ve added language to clarify that the DeVoses don’t run Spectrum.

Or Maybe the FBI Really Did Have a Reason to Stay Off the Russian Attribution?

/33 Comments/in , /by

The Comey whiplash continues.

In the latest development, a single source — a “former FBI official,” offered with no description of how he or she would know — told CNBC that weeks ago Jim Comey refused to join onto the Intelligence Community’s attribution of the DNC hacks to Russia because it was too close to the election.

FBI Director James Comey argued privately that it was too close to Election Day for the United States government to name Russia as meddling in the U.S. election and ultimately ensured that the FBI’s name was not on the document that the U.S. government put out, a former FBI official tells CNBC.

The official said some government insiders are perplexed as to why Comey would have election timing concerns with the Russian disclosure but not with the Huma Abedin email discovery disclosure he made Friday.

In the end, the Department of Homeland Security and The Office of the Director of National Intelligence issued the statement on Oct. 7, saying “The U.S. intelligence community is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations…These thefts and disclosures are intended to interfere with the US election process.”

[snip]

According to the former official, Comey agreed with the conclusion the intelligence community came to: “A foreign power was trying to undermine the election. He believed it to be true, but was against putting it out before the election.” Comey’s position, this official said, was “if it is said, it shouldn’t come from the FBI, which as you’ll recall it did not.”

In spite of what Hillary said at the most recent debate, the statement was billed as a “Joint Statement,” though it did claim to represent the view of the intelligence community.

Until someone else confirms this story — preferably with more than one source, one clearly placed in a position to know — I advise caution on this.

That’s true, first of all, because a bunch of people who likely harbor grudges against Jim Comey are coming out of the woodwork to condemn Comey’s Friday statement. Given the reasons they might resent Comey, I really doubt Alberto Gonzales or Karl Rove were primarily motivated to criticize him out of a concern for the integrity of our election process.

The same could be true here.

The other reason I’d wait is because of reporting going back to this summer on the case against Russia. As I’ve noted, reporters repeatedly reported that while there seemed little doubt that Russia had hacked the Democrats, the FBI had not yet proven some steps in the chain of possession. For example, at the end of July, FBI was still uncertain who or how the emails from DNC were passed onto WikiLeaks.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

As I noted, the IC attribution statement actually remained non-committal on precisely this step of the process, finding that the leaks of emails were consistent with stuff Russia’s GRU has done in the past, but stopping short of saying (as they had on the hack itself) that it is confident that Russia leaked the files.

Which is to say the same thing the FBI had questions about in July is something that remained non-committal in the October statement, which might be one of a number of reasons (including that FBI wants to retain the ability to prosecute whoever they charge with this, including if it is a currently unknown middleman) that the FBI might not want to be on the attribution. FBI was unwilling to fully commit to the accusation in July, and apparently unwilling to do so in October.

Note that CNBC’s anonymous source, even when confirming that Comey backed the statement, didn’t confirm he backed the whole content of it. The person contrasts the most aggressive quote from the IC statement:

… the U.S. intelligence community is confident that the Russian Government directed the recent compromises …

With this, allegedly from Comey:

A foreign power was trying to undermine the election

Those statements are not the same thing, and it may be that FBI continued to have perhaps not doubts, but unproven holes in the case, that led to caution on the Russia statement.

In any case, it’s not that I believe the anonymous CNBC statement to be impossible. But there is another perfectly consistent explanation for Comey hesitating to name FBI on that IC attribution.

Update: Ellen Nakashima has a version of this story (sourced to more than one person) now. Here’s an excerpt, but definitely read the whole thing for the logic (or lack thereof) FBI used.

In the debate over publicly naming Russia, the FBI has investigative interests to protect, officials said. At the same time, other officials said, the aim of public attribution was to stop Russia from undermining confidence in the integrity of the election.

[snip]

But the White House, Justice Department, State Department and other agencies debated for months whether to officially blame Moscow or not.

Comey’s instincts were to go with the public attribution even as late as August, said one participant in the debate. But as the weeks went by and the election drew nearer, “he thought it was too close,” the official said.

When, by early October, the decision was made, the talk shifted to who would make the announcement. In December 2014, it was the FBI that publicly pointed the finger at North Korea for hacking Sony Pictures Entertainment and damaging its computers. That was because the attribution to Pyongyang was based on the FBI investigation, said a senior administration official.

[snip]

The announcement did not mention the White House, which also had been very concerned about appearing to influence the election.

Halloween Monday: Dying for Love

/2 Comments/in , , , , , /by

In this roundup: Turkish troubles, good tech bad tech, fickle market reaction, and Halloween tricks-or-treats.

Because it’s Halloween I’m sharing a short film for Movie Monday based on that theme. It’s probably R-rated so don’t launch it in the office without the doors shut and/or the volume down. It parodizes so many cheap horror films of the 1980s-2000s including the Final Girl trope.

I need to watch this short a couple more times. The film is billed as a single take — one long, unbroken camera shot — but I’m not certain it is. I think there may be a hidden few cuts when the location changes from one end of a room to another. Look at this analysis of Alfred Hitchcock’s use of dissolve cuts in his 1948 film Rope and you’ll see what I mean by hidden cuts. Keep in mind that with digital technology, even dissolve cuts may be smoother and much less detectable than they were in 1948 with traditional film.

Turkish troubles

Good tech, bad tech, or something in between

  • Delta Airlines implements RFID baggage tracking app (Fortune) — FINALLY. I’ve been wondering ever since the furor over Walmart using RFID on inventory why airlines couldn’t use RFID and let their customers track their own bags. Only took ~16 years or so. And thank goodness this technology isn’t WiFi-enabled. Should save billions of dollars — let’s hope that trickles down to savings on tickets.
  • Toyota developing a keyless access system for carsharing (Detroit Free Press) — Really? Didn’t Toyota have keyless remote fobs that were hacked just last year?
  • SpaceX still investigating launchpad explosion (Business Insider) — To be fair, it’s not clear yet what triggered the explosion two months ago. Can’t say if this is good or bad technology or something else altogether. (Not going to mourn the loss of a satellite which was to provide internet to African continent via Facebook. This part I’d call bad tech. Can’t we come up with some other approach to providing internet besides a walled garden with fake news?)

The market = fickle mistress?[1]

Tricks or treats?

  • Spooky reads: scary seance scenes in fiction (Guardian) — Could be fun to read while waiting for trick-or-treaters to knock on your door.
  • What makes a good horror film? (OpenCulture) — If you’d rather watch than read something scary tonight, bone up first before surfing Netflix or Amazon for a film.
  • Werewolves in classic literature (Sententiae Antiquae) — Classic literature, as in Greek or Roman, has a surprising number of references to lycanthropy. Did they tell each other these stories to scare each other around the campfire?
  • Sluttiest Halloween costumes (McSweeney’s) — Of 1915, that is. In case you need a laugh and not a scare. I sure could right now; only one more week of election terror to go.

Watch out for little ghosts and goblins tonight!
__________
[1] Note: You’re not seeing things — I accidentally hit the Publish button before I’d updated the two market economics bits!

Friday: Sinnerman

/11 Comments/in , , /by

In this roundup: A look outside the U.S.’ borders — TTIP’s end, Turkey at risk, Chile and women’s reproductive rights, more.

Featured jazz artist today is Eunice Waymon, known best by her stage name Nina Simone. Recognized for her powerful political work, Mississippi Goddamn, Simone was an incredibly gifted pianist trained at Juilliard with a predilection for the works and method of Johann Sebastian Bach. She became a singer only after nightclubs for which she performed insisted she must sing and play piano together.

Two of my favorites apart from Sinnerman shared here are Feeling Good and I Put a Spell on You. I’ll always have a warm, fuzzy place for Ain’t Got No/I Got Life medley, a variation of the song from the 1960s Broadway musical Hair. I can remember singing along to this recording during long road trips.

Why Nina Simone today? Because of Sinnerman, which seems particularly appropriate during this election season.

Looking away from our nation’s navel

  • Op-ed: Is Turkey nearing civil war? (Süddeutsche Zeitung) — Guest contributor Yavuz Baydar reviews developments in Turkey after the so-called coup attempt, including calls to arm citizens, reestablish an Ottoman caliphate, and create militarized youth groups attached to mosques. Turkish media, operating with the blessing of President Tayyip Erdoğan, has shown maps featuring Mosul and parts of northern Greece as part of a Turkish empire.
  • TTIP may be in death throes, but resuscitation attempted (euronews) — This article quotes a Spanish automotive partmaker who complains the need to inspect parts both on export and import is expensive, and the Transatlantic Trade and Investment Partnership (TTIP) agreement would eliminate the costly redundancy. Except the existing duplicative inspections didn’t prevent Volkswagen Group and its vendor Bosch from shipping fraudulent vehicles and parts, did it? Yeah. Not so much…in spite of TTIP’s near-death, the US and EU met earlier this month to regroup and try to force TTIP through before the end of President Obama’s term.
  • Chile’s president aims to change restrictive anti-abortion laws (NPR) — Chile is among the five most restrictive countries in the world, outlawing abortion even to save the life of the mother. President Michelle Bachelet made it her goal to change the laws; the country’s lower house has already approved legislation to allow abortion in case of rape, to save the mother, or in case of mortal fetal defect. Chile’s senate must yet vote to approve this legislation before it becomes law. In the mean time, women must travel abroad to obtain abortions or risk jail if they attempt it in Chile on their own.
  • Radical Ukrainian nationalists rising (euronews) — Members of far-right groups Azo regiment and the Right Sector recently marched through Kyiv to celebrate Ukrainian patriotism while protesting pro-Russian separatists.

Tech Debris
Here’s a collection of odd technology bits I’ve run across recently worth a read:

  • Dutch researchers working on anti-hacking technology (euronews) — They’re working on unique identifiers for devices attached to the internet, like the myriad Internet of Things (webcams, baby monitors, so on). This seems like a waste of time given every device should already have an ID assigned by a network. Keep an eye on this; it’d certainly make surveillance easier. Ahem.
  • Troubling case of Facebook v. Vachani (NPR) — Fluffy overview of the suit filed against Steven Vachani whose portal site product pissed off Facebook greatly. But you should read the op-ed from July by Orin Kerr about this case — brace yourself for your freak out.
  • From the archives: Interview with John Arquilla on cyberwarfare (FRONTLINE) — Perspective on the origins of current cyberwarfare policies arising from Bush administration post-9/11. As you read this, keep in mind Arquilla is a proponent of preemptive warfare and the use of cyberwarfare against terrorism.
  • Twitter as a government tool against the people (Bloomberg) — We take for granted we can type anything we want in social media. Not so in much of the rest of the world, and Twitter is an example of social media with both great potential to inform while putting users at risk where speech is not free. Although after the recent revelations Twitter sold data to a U.S. intelligence front, speech isn’t exactly free on Twitter for U.S. citizens, either.

Longread: Did newspapers screw up?
We’ve watched the decline of newspapers for over a decade as its analog business model met the reality of a digital age. Jack Shafer wrote about the possibility newspapers may have made a critical error during the generational shift to online media — perhaps the seasoned existing outlets should have remained firmly committed to print. Two key problems with this analysis: 1) printing and distribution remains as expensive as all other factors in producing a newspaper, and 2) the population consuming newspaper content is changing, from a print-only to digital-only audience. This must be acknowledged or newspapers will continue to struggle, and large papers will continue to pursue consolidation in order to reduce costs to operate.

With that in mind, I still don’t understand why The Washington Post, owned by Jeff Bezos, hasn’t opted to offer a Kindle to subscribers willing to pay for a full print subscription a year in advance. A low-level Kindle is cheaper than the cost to print. Ditto to The New York Times; why hasn’t it considered a tie up with Kobo or another e-reader manufacturer?

That’s it for this week; have a good weekend!

FBI Has Almost 20 Cybers Stationed around the World

/2 Comments/in /by

As part of cybersecurity awareness month, the FBI published this release about having almost 20 cybersecurity “Assistant Legal Attachés” around the world.

Another way we’re working to combat the cyber threat is by placing Bureau cyber experts in FBI legal attaché (legat) offices in strategic locations around the globe—a critical step because cyber threat actors can and do operate virtually anywhere in the world, crossing national and international borders with a few strokes of a keyboard to reach their victims.

Our experts are called cyber assistant legal attachés, or ALATs, and they work on a daily basis with law enforcement in host countries, sharing information, cooperating on investigations, and enhancing our relationships overall. Sometimes, they even work in the same physical space alongside their foreign counterparts.

The cyber ALAT program began in 2011, when several FBI Cyber Division personnel were deployed to a handful of legat offices to address significant cyber threats in those regions impacting U.S. interests and FBI investigations.

Five years later, there are eight permanent cyber ALAT positions—two in London and one each Bucharest, Romania; Canberra, Australia; The Hague, Netherlands; Tallinn, Estonia; Kyiv, Ukraine; and Ottawa, Canada. And currently, the Bureau maintains nearly a dozen temporary duty (TDY) cyber ALAT positions—their locations determined by the cyber threat environment and the host nation’s capabilities in working with the FBI in identifying, disrupting, and dismantling cyber threat actors and organizations.

I get the value of this program. The investigations into some  of the most disruptive cyberattackers require a lot of resources, and surely those resources are better spent if they’re working closely together.

But it does raise some questions. If an FBI Agent is working overseas and deploys an exotic technique there, is it bound by US law, the law of the host country, or by EO 12333? And if that technique ends up nabbing US defendants, do those defendants learn in discovery that the evidence came from an FBI Agent partnering with foreign law enforcement (or spooks) overseas? Or does this just get laundered with the protection DOJ provides foreign evidence.

All these cyber tools disembodied from a legal jurisdiction may be necessary, but it’d be nice to know what, if any, laws they operate under.

In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

/5 Comments/in , , , , /by

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

NSA, Lazarus, and Odinaff

/1 Comment/in /by

Reuters has a report that SWIFT — the international financial transfer messaging system — has been hacked again, what it describes as the second effort to steal big money by hacking the system.

Cyber-security firm Symantec Corp said on Tuesday that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded $81 million in the high-profile February attack on Bangladesh’s central bank.

Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.

But it should say the third hack. As the Snowden documents revealed, NSA was double dipping at SWIFT in the 2010 to 2011 timeframe, though to steal information, not money.

What’s interesting about this latest hack, though, is it targets the US and countries closely aligned with it, though it appears to be a criminal organization not a state.

Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.

The Reuters report also notes that Symantec thinks the Sony hack was done by a group it calls Lazarus, which may not be the same as North Korea.

As with the Yahoo scan ordered last year — which effectively appears to have hacked all Yahoo’s users — it makes sense to think of US nation-state hacks and criminal or foreign adversary ones in the same breath. Not only might an NSA hack expose methods others might use, but with an entity like SWIFT, there’s no reason to privilege US hacking over others.