Sanctioning GRU … and FSB

While I was out and about today, President Obama rolled out his sanctions against Russia to retaliate for the Russian hack of Democrats this year. Effectively, the White House sanctioned two Russian intelligence agencies (GRU — Main Intelligence, and FSB –Federal Security Service), top leaders from one of them, and two named hackers.

In addition to sanctioning GRU, the White House also sanctioned FSB. I find that interesting because (as I laid out here), GRU has always been blamed for the theft of the DNC and John Podesta documents that got leaked to WikiLeaks. While FSB also hacked the DNC, there’s no public indication that it did anything aside from collect information — the kind of hacking the NSA and CIA do all the time (and have done during other countries’ elections). Indeed, as the original Crowdstrike report described, FSB and GRU weren’t coordinating while snooping around the DNC server.

At DNC, COZY BEAR intrusion has been identified going back to summer of 2015, while FANCY BEAR separately breached the network in April 2016. We have identified no collaboration between the two actors, or even an awareness of one by the other. Instead, we observed the two Russian espionage groups compromise the same systems and engage separately in the theft of identical credentials. While you would virtually never see Western intelligence agencies going after the same target without de-confliction for fear of compromising each other’s operations, in Russia this is not an uncommon scenario. “Putin’s Hydra: Inside Russia’s Intelligence Services”, a recent paper from European Council on Foreign Relations, does an excellent job outlining the highly adversarial relationship between Russia’s main intelligence services – Федеральная Служба Безопасности (FSB), the primary domestic intelligence agency but one with also significant external collection and ‘active measures’ remit, Служба Внешней Разведки (SVR), the primary foreign intelligence agency, and the aforementioned GRU. Not only do they have overlapping areas of responsibility, but also rarely share intelligence and even occasionally steal sources from each other and compromise operations. Thus, it is not surprising to see them engage in intrusions against the same victim, even when it may be a waste of resources and lead to the discovery and potential compromise of mutual operations.

Data provided by FireEye to War on the Rocks much later in the year suggested that the DNC hack was the only time both showed up in a server, which it took to mean the opposite of what Crowdstrike had, particularly high degree of coordination.

According to data provided for this article by the private cybersecurity company, FireEye, two separate but coordinated teams under the Kremlin are running the campaign. APT 28, also known as “FancyBear,” has been tied to Russia’s foreign military intelligence agency, the Main Intelligence Agency or GRU. APT 29, aka “CozyBear,” has been tied to the Federal Security Service or FSB. Both have been actively targeting the United States. According to FireEye, they have only appeared in the same systems once, which suggests a high level of coordination — a departure from what we have seen and come to expect from Russian intelligence.

The sanctioning materials offers only this explanation for the FSB sanction: “The Federal Security Service (a.k.a. Federalnaya Sluzhba Bezopasnosti) (a.k.a FSB) assisted the GRU in conducting the activities described above.”

So I’m not sure what to make of the fact that FSB was sanctioned along with GRU. Perhaps it means there was some kind of serial hack, with FSB identifying an opportunity that GRU then implemented — the more extensive coordination that FireEye claims. Perhaps it means the US has decided it’s going to start sanctioning garden variety information collection of the type the US does.

But I do find it an interesting aspect of the sanctions.

John Brennan, Doing the Holiday Friday News Dump Wrong

On Friday, October 14 at 8:30 PM, NBC posted a story promising, “CIA Prepping for Possible Cyber Strike Against Russia.”

The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News.

Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging “clandestine” cyber operation designed to harass and “embarrass” the Kremlin leadership.

The sources did not elaborate on the exact measures the CIA was considering, but said the agency had already begun opening cyber doors, selecting targets and making other preparations for an operation.

On Friday December 9, just hours after President Obama announced a review of the intelligence on Russia hacking the election, at least one senior US official (which I said at the time “seems primarily to come from Democratic Senators”) told the WaPo,

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system.

Over the following week, caveats on that story got leaked to the press. But on Friday, December 16, literally as the White House press corps was waiting for President Obama to speak, the WaPo reported that John Brennan released a letter to CIA’s workforce telling them FBI and DNI agreed one reason Russia hacked the election was to get Trump elected.

FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the White House, officials disclosed Friday, as President Obama issued a public warning to Moscow that it could face retaliation.

[snip]

The positions of Comey and Clapper were revealed in a message that CIA Director John Brennan sent to the agency’s workforce Friday.

“Earlier this week, I met separately with FBI [Director] James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election,” Brennan said, according to U.S. officials who have seen the message.

As I noted, the quoted parts of the letter didn’t actually say what the purpose of the hack was, and it made clear that Brennan had met separately with Jim Comey and James Clapper, meaning any claim of consensus was merely Brennan’s view of the serial meetings. In its report, the WaPo made no note that a week earlier it had reported that getting Trump elected was the (singular) goal of the hack, whereas here it was saying getting Trump elected was one of the goals.

On December 20, a senior intelligence official suggested to me this leakapalooza came from Congress, not the CIA. I noted I had made that so clear that a Harry Reid aide had given me shit about it. I also noted that the second leak came from a Brennan letter, which of course was carefully crafted and easily leaked.

On Thursday December 22 at 9:27 PM, NPR posted an interview between Mary Louise Kelly and John Brennan. It played the interview during Morning Edition and All Things Considered. Here’s the full transcript.

In one version of the interview, Kelly explained to Steve Inskeep that the interview wasn’t supposed to cover Russia at all but in fact spent 20 minutes (out of 52) on it.

He did not want to talk about Russia at all. When his team was confirming the interview with me they said, he’s not gonna go there, he’s not gonna talk about Russia. I said, well, I gotta ask about Russia. And they said, well, you can try. So I did and we ended up talking about Russia for close to 20 minutes.

After Kelly asked, “hand over heart, is [the intelligence] solid?” Brennan assured her Russia did in fact “try to interfere” in the US election. Brennan explained,

There is very strong consensus among not just the leaders of these organizations but also the institutions themselves. And that’s why we’re going through this review. We want to make sure that we scrub the information and make sure that the assessment and analysis is as strong and as grounded as it needs to be.

Kelly then goes on to prod him about motive specifically, mentioning that his letter said FBI and DNI agreed on the “nature, scope, and intent” of the hack. But she doesn’t yet raise what the conflict had been — whether Putin wanted to get Trump elected or not — or even any of the stated motives at all. Brennan responded by not addressing that issue either,

I will not disagree with you that the why is tough. And that’s why there needs to be very very careful consideration of what it is that we know and what it is that we have insight into and what our analysis needs to be. That’s why this review is being done, to make sure that there is going to be a thorough look at the nature, scope, and intent of what transpired.

Kelly reminds him that what had been appearing in the press is that Russia hacked the election “with the purpose of swinging it to Donald Trump.” Brennan responds,

Kelly: Is that an accurate characterization?

Brennan: That’s an accurate characterization of what’s been appearing in the media, yes.

Kelly: Is that an accurate characterization of where the CIA is on this?

Brennan: Well, that’s what the review is going to do. And we will make sure that President Obama and the incoming administration understands what the intelligence community has assessed and determined to have happened during the run-up to this election.

Which brings NPR to the big headline of their story from an interview in which Brennan didn’t want to discuss Russia at all. Kelly explains that Brennan doesn’t want to hack Russia in retaliation for its hack. Here’s why:

Well, this country is based on the democratic principles that our nation was founded upon. And there is a lot of challenges throughout the world to those principles of freedom, liberty, freedom of speech and the will of the people in order to govern as they see fit. And the election process is one of those foundational elements of our democracy. And I individually believe that there are certain things that this government, our country, should not be engaged in because it is inconsistent with those precepts, those tenets of the United States of America. So this was what’s making, you know, this challenging, which is how to safeguard our system, safeguard our digital domain, and make sure that there are decisions that can be taken that will deter, maybe sometimes punish those who violate the law, as well as try to attack our national security and try to undermine the democracy that we are.

Kelly asked how retaliating in kind would undermine American democratic principles.

Help me understand. Connect that line for me. How would retaliating in kind — so, a cyberattack against Russia — how would that undermine American democratic principles?

Well, I think if we hold dear the principles of democracy, liberty, freedom and freedom of speech and the right of people everywhere to have governments of their choosing, preventing the conduct of a free and fair and open election, devoid of interference and foreign manipulation, is something that I think the United States government, as well as the American people, would certainly want to make sure that’s going to be who we are.

And so there are a lot of things that those adversaries, enemies that we have, whether they be terrorists or proliferators or … whomever. Nation-states. They do some things that I think are beyond the pale. That’s why I don’t think we should resort to some of the tactics and techniques that our adversaries employ against us. I think we need to remember what we’re fighting for. We’re fighting for our country, our democracy, our way of life, and to engage in the skulduggery that some of our opponents and adversaries engage in, I think, is beneath this country’s greatness.

[snip]

We need to make sure that we are going to lead the way when it comes to allowing countries and people to choose their leaders, free of that foreign interference. And that’s the concerns we have, as we’ve seen, not just the United States but in other countries as well, the hand of foreign actors. And I don’t think it’s a secret that the the Russians have tried to influence the outcome of elections in other countries as well. So this is not just a question of their cyber activity. It’s a question of their using their influence in ways that are inconsistent, I believe, with what should be happening in these countries’ electoral processes.

Brennan goes on to state that the CIA has never tampered in elections in the 21st century (though he admits CIA does do what it can to ensure people get to vote), even while asserting that the rebels in Aleppo have not gotten adequate outside support.

So to sum up: CIA doesn’t want to retaliate against Russia because that’s not consistent with the democratic principles on which this country was founded.

NYT Kills the CyberCzars, then Translates Them into Russian

As I have suggested already, I am less enthused with the NYT’s big story on the DNC hack than most other people are. The story doesn’t explain its key conceit — why John Podesta still got hacked if an IT person instructed others how to protect him. It hides evidence that the DNC had enough information, from the start, to respond to the hack as a Russian-based attack (and in a number of other ways downplays the sheer ineptitude on the part of the DNC).

Moreover, especially as it writes articles about its own article, the NYT is treating this as the first comprehensive story on the hack, claiming credit for reporting done after the election that others managed to do before the election (story, story).  I’m pretty unsympathetic to any bid for a Pulitzer Prize (which I believe this is) that could and should have been completed before November 8.

Along the way, too, it has made some amusing edits. For example, an hour and a half after publication, the NYT decided to modernize the spelling of the neologism it had invented, from “cybertsars” to “cyberczars.”

Then, an hour and a half later, it killed off the cyberczars altogether.

That was easy!

Five hours after publication, the NYT admitted it should not have eliminated evidence of the WaPo’s great Watergate scoop from the article’s spooky lead picture.

Editors’ Note: An earlier version of the main photograph with this article, of a filing cabinet and computer at the Democratic National Committee headquarters, should not have been published. The photographer had removed a framed image from the wall over the filing cabinet — showing a Washington Post Watergate front page — because it was causing glare with the lighting. The new version shows the scene as it normally appears, with the framed newspaper page in place.

To the NYT, I guess, WaPo’s historic greatness counts as an annoying glare.

But now things have gotten interesting. Yesterday, the NYT posted a second version of the story, with a toggle to read it in Russian.

I’ve remarked on this practice at the NYT in the past, noting that NYT’s decision-making process about what it translates into Chinese seems arbitrary at best. But in at least once case — a case analogous to today, where the US was deciding how to respond to a massive compromise by an adversary (in that case, the compromise, the OPM hack, was even more damaging than what we know of this one so far) — an article seemingly addressing that issue got translated, in that case into Mandarin.

Maybe this is a great thing, to make it easier for Russians to get NYT’s partially misleading magnum opus on the DNC hack? Maybe this decision was made without any consideration of how to retaliate against Putin for this hack?

But amid accusations about fake news and official publications, the NYT really should be more transparent about how and why they do this.

 

 

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

The Shadow Brokers: “A Nice Little NSA You’ve Got Here; It’d Be a Shame If…”

When President Obama discussed how to retaliate against Russia for hacking the DNC last Friday, he described the trick of finding “an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us.” Aside from questions of efficacy, Obama raised something that a number of people looking for a big explosive response seem to have forgotten: that any response may create problems for us.

Which is why I find it curious that — aside from this one piece by Krypt3ia — no one factored in another cyber-attack on the US in discussions about retaliation, one that is, at least in execution, on-going: the release of NSA tools by a group calling itself the Shadow Brokers.

I’ve put a rough timeline (!) below. But as it shows, several weeks after the initial release of the DNC emails led to Debbie Wasserman Schultz’s resignation, the Shadow Brokers posted the first of what have thus far been 6 messages. Especially recently, the timing of the Shadow Brokers releases correlates in interesting ways with developments in the DNC hack. At the very least, the coincidence suggests the threat of further exposure of NSA’s hacking may be a factor in discussions about a response.

Release One: Burning US firewall providers

The first Shadow Brokers post announced an auction of Equation Group (that is, NSA offensive hacking) files. It released enough files to make it clear that a number of firewall companies, including several American companies, had been targeted by the NSA. Accompanying the release was a rant that indirectly pointed to the Clintons — discussing blowjobs and running for President — but at that point, there was not much focus about whether these files were related to the Russian hacking and, more importantly, not a ton of focus on the files in discussions of the Russian hacking. That is, while many people assumed Russia might be the culprit, that it might fell out of the discussion.

Two weeks later, the FBI arrested Hal Martin, a(nother) Booz Allen contractor that — the NYT story that revealed his arrested — served as a ready scapegoat for the files.

The very next day, Shadow Brokers posted its second message, the first of several proving that it was not, personally, Hal Martin. It was basically a play on Team America’s Kim Jong Il character, asking why everyone was so stupid.

A few days later, on September 5, President Obama gave Vladimir Putin the first of several warnings about the hacking — understood to be the DNC hacking (reportedly, no one knew about the Podesta hack yet, even though the emails had been stolen in March).

Almost a month passed before Shadow Brokers posted again, on October 1, basically whining about no one playing in the auction. The following two weeks are critical in the DNC hack rollout.

On October 7, two leaks distract from the IC attribution announcement

On October 7, three things happen (well, more, but I’ll come back to that): First, ODNI and DHS released their statement blaming Russia for the hack. The WaPo published the Access Hollywood “Grab them by the pussy” video. And WikiLeaks started releasing the Podesta emails.

Side note: This weekend, Podesta complained about the latter two events, describing how they came out just an hour apart. People even disputed the claim. But in neither Podesta’s comment nor the fact-check are people mentioning that it’s not so much the Podesta emails distracted from the Trump video (which I don’t think to be the case anyway, because the GrabThemByThePussy really did distract us for a while), but both — and especially the video — distracting from the Russia implication.

A week later, the same NBC team that has been the recipient of other DNC hack related leaks published a dick-wagging story promising that the CIA was about to cyber-retaliate for the hacks.

The next day, Shadow Brokers released message number 4 calling off the auction. The Shadow Brokers post also crassly spoofs airplane Loretta Lynch’s meeting with Bill Clinton (there a cultural reference here I don’t get), bringing the message content of the SB series still closer to the context of the Hillary emails.

Release Two: ID alleged NSA targets and threaten the election

Thus far, mind you, Shadow Brokers had just released enough to seriously compromise America’s firewall companies and their relationship with the NSA — but had mostly just been making noise since the first release. That changed on October 30, less than two weeks before the election.

Most of the focus on this release has been on the data released: a set of IP addresses seemingly showing the addresses NSA had hacked or used as a proxy. The IP addresses were dated, so the release wasn’t exposing ongoing operations, probably. But it did reveal a significant number of academic targets. It also showed that, several years before we drummed up the Iraq War, we were targeting the Organization for the Prohibition of Chemical Weapons. Unlike the first release, then, this one didn’t so much help anyone hack. Instead, it identified who had been hacked, and the degree to which these were not obvious targets.

But the message from that release is, in retrospect, just as important. It includes a reference to the NBC dick-wagging story about CIA hacking Russia. It questions why the focus has been on the DNC hack and not the Shadow Brokers release, “hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed.” It invited people to hack the election.

On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016.

And then it demanded payment or the bleeding would continue. “How bad do you want it to get? When you are ready to make the bleeding stop, payus,”

The next day, according to NBC, for the first time in his Administration, President Obama used the “Red Phone” communication system with Russia and discussed war, albeit in muddled terms.

Now, even aside from this timing, it makes more sense that Obama was reacting to the Shadow Brokers release than the DNC ones. Though Dems have suggested Russia kept hacking after the spring, that appears to have been more phishing attempts, not known theft of documents. As for the DNC and Podesta files, as Obama said on Friday, those files had already been stolen. Short of stopping WikiLeaks (and Ecuador had cut off Julian Assange’s wifi access by then, presumably in response to US pressure, though it had little impact on the release of the Podesta files), there was nothing that a call could do about the ongoing leaks pertaining to Hillary. There were, admittedly, the probes of state voter registration sites, but the IC has consistently stopped short of attributing those to Russia.

But a response to a threat to hack Russia?

Which would seem to suggest the IC believes that these Shadow Brokers files are coming from Russia.

Release Three: A broad array of alleged tools, including those that hacked Belgacom

Then things went quiet again for a while, until the leakapalooza starting on December 9, which was basically an effort by the Dems and some spooks to pressure Trump and/or delegitimize his election. Significantly, however, the December 9 WaPo story also reported, for the first time, that CIA knew who the cut-outs between Russia’s hackers and Wikileaks were, something James Clapper said the IC didn’t have as late as November 17. In addition, the NYT published its long piece describing the hack, told in a way to put the Dems in the best possible light (which is a polite way of saying it is not hard-hitting news).

So on December 14, a Motherboard post from a persona named Bocefus Cleetus points to a ZeroNet site with a set of files listed for individual sale (and aggregating all the past messages).

With regards to the files, here is HackerHouse’s analysis, here is the Grugq’s post on the technical aspect of the files, and a few of Shadow Brokers’ most recent tweets allegedly describe what some of the files are. The short version though is, like the original release, these are dated files, some of them triggering known interests of commentary on NSA’s hacking. There’s a good deal of variety in tools, some of which sound cool. One of them, at least according to Hacker House, is likely one of the tools used to hack Belgacom.

Interestingly, HackerHouse and the Grugq disagree as to what this array suggests about the source of the files. The Grugq argues that these files must come from inside the NSA, because there’d be no other explanation for all of them to be in the same place.

Why High Side?

The easiest way to tell this is high side [inside NSA’s classified networks] gear, not a back hack from an ops box is that there is simply too much here. Its hard for me to explain because it requires a level of information security knowledge combined with understanding how cyber operations are conducted (which is different from pen tests or red teaming.)

The TAO of Cyber

Cyber operations are basically designed with operational security in mind. The operators create a minimal package of tooling needed for conducting exactly, only and specifically the operation they are doing. This means, for example, if they are hitting a telco Call Data Records (CDR) box, they will plan for what they are going to do on that specific computer and prepare the tools for only that plan and that computer. If those tools are captured, or there is a back hack up to their staging point, the loss is compartmented.

But HackerHouse argues they must be from a staging site (that is, external to the NSA) because they are binary files.

The bulk of these projects are not provided in source code form and instead appear to be binary files, which further strengthens the hypothesis that these files were compromised from an operational staging post or actively obtained from a field operation. If they had been in source code format then this would suggest an insider leak is more likely, binary files are often used in operations over their source code counterpart.

For what it’s worth, in the first post, Shadow Brokers claims it tracked EG’s traffic. “We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group.” But it is worth noting that, 4 months after the first leak, tech folks are still disputing whether these must have come from inside our outside the NSA.

Assuming no one buys these files, then, the release has done several things. First, it provided Belgacom and other potential targets of US hacking more evidence they might use to identify an NSA hack. As such, it seems consistent with the earlier releases: not so damaging for current operations as it is for the exposure of who and how the US targets civilian targets.

But it also tells the NSA more about what Shadow Brokers has — at least some of the tools it has (in the first post, SB claimed NSA didn’t know what it had), but also where they were obtained.

Cleetus’ close commentary on recent events

Which brings me to the message (post one, post two) of presumed Shadow Brokers persona, Bocefus Cleetus (as others have argued, a possible allusion to “ventriloquist dummy of FSB”), which the Grugq wrote about here. I suspect (this is a wildarseguess) Cleetus may serve as a temporally contingent way to alert the public to files that may have been out there for a while.

As the Grugq notes, the first message is interesting for its invocation of Rage against the Machine’s “People of the Sun” juxtaposed against a background and fake discourse targeting caricatured Neo-Nazi Trump voters. He reads the former as a warning about invading brown people, but I think — given the stylistic fluidity across the six Shadow Brokers’ messages — it might better be understood as mixed metaphors. RATM where one has been led to expect Hank Williams Jr.

There’s also a reference to fake news. As with the October 30 release (assuming Cleetus is a persona of Shadow Brokers), this is also a piece responding to very current events.

But Cleetus’ second message that is a far more interesting comment on immediate events. For example, from the first, it invokes NYT’s blockbuster (which is remarkably favorable to the DNC) story on the hack, which has now been translated into Russia. Here’s Cleetus’ first line:

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity.

Here’s an early line from the NYT story:

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

This line from Cleetus:

The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails.

Seems to reflect Bill Binney’s theory, which is that the NSA would know if there were really a hack because it would have seen the traffic.

In other words, any data that is passed from the servers of the Democratic National Committee (DNC) or of Hillary Rodham Clinton (HRC) – or any other server in the U.S. – is collected by the NSA.  These data transfers carry destination addresses in what are called packets, which enable the transfer to be traced and followed through the network.

[snip]

The bottom line is that the NSA would know where and how any “hacked” emails from the DNC, HRC or any other servers were routed through the network. This process can sometimes require a closer look into the routing to sort out intermediate clients, but in the end sender and recipient can be traced across the network.

There’s the reference to the now-forgotten stink when Trump interviewed Mike Rogers.

Clapper and Carter tried to get Rogers fired. They also called for the breakup of NSA.

That was first reported by the same folks who set off this leakapalooza.

The heads of the Pentagon and the nation’s intelligence community have recommended to President Obama that the director of the National Security Agency, Adm. Michael S. Rogers, be removed.

The recommendation, delivered to the White House last month, was made by Defense Secretary Ashton B. Carter and Director of National Intelligence James R. Clapper Jr., according to several U.S. officials familiar with the matter.

Action has been delayed, some administration officials said, because relieving Rogers of his duties is tied to another controversial recommendation: to create separate chains of command at the NSA and the military’s cyberwarfare unit, a recommendation by Clapper and Carter that has been stalled because of other issues.

What ever happened to Trump’s imminent plan to replace James Clapper with Mike Rogers amidst a big rearrangement of the spook desk chairs, I wonder? Has he completely forgotten Clapper is out of here on January 20, at noon sharp, Clapper said?

In any case, those bits directly echo very current news. But the rest of the post posits a fight between DOD and CIA, some of it rooted in equally real, if more dated, pissing contests.

Look it up for yerself! DOD and CIA have had a turf war going back to the Afghanistan and Iraq Wars bout whose job it was to run paramilitary operations. A turf war over the next “domain of battle” with all the government cheese.

One reason Shadow Brokers’ positing of a NSA-CIA spat — which the Grugq argues could not be real — is so interesting is because most of the recent reporting has forgotten NSA’s centrality in all this and instead focused on an FBI-CIA split, which was artificially resolved by pre-empting the President’s press conference on Friday.

I don’t think there’s really an NSA-CIA pissing contest, though there may be an interesting detail here or there I’ll return to.

But it brings us full circle. President Obama, in urging calm, invoked the kind of retaliation that might, “create problems for us.” Those comments took place as if only the DNC and Podesta hacks were at issue (indeed, he made Martha Raddatz qualify what leaks the IC had blamed on Russia, and that’s what she said). But it appears likely that the IC connects Shadow Broker to the other two. And the whole time we’ve been talking about retaliating, the Shadow Brokers has not so much been undercutting the NSA’s bread and butter, but letting our allies and other neutral parties see precisely whom we conduct this dragnet on.

That sounds like something that might “create problems for us.”

On October 30, Shadow Brokers taunted, “When you are ready to make the bleeding stop, payus, so we can move onto the next game.” I think we’re still in that first game.


Shadow Brokers Timeline

August 13: Message 1 Equation Group Warez Auction Invitation

The name, in general, is a play on the villain from Mass Effect.

GitHub, Reddit, Tumblr (see note), with takedowns as stolen property

Message on Pastebin

Claims files obtained by following EG traffic, claims EG doesn’t know what it lost

We follow Equation Group traffic. We find Equation Group source range. We hack Equation Group.

[snip]

Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins.

Rant about wealthy elites who don’t get blowjobs who run for President

We have final message for “Wealthy Elites”. We know what is wealthy but what is Elites? Elites is making laws protect self and friends, lie and fuck other peoples. Elites is breaking laws, regular peoples go to jail, life ruin, family ruin, but not Elites. Elites is breaking laws, many peoples know Elites guilty, Elites call top friends at law enforcement and government agencies, offer bribes, make promise future handjobs, (but no blowjobs). Elites top friends announce, no law broken, no crime commit. Reporters (not call journalist) make living say write only nice things about Elites, convince dumb cattle, is just politics, everything is awesome, check out our ads and our prostitutes. Then Elites runs for president. Why run for president when already control country like dictatorship? What this have do with fun Cyber Weapons Auction? We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data. You see what “Equation Group” can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems? If Equation Group lose control of cyber weapons, who else lose or find cyber weapons? If electronic data go bye bye where leave Wealthy Elites? Maybe with dumb cattle? “Do you feel in charge?” Wealthy Elites, you send bitcoins, you bid in auction, maybe big advantage for you?

August 27: Hal Martin arrested

August 28: Message 2 “Why is everyone so fucking stupid”

A play on Team America’s “I’m so ronery

Additional details on auction, Pastebin

September 1: Message 6 files signed

September 5: Obama and Putin discuss DNC hacks at G-20

September 25: Sam Adams Award presentation; Craig Murray meets intermediary tied to Podeseta leak

October 1: Message 3 “Why you no like?”

More details on the auction. Medium

Q: Why saying “don’t trust us”?

A: TheShadowBrokers is making comment on trust-less exchanges. TheShadowBrokers is thinking is no thing now as trust-less. “Don’t Trust” is not equal to “Is Scam”. TheShadowBrokers is thinking no way to exchange secrets (auction files) without one party trusting other. If seller trust buyer and buyer no pay, then no more secrets. If buyer trust seller and seller no deliver, the no more sales. TheShadowBrokers is having more things to sell. Reputation is being another benefit of public auction.

October 7: IC Attribution of DNC hack to Russia, Podesta email release starts, Access Hollywood video

October 14: NBC story, CIA Prepping for Possible Cyber Strike Against Russia

Vice President Joe Biden told “Meet the Press” moderator Chuck Todd on Friday that “we’re sending a message” to Putin and that “it will be at the time of our choosing, and under the circumstances that will have the greatest impact.”

October 15: Message 4 “Yo Swag Me Out”

Calls off auction and provides spoof (I’m missing what this is a reference to) of Loretta Lynch/Bill Clinton plane conversation

October 17: Ecuador cuts off Assange’s Internet access

October 30: Message 5 Trick or Treat for Amerikanskis

Medium announcement

A reference to October 14 NBC story and Biden’s threat to Putin, mocking relative focus on DNC hacks over Equation Group hacks

Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures.

A challenge about whether the DNC hack is more important that the EG hack

But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed?

[snip]

Maybe political hacks is being more important?

A call for people to hack the elections

TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots? The wealthy elites is being weakest during elections and transition of power.

A threat that it will get worse

How bad do you want it to get? When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out!

October 31: Obama contacts Putin on Red Phone for first time in presidency, reportedly warns he’ll treat an attack on the election as an act of war.

November 26: Anonymous White House statement on election integrity

December 9: Obama calls for a review of hacking; WaPo releases releases story claiming CIA believes Russia did the hack to elect Trump

December 13: NYT story on DNC hack that leads with detail that FBI called DNC but staffer didn’t believe he was FBI.

December 14 (?): Message 6 “Black Friday/Cyber Monday Sale” (file signed September 1; Mustafa al-Bassam seemed to know they were coming if not already out there)

December 14: Message 6B Bocefus Cleetus 1 “Are the Shadow Brokers selling NSA tools on ZeroNet?”

Reference to Rage Against the Machine People of the Sun

Possible reference to Hank Williams Jr, Dukes of Hazard (perhaps ventriloquist doll for FSB)

Reference to fake news

December 15: Shadow Brokers interview with Motherboard

December 16, 5:21 AM(?): Message 6A Bocefus Cleetus 2, ““New Theory: Shadow Brokers Incident is a Deep State Civil War between CIA vs NSA”

Reference to NYT story on how DNC got hacked

Reference to Bill Binney theory on hack

Seeming rewriting of perceived FBI-CIA feud

Reference to (now forgotten) Trump interview with Mike Rogers

Reference to larger discussions of bureaucratic organization

DOD and CIA have had a turf war going back to the Afghanistan and Iraq Wars bout whose job it was to run paramilitary operations. A turf war over the next “domain of battle” with all the government cheese.

December 16, 2:40PM: Obama press conference

January 1, 2017 [Update} Shadow Brokers complains it did not get included in Obama’s sanctions list

One Day After Senior Intelligence Official Leaks Details of “Red Phone” Call, Russia Cuts Back Communications with the US

Yesterday, I expressed alarm that someone identified as a “senior intelligence official” not only leaked to NBC that President Obama had used the crisis “Red Phone” with Russia for the first time in his presidency (at least in a cyber context), but characterized the communication as muddled.

A month later, the U.S. used the vestige of an old Cold War communications system — the so-called “Red Phone” that connects Moscow to Washington — to reinforce Obama’s September warning that the U.S. would consider any interference on Election Day a grave matter.

This time Obama used the phrase “armed conflict.”

[snip]

A senior intelligence official told NBC News the message ultimately sent to the Russians was “muddled” — with no bright line laid down and no clear warning given about the consequences. The Russian response, said the official, was non-committal.

But it alarms me that someone decided it was a good idea to go leak criticisms of a Red Phone exchange. It would seem that such an instrument depends on some foundation of trust that, no matter how bad things have gotten, two leaders of nuclear armed states can speak frankly and directly.

Without that conversation being broadcast to the entire world via leaks.

Today, Reuters released a bizarre report — really signals within signals — claiming that most channels of dialogue are frozen.

The Kremlin said on Wednesday it did not expect the incoming U.S. administration to reject NATO enlargement overnight and that almost all communications channels between Russia and the United States were frozen, the RIA news agency reported.

“Almost every level of dialogue with the United States is frozen. We don’t communicate with one another, or (if we do) we do so minimally,” Peskov said

I say it’s bizarre because it’s not a firsthand report. It reports that RIA reported that Peskov said this in an interview with the Mir TV station. So it lacks context.

Moreover, it appears to be false, given that John Kerry spoke with Sergei Lavrov yesterday (with whom he seems to have a pretty good relationship).

MR KIRBY: Well, as you know, we weren’t a party to the talks, but Secretary Kerry did speak today to both Foreign Minister Lavrov and Foreign Minister Cavusoglu, who were there. And they provided the Secretary a sense of how the discussions went.

Nevertheless, this may be a kind of signaling.

It’s precisely the kind of possibility that I worried about when I noted the leak.

Now the Spooks Are Leaking Criticism of Obama’s Sole Use of the “Red Phone”

NBC, which seems to be sharing the role of spook leak central with WaPo, has upped the ante on previous leaks. Last night, it revealed that on October 31, Obama used the “Red Phone” (which is in reality an email system) designed to avert disasters with Russia for the first time in his Administration to warn Vladimir Putin not to fuck with our election process.

A month later, the U.S. used the vestige of an old Cold War communications system — the so-called “Red Phone” that connects Moscow to Washington — to reinforce Obama’s September warning that the U.S. would consider any interference on Election Day a grave matter.

This time Obama used the phrase “armed conflict.”

The reason we’re getting this leak seems fairly clear. Not only are Democrats peeved that Obama didn’t manage to recall or suppress documents already leaked to WikiLeaks, but one “senior intelligence official” is angry that Obama laid down no bright line.

A senior intelligence official told NBC News the message ultimately sent to the Russians was “muddled” — with no bright line laid down and no clear warning given about the consequences. The Russian response, said the official, was non-committal.

I’m pretty favorable to leaks (though not their use to preempt deliberative assessment of intelligence). They serve an important check on government, even on the President.

But it alarms me that someone decided it was a good idea to go leak criticisms of a Red Phone exchange. It would seem that such an instrument depends on some foundation of trust that, no matter how bad things have gotten, two leaders of nuclear armed states can speak frankly and directly.

Without that conversation being broadcast to the entire world via leaks.

It would seem such a leak might lead Putin to take such exchanges less seriously in the future knowing that the spooks reviewing the exchange don’t take the gravity of it all that seriously.

Ah well. Good things these spooks are so successfully combatting the inappropriate leak of information by leaking more information.

16 Words: “The British government has learned that Vladimir Putin recently sought significant quantities of votes for Trump”

This morning, I managed to remind the NYT in the NYT of its role in spreading leaks that led us to war in Iraq. I did so not to defend Donald Trump, but to point out how the flood of leaks leading up to the Iraq War is similar to the one we’ve had in the last week, insisting that Putin hacked Hillary specifically to get Trump elected. Here’s the comparison, which you’re familiar with from my posts in the last week.

Trump is not quite right when he claims that, “These are the same people that said Saddam Hussein had weapons of mass destruction.” Neither the entire intelligence community nor even everyone at the C.I.A. was wrong about the Iraq intelligence. Rather, leaks like the ones we’re seeing now ensured elected officials didn’t hear from the skeptics who got it right.

That time, as members of Congress were demanding the Bush administration show its case for war, anonymous officials told this newspaper that aluminum tubes purchased by Iraq could only be used for nuclear enrichment. By the time Congress got a report, a month later, saying that might not be the case most members never read it; they had already been convinced that the case for war was a “slam dunk.”

This time, just hours after the White House revealed President Obama had ordered a (belated) review by the entire intelligence community of how hacks have tainted our democracy, the C.I.A.’s incendiary conclusion got leaked to the press: First, anonymous leaks said Russia had hacked Democrats not just to cause chaos, but specifically to get Trump elected. Last Wednesday the leaks went further: Putin himself oversaw the operation to put Trump in the White House. On Friday, another C.I.A. leak came out minutes before Obama started a news conference where he said, “I want to make sure … I give the intelligence community the chance to gather all the information.”

The point of my post is not — as numerous people who refute it without reading it suggest — to argue Russia didn’t hack Hillary. While I have lingering questions, I think that likely.

Rather, it is to ask why the CIA is so invested in the narrative that Putin specifically intervened to get Trump elected, rather than the more obvious explanation, which is that he intervened to retaliate for real and imagined CIA-led covert operations targeted at Russian interests?

Lefties Learn to Love Leaks Again

Throughout the presidential campaign, observers have noted with irony that many on the right discovered a new-found love for WikiLeaks. Some of the same people who had earlier decried leaks, even called Chelsea Manning a traitor, were lapping up what Julian Assange was dealing on a daily basis.

There was a similar, though less marked, shift on the left. While many on the left had criticized — or at least cautioned about — WikiLeaks from the start, once Assange started targeting their presidential candidate, such leaks became an unprecedented, unparalleled assault on decency, which no one seemed to say when similar leaks targeted Bashar al-Assad.

Which is why I was so amused by the reception of this story yesterday.

After revealing that Donald Trump’s Secretary of State nominee “was the long-time director of a US-Russian oil firm based in the tax haven of the Bahamas, leaked documents show” in the first paragraph, the article admits, in the fourth paragraph that,

Though there is nothing untoward about this directorship, it has not been reported before and is likely to raise fresh questions over Tillerson’s relationship with Russia ahead of a potentially stormy confirmation hearing by the US senate foreign relations committee. Exxon said on Sunday that Tillerson was no longer a director after becoming the company’s CEO in 2006.

The people sharing it on Twitter didn’t seem to notice that (nor did the people RTing my ironic tweet about leaks seem to notice). Effectively, the headline “leaks reveal details I have sensationalized” served its purpose, with few people reading far enough to the caveats that admit this is fairly standard international business practice (indeed, it’s how Trump’s businesses work too). This is a more sober assessment of the import of the document detailing Tillerson’s ties with the Exxon subsidiary doing business in Russia.

This Guardian article worked just like all the articles about DNC and Podesta emails worked, even with — especially with — the people decrying the press for the way it irresponsibly sensationalized those leaks.

The response to this Tillerson document is all the more remarkable given the source of this leak. The Guardian reveals it came from an anonymous source for Süddeutsche Zeitung, which in turn shared the document with the Guardian and the International Consortium of Investigative Journalists.

The leaked 2001 document comes from the corporate registry in the Bahamas. It was one of 1.3m files given to the Germany newspaper Süddeutsche Zeitung by an anonymous source.

[snip]

The documents from the Bahamas corporate registry were shared by Süddeutsche Zeitung with the Guardian and the International Consortium of Investigative Journalists in Washington DC.

That is, this document implicating Vladimir Putin’s buddy Rex Tillerson came via the very same channel that the Panama Papers had, which Putin claimed, back in the time Russia was rifling around the DNC server, was a US intelligence community effort to discredit him and his kleptocratic cronies, largely because that was the initial focus of the US-NGO based consortium that managed the documents adopted, a focus replicated at outlets participating.

See this column for a worthwhile argument that Putin hacked the US as retaliation for the Panama Papers, which makes worthwhile points but would only work chronologically if Putin had advance notice of the Panama Papers (because John Podesta got hacked on March 19, before the first releases from the Panama Papers on April 3).

There really has been a remarkable lack of curiosity about where these files came from. That’s all the more striking in this case, given that the document (barely) implicating Tillerson comes from the Bahamas, where the US at least was collecting every single phone call made.

That’s all the more true given the almost non-existent focus on the Bahamas leaks before — from what I can tell just one story has been done on this stash, though the documents are available in the ICIJ database. Indeed, if the source for the leaks was the same, it would seem to point to an outside hacker rather than an inside leaker. That doesn’t mean the leak was done just to hurt Tillerson. The leak, which became public on September 21, precedes the election of Trump, much less the naming of Tillerson. But it deserves at least some notice.

For what it’s worth, I think it quite possible the US has been involved in such leaks — particularly given how few Americans get named in them. But I don’t think the Panama Papers, which implicated plenty of American friends and even the Saudis, actually did target Putin.

Still, people are going to start believing Putin’s claims that this effort is primarily targeted at him if documents conveniently appear from the leak as if on command.

I am highly interested in who handed off documents allegedly stolen by Russia’s GRU to Wikileaks. But I’m also interested in who the source enabling asymmetric corruption claims, as if on demand, is.

Obama’s Response to Russia’s Hack: An Emphasis on America’s More Generalized Vulnerability

President Obama’s comments Friday about the Russian hack of the DNC were a rare occasion where I liked one of his speeches far more than more partisan Democrats.

I think Democrats were disappointed because Obama declined to promise escalation. The press set Obama up, twice (first Josh Lederman and then Martha Raddatz), with questions inviting him to attack Putin directly. Similarly, a number of reporters asked questions that betrayed an expectation for a big showy response. Rather than providing that, Obama did several things:

  • Distinguish the integrity of the process of voting from our larger political discourse
  • Blame our political discourse (and the press) as much as Putin
  • Insist on a measured response to Putin

Distinguish the integrity of the process of voting from our larger political discourse

From the very start, Obama distinguished between politics and the integrity of our election system.

I think it is very important for us to distinguish between the politics of the election and the need for us, as a country, both from a national security perspective but also in terms of the integrity of our election system and our democracy, to make sure that we don’t create a political football here.

This gets to a point that most people are very sloppy about when they claim Putin “tampered” with the election. Throughout this election, the press has at times either deliberately or incompetently conflated the theft and release of emails (which the intelligence community unanimously agrees was done by Putin) with the hacking of voting-related servers (reportedly done by “Russians,” but not necessarily the Russian state, which is probably why the October 7 IC statement pointedly declined to attribute those hacks to Russia).

Obama, after having laid out how the IC provided the press and voters with a way to account for the importance of the Russian hack on the election, then returns to what he says was a successful effort to ensure Russia didn’t hack the actual vote counting.

What I was concerned about, in particular, was making sure that that wasn’t compounded by potential hacking that could hamper vote counting, affect the actual election process itself.

And so in early September, when I saw President Putin in China, I felt that the most effective way to ensure that that didn’t happen was to talk to him directly and tell him to cut it out, and there were going to be some serious consequences if he didn’t. And, in fact, we did not see further tampering of the election process.

This is consistent with the anonymous statement the White House released over Thanksgiving weekend, which the press seems unaware of. In it, the White House emphasized that it was aware of no malicious election-related tampering, while admitting they had no idea whether Russia had ever planned any in the first place.

Blame our political discourse (and the press) as much as Putin

By far the most important part of Obama’s comments, I think, were his comments about why he believed this to be the right approach.

Obama described the October 7 DHS/ODNI statement as an effort to inform all voters of the hack and leak (and high level involvement in it), without trying to tip the scale politically.

And at that time, we did not attribute motives or any interpretations of why they had done so. We didn’t discuss what the effects of it might be. We simply let people know — the public know, just as we had let members of Congress know — that this had happened.

And as a consequence, all of you wrote a lot of stories about both what had happened, and then you interpreted why that might have happened and what effect it was going to have on the election outcomes. We did not. And the reason we did not was because in this hyper-partisan atmosphere, at a time when my primary concern was making sure that the integrity of the election process was not in any way damaged, at a time when anything that was said by me or anybody in the White House would immediately be seen through a partisan lens, I wanted to make sure that everybody understood we were playing this thing straight — that we weren’t trying to advantage one side or another, but what we were trying to do was let people know that this had taken place, and so if you started seeing effects on the election, if you were trying to measure why this was happening and how you should consume the information that was being leaked, that you might want to take this into account.

And that’s exactly how we should have handled it.

Again, I get why Democrats are furious about this passage: they wanted and still want the IC to attack Trump for benefitting from the Russian hack. Or at the very least, they want to legitimize their plan to delegitimize Trump by using his Russian ties with Obama endorsement. From a partisan view, I get that. But I also very much agree with Obama’s larger point: if Russia’s simple hack decided the election, it’s as much a statement about how sick our democracy is, across the board, as it is a big win for Putin.

To lead into that point, Obama points out how many of the people in the room — how the press — obsessed about every single new leak, rather than focusing on the issues that mattered to the election.

[W]e allowed you and the American public to make an assessment as to how to weigh that going into the election.

And the truth is, is that there was nobody here who didn’t have some sense of what kind of effect it might have. I’m finding it a little curious that everybody is suddenly acting surprised that this looked like it was disadvantaging Hillary Clinton because you guys wrote about it every day. Every single leak. About every little juicy tidbit of political gossip — including John Podesta’s risotto recipe. This was an obsession that dominated the news coverage.

So I do think it’s worth us reflecting how it is that a presidential election of such importance, of such moment, with so many big issues at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks. What is it about our political system that made us vulnerable to these kinds of potential manipulations — which, as I’ve said publicly before, were not particularly sophisticated.

This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.

And that concerns me.

He returns to that more generally, with one of the most important lines of the presser. “Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is.”

The more [the review of the hack] can be nonpartisan, the better served the American people are going to be, which is why I made the point earlier — and I’m going to keep on repeating this point: Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is. That’s the thing that makes us vulnerable.

If fake news that’s being released by some foreign government is almost identical to reports that are being issued through partisan news venues, then it’s not surprising that that foreign propaganda will have a greater effect, because it doesn’t seem that far-fetched compared to some of the other stuff that folks are hearing from domestic propagandists.

To the extent that our political dialogue is such where everything is under suspicion, everybody is corrupt and everybody is doing things for partisan reasons, and all of our institutions are full of malevolent actors — if that’s the storyline that’s being put out there by whatever party is out of power, then when a foreign government introduces that same argument with facts that are made up, voters who have been listening to that stuff for years, who have been getting that stuff every day from talk radio or other venues, they’re going to believe it.

So if we want to really reduce foreign influence on our elections, then we better think about how to make sure that our political process, our political dialogue is stronger than it’s been.

Now, the Democrats who have celebrated hopey changey Obama have, over the years, recognized that his effort to be bipartisan squandered his opportunity, in 2009, to really set up a structure that would make us more resilient. It is, admittedly, infuriating that in his last presser Obama still endorses bipartisanship when the last 8 years (and events rolling out in North Carolina even as he was speaking) prove that the GOP will not play that game unless forced to.

So I get the anger here.

But, it is also true that our democracy was fragile well before Vladimir Putin decided he was going to fuck around. Even if Putin hadn’t hacked John Podesta, the way in which the email investigation rolled out accomplished the same objective. (Indeed, at one point I wondered whether Putin wasn’t jealous of Comey for having a much bigger effect on the election). Even if some Russians didn’t put out fake news, others were still going to do that, playing to the algorithmically enhanced biases of Trump voters. Even without Putin hacking voting machines, we can be certain that in places like Wisconsin and North Carolina the vote had already been hacked by Republicans suppressing Democratic vote.

The effect Putin was seeking was happening, happened, anyway, even without his involvement. That doesn’t excuse his involvement, but it does say that if we nuked Putin off the face of this earth tomorrow, our democracy would remain just as fragile as it was with Putin playing in it during this election.

So Obama is right about our vulnerability, though I think he really hasn’t offered a way to fix it. That’s what we all need to figure out going forward. But I can assure you: focusing exclusively on Russia, as if that is the problem and not the underlying fragility, is not going to fix it.

Insist on a measured response to Putin

Which leads us to his comments on a response. In spite of repeated efforts to get him to say “Vlad Putin is a big fat dick who personally elected Donald Trump,” Obama refused (though that didn’t stop some papers from adopting headings suggesting he had). Rather, Obama used the language used in the October 7 statement, saying the hacks were approved by the highest levels of the Russian government, which necessarily means Putin authorized them.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

Similarly, Obama refused to respond to journalists’ invitation to announce some big retaliation.

I know that there have been folks out there who suggest somehow that if we went out there and made big announcements, and thumped our chests about a bunch of stuff, that somehow that would potentially spook the Russians. But keep in mind that we already have enormous numbers of sanctions against the Russians. The relationship between us and Russia has deteriorated, sadly, significantly over the last several years. And so how we approach an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us, is something that’s worth taking the time to think through and figure out.

I’m going to return to this to discuss a detail no one seems to get about Obama’s choices right now. But for the moment, note his emphasis on a response that increases costs for such hacks that do “not create problems for us.”

Unsurprisingly (and, given America’s own aggressive cyberattacks, possibly unrealistically), Obama says he is most seeking norm-setting.

What we’ve also tried to do is to start creating some international norms about this to prevent some sort of cyber arms race, because we obviously have offensive capabilities as well as defensive capabilities. And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

Obama’s approach is “not a situation in which everybody is worse off because folks are constantly attacking each other back and forth.” Does that suggest the US has already been hacking Russia? Why do we never consider whether Putin was retaliating against us? Who started this cyberwar, anyway?

Funny how Americans assume the answer must be Putin.

In any case, we do need norms about this stuff, but that likely would require some honestly about what, if anything, is different about cyber election tampering than all the election tampering Russia and the US have engaged in for decades — which is a point Chilean Ariel Dorfman makes after pointing out the irony of CIA “crying foul because its tactics have been imitated by a powerful international rival.”

Even assuming we’ll never learn the full extent of America’s own recent tampering, that’s likely to be something that Obama is thinking about as journalists and Democrats wail that he isn’t taking a more aggressive stance.

Russian Hack-Related Excerpts from President Obama’s Press Conference

Just to have all this in one place, I’ve pulled all the comments from President Obama’s December 16 press conference.


Josh Lederman, of AP.

Q Thank you, Mr. President. There’s a perception that you’re letting President Putin get away with interfering in the U.S. election, and that a response that nobody knows about or a lookback review just won’t cut it. Are you prepared to call out President Putin by name for ordering this hacking? And do you agree with what Hillary Clinton now says, that the hacking was actually partly responsible for her loss? And is your administration’s open quarreling with Trump and his team on this issue tarnishing the smooth transition of power that you have promised?

THE PRESIDENT: Well, first of all, with respect to the transition, I think they would be the first to acknowledge that we have done everything we can to make sure that they are successful as I promised. And that will continue. And it’s just been a few days since I last talked to the President-elect about a whole range of transition issues. That cooperation is going to continue.

There hasn’t been a lot of squabbling. What we’ve simply said is the facts, which are that, based on uniform intelligence assessments, the Russians were responsible for hacking the DNC, and that, as a consequence, it is important for us to review all elements of that and make sure that we are preventing that kind of interference through cyberattacks in the future.

That should be a bipartisan issue; that shouldn’t be a partisan issue. And my hope is that the President-elect is going to similarly be concerned with making sure that we don’t have potential foreign influence in our election process. I don’t think any American wants that. And that shouldn’t be a source of an argument.

I think that part of the challenge is that it gets caught up in the carryover from election season. And I think it is very important for us to distinguish between the politics of the election and the need for us, as a country, both from a national security perspective but also in terms of the integrity of our election system and our democracy, to make sure that we don’t create a political football here.

Now, with respect to how this thing unfolded last year, let’s just go through the facts pretty quickly. At the beginning of the summer, we’re alerted to the possibility that the DNC has been hacked, and I immediately order law enforcement as well as our intelligence teams to find out everything about it, investigate it thoroughly, to brief the potential victims of this hacking, to brief on a bipartisan basis the leaders of both the House and the Senate and the relevant intelligence committees. And once we had clarity and certainty around what, in fact, had happened, we publicly announced that, in fact, Russia had hacked into the DNC.

And at that time, we did not attribute motives or any interpretations of why they had done so. We didn’t discuss what the effects of it might be. We simply let people know — the public know, just as we had let members of Congress know — that this had happened.

And as a consequence, all of you wrote a lot of stories about both what had happened, and then you interpreted why that might have happened and what effect it was going to have on the election outcomes. We did not. And the reason we did not was because in this hyper-partisan atmosphere, at a time when my primary concern was making sure that the integrity of the election process was not in any way damaged, at a time when anything that was said by me or anybody in the White House would immediately be seen through a partisan lens, I wanted to make sure that everybody understood we were playing this thing straight — that we weren’t trying to advantage one side or another, but what we were trying to do was let people know that this had taken place, and so if you started seeing effects on the election, if you were trying to measure why this was happening and how you should consume the information that was being leaked, that you might want to take this into account.

And that’s exactly how we should have handled it. Imagine if we had done the opposite. It would have become immediately just one more political scrum. And part of the goal here was to make sure that we did not do the work of the leakers for them by raising more and more questions about the integrity of the election right before the election was taking place — at a time, by the way, when the President-elect himself was raising questions about the integrity of the election.

And, finally, I think it’s worth pointing out that the information was already out. It was in the hands of WikiLeaks, so that was going to come out no matter what. What I was concerned about, in particular, was making sure that that wasn’t compounded by potential hacking that could hamper vote counting, affect the actual election process itself.

And so in early September, when I saw President Putin in China, I felt that the most effective way to ensure that that didn’t happen was to talk to him directly and tell him to cut it out, and there were going to be some serious consequences if he didn’t. And, in fact, we did not see further tampering of the election process. But the leaks through WikiLeaks had already occurred.

So when I look back in terms of how we handled it, I think we handled it the way it should have been handled. We allowed law enforcement and the intelligence community to do its job without political influence. We briefed all relevant parties involved in terms of what was taking place. When we had a consensus around what had happened, we announced it — not through the White House, not through me, but rather through the intelligence communities that had actually carried out these investigations. And then we allowed you and the American public to make an assessment as to how to weigh that going into the election.

And the truth is, is that there was nobody here who didn’t have some sense of what kind of effect it might have. I’m finding it a little curious that everybody is suddenly acting surprised that this looked like it was disadvantaging Hillary Clinton because you guys wrote about it every day. Every single leak. About every little juicy tidbit of political gossip — including John Podesta’s risotto recipe. This was an obsession that dominated the news coverage.

So I do think it’s worth us reflecting how it is that a presidential election of such importance, of such moment, with so many big issues at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks. What is it about our political system that made us vulnerable to these kinds of potential manipulations — which, as I’ve said publicly before, were not particularly sophisticated.

This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.

And that concerns me. And it should concern all of us. But the truth of the matter is, is that everybody had the information. It was out there. And we handled it the way we should have.

Now, moving forward, I think there are a couple of issues that this raises. Number one is just the constant challenge that we are going to have with cybersecurity throughout our economy and throughout our society. We are a digitalized culture, and there is hacking going on every single day. There’s not a company, there’s not a major organization, there’s not a financial institution, there’s not a branch of our government where somebody is not going to be phishing for something or trying to penetrate, or put in a virus or malware. And this is why for the last eight years, I’ve been obsessed with how do we continually upgrade our cybersecurity systems.

And this particular concern around Russian hacking is part of a broader set of concerns about how do we deal with cyber issues being used in ways that can affect our infrastructure, affect the stability of our financial systems, and affect the integrity of our institutions, like our election process.

I just received a couple weeks back — it wasn’t widely reported on — a report from our cybersecurity commission that outlines a whole range of strategies to do a better job on this. But it’s difficult, because it’s not all housed — the target of cyberattacks is not one entity but it’s widely dispersed, and a lot of it is private, like the DNC. It’s not a branch of government. We can’t tell people what to do. What we can do is inform them, get best practices.

What we can also do is to, on a bilateral basis, warn other countries against these kinds of attacks. And we’ve done that in the past. So just as I told Russia to stop it, and indicated there will be consequences when they do it, the Chinese have, in the past, engaged in cyberattacks directed at our companies to steal trade secrets and proprietary technology. And I had to have the same conversation with Prime Minister — or with President Xi, and what we’ve seen is some evidence that they have reduced — but not completely eliminated — these activities, partly because they can use cutouts.

One of the problems with the Internet and cyber issues is that there’s not always a return address, and by the time you catch up to it, attributing what happened to a particular government can be difficult, not always provable in court even though our intelligence communities can make an assessment.

What we’ve also tried to do is to start creating some international norms about this to prevent some sort of cyber arms race, because we obviously have offensive capabilities as well as defensive capabilities. And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

We do have some special challenges, because oftentimes our economy is more digitalized, it is more vulnerable, partly because we’re a wealthier nation and we’re more wired than some of these other countries. And we have a more open society, and engage in less control and censorship over what happens over the Internet, which is also part of what makes us special.

Last point — and the reason I’m going on here is because I know that you guys have a lot of questions about this, and I haven’t addressed all of you directly about it. With respect to response, my principal goal leading up to the election was making sure that the election itself went off without a hitch, that it was not tarnished, and that it did not feed any sense in the public that somehow tampering had taken place with the actual process of voting. And we accomplished that.

That does not mean that we are not going to respond. It simply meant that we had a set of priorities leading up to the election that were of the utmost importance. Our goal continues to be to send a clear message to Russia or others not to do this to us, because we can do stuff to you.

But it is also important for us to do that in a thoughtful, methodical way. Some of it we do publicly. Some of it we will do in a way that they know, but not everybody will. And I know that there have been folks out there who suggest somehow that if we went out there and made big announcements, and thumped our chests about a bunch of stuff, that somehow that would potentially spook the Russians. But keep in mind that we already have enormous numbers of sanctions against the Russians. The relationship between us and Russia has deteriorated, sadly, significantly over the last several years. And so how we approach an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us, is something that’s worth taking the time to think through and figure out. And that’s exactly what we’ve done.

So at a point in time where we’ve taken certain actions that we can divulge publically, we will do so. There are times where the message will go — will be directly received by the Russians and not publicized. And I should point out, by the way, part of why the Russians have been effective on this is because they don’t go around announcing what they’re doing. It’s not like Putin is going around the world publically saying, look what we did, wasn’t that clever? He denies it. So the idea that somehow public shaming is going to be effective I think doesn’t read the thought process in Russia very well.

Okay?


Q Did Clinton lose because of the hacking?

THE PRESIDENT: I’m going to let all the political pundits in this town have a long discussion about what happened in the election. It was a fascinating election, so I’m sure there are going to be a lot of books written about it.


Peter Alexander.

Q Mr. President, thank you very much. Can you, given all the intelligence that we have now heard, assure the public that this was, once and for all, a free and fair election? And specifically on Russia, do you feel any obligation now, as they’ve been insisting that this isn’t the case, to show the proof, as it were — they say put your money where your mouth is and declassify some of the intelligence, some of the evidence that exists? And more broadly, as it relates to Donald Trump on this very topic, are you concerned about his relationship with Vladimir Putin, especially given some of the recent Cabinet picks, including his selection for Secretary of State, Rex Tillerson, who toasted Putin with champagne over oil deals together? Thank you.

THE PRESIDENT: I may be getting older, because these multipart questions, I start losing track. (Laughter.)

I can assure the public that there was not the kind of tampering with the voting process that was of concern and will continue to be of concern going forward; that the votes that were cast were counted, they were counted appropriately. We have not seen evidence of machines being tampered with. So that assurance I can provide.

That doesn’t mean that we find every single potential probe of every single voting machine all across the country, but we paid a lot of attention to it. We worked with state officials, et cetera, and we feel confident that that didn’t occur and that the votes were cast and they were counted.

So that’s on that point. What was the second one?

Q The second one was about declassification.

THE PRESIDENT: Declassification. Look, we will provide evidence that we can safely provide that does not compromise sources and methods. But I’ll be honest with you, when you’re talking about cybersecurity, a lot of it is classified. And we’re not going to provide it because the way we catch folks is by knowing certain things about them that they may not want us to know, and if we’re going to monitor this stuff effectively going forward, we don’t want them to know that we know.

So this is one of those situations where unless the American people genuinely think that the professionals in the CIA, the FBI, our entire intelligence infrastructure — many of whom, by the way, served in previous administrations and who are Republicans — are less trustworthy than the Russians, then people should pay attention to what our intelligence agencies have to say.

This is part of what I meant when I said that we’ve got to think about what’s happening to our political culture here. The Russians can’t change us or significantly weaken us. They are a smaller country. They are a weaker country. Their economy doesn’t produce anything that anybody wants to buy, except oil and gas and arms. They don’t innovate.

But they can impact us if we lose track of who we are. They can impact us if we abandon our values. Mr. Putin can weaken us, just like he’s trying to weaken Europe, if we start buying into notions that it’s okay to intimidate the press, or lock up dissidents, or discriminate against people because of their faith or what they look like.

And what I worry about more than anything is the degree to which, because of the fierceness of the partisan battle, you start to see certain folks in the Republican Party and Republican voters suddenly finding a government and individuals who stand contrary to everything that we stand for as being okay because that’s how much we dislike Democrats.

I mean, think about it. Some of the people who historically have been very critical of me for engaging with the Russians and having conversations with them also endorsed the President-elect, even as he was saying that we should stop sanctioning Russia and being tough on them, and work together with them against our common enemies. He was very complimentary of Mr. Putin personally.

That wasn’t news. The President-elect during the campaign said so. And some folks who had made a career out of being anti-Russian didn’t say anything about it. And then after the election, suddenly they’re asking, well, why didn’t you tell us that maybe the Russians were trying to help our candidate? Well, come on. There was a survey, some of you saw, where — now, this is just one poll, but a pretty credible source — 37 percent of Republican voters approve of Putin. Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave.

And how did that happen? It happened in part because, for too long, everything that happens in this town, everything that’s said is seen through the lens of “does this help or hurt us relative to Democrats, or relative to President Obama?” And unless that changes, we’re going to continue to be vulnerable to foreign influence, because we’ve lost track of what it is that we’re about and what we stand for.


Martha Raddatz.

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

What was your second question?

Q Do the tweets and do the statements by Donald Trump embolden Russia?

THE PRESIDENT: As I said before, I think that the President-elect is still in transition mode from campaign to governance. I think he hasn’t gotten his whole team together yet. He still has campaign spokespersons sort of filling in and appearing on cable shows. And there’s just a whole different attitude and vibe when you’re not in power as when you’re in power.

So rather than me sort of characterize the appropriateness or inappropriateness of what he’s doing at the moment, I think what we have to see is how will the President-elect operate, and how will his team operate, when they’ve been fully briefed on all these issues, they have their hands on all the levers of government, and they’ve got to start making decisions.

One way I do believe that the President-elect can approach this that would be unifying is to say that we welcome a bipartisan, independent process that gives the American people an assurance not only that votes are counted properly, that the elections are fair and free, but that we have learned lessons about how Internet propaganda from foreign countries can be released into the political bloodstream and that we’ve got strategies to deal with it for the future.

The more this can be nonpartisan, the better served the American people are going to be, which is why I made the point earlier — and I’m going to keep on repeating this point: Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is. That’s the thing that makes us vulnerable.

If fake news that’s being released by some foreign government is almost identical to reports that are being issued through partisan news venues, then it’s not surprising that that foreign propaganda will have a greater effect, because it doesn’t seem that far-fetched compared to some of the other stuff that folks are hearing from domestic propagandists.

To the extent that our political dialogue is such where everything is under suspicion, everybody is corrupt and everybody is doing things for partisan reasons, and all of our institutions are full of malevolent actors — if that’s the storyline that’s being put out there by whatever party is out of power, then when a foreign government introduces that same argument with facts that are made up, voters who have been listening to that stuff for years, who have been getting that stuff every day from talk radio or other venues, they’re going to believe it.

So if we want to really reduce foreign influence on our elections, then we better think about how to make sure that our political process, our political dialogue is stronger than it’s been.


Isaac Dovere of Politico.

[snip]

Q    Well, what do you say to the electors who are going to meet on Monday and are thinking of changing their votes?  Do you think that they should be given an intelligence briefing about the Russian activity?  Or should they bear in mind everything you’ve said and is out already?  Should they — should votes be bound by the state votes as they’ve gone?  And long term, do you think that there is a need for Electoral College reform that would tie it to the popular vote?

[snip]

So with respect to the electors, I’m not going to wade into that issue because, again, it’s the American people’s job, and now the electors’ job to decide my successor. It is not my job to decide my successor. And I have provided people with a lot of information about what happened during the course of the election. But more importantly, the candidates themselves, I think, talked about their beliefs and their vision for America. The President-elect, I think, has been very explicit about what he cares about and what he believes in. So it’s not in my hands now; it’s up to them.

image_print