Ben Wittes has started a series of posts on how to tyrant-proof the presidency. His first post argues that Jennifer Granick’s worries about surveillance and Conor Friedersdorf’s worries about drone-killing are misplaced. The real risk, Wittes argues, comes from DOJ.
What would a president need to do to shift the Justice Department to the crimes or civil infractions committed—or suspected—by Trump critics and opponents? He would need to appoint and get confirmed by the Senate the right attorney general. That’s very doable. He’d want to keep his communications with that person limited. An unspoken understanding that the Justice Department’s new priorities include crimes by the right sort of people would be better than the sort of chortling communications Richard Nixon and John Mitchell used to have. Want to go after Jeff Bezos to retaliate for the Washington Post‘s coverage of the campaign? Develop a sudden trust-busting interest in retailers that are “too big”; half the country will be with you. Just make sure you state your non-neutral principles in neutral terms.
There are other reasons to expect a politically abusive president to focus on the Justice Department and other domestic, civilian regulatory and law enforcement agencies: one is that the points of contact between these agencies and the American people are many, whereas the population’s points of contact with the intelligence community are few. The delusions of many civil libertarians aside, the intelligence community really does focus its activities overseas. To reorient it towards domestic oppression would take a lot of doing. It also has no legal authority to do things like arresting people, threatening them with long prison terms, fining them, or issuing subpoenas to everyone they have ever met. By contrast, the Justice Department has outposts all over the country. Its focus is primarily domestic. It issues authortitative legal guidance within the executive branch to every other agency that operates within the country. And it has the ability to order people to produce material and testify about whatever it wants to investigate.
What’s more, when it receives such material, it is subject to dramatically laxer rules as to its use than is the intelligence community. Unlike, say, when NSA collects material under Section 702, when the Justice Department gets material under a grand jury subpoena, there aren’t a lot of use restrictions (other than Rule 6(e)’s prohibition against leaking it); and there is no mandatory period after which DOJ has to destroy it. It has countless opportunities, in other words, to engage in oppressive activities, and it is largely not law but norms and human and institutional decency that constrain it.
I don’t necessarily disagree with the premise. Indeed, I’ve argued it for years — noting, for example, that a targeted killing in the US would look a lot more like the killing of Imam Luqman Abdullah in 2009 (or the killing of Fred Hampton in 1969) than drone killing of Anwar al-Awlaki in 2011 (given that Abdullah’s selling of stolen items got treated as terrorism in part because of his positive statements about Awlaki, it is not inconceivable FBI started infiltrating his mosque because of SIGINT).
My gripe (I have to have gripes because it is Wittes) is on two points. First, Wittes far overestimates how well the protections against abuse currently work. He seems to believe the Levi Guidelines remain in place unchanged, that the 2008 and 2011 and serial secret changes to the Domestic Investigations and Operations Guide since then have not watered down limits on investigations for protected activities. He suggests it was a good thing to use prosecutorial discretion to chase drugs in the 1990s and terrorism in the 2000s, and doesn’t consider why the rich donors who’ve done as much damage as terrorists to the country — the banksters, even those that materially supported terrorists — have gotten away with wrist-slap fines. It was not a good thing to remain obsessed with terrorists while the banksters destroyed our economy through serial global fraud (a point made even by former FBI agents).
We already have a dramatically unequal treatment of homegrown extremists in this country based on religion (compare the treatment of the Malheur occupiers with that of any young Muslim guy tweeting about ISIS who then gets caught in an FBI sting). We already treat Muslims (and African Americans and — because we’re still chasing drugs more than we should — Latinos) differently in this country, even though the guy running for President on doing so as a campaign plank isn’t even in office yet!
The other critical point Wittes missed in his claim that “delusional” civil libertarians don’t know that “the intelligence community really does focus its activities overseas” is that DOJ, in the form of FBI and DEA, is the Intelligence Community, and their intelligence focus is not exclusively overseas (nor is the intelligence focus of other IC members DHS — which has already surveilled Black Lives Matter activists — and Treasury). The first dragnet was not NSA’s, but the DEA one set up under Bill Clinton. One big point of Stellar Wind (which is what Wittes mocked Granick for focusing on) was to feed FBI tips of people the Bureau should investigate, based solely on their associations. And while Wittes is correct that “when the Justice Department gets material under a grand jury subpoena, there aren’t a lot of use restrictions (other than Rule 6(e)’s prohibition against leaking it); and there is no mandatory period after which DOJ has to destroy it,” it is equally true of when FBI gets raw 702 data collected without grand jury scrutiny.
FBI can conduct an assessment to ID the racial profile of a community with raw 702 data, it can use it to find and coerce potential informants, and it can use it for non-national security crimes. That’s the surveillance Wittes says civil libertarians are delusional to be concerned about, being used with inadequate oversight in the agency Wittes himself says we need to worry about.
Four different times in his post, Wittes contrasts DOJ with the intelligence community, without ever considering what it means that DOJ’s components FBI and DEA are actually part of it, that part of it that takes data obtained from NSA’s surveillance and uses it (laundered through parallel construction) against Americans. You can’t contrast the FBI’s potential impact with that of the IC as Wittes does, because the FBI is (one of) the means by which IC activities impact Americans directly.
Yes, DOJ is where President Trump (and President Hillary) might abuse their power most directly. But in arguing that, Wittes is arguing that the President can use the intelligence community abusively.
Reuters reports that, in the wake of criminals hacking the global financial messaging system SWIFT both via the Bangladesh central and an as-yet unnamed second central bank, SEC Commissioner Mary Jo White identified vulnerability to hackers as the top threat to the global financial system.
Cyber security is the biggest risk facing the financial system, the chair of the U.S. Securities and Exchange Commission (SEC) said on Tuesday, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.
Banks around the world have been rattled by a $81 million cyber theft from the Bangladesh central bank that was funneled through SWIFT, a member-owned industry cooperative that handles the bulk of cross-border payment instructions between banks.
The SEC, which regulates securities markets, has found some major exchanges, dark pools and clearing houses did not have cyber policies in place that matched the sort of risks they faced, SEC Chair Mary Jo White told the Reuters Financial Regulation Summit in Washington D.C.
“What we found, as a general matter so far, is a lot of preparedness, a lot of awareness but also their policies and procedures are not tailored to their particular risks,” she said.
“As we go out there now, we are pointing that out.”
Of course, the criminals in Bangladesh were not the first known hackers of SWIFT. The documents leaked by Snowden revealed NSA’s elite hacking group, TAO, had targeted SWIFT as well. Given the timing, it appears they did so to prove to the Europeans and SWIFT that the fairly moderate limitations being demanded by the Europeans should not limit their “front door” access.
Targeting SWIFT (and credit card companies) is probably not the only financial hacking NSA has done. One of the most curious recommendations in the President’s Review Group, after all, was that “governments” (including the one its report addressed, the US?) might hack financial institutions to change the balances in financial accounts.
(2) Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial systems;
Second, governments should abstain from penetrating the systems of financial institutions and changing the amounts held in accounts there. The policy of avoiding tampering with account balances in financial institutions is part of a broader US policy of abstaining from manipulation of the financial system. These policies support economic growth by allowing all actors to rely on the accuracy of financial statements without the need for costly re-verification of account balances. This sort of attack could cause damaging uncertainty in financial markets, as well as create a risk of escalating counter-attacks against a nation that began such an effort. The US Government should affirm this policy as an international norm, and incorporate the policy into free trade or other international agreements.
After which point, James Clapper started pointing to similar attacks as a major global threat.
I don’t mean to diminish the seriousness of the threat (though I still believe banksters’ own recklessness is a bigger threat to the world financial system). But the NSA should have thought about the norms they were setting and the impact similar attacks done by other actors would have, before they pioneered such hacks in the first place.
The other day Hillary promised she would appoint Attorneys General like Eric Holder and Loretta Lynch. “I will appoint an Attorney General who will continue the courageous work of Eric Holder and Loretta Lynch.” Given that the comments came at an Al Sharpton event, I assumed the comment meant to invoke Holder and Lynch’s efforts to reform criminal justice and, presumably, their even more laudable support for civil rights.
Nevertheless, it was a disturbing comment, given that Holder and Lynch have also both coddled the bankers who crashed our economy. Indeed, when Hillary tries to defend her huge donations from bankers, she always points to Obama’s even huger ones, and insists that there’s no evidence he was influenced by them. But the Obama DOJ record on bank crime is itself the counter to Hillary’s claim those donations didn’t influence the President.
But then, last night, Hillary said something even more outrageous, which I take to be a solid promise to her funders they’ll continue to get special treatment before the law. Amid a comment shifting from Too Big to Fail into the serial settlements the banks have signed for their crimes, Hillary took the bold step of calling for financial penalties for the people directing that crime.
CLINTON: Dana, let me add here that there are two ways to at this under Dodd-Frank, which is after all the law we passed under President Obama, and I’m proud that Barney Frank, one of the authors, has endorsed me because what I have said continuously is, yes, sometimes the government may have to order certain actions. Sometime the government can permit the institution themselves to take those actions. That has to be the judgement of the regulators.
But, there’s another element to this. I believe strongly that executives of any of these organizations should be financially penalized if there is a settlement.
CLINTON: They should have to pay up through compensation or bonuses because we have to go after not just the big giant institution, we have got to go after the people who are making the decisions in the institutions.
Granted, under Holder and Lynch, those courageous Attorneys General Hillary would model her own pick on, the banksters haven’t even been asked to do this much.
But the fact that Hillary thought a great punishment for those harming the country with their serial crime wave is to fine them is a testament that she doesn’t even see the underlying crimes.
This is behavior that has continued over years, often after previous settlements. If anyone can be called a super-predator, it’s the bankers who toy with millions of people’s livelihoods and savings to make a buck. If there were a Three Strikes law for bankers most of these guys would be looking at life imprisonment.
And yet Hillary’s bold plan is not to incarcerate them, but instead to take a little bit of their money.
Very thin reporting, according to the results. Canada, come on — Bill Cosby is bigger news than global corruption?
Ditto for India, which covered the HSBC money laundering scandal exhaustively last year. Very little coverage in that country’s English language outlets.
Don’t get all peeved off about the U.S. media, which hasn’t done a particularly good job over the last 24 hours. It’s not just us; the lack of coverage may say something about media ownership around the world.
One possible example on shore here: the acquisition of the Las Vegas-Review Journal last year. Nevada happens to be the eighth most popular tax haven in the world, and Las Vegas is its heart. Was this paper acquired in order to influence reporting in and about this topic?
Mossack Fonseca has a subsidiary in Las Vegas, by the way.
Let’s take a look at science and technology news…
To date, The Register hasn’t seen a strong presence from the tech sector in the staged release of the documents, perhaps because the “Double Irish Dutch Sandwich” tactic favoured in this business works without hiding companies’ links to their international associates.
The comments at that link are rather interesting, offering both a perspective from our overseas “cousins” as well as technical assessment about the leak.
That’s enough for your coffee break or lunch hour. Catch you here tomorrow morning!
Over the weekend, a bunch of media outlets let loose shock and awe in bulk leak documents, PanamaPapers, with project leaders ICIJ and Sueddeutsche Zeitung — as well as enthusiastic partner, Guardian — rolling out bring spreads on a massive trove of data from the shell company law firm Mossack Fonseca.
If all goes well, the leak showing what MF has been doing for the last four decades will lead us to have a better understanding of how money gets stripped from average people and then hidden in places where it will be safe from prying eyes.
Before I raise some questions about the project, I wanted to point to one of the best pieces of journalism I’ve seen from the project so far: this Miami Herald piece showing how its high end real estate boom has been facilitated by the money laundering facilitated by MF.
At the end of 2011, a company called Isaias 21 Property paid nearly $3 million — in cash — for an oceanfront Bal Harbour condo.
But it wasn’t clear who really owned the three-bedroom unit at the newly built St. Regis, an ultra-luxury high-rise that pampers residents with 24-hour room service and a private butler.
In public records, Isaias 21 listed its headquarters as a Miami Beach law office and its manager as Mateus 5 International Holding, an offshore company registered in the British Virgins Islands, where company owners don’t have to reveal their names.
Buried in the 11.5 million documents? A registry revealing Mateus 5’s true owner: Paulo Octávio Alves Pereira, a Brazilian developer and politician now under indictment for corruption in his home country.
A Miami Herald analysis of the never-before-seen records found 19 foreign nationals creating offshore companies and buying Miami real estate. Of them, eight have been linked to bribery, corruption, embezzlement, tax evasion or other misdeeds in their home countries.
That’s a drop in the ocean of Miami’s luxury market. But Mossack Fonseca is one of many firms that set up offshore companies. And experts say a lack of controls on cash real-estate deals has made Miami a magnet for questionable currency.
The story is deeply contextualized with localized reporting that goes beyond the leaked documents. And it can lead to policy changes — restrictions on cash real estate transactions — that can help to stem (or at least redirect) the flow of this corrupt money. You could tell similar stories from big cities around North America (this has been a particular focus in NYC and Vancouver). And with effort, cities could crack down on such cash transactions, with all the negative effects they bring to localities.
But much of the other reporting so far remains at the level of shock and awe. Biggest leak ever! Putin Putin Putin! And much of the reporting reflects not just editorial bias, but some apparent innumeracy (though no one has yet released the real numbers) to claim that people from evil countries are proportionally more corrupt than people from good countries like the UK.
Here’s how SZ describes how they got these documents.
Over a year ago, an anonymous source contacted the Süddeutsche Zeitung (SZ) and submitted encrypted internal documents from Mossack Fonseca, a Panamanian law firm that sells anonymous offshore companies around the world. These shell companies enable their owners to cover up their business dealings, no matter how shady.
In the months that followed, the number of documents continued to grow far beyond the original leak. Ultimately, SZ acquired about 2.6 terabytes of data, making the leak the biggest that journalists had ever worked with. The source wanted neither financial compensation nor anything else in return, apart from a few security measures.
Nowhere I’ve seen explains where this source got the documents.
For almost three years, we have openly debated what I consider a fair question: what was Edward Snowden’s motivation for stealing the NSA’s crown jewels and was any foreign country involved? People have also asked questions about how he accessed so much: Did he steal colleagues’ passwords? Did he join Booz Allen solely to be able to steal documents? I think the evidence supports an understanding that his motives were good and his current domicile an unfortunate outcome. And we know some details about how he managed to get what he did — but the key detail is that he was a Sysadmin in a location where insider detection systems were not yet implemented and credentials to have unaudited access to many of the documents he obtained. Those details are a key part of understanding some of the story behind his leaks (and how NSA and GCHQ are organized).
Somehow, journalists aren’t asking such questions when it comes to this leak, the Unaoil leak that broke last week, or the leak of files on British Virgin Isles have activity a few years back (which, like this project, ICIJ also had a central role in). I’m sympathetic to the argument that IDing who stole these documents would put her or him in terrible danger (depending on who it is). But I also think this level of description the Intercept gave — in the first paragraph of a story about stolen recordings of jailhouse phone calls that revealed improper retention of attorney client conversations — would be useful.
The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over 70 million records of phone calls, placed by prisoners to at least 37 states, in addition to links to downloadable recordings of the calls. [my emphasis]
The Intercept’s source, knowing of the problem, hacked recordings from an inadequately protected server.
As the Guardian’s own graphic makes clear, this leak dwarfs the leaks by Chelsea Manning and Hervé Falciani (the security engineer behind the HSBC leak). It probably dwarfs the Snowden leak (though oddly the Guardian, which had fingers in both, doesn’t include Snowden in its graphic). That ought to raise real questions about how someone could access so much more information than tech experts with key credentials working at the core of security in the targeted organizations could. And those questions are worth asking because if these files come from an external hacker — a definite possibility — than it ought to raise questions about how they were able to get so much undetected and even — as everyone felt appropriate to ask with Snowden — whether an intelligence agency was involved.
As with the BVI leak before it, thus far this leak has included no details on any Americans. Some have suggested that’s because the Panama trade deal already brought transparency on US persons’ activities through the haven of Panama, except these files go back four decades and. Americans not only used Panama as a haven before that, but the CIA used it as a key laundering vehicle for decades, as Manuel Noriega would be all too happy to explain if western countries would let him out of prison long enough to do so. Moreover, the files are in no way restricted to Panama (indeed, some of the stories already released describe the establishment of shell companies within the US).
Not only haven’t we heard about any Americans, but even for the close American friends identified so far — starting with Saudi Crown Prince and close CIA buddy Mohammed bin Nayef — the details provided to date are scanty, simply the name of the shell he was using.
Craig Murray has already been asking similar questions.
Russian wealth is only a tiny minority of the money hidden away with the aid of Mossack Fonseca. In fact, it soon becomes obvious that the selective reporting is going to stink.
The Suddeutsche Zeitung, which received the leak, gives a detailed explanation of the methodology the corporate media used to search the files. The main search they have done is for names associated with breaking UN sanctions regimes. The Guardian reports this too and helpfully lists those countries as Zimbabwe, North Korea, Russia and Syria. The filtering of this Mossack Fonseca information by the corporate media follows a direct western governmental agenda. There is no mention at all of use of Mossack Fonseca by massive western corporations or western billionaires – the main customers. And the Guardian is quick to reassure that “much of the leaked material will remain private.”
What do you expect? The leak is being managed by the grandly but laughably named “International Consortium of Investigative Journalists”, which is funded and organised entirely by the USA’s Center for Public Integrity. Their funders include
Rockefeller Family Fund
W K Kellogg Foundation
Open Society Foundation (Soros)
among many others. Do not expect a genuine expose of western capitalism. The dirty secrets of western corporations will remain unpublished.
Expect hits at Russia, Iran and Syria and some tiny “balancing” western country like Iceland. A superannuated UK peer or two will be sacrificed – someone already with dementia.
Now, in response to people like me and Murray and Moon of Alabama asking those questions, the SZ editor in charge of their side of the project promises dirt on Americans will be coming. Let’s hope so, because this is a worthwhile leak of data, and it would be unfortunate for Americans and Brits to be deprived of learning more about the corruption among their elite.
Back in December 2014, Ken Silverstein did a fairly thorough review of MF at Vice (though he worked at the Intercept at the time).
[A] yearlong investigation reveals that Mossack Fonseca—which theEconomist has described as a remarkably “tight-lipped” industry leader in offshore finance—has served as the registered agent for front companies tied to an array of notorious gangsters and thieves that, in addition to Makhlouf, includes associates of Muammar Gaddafi and Robert Mugabe, as well as an Israeli billionaire who has plundered one of Africa’s poorest countries, and a business oligarch named Lázaro Báez, who, according to US court records and reports by a federal prosecutor in Argentina, allegedly laundered tens of millions of dollars through a network of shell firms, some which Mossack Fonseca had helped register in Las Vegas.
Documents and interviews I’ve conducted also show that Mossack Fonseca is happy to help clients set up so-called shelf companies—which are the vintage wines of the money-laundering business, hated by law enforcement and beloved by crooks because they are “aged” for years before being sold, so that they appear to be established corporations with solid track records—including in Las Vegas. One international asset manager who talked to Mossack Fonseca about doing business with them told me that the firm offered to sell a 50-year-old shelf company for $100,000.
If shell companies are getaway cars for bank robbers, then Mossack Fonseca may be the world’s shadiest car dealership.
Silverstein clearly had some documents, though there’s no indication he had the trove that started getting leaked to SZ and ICIJ in early 2015, just weeks after Silverstein’s story.
On Twitter, Silverstein suggested his story never got published because this was the period when the Intercept wasn’t publishing (I had something similar happen to me while there).
But given the close continuity between Silverstein’s story and SZ receipt of the first documents, are they part of the same effort?
These aren’t papers showing the corruption that flows through Panama (for that matter, neither did the BVI leaks show all the corruption that flows through BVI, and there’s a significant BVI aspect to this leak). Rather, they show the corruption flowing through a Panamian-based but global firm, Mossack Fonseca. Reporting on this tells us MF is only the fourth largest of these laundering specialists.
So, aside from the fact that few people have heard of MF, why are we calling this the Panama Papers and not “Here’s what the fourth largest of these companies is involved with”?
All of which is to say as huge as this leak is — which is good! — it’s still just a tiny fraction of what’s out there.
None of this is meant to undermine the importance of this leak or the reporting the team of journalists covering it. Indeed, the story already threatens to take down the Prime Minister of Iceland whose conflict of interest the files revealed. We should have more of these leaks, covering all the havens and shell-creators.
Just remember, as you’re watching the coverage, that we’re getting selective coverage of one particular corner of that industry (ICIJ has said something about releasing files in several months). By all means let’s go after the crooks this story exposes, but let’s remember the crooks who, for whatever reason, aren’t included in this one.
Update: Fusion, which is part of the data sharing, admits there are only 211 Americans identified in the stash, though thus far this is just from recent years (that is, the years that might be affected by the trade agreement).
International Consortium of Investigative Journalists (ICIJ) has only been able to identify 211 people with U.S. addresses who own companies in the data (not all of whom we’ve been able to investigate yet). We don’t know if those 211 people are necessarily U.S. citizens.
All that said, the very good experts (including Jack Blum, who’s as good on these issues as anyone) don’t have very compelling explanations why there aren’t Americans in the stash.
Update: McClatchy describes some of the 200-some Americans whose passports show up in the files. All the ones it describes have been prosecuted (though several got light punishments).
Aw, shucks. Spring Break is over just as I find another warm place to visit. The British Virgin Islands expect a balmy daytime high of 84F/29C degrees today with partly cloudy skies.
And a 100% chance of tax havens galore.
Blood’s in the water, though, stay ashore. You may hear a lot in the media today about the Panama Papers leak dump in which the BVI feature prominently. What you won’t hear much about: this is the second leak about tax havens in exactly three years.
Jack-doodly-squat happened after the first one in April 2013.
The UK’s PM David Cameron was pressed in 2013 to do something about BVI’s tax laws. He said he would work with the G8 to tackle tax evasion. Of course, we now know why he sat on his hands; he had highly-rewarding and substantial familial interest in doing nothing but continue his family’s tax avoidance scheme. And yet he still managed to get reelected last year, the corrupt pig fucker.
If governments had felt any pressure at all to do something corrective, there wouldn’t be a second wave of leaks, right? But the 1% have continued to milk profits from businesses, transfer the money offshore, and buy themselves enough politicians and corporate media to ensure things remained nice and cozy.
Color me skeptical that anything will come of investigations into tax shelters which are for the most part legal, thanks to pwned and compromised governance. But the unfolding story sheds new light on older ones.
Like the decade-plus work on tax havens and abusive tax schemes by the U.S. of Permanent Senate Committee on Investigations, which did not slow or stop the offshoring of capital. B-schools continue to teach offshore tax shelters as ‘A Good Thing’, right alongside ‘Taxes Are Bad’ — because the 1% have amassed enough money to make sure legislators and B-schools’ leadership stay bought.
How much do the Panama Papers leak materials overlap with the Swiss Leaks scandal, including India’s investigation into HSBC, money laundering and influence peddling, reaching into the UK and beyond?
Or a more recent story about hacked elections, including Argentina’s. Has laundered money acquired the services necessary to manipulate elections in order to ensure nothing would change in tax laws?
Perhaps the Panama Papers will offer a more cohesive picture of just how badly the 99% are being screwed, if nothing else.
Nothing else, that is, besides the No Confidence vote Iceland’s Prime Minister Sigmundur David Gunnlaugsson now faces after the Panama Papers revealed his financial interests in BVI.
It’s actually rather quiet on the technology front as I write this. I’ll add a few snippets later after caffeination.
I’ve been following the story of how what are described to be criminal hackers tried to steal $1 billion from Bangladesh’s national bank, in part because of the tie to SWIFT, the financial transfer company (as of now, $81 million are still missing, but Sri Lanka and the Fed managed to reverse or prevent the remainder of the theft attempt). As part of the hack, the thieves stole Bangladesh’s SWIFT credentials (it appears they did this after Bangladesh connected the server running SWIFT transactions to 3 other servers).
“Malware was specifically designed for a targeted attack on Bangladesh Bank to operate on SWIFT Alliance Access servers,” the interim report said. Those servers are operated by the bank but run the SWIFT interface, and the report makes it clear the breach stretches into other parts of the bank’s network as well. “The security breach of the SWIFT environment is part of a much larger breach that is currently under investigation.”
SWIFT is a member-owned cooperative that provides international codes to facilitate payments between banks globally. It can’t comment on the investigation, according to Charlie Booth from Brunswick Group, a corporate advisory firm that represents SWIFT.
“We reiterate that the SWIFT network itself was not breached,” Booth said in an e-mail. “There is a full investigation underway, on what appears to be a specific and targeted attack on the victim’s local systems.” SWIFT said last week its “core messaging services were not impacted by the issue and continued to work as normal.”
Dedicated servers running the SWIFT system are located in the back office of the Accounts and Budgeting Department of Bangladesh Bank. They are connected with three terminals for payment communications.
While SWIFT insists it has not been breached, the hackers used a name making it clear they were targeting the SWIFT system.
On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”
SWIFT is sending out a security advisors to its members, advising them to shore up their local operating environments.
On Jan. 29, attackers installed “SysMon in SWIFTLIVE” in what was interpreted as reconnaissance activity, and appeared to operate exclusively with “local administrator accounts.”
In separate news, a local security researcher who had been working on the hack disappeared last week.
In a weird turn of events, one of the security researchers who voiced their criticism at the central bank’s security measures disappeared on Wednesday night.
Family members are saying that Zoha met with a friend at 11:30 PM on Wednesday night, March 16. While coming home, a jeep pulled in front of their auto-rickshaw, and men separated the two, putting them in two different cars.
Zoha’s friend was dumped somewhere in the city (Dhaka) and was able to get home by 02:00 AM, the next day. He then contacted Zoha’s family, who said the security researcher never came home.
The next day, family members tried to report the researcher missing, but police officers just kept redirecting them from one police station to another until the family gave up and contacted the media for help.
According to BDNews24, Zoha was a former collaborator of Bangladesh’s ICT (Information and Communication Technology) Division and worked with various government agencies in the past. It appears that his comments about the Bangladesh central bank cyber-heist were made working as a “shadow investigator” for a security company that family members declined to name.
Answering questions about his own investigation into the central bank’s cyber-heist, Zoha said that the “database administrator of the [Bangladesh Bank] server cannot avoid responsibility for such hacking” and that he “noticed apathy about the [server’s] security system.”
From this description and those based on the FireEye report, it seems like Bangladeshi authorities, and not SWIFT, would be the powerful people who might want to make this guy disappear. But I find it interesting that someone who was presumably mirroring FireEye’s work has apparently been kidnapped.
Remember: NSA’s TAO hackers hacked into SWIFT (even though the US has access to SWIFT to obtain counterterrorism information via an intelligence agreement anyway), apparently by accessing printer traffic from what sounds like member banks.
The NSA’s Tracfin data bank also contained data from the Brussels-based Society for Worldwide Interbank Financial Telecommunication (SWIFT), a network used by thousands of banks to send transaction information securely. SWIFT was named as a “target,” according to the documents, which also show that the NSA spied on the organization on several levels, involving, among others, the agency’s “tailored access operations” division. One of the ways the agency accessed the data included reading “SWIFT printer traffic from numerous banks,” the documents show.
While we don’t have enough detail to assess, it does sound like the NSA got in through vulnerabilities at the member bank level, like these thieves did.
Again, I assume the kidnapping is best explained by Bangladeshi efforts to cover up their own incompetence. But I do find the possibility that SWIFT might be vulnerable due to vulnerabilities at its member banks, too.
Let me be clear at the outset: I think what follows is a bullshit argument. But I think it is less unfair of an argument than Hillary’s claim that, by voting to withhold the second tranche of TARP funding on January 15, 2009, Bernie Sanders voted against the auto bailout.
As you’ll recall, in October 2008, the Bush Administration threw some vaguely laid out plans on some cocktail napkins over the wall to Congress and got it to release $700 billion dollars to bail out the banks. Between the time the new Congress got sworn in but before Obama became President, Republicans in the Senate wrote a bill to withhold the second tranche, or $350 billion, of those funds. In the days before the vote, Larry Summers threw two more cocktail napkins of promises to Congress. Bernie was one of seven Democrats who voted not to release the funds based on a series of what were effectively ideas on cocktail napkins.
One of the things on those cocktail napkins, though, was a promise from the Obama Administration that actual human persons facing a crisis, rather than just banks, would get some of the second tranche of money.
The Obama Administration will commit substantial resources of $50-100B to a sweeping effort to address the foreclosure crisis. We will implement smart, aggressive policies to reduce the number of preventable foreclosures by helping to reduce mortgage payments for economically stressed but responsible homeowners, while also reforming our bankruptcy laws and strengthening existing housing initiatives like Hope for Homeowners. Banks receiving support under the Emergency Economic Stabilization Act will be required to implement mortgage foreclosure mitigation programs.
Of course, it was just a cocktail napkin, and by voting to release the funds without tying them to actual legislation requiring the Administration actually use the funds in a such a way as to help homeowners, Hillary — and all the other Democrats who voted to give their new President funds without real limits on how they could spend it — gave away any leverage they had to actually force the Administration to implement such a plan.
Last year David Dayen described how the Administration not only never spent $50 billion — they only ever spent $12.8 billion — but the number of people helped was far lower than promised, and most people “helped” actually weren’t helped at all.
On January 15, 2009, Obama’s chief economic policy adviser, Larry Summers, wrote to convince Congress to release the second tranche of TARP funds, promising that the incoming administration would “commit $50-$100 billion to a sweeping effort to address the foreclosure crisis … while also reforming our bankruptcy laws.” But the February 2009 stimulus package, another opportunity to legislate mortgage relief, did not include the bankruptcy remedy either; at the time, the new administration wanted a strong bipartisan vote for a fiscal rescue, and decided to neglect potentially divisive issues. Having squandered the must-pass bills to which it could have been attached, a cramdown amendment to a housing bill failed in April 2009, receiving only 45 Senate votes.
Senate Majority Whip Dick Durbin, who had offered the amendment, condemned Congress, declaring that the banks “frankly own the place.” In fact, the administration had actively lobbied Congress against the best chances for cramdown’s passage, and was not particularly supportive when it came up for a vote, worrying about the impacts on bank balance sheets. Former Treasury Secretary Timothy Geithner admitted in his recent book, “I didn’t think cramdown was a particularly wise or effective strategy.” In other words, to get the bailout money, the economic team effectively lied to Congress when it promised to support cramdown.
According to a recent Government Accountability Office report, 64 percent of all applications for loan modifications were denied. Employees at Bank of America’s mortgage servicing unit offered perhaps the most damning revelations into servicer conduct. In a class-action lawsuit, these employees testified that they were told to lie to homeowners, deliberately misplace their documents, and deny loan modifications without explaining why. For their efforts, managers rewarded them with bonuses—in the form of Target gift cards—for pushing borrowers into foreclosure.
Because of all this, HAMP never came close to the 3–4 million modifications President Obama promised at its inception. As of August 2014, 1.4 million borrowers have obtained permanent loan modifications, but about 400,000 of them have already re-defaulted, a rate of about 30 percent. The oldest HAMP modifications have re-default rates as high as 46 percent.
Effectively, because Congress didn’t force the Administration to adopt cramdown (which would have resulted in real modifications which would have mean more people kept their homes and didn’t lose their wealth), Treasury could instead use the promise to “foam the runways” to help the banks string out losses and therefore avoid accountability for their recklessness.
This was a direct result of voting to give the Executive continued free rein on what to do with massive amounts of bailout money. So was bailing out the car industry, but the vote in January was primarily about whether to continue letting the Executive spend billions without clear guidelines.
So Hillary, according to her own logic, voted to help banks foreclose on 5 million people, which resulted in a tragic loss of wealth for American families.
Again, I think this is a bullshit argument. I assume Hillary intended to get real foreclosure relief (indeed, one domestic policy on which she was better than Obama in 2008 did just that). Though for someone who claims to know how to “get things done,” she showed no awareness of how to do that here. Nevertheless, it is the kind of bullshit argument she is making.
And having gone there — having permitted herself to engage in this kind of bullshit argument — she makes such arguments fair game for Donald Trump to make about her in June.
Ultimately, I think this vote was about whether the Executive should be able to operate without real limits. Bernie voted against that, Hillary voted for it (which makes it similar, in many ways, to the Iraq War vote in 2003, and had equally foreseeably bad results). Hillary will never make such votes for freeing the Executive of meaningful restraints again. But it’s pretty clear she’s a fan of letting the Executive operate without them.
That, to me, is the meaningful, non-bullshit, takeaway from that vote.
For a campaign that has spent days insisting Bernie Sanders should not launch attacks against her, the Hillary Clinton campaign sure engaged in some dishonest hackery last night.
During the debate in Flint, Hillary attacked Bernie for “vot[ing] against the money that ended up saving the auto industry.” She was talking about a January 15, 2009 attempt to withhold the second $350 billion of TARP funding that failed (here’s the resolution); Bernie voted not to release those funds. But the vote was not directly about auto bailout funding. It was about bailing out the banks and funding what turned out to be completely ineffective efforts to forestall foreclosures.
It is true that Bush’s failure to fund an auto-specific bailout meant that TARP funds got used to fund the $85 billion auto rescue (Bush had already spent some money on the auto companies — basically just enough to ensure they’d go under on Obama’s watch, but not enough to do anything to save them). But that’s not what the vote was (and there might have been enough money for the auto bailout in any case).
Larry Summers’ two letters in support of the additional funding (January 12, Janaury 15) in support of the additional funding certainly didn’t describe it as an auto bailout bill. He mentioned “auto” just three times between the two of them. In the January 12 letter, in support of auto loans to consumers, and in the January 15 letter, limits on what I believe is a reference to GM Finance (now Ally)’s Christmas holiday move to turn into a bank so it could access funding. Contemporary reporting on the vote also did not mention the auto bailout (though there had been discussion that it might be used the previous month).
Moreover, there had been an auto bailout vote in the Senate (on a bill already passed by the House) on December 11, which failed. Both Bernie and Hillary voted in support.
So while Hillary’s attack was technically correct — Bernie did vote against giving Jamie Dimon more free money, which had the side effect of voting against the second installment on the fund that would eventually become the auto bailout — he did not vote against the auto bailout.
But Hillary’s attack did its work, largely because national reporters appeared completely unaware that they were fighting about TARP much less aware that there had been votes in December that directly pertained to the auto bailout. Even some local reporters now appear unaware of what went down in 2008-9. John Podesta helped matters along by sowing confusion in post-debate speeches.
Here’s one of what will end up being several exceptions to the shitty reporting on this that will come too late for people to figure out what actually happened.
During the testy exchange over the auto bailout, Clinton called Sanders a “one-issue candidate” for voting against the release of $350 billion in Jan. 15, 2009, to continue funding the bailout of the nation’s banks and mortgage lenders.
Sanders joined seven Democratic senators in voting against the second wave of TARP funds. President Barack Obama ended up using some of TARP to fund the $85 billion rescue of GM, Chrysler and their auto lending arms.
“If everybody had voted the way he did, I believe the auto industry would have collapsed, taking 4 million jobs with it,” Clinton said.
David Axelrod, a former top adviser to President Barack Obama, questioned Clinton’s attack on Sanders’ voting record in the middle of the debate.
“It wasn’t explicitly a vote about saving auto industry,” Axelrod wrote on Twitter.
U.S. Sen. Debbie Stabenow, a Clinton supporter, said after the debate that senators, including Sanders, were aware the TARP money would be used to aid the domestic auto industry.
“A lot of folks said we shouldn’t do it because somehow it was helping the banks,” said Stabenow, D-Lansing. “It was the auto bailout we were talking about. I was very clear with colleagues that we had to do this.”
Stabenow’s comment, incidentally, is proof that the money shouldn’t have been granted as it was (it wasn’t spent on auto companies until much later). While she’s right that there had been public discussion of spending some money on the auto bailout, there obviously was still so little limiting what the Executive could do with the money that there needed to be nothing explicit supporting the auto bailout to make it happen. The flimsiness of the guidelines is one of the things that enabled the Obama Administration to avoid providing real foreclosure relief, choosing instead to “foam the runway” for banks.
Don’t get me wrong. Bernie did a number of other things at the debate that hurt him last night, such as his comment about ghettos that suggested all African Americans are poor and no whites are. I think, too, the optics of his efforts to stop Hillary from interrupting him as well as his own gesticulating while she was making responses will go over poorly.
But the auto bailout attack was a pretty shameful ploy, one that otherwise would make it fair game to really hit on Hillary’s own actions in a way Bernie has not yet done. That said, it was also a probably perfectly timed attack, because it will ensure victory for Hillary on Tuesday, eliminating one of the last possibilities that Bernie might really challenge Hillary.
Update: As it turns out, Hillary should be attacking Stabenow according to her own standards, because Stabenow voted no on the first TARP vote that actually paid for the first tranche of funding to the auto companies. (Here’s the second, January 2009 one.)
Several times over the course of Jim Comey’s crusade against strong encryption, I have noted that, if Comey wants to eliminate the tools “bad guys” use to commit crimes, you might as well eliminate the corporation. After all, the corporate structure helped a bunch of banksters do trillions of dollars of damage to the US economy and effectively steal the homes from millions with near-impunity.
It’d be crazy to eliminate the corporation because it’s a tool “bad guys” sometimes use, but that’s the kind of crazy we see in the encryption debate.
Yesterday, Ron Wyden pointed to a more narrow example of the way “bad guys” abuse corporate structures to — among other things — commit terrorism: the shell corporation.
In a letter to Treasury Secretary Jack Lew, he laid out several cases where American shell companies had been used to launder money for crime — including terrorism, broadly defined.
He then asked for answers about several issues. Summarizing:
They’re good questions but point, generally, to something more telling. We’re not doing what we need to to prevent our own financial system from being used as a tool for terrorism. Unlike encryption, shell companies don’t have many real benefits to society. Worse, it sounds like Treasury is making the problem worse, not better.
Of course, the really powerful crooks have reasons to want to retain the status quo. And so FBI Director Jim Comey has launched no crusade about this much more obvious tool of crime.