In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

On Provenance and Putin: That Sid Blumenthal Story

At a campaign appearance yesterday, Donald Trump quoted a judgment that Kurt Eichenwald made in an article last year on the Benghazi investigation.

One important point has been universally acknowledged by the nine previous reports about Benghazi: The attack was almost certainly preventable. Clinton was in charge of the State Department, and it failed to protect U.S. personnel at an American consulate in Libya. If the GOP wants to raise that as a talking point against her, it is legitimate.

The rest of the article was about how politicized the inquiry was. But right there in the middle of his article, Eichenwald included a namby pamby both-sides paragraph — one that could have better nuanced the conclusions of the many Benghazi reports — that said Benghazi was a legitimate issue to raise against Hillary.

Sucks to be Eichenwald, because Trump just used it on his campaign, to thrilled cries from his frothy supporters.

The quote came up on the campaign trail because Sid Blumenthal had forwarded the article — highlighting the description about the politicized questioning he himself had undergone, but ultimately quoting the entire article, including that namby pamby paragraph — to a bunch of undisclosed recipients, including John Podesta, under the subject line “The truth…” Blumenthal surely meant that Eichenwald’s larger point — that the whole investigation was politicized — was the truth, but he did forward the whole thing, including the namby pamby paragraph, under that heading.

The forwarded story got released by WikiLeaks as part of its Podesta leaks (emails which Hillary effectively confirmed during the debate by explaining one of the emails that had attracted the most attention).

Now, as it turns out, Sputnik published a story on the email, erroneously attributing the entire judgment, including that attacking Hillary for Benghazi was a legit talking point, to Blumenthal, not Eichenwald. They apparently realized their error and took it down. But not before Eichenwald started wondering how Trump came to be quoting his own namby pamby paragraph on the campaign trail.

In an article asserting that Trump got his talking point from the Sputnik story, Eichenwald has given up not only his namby pamby tone, but moderation. In it, having already suggested the misattribution to Blumenthal was due to “incompetence,” he then claims it was also deliberate disinformation. He then states as fact that Trump got this “falsehood” from the Kremlin.

This is not funny. It is terrifying. The Russians engage in a sloppy disinformation effort and, before the day is out, the Republican nominee for president is standing on a stage reciting the manufactured story as truth. How did this happen? Who in the Trump campaign was feeding him falsehoods straight from the Kremlin? (The Trump campaign did not respond to a request for comment).

The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump? That is a topic for another time.

Here’s an earlier version of the article, in which Eichenwald even more obviously asserts that the Sputnik article is both an error and a deliberate falsification.

Of course, this might be seen as just an opportunity to laugh at the incompetence of the Russian hackers and government press—once they realized their error, Sputnik took the article down. But this is not funny at all. The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump. That is a topic for another time.

There are two interesting details about Eichenwald’s story. Nowhere in the piece does he link the actual Wikileaks email, which makes it clear that Blumenthal had, in fact, forwarded that namby pamby paragraph along with everything else. It is clear that the email was just a forwarded Newsweek article, but given that the part Blumenthal highlighted at the top was his own testimony, it is perhaps understandable why someone might make the misattribution.

More interesting still, while Eichenwald links this YouTube of what he says is Trump repeating the Sputnik talking point, he only selectively quotes from it. But it appears (and I admit that this, as with all of Trump’s ramblings, is not entirely clear) that Trump introduces the quote this way:

So Blumenthal writes a quote — this just came out a little while ago, I have to tell you this. “One important point has been …

It’s certainly possible Trump meant, “So Blumenthal writes, I quote,” but at least to my ear, he said, “Blumenthal writes a quote.” If that’s right, then Trump couldn’t have been working from Sputnik (or he at least wasn’t replicating their error), because he would have been properly attributing this judgment as a quote (of Eichenwald). Trump does go on to say “this is Sidney Blumenthal, the only one he was talking to,” after insinuating that one reason Hillary set up her email server may have been to continue talking to “Sleazy Sidney” after Obama told her to stop, but nowhere in the clip do I see Trump IDing it as an email from Blumenthal. Perhaps Eichenwald bases this assertion — “He told the assembled crowd that it was an email from Blumenthal” — on some other part of the appearance.

Eichenwald also notes that Trump was “holding a document in his hand.” But the document appears to be a transcribed talking point; it’s almost certainly not the Sputnik article. So that doesn’t tell us anything about provenance.

In other words, it’s not actually clear where Trump got this from, or whether Trump’s staffers had at least corrected Sputnik’s error. It may well be! But Eichenwald hasn’t made that case.

Apparently this frothy Trump supporter tweeted out the claim, just as Trump stated it, though he has since deleted it. (h/t Emma Jones) The supporter, who joined Twitter in February 2016, could well be a Russian troll (but one that long precedes this particular leak campaign), but he certainly models as an Infowars loving Hillary hater who overreads anything implicating her, something America has in ready supply without Putin’s help.

There’s one other part of this that I find notable, aside from the claim that Sputnik made this error out of both incompetence and deliberate disinformation. A big part of this narrative is that Wikileaks is doing Russia’s bidding rather than — a more logical explanation — attacking Hillary, with whom Julian Assange has had a 6-year adversarial relationship.

screen-shot-2016-10-11-at-8-39-57-am

Wikileaks may well be working with Russia and/or the effect of sharing a mutual interest in weakening Hillary may amount to the same.

But this is actually a case where Russia did not do what has been alleged they might. That is, Wikileaks released what is an email no one contests, a not very controversial one at all. While Wikileaks has made misleading claims about what it has released at times, this is not one of them.

One thing clearly did not happen though. Even assuming Russia is responsible for the Podesta email leak, Russia did not “falsify” the original email to say what Eichenwald is so convinced Russia wanted to claim, that Blumenthal himself had endorsed Eichenwald’s namby pamby judgment that Benghazi is a fair talking point to use against Hillary. That claim only came after Sputnik tried to make it a bigger issue (but then realized its error, according to Eichenwald).

If Russia were doing what Eichenwald claimed — and they might in the future!! — then they would have doctored the email on the front end, not when republishing it in a state outlet.

Update: Unsurprisingly, Glenn Greenwald rips this (especially Eichenwald’s inflammatory tweets about the story) apart. More interesting, WaPo also dings Eichenwald for overclaiming what this incident reveals.

Update, November 1: There’s a very strange coda to this story. The guy who, until this event, worked at Sputnik and was responsible for the mistake, Bill Moran, wrote up this story from his viewpoint. Here’s how he made the mistake.

On Columbus Day, I made an embarrassing mistake. I noticed a series of viral tweets attributing words to Sidney Blumenthal on the Benghazi scandal. The original WikiLeaks document, to which the original article linked, was lengthy – 75 pages. I reviewed the document in a hurry, but I did not read all of them.

[snip]

I was moving too fast and I made a mistake – a mistake that I remain embarrassed about making. I stepped outside to smoke a cigarette after scheduling our social media accounts, stopped halfway through, thought “why hasn’t anybody else picked this up?” gave the document a second review, realized my error, and proceeded to delete the story.

The story was up from 3:23PM EDT to 3:42PM EDT and received 1,061 views before being removed – I’d like to apologize to weekend readers for making that mistake no matter how honest an error it was.

What happened next is weirder. Eichenwald made a series of contacts with the guy, basically trying to persuade him not to tell the real story publicly, including by suggesting he could help him get a job at New Republic and then by threatening him.

Then, as Paste describes, they had a long conversation that Moran, at first, wasn’t going to release. In it, Eichenwald waggles around American spooks.

In Moran’s notes on the call, he quotes Eichenwald as repeating that the “intelligence community” was monitoring both Sputnik and a separate Twitter account, which he holds responsible for the blowback (as opposed to his own story). He went on to say that everyone at Sputnik had an intelligence file on them, and asked if Moran had made any foreign phone calls that might have raised eyebrows. He went on to imply that Moran might have issues getting a re-entry visa into America if he ever traveled abroad, and then offered to help Moran “find a real job” to extricate him from the situation. He went on to say that both Sputnik and Russia Today have been targeted by the intelligence community, and will soon be subject to sanctions that aim at shutting them down for good.

Which Eichenwald does again in a follow-up email (at which point Eichenwald seemed to be going nuts, because he didn’t realize that Moran included Newsweek’s own lawyer on the exchange and instead assumed it was Moran’s lawyer).

Next, he reverts to the threatening language—the “bad cop” persona—telling Moran that he could tie him to the Russians themselves: “Now, there is one alternative here,” Eichenwald writes. “I can write: ‘William Moran, the writer for Sputnik, said he based his article not on directives from the Russian government but on an anonymous tweet that used a clip of the image of the document. He said he accepted the anonymous tweeters’ description that this was from Blumenthal, and did so because he was rushed. However, as the government official with knowledge of the intelligence inquiry said, the original altered document that was tweeted onto the internet came from a location that has been identified as being connected to the Russian disinformation campaigns, and only the news outlet owned by the Russian government published an article based on it.”

In other words, perhaps in an attempt to salvage his reputation, or perhaps in truth, Eichenwald was dragging the intelligence community into this.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Argument: The DNC Hack Attribution Was A Response to Brick and Mortar Events

Last week, ODNI and DHS released a statement widely viewed as attributing the hack and leak of DNC and other Democratic materials to Russia. The statement was actually a bit more nuanced than that:

Assertion 1: Russia compromised DNC and other political organizations

The statement starts with a comment that is spook speak for “we’ve proven this.”

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.

Mind you, this is the bit the IC has been confident of all along: they found hackers at the DNC and the hackers have all the attributes of two different Russian hacking groups.

Assertion 2: The leaking is consistent with stuff Russia has done elsewhere

The next move is the most interesting, in my opinion. The IC strongly suggests the leaking of those hacked files is Russia, but doesn’t use the same spook speak confidence language.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Here, the IC is not saying “we are confident Russia then handed all these files to WikiLeaks, as well as created two cover identities through which to leak them.” Instead, they are saying Russia has done similar things before and has the motivation to do so here. As they have for months, the spooks still appear not to have the same level of proof tying the hacking to the leaking that would allow them to say “we are confident” for this assertion, at least not that they’re willing to admit, which I find incredibly interesting.

Assertion 3: Russia is trying to interfere with the election

Having stated very confidently Russia did the hack and less confidently that it did the leak, the statement brings the nugget language: basically accusing Putin of masterminding the whole thing.

These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

For my purposes here, I’m not interested in testing the truth of this statement — though I am a bit interested in how “influencing public opinion” is deemed to be “interfering with the US election,” because it’s something many people don’t seem to have thought through (nor have they thought through how it differs from the US’ own information operations or PR involvement of other foreign powers in our elections).

Especially given this bit:

Assertion 4: Hackers operating through a Russian server hacked some state election websites, but that may not be the Russian state

The statement goes out of its way to note that the Russian-attributed activity most directly connected to the election, the voter rolls, may not actually be the Russian state, but instead just servers operated by a Russian company.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

Remember, identity thieves have in the past stolen far more voter registration records for identity theft. It’s certainly possible that’s what went on here. More importantly, the IC appears to have nothing from collection on Russia they’re willing to share to claim that this hacking is part of Putin’s mastermind plot.

The rest of the statement goes on to talk about the ways (which I’ve talked about as well) that our localized system of elections makes it really hard to hack an election (though that also makes it really easy to botch an election or even to tamper with elections by disenfranchising select voters, which is what people should be far more concerned about, given that we know such efforts are effective and ongoing).

The IC has long known this but chose to release this statement now

The reason I’ve broken this out into four parts — 1) we know Russia hacked the DNC, 2) the leaks of hacked material is consistent with stuff Russia has done in the past, 3) Putin is in charge, 4) Russia may not have hacked the state websites — is to call attention to the fact that the IC has been leaking assertions 1, 2, and 4 for months. The stated (leaked) reason to hold off on a formal attribution was the uncertain status of assertion 2: the IC doesn’t yet know how the files got from the DNC hackers into Julian Assange’s hands.

But the IC chose to release this statement without growing any more certain about assertion 2 and without solving assertion 4.

In my opinion, that means the IC released this statement to get to assertion 3. Putin is trying to “interfere” in our election by “influencing public opinion.”

The release timing is more about kinetic events elsewhere than it is about IC certainty

So why release this statement now, when the IC doesn’t seem to have gotten any more certain about assertion 2 or 4?

At the end of what I think is an overly pessimistic piece on America’s inability to deter hacking, Jack Goldsmith considers the possibility that undeterred cyberattacks may be a response to brick and mortar conflict.

Without robust defenses or effective deterrence, the United States can expect many more, and more harmful, cyber intrusions by adversaries who are asymmetrically empowered by the rise of digital networks.  There is no end to the ways that they might spy in, steal from, or disrupt U.S. networks, public and private.  That sounds bad, buts the implications are worse.  Asymmetric offensive cyber operations by our adversaries can be an effective response to every element of U.S. foreign and military power.  For all we know the Russian DNC hack is a response to sanctions for Ukraine and an attempt to win leverage in Syria.  Imagine the United States wanted to do more—via sanctions, or through military operations, or in cyber—to slow Russian operations in Eastern Europe or Syria.  The Russians could easily respond via cyber, where it appears to have an asymmetrical advantage.  Indeed, the relatively tepid USG response to Russian aggression in Eastern Europe and Syria may be a result of USG worries about the implications of the DNC hack.  In other words, the Russians may already be using cyber to deter the United States from seemingly unrelated foreign policy actions it might otherwise take.

Aside from his totally inappropriate use of “asymmetric” here — there’s no lack of potential symmetry between the cyber capabilities of the US and Russia, just an emphasis of one tool over another — I agree with this passage. Indeed, I’ve been saying for a long time that the most obvious explanation for why Putin would do all this so blatantly is because in his view the US carried out a coup in Ukraine and is attempting regime change in Syria to choke Russia strategically.

And as Goldsmith argues, the US’ weak spot is its vulnerability to cyber attacks, absolutely. That weakness is made worse, too, by continued  US insistence on retaining access to all potential offensive tools, even if they can be most dangerous against US targets if they ever, say, show up on an online sale (Goldsmith was curiously silent about the Shadow Brokers release here).

I suspect China, in particular, has done the same kind of mapping we have with Treasure Map, with a focus on having cyberattacks ready to launch that would neutralize us if we ever got into a hot war.

But Goldsmith doesn’t consider the possibility that things may also work in the reverse way.

The US released this statement at a time when it was also making a big diplomatic push against Russia — proposing a ceasefire at the UN it knew Russia would veto, after having failed to negotiate a ceasefire with Russia directly because it asked for things (a no fly zone, basically) that Russia has neither the interest nor the legal necessity to agree to, because Russia is in Syria at the behest of the still-recognized government of the state, we’re not. As it happens, the US is ratcheting up this effort at a time when our Saudi allies’ activities in Yemen make it hard to make a principled stance against Russia, because we’re implicated in Yemen in the same way Russia is in Syria.

More importantly, things are getting very very hot, with Russia moving missiles to Kaliningrad and threatening retaliation for any strikes on Syrian controlled territory.

So I would suggest the timing of this announcement — basically confirming the same certainty and uncertainty the IC has had for months, then using it to accuse Putin of trying to intervene directly in our country — is actually our response to more concrete events elsewhere, not the reverse (though there admittedly may be some chicken-and-egg stuff here, in that we may have held off on attribution in hope we could negotiate directly with Russia).

That is, both sides seem intent on ratcheting up the conflict between Russia and the US, and blaming Putin for interfering in our elections is one tool to do that.

If I’m right, the statement may have nothing to do with deterrence. Rather, it may have everything to do with escalation of other conflicts, providing a reason to pitch Russia’s strategic moves elsewhere as a direct threat to the US. I’m not saying Russia isn’t a dangerous adversary. I’m saying that the release of this statement will do nothing to prevent more hacks, but it will provide cause to claim the increasingly hot conflict with Russia directly threatens the US.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

A Busy Day for the Bears

Yesterday, there were three arguably big events associated with stolen records alleged to have ties to Russia’s GRU.

Simon Biles treats her ADHD

The first is the leak, by a group explicitly calling itself Fancy Bear (though the hack was once tied to Polish Anonymous), of anti-doping agency records showing the Williams sisters and Simone Biles all got approval for and took drugs on a list of otherwise banned substances. While there are no allegations of impropriety — indeed, Biles explained that in her case the exception involved treating ADHD — the story got covered by the major international press, including the Beeb, NBC, and NYT.

Colin Powell rants

The second alleged-Bear event is the release of Colin Powell emails, obtained by DC Leaks, to The Intercept, BuzzFeed, and Politico. The emails include quite recent ones, including one from August 26. Powell now uses GMail, suggesting his emails should be harder to hack than (for example) his State emails on AOL or emails run on a private server. Whether you worry about Russian influence or not, this hack is quite newsworthy.

There are embarrassing emails with Powell asserting that “Everything HRC touches she kind of screws up with hubris,” as well as emails with Powell complaining about Trump’s racism and the press’ stoking of it.

The emails are not limited to election-related ones, either. They also include correspondence between Powell and Jack Straw and how the Chilcot report got buried in all the Brexit news.

Guccifer 2 goes mainstream

dncarchitecture_mc

Finally, there was the “appearance” at a security conference by Guccifer 2.0, the guy who has released the DNC emails that gave the Democrats an excuse to force Debbie Wasserman Schultz’s to resign, though they had been looking for an excuse for some time.

In point of fact, Guccifer 2.0 didn’t appear in person at the conference. Rather, he sent a speech which got read at the conference, with the transcript released to journalists. The speech focused on the negligence of software companies in security. Guccifer went on for several paragraphs about the power and sloppiness of tech companies, arguing they were to blame for hacks.

The next reason, and the crucial one, is software vulnerability. Tech companies hurry to finish the work and earn money. So they break development cycle very often omitting the stage of testing. As a result, clients have raw products installed on their systems and networks with a great number of bugs and holes.

Fourth. It’s well known that all large companies look forward to receiving governmental contracts. They develop governmental websites, communication systems, electronic voting systems, and so on and have their products installed to critical infrastructure objects on the national level.

They are aggressively lobbying their interests. You can see it at the diagram that they spent millions of dollars for lobbying. That doesn’t mean they will produce better software. That means they will get even more money in return.

Then he returned to a claim he has made on two earlier occasions: that he hacked DNC via a vulnerability in VAN.

So, what’s the right question we should ask about cyber crime?

Who hacked a system?

Wrong. The right question is: who made it possible that a system was hacked? In this regard, what question should you ask me?

How I hacked the DNC???

Now you know this is a wrong question. Who made it possible, that I hacked into the DNC? This is the question. And I suppose, you already know the answer. This is NGP VAN Company that operates the DNC network. And this is its CEO Stu Trevelyan who is really responsible for the breach.

Their software is full of holes. And you knew about it even before I came on stage.

You may remember Josh Uretsky, the national data director for Sander’s presidential campaign. He was fired in December, 2015 after improperly accessing proprietary data in the DNC system. As it was agreed, he was intentionally searching for voter information belonging to other campaigns.

However, he is not to blame. The real reason voter information became available for non-authorized users was NGP VAN’s raw software which had holes and errors in the code. And this is the same reason I managed to get access to the DNC network. Vulnerabilities in the NGP VAN software installed on its server which they have plenty of. Shit! Yeah?

This scheme shows how NGP VAN is incorporated in the DNC infrastructure.

One of two schemes released with the speech appears above.

Now, Guccifer’s allegation — tying vulnerabilities in the VAN software to his own hack — could be newsworthy. Recall, after all, that one excuse the Bernie staffer gave for nosing around Hillary’s side of VAN was that Sanders’ own data had been compromised earlier that year. Importantly, Guccifer’s persistent focus on VAN, which was a signature moment in Sanders’ voters disillusionment with the DNC conduct in the election, would provide an alternative motive for this hack rather than just a Putinesque plot to tamper with Hillary’s election.

Thing is, there’s nothing in the materials released on VAN that indicates any particular vulnerability (though the dump does include some dated information on DNC’s computer security): effectively Guccifer makes an allegation but — at least from what I’ve seen and heard from a few people who know security better — doesn’t deliver the goods.

Indeed, while there are documents acknowledging the kind of pay-to-play appointments for big donors that both parties practice, and some other financial data that I suspect may prove more interesting with further scrutiny, there’s nothing really newsworthy in this dump. It seems to be interesting primarily to Bernie diehards, not the press generally, which is rightly more interested by the Powell emails.

Which, again, emphasizes how much Guccifer has been feeding Bernie diehards, either out of his own motivation or his handler’s. It is worth noting that while Guccifer claims to oppose Trump’s policies, he did say this about Sanders: “I have nothing to say about Bernie Sanders. It seems he never had a chance to win the nomination as the Democratic Party itself stood against him!”

Why stomp on the Bears other big blasts?

Which has me wondering about yesterday generally. If someone is orchestrating all these leaks, why have Guccifer “give a speech” on the same day as two highly managed releases, especially given that Guccifer failed to deliver the goods? Indeed, why invite Guccifer to, or have him accept an invitation from, a pretty staid security conference at all?

And what is the role of Darren Martyn, a LulzSec Irish hacker who was indicted along with Jeremy Hammond but apparently never extradited. He’s apparently the one who read Guccifer’s speech. Which raises all sorts of questions about Guccifer’s ties to the Anon group of hackers, or maybe also to what Martyn has been doing since he was indicted in the US.

Let me just close with an observation.

The Democrats have, rightly, been worried about what Guccifer will release closer to the election; I’ve heard specific concerns from connected Dems that he will release far more damning financial documents. The FBI, too, appears uncertain whether the set of documents Guccifer has is the same that the GRU-related hackers are believed to have spied on at the DNC. Thus, both the DNC and FBI would love to do something to make Guccifer show more of his hand.

Before this hack, we were all just waiting to see what Julian Assange, who is clearly maximizing damage to Hillary, will drop next.

And instead, by inviting Guccifer to appear at a conference, someone got Guccifer to drop an additional 700 MB of files while everyone is busy looking at the Powell emails.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In Attempted Hit Piece, NYT Makes Putin Hero of Defeating TPP

In an remarkable hit piece NYT spent over 5,000 words yesterday trying to prove that all of WikiLeaks’ leaks are motivated from a desire to benefit Russia.

That of course took some doing. It required ignoring the evidence of the other potential source of motivation for Julian Assange — such as that Hillary participated in an aggressive, and potentially illegal, prosecution of Assange for being a publisher and Chelsea Manning for being his source — even as it repeatedly presented evidence that that was Assange’s motivation.

Putin, who clashed repeatedly with Mrs. Clinton when she was secretary of state,

[snip]

In late November 2010, United States officials announced an investigation of WikiLeaks; Mrs. Clinton, whose State Department was scrambled by what became known as “Cablegate,” vowed to take “aggressive” steps to hold those responsible to account.

[snip]

Another person who collaborated with WikiLeaks in the past added: “He views everything through the prism of how he’s treated. America and Hillary Clinton have caused him trouble, and Russia never has.”

It also required dismissing some of the most interesting counterexamples to the NYT’s thesis.

Sunshine Press, the group’s public relations voice, pointed out that in 2012 WikiLeaks also published an archive it called the Syria files — more than two million emails from and about the government of President Bashar al-Assad, whom Russia is supporting in Syria’s civil war.

Yet at the time of the release, Mr. Assange’s associate, Ms. Harrison, characterized the material as “embarrassing to Syria, but it is also embarrassing to Syria’s opponents.” Since then, Mr. Assange has accused the United States of deliberately destabilizing Syria, but has not publicly criticized human rights abuses by Mr. Assad and Russian forces fighting there.

As I have noted, there is a significant likelihood that the Syria files came via Sabu and Anonymous from the FBI — that is, that it was actually an American spy operation. Even aside from how important a counterexample the Syrian files are (because they went directly contrary to Putin’s interests in protecting Assad, no matter how bad they made Assad’s western trade partners look), the provenance of these files and Assange’s current understanding of them deserve some attention if NYT is going to spend 5,000 words on this story.

But the most remarkable stunt in this 5,000 screed is taking Wikileaks’ efforts to show policies a great many people believe are counterproductive — most importantly, passing trade deals that benefit corporations while hurting real people, but also weakening other strong hands in climate change negotiations — and insinuating they might be a Putinesque plot. This bit requires editorial notes in line:

From November 2013 to May 2016, WikiLeaks published documents describing internal deliberations on two trade pacts: the Trans-Pacific Partnership, which would liberalize trade [ed: no, it would protect IP, the opposite of liberalizing trade] between the United States, Japan and 10 other Pacific Rim countries, and the Trade in Services Agreement, an accord between the United States, 21 other countries and the European Union.

Russia, which was excluded, has been the most vocal opponent of the pacts [this is presented with no evidence, nor even a standard of evidence. I and all of America’s TPP opponents as well as TPP opponents from around the world must redouble our very loud effort], with Mr. Putin portraying them as an effort to give the United States an unfair leg up in the global economy.

The drafts released by WikiLeaks stirred controversy among environmentalists, advocates of internet freedom and privacy, labor leaders and corporate governance watchdogs, among others. They also stoked populist resentment against free trade that has become an important factor in American and European politics. [Here, rather than admitting that this broad opposition to these trade deals shows that Putin is not the most vocal opponent of these pacts — contrary to their foundational assumption in this section — they instead portray a wide spectrum of well-considered activism as unthinking response to Putinesque manipulation. And note, here, a news outlet is complaining that ordinary citizens get access to critically important news, without even blushing? Also note the NYT makes no mention of the members of Congress who were also begging for this information, which makes it easier to ignore the profoundly anti-democratic nature of these trade agreements.]

The material was released at critical moments, with the apparent aim of thwarting negotiations, American trade officials said. [In a piece obscuring the unpopular and anti-democratic nature of these trade deals, the NYT gives these sources anonymity.]

WikiLeaks highlighted the domestic and international discord on its Twitter accounts.

American negotiators assumed that the leaks had come from a party at the table seeking leverage. [That anonymity again: NYT is protecting some bitter trade negotiators who’ve invented a paranoid conspiracy here. On what grounds?]

Then in July 2015, on the day American and Japanese negotiators were working out the final details of the Trans-Pacific Partnership, came what WikiLeaks dubbed its “Target Tokyo” release.

Relying on top-secret N.S.A. documents, the release highlighted 35 American espionage targets in Japan, including cabinet members and trade negotiators, as well as companies like Mitsubishi. The trade accord was finally agreed on — though it has not been ratified by the United States Senate — but the document release threw a wrench into the talks.

“The lesson for Japan is this: Do not expect a global surveillance superpower to act with honor or respect,” Mr. Assange said in a news release at the time. “There is only one rule: There are no rules.” [That the US spies on trade negotiations was of course not news by this point. But it is, nevertheless, worthy to point out.]

Because of the files’ provenance, United States intelligence officials assumed that Mr. Assange had gotten his hands on some of the N.S.A. documents copied by Mr. Snowden.

But in an interview, Glenn Greenwald, one of the two journalists entrusted with the full Snowden archive, said that Mr. Snowden had not given his documents to WikiLeaks and that the “Target Tokyo” documents were not even among those Mr. Snowden had taken.

The next paragraph goes on to note that the same NSA documents focused on climate negotiations between Germany and the UN, which seems to suggest the NYT also believes it is in petro-state leader Putin’s interest for the US attempts to dominate climate change negotiations to be thwarted, even as Assange describes US actions as protection petroleum interests, which of course align with Putin’s own.

In other words, as a central piece of evidence, the NYT spent 11 paragraphs repackaging opposition to shitty trade deals — a widely held very American view (not to mention a prominent one is most other countries affected) — into something directed by Russia, as if the only reasons to oppose TPP are to keep Russia on an equal shitty neoliberal trade footing as the rest of us, as if opposing the deals don’t benefit a whole bunch of red-blooded Americans.

That’s not only logically disastrous, especially in something billed as “news,” but it is very dangerous. It makes legitimate opposition to bad (albeit widely accepted as good within beltway and I guess NYT conventional wisdom) policy something disloyal.

NYT’s argument that Putin was behind WikiLeaks’ NSA leaks doesn’t hold together for a lot of reasons (not least that those two topics are probably not what Putin would prioritize, or even close). But it also has the bizarre effect, in a hit piece targeting Assange and Putin, of making Putin the hero of the anti-TPP movement.

And yet, NYT’s three journalists don’t seem to understand how counterproductive to their “journalistic” endeavor that argument is.

Update: Oy. As Trevor Timm notes, NYT worked with WL on the TPP release.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Did Wikileaks Do US Intelligence Bidding in Publishing the Syria Files?

Consider this nutty data point: between CNN’s Reliable Sources and NBC’s Meet the Press, Julian Assange was on more Sunday shows today than John McCain, with two TV appearances earlier this week.

Sadly, even in discussions of the potential that the DNC hack-plus-publication amounts to tampering with US elections, few seem to understand that evidence at least suggests that Wikileaks — not its allegedly Russian source — determined the timing of the release to coincide with the Democratic National Convention. Guccifer 2, at least, was aiming to get files out earlier than Wikileaks dumped them. So if someone is tampering, it is Julian Assange who, I’ve noted, has his own long-standing gripes with Hillary Clinton (though he disclaims any interest in doing her harm). If his source is Russia, that may just mean they had mutual interest in the publication of the files; but Assange claims to have determined the timing.

Since Wikileak’s role in the leak has been downplayed even as Assange has made the media rounds, since the nation’s spooks claim that publishing these documents is what makes it different, I want to consider this exchange Assange had with Chuck Todd:

CHUCK TODD:

All right. Let me ask you this. Do you, without revealing your source on this, do you accept information and leaked documents from foreign governments?

JULIAN ASSANGE:

Well, our publishing model means that what we publish is guaranteed to be true. That’s what we’re concerned about. That’s what our readers are concerned about. That’s the right of the general public, to not–

[snip]

CHUCK TODD:

Does that not trouble you at all, if a foreign government is trying to meddle in the affairs of another foreign government?

JULIAN ASSANGE:

Well, it’s an interesting speculative question that’s for the press and others to perhaps–

CHUCK TODD:

That doesn’t bother you? That is not part of the WikiLeaks credo?

JULIAN ASSANGE:

Well, it’s a meta story. If you’re asking would we accept information from U.S. intelligence that we had verified to be completely accurate, and would we publish that, and would we protect our sources in U.S. intelligence, the answer is yes, of course we would. [my emphasis]

Sure, at one level this is typical Assange redirection. When Todd asked if he’d accept files from Russia, Assange instead answered that he would accept them from the United States.

But it may not be so farcical as it seems. Consider the case of the Syria Files Wikileaks posted in spring 2012, at the beginning of the time the US was engaging in covert operations in Syria. They contained embarrassing information on Bashar al-Assad, his wife, and close associates, as well as documents implicating western companies that had facilitated Assad’s repression. Even at the time, people asked if the files were a western intelligence pys-op, though they were explicitly sourced to various factions of Anonymous. Then, between Jeremy Hammond and Sabu’s sentencing processes, it became clear that in January 2012, the latter identified targets for Anonymous hackers, targets that include the Syrian government.

An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.

Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.

[snip]

The sentencing statement also said that Mr. Monsegur directed other hackers to give him extensive amounts of data from Syrian government websites, including banks and ministries of the government of President Bashar al-Assad. “The F.B.I. took advantage of hackers who wanted to help support the Syrian people against the Assad regime, who instead unwittingly provided the U.S. government access to Syrian systems,” the statement said.

What’s not known (as multiple reports say is still not known about the DNC hack) is whether the specific files the Sabu-directed Anonymous hackers obtained were the same ones that Wikileaks came to publish, though the timing certainly works out. It’s a very distinct possibility. In which case Assange’s comment may be more than redirection, but instead a reminder that Wikileaks has played the analogous role in US-directed hack-and-publish operation, one designed to damage Assad and his western allies. If those documents did ultimately come via FBI direction of Sabu, then Assange might be warning US spooks that their own similar actions could be exposed if he were asked to reveal more about any Russian role in the DNC hack.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Two (Three, Four?) Data Points on DNC Hack: Why Does Wikileaks Need an Insurance File?

Actually, let me make that three data points. Or maybe four.

First, Reuters has reported that the DCCC has also been hacked, with the hacker apparently believed to be the same entity (APT28, also believed to be GRU). The hackers created a spoof version of ActBlue, which donors use to give money to campaigns.

The intrusion at the group could have begun as recently as June, two of the sources told Reuters.

That was when a bogus website was registered with a name closely resembling that of a main donation site connected to the DCCC. For some time, internet traffic associated with donations that was supposed to go to a company that processes campaign donations instead went to the bogus site, two sources said.

The sources said the Internet Protocol address of the spurious site resembled one used by Russian government-linked hackers suspected in the breach of the DNC, the body that sets strategy and raises money for the Democratic Party nationwide.

That would mean hackers were after either the donations themselves, the information donors have to provide (personal details including employer and credit card or other payment information), or possibly the bundling information tied to ActBlue.

Second, Joe Uchill, who wrote one of the stories — on two corrupt donors to the Democratic Party — that preceded both publication at the Guccifer 2 site and Wikileaks, said Guccifer gave him the files for the story because Wikileaks was dawdling in publishing what they had.

Screen Shot 2016-07-29 at 12.59.01 PM
Guccifer posted some of the documents Uchill used here.

This detail is important because it says Julian Assange is setting the agenda (and possibly, the decision to fully dox DNC donors) for the Wikileaks release, and that agenda does not perfectly coincide with Guccifer’s (which is presumed to be a cut-out for GRU).

As I’ve noted, Wikileaks has its own beef with Hillary Clinton, independent of whom Vladimir Putin might prefer as President or any other possible motive for Russia to do this hack.

Now consider this bizarre feature of several high level leak based stories on the hack: the claim of uncertainty about how the files got from the hackers to Wikileaks. This claim, from NYT, seems bizarrely stupid, as Guccifer and Wikileaks have both said the former gave the latter the files.

The emails were released by WikiLeaks, whose founder, Julian Assange, has made it clear that he hoped to harm Hillary Clinton’s chances of winning the presidency. It is unclear how the documents made their way to the group. But a large sampling was published before the WikiLeaks release by several news organizations and someone who called himself “Guccifer 2.0,” who investigators now believe was an agent of the G.R.U., Russia’s military intelligence service

The claim seems less stupid when you consider these two cryptic comments from two equally high level sourced piece from WaPo. In a story on FBI’s certainty Russia did the hack(s), Ellen Nakashima describes that the FBI is less certain that Russia passed the files to Wikileaks.

What is at issue now is whether Russian officials directed the leak of DNC material to the anti-secrecy group WikiLeaks — a possibility that burst to the fore on the eve of the Democratic National Convention with the release of 20,000 DNC emails, many of them deeply embarrassing for party leaders.

The intelligence community, the officials said, has not reached a conclusion about who passed the emails to WikiLeaks.

“We have not drawn any evidentiary connection to any Russian intelligence service and WikiLeaks — none,” said one U.S. official. Doing so will be a challenge, in part because the material may not have been passed electronically. [my emphasis]

The claim appears this way in a more recent report.

The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

Now, the doubts about whether the files were passed electronically is thoroughly fascinating. I assume the NSA has Assange — and potentially even the Wikileaks drop — wired up about 100 different ways, so the questions about whether the files were passed electronically may indicate that they didn’t see them get passed in such a fashion.

Add in the question of whether they’re even the same emails! We know the DCCC hack is targeting donor information. The Wikileaks release included far more than that. Which raises the possibility GRU is only after donor information (which is part of, but just one part of, what Guccifer has released).

But then there’s this detail. On June 17, Wikileaks released an insurance file — a file that will be automatically decrypted if Wikileaks is somehow impeded from releasing the rest of the files. It has been assumed that the contents of that file are just the emails that were already released, but that is almost certainly not the case. After all, Wikileaks has already released further documents (some thoroughly uninteresting voice mails that nevertheless further impinge on the privacy of DNC staffers). They have promised still more, files they claim will be more damaging. Indeed, Wikileaks claims there’s enough in what they have to indict Hillary, though such claims should always be taken with a grain of salt. Correction: That appears to have been a misunderstanding about what Assange said about the previously released State emails.

But here’s the other question.

There’s no public discussion of Ecuador booting Assange from their Embassy closet (though I’m sure they’re pretty tired of hosting him). His position — and even that of Wikileaks generally — seems pretty stable.

So why does Assange believe they need an insurance file? I don’t even remember the last time they issued an insurance file (update: I think it was when they released an insurance file of Chelsea Manning’s documents). So is there someone else in the process that needs an insurance file? Is there someone else in the process that would use the threat of full publication of the files (which presumably is going to happen anyway) to ensure safety?

I’ll leave that question there.

That said, these data point confirms there are at least two players with different motivations: Wikileaks, and the Russian hackers. But the FBI isn’t even certain whether the files the Russians took are the same that Wikileaks released, which might suggest a third party.

Meanwhile, James Clapper (who thankfully is willing to poo poo claims that hacks that we ourselves do are unique) seems very interested in limiting the panic about this hack.

Update: Oh! I forgot this fifth data point. This absolutely delightful take-down of Debbie Wasserman Schultz includes this claim that Wikileaks has malware in its site, which I’ve asked around and doesn’t seem to be true.

Staff members were briefed in a Tuesday afternoon meeting in Washington that their personal data was part of the hack, as were Social Security numbers and other information for donors, according to people who attended. Don’t search WikiLeaks, they were told — malware is embedded throughout the site, and they’re looking for more data.

Who told the DNC Wikileaks is releasing malware, and why?

Update: here’s what the malware claim is about: When it posted the “AKP emails,”  WL either added or did not remove a bunch of malware included in those emails, and as a result, that malware is still posted at the site. That is, the malware is associated with a separate set of documents available at the site.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Other Factor in the DNC Hack: WikiLeaks’ Personal War with Hillary Clinton

Since yesterday, both Jack Goldsmith and Peter Singer have had offered some interesting perspective on the alleged Russian hack of the DNC.

Singer had a bit of a Twitter rant.

Screen Shot 2016-07-26 at 2.37.08 PM

Screen Shot 2016-07-26 at 2.44.15 PM

His linked (recent) Oversight testimony which discussed how much more complex cyber deterrence is than Cold War nuclear deterrence is.

For his part, Goldsmith first considered what was old and new in the hack, finding the only real new thing was releasing the emails.

While there is nothing new in one nation using its intelligence services to try to influence an election in another, doing so by hacking into a political party’s computers and releasing their emails does seem somewhat new.

He then dismissed the notion — floated elsewhere — that this amounts to cyberwar while implying that the US has to get far better at defending our own networks and systems.

How seriously do you think the government takes issues of cyberwarfare? Do you feel confident about our defensive capabilities and competence?

“Cyberwar” is a misleading term—the Russian hack, if it is that, is not an act of war, at least not by traditional standards. It is closer to an intelligence operation with the twist of a damaging publication of the stolen information. That said, the U.S. government takes all major cyberoperations against it and its major public and private institutions very seriously. My confidence about our defensive capabilities and competence depends on what institutions you are talking about. Today, some components of the government (e.g. the Defense Department) do better than others (e.g. the Office of Personnel Management, which recently suffered an very damaging hack). And private sector defenses, even of important critical infrastructure networks, are a very mixed bag. The scale of the challenge is enormous, and offense has many advantages over defense. I don’t know anyone who is sanguine about our defensive capabilities overall.

Then he went on a Twitter rant directed at the hand-wringing about how unusual this is.

1/ In assessing the DNC hack, remember that USG is no innocent when it comes to infiltrating foreign computer networks.

2/ The cyber-attack on Iranian nuclear centrifuges was one of the most consequential in history.

3/ USG openly & aggressively supports technologies that weaken foreign gov’t control over networks.

[snip]

6/ It’s also well known that US has in past used covert ops to influence foreign elections.

7/ Current U.S. cyber-espionage almost certainly extends to political organizations in adversary states.

[snip]

11/ The point is that USG plays rough in cyberspace, and should expect others to do so as well.

12/  And yet USG seems perpetually unprepared. DNC hack is tiny tip of iceberg of possible electoral disruptions via cyber.

In short, both think this is something other than cyberwar, but view the importance of it differently (even while both provide suggestions for a policy framework to respond), particularly the uniqueness of the perceived sabotage of the election. But their discussion (along with virtually everyone else’s) has pitched this as a two-front question, us against Russia, though Singer’s testimony has a lot of discussion about how much more complexity there is to this issue, including the non-state actors who might be involved.

After having dismissed the unthinking equation of 2 intelligence hacks = Guccifer = Russia = WikiLeaks = Russia story, I want to return to it to complicate matters somewhat, to talk about Wikileaks role whether or not it cooperated with Russia on this. First, what follows is in no way meant to be a defense of Wikileaks’ action here, which included the inclusion of credit card and social security information in the dump. Particularly against the background of what it recently did with Turkish documents: in the guise of releasing a bunch of Erdogan documents, it also dumped voting information on most women in Turkey, including whether or not they were members of Erdogan’s AKP.

WikiLeaks also posted links on social media to its millions of followers via multiple channels to a set of leaked massive databases containing sensitive and private information of millions of ordinary people, including a special database of almost all adult women in Turkey.

Yes — this “leak” actually contains spreadsheets of private, sensitive information of what appears to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers. If these women are members of Erdogan’s ruling Justice and Development Party (known as the AKP), the dumped files also contain their Turkish citizenship ID, which increases the risk to them as the ID is used in practicing a range of basic rights and accessing services. The Istanbul file alone contains more than a million women’s private information, and there are 79 files, with most including information of many hundreds of thousands of women.

[snip]

Another file appears to contain sensitive information, including Turkish citizenship IDs of what appears to be millions of AKP members, listed as active or deceased. Yet another file contains the full names, citizenship IDs and cellphone numbers of hundreds of thousands of AKP election monitors — the most active members of the party.

As Zeynep Tufekci points out, in the wake of the failed coup and Erdogan’s retaliation, this has the possibility of endangering a great number of people.

She blames the dump on Wikileaks’ failure to work with locals, who could have explained that the emails themselves were virtually worthless. Perhaps. Perhaps Wikileaks served as someone else’s useful idiots — or even, if you believe there’s something more deliberate behind the coup and counter-coup, perhaps Wikileaks played a more active role.

So Wikileaks has done two things that were egregious and damaging. I do not defend that. I condemn it (and the sloppy journalism that enabled it).

Update: see this post on where the Turkey files came from, which came from Phineas Fisher; it wasn’t Wikileaks.

But I want to consider how different its role is with the target of this leak — Hillary Clinton (and Democrats more generally) — and Turkey.

Most of the discussion about the where and whyfor of the leak assumes it is all about Russia’s interest (assuming, of course, that this was a Russian state hack). But consider why Wikileaks might want to leak in this way and at this time.

Hillary was, of course, Secretary of State when Wikileaks leaked the State department cables and pushed aggressively for Chelsea Manning’s prosecution (as Charlie Savage wrote in a piece published just before I finished this, this is a point Assange made when he discussed the emails 6 weeks ago). She has, since then, been found to treat information claimed to be far more sensitive in careless fashion (as has the State Department generally).

Very importantly, State worked closely with DOJ as it investigated Wikileaks. There is very good reason to believe that as part of that investigation, DOJ mapped out Wikileaks’ supporters and, possibly, financial contributors — that is, precisely the kind of people, to the DNC, that Wikileaks just doxxed. That’s arguably a violation of Section 215, which includes First Amendment protections.

We also know that GCHQ was (at least as a SIGDEV research project, but those often serve to conduct surveillance that wouldn’t really fly within other legal guidelines) collecting log files of people who visit Wikileaks.

We know that under pressure from the US government, traditional funding sources stopped taking donations for Wikileaks. I’ve seen hints of some legally dubious action that may be worse, as well. In addition, in 2012, the FBI considered Bitcoin donations to Wikileaks among the many nefarious things one could do with Bitcoin.

Screen Shot 2016-07-26 at 7.59.01 PM

Love or hate Wikileaks, but it — and its political and financial supporters — were tracked. Its sources of funding were cut off. And then the government realized that Wikileaks (at that point, at least) was engaging in what a lot of media outlets also do and conceded it couldn’t charge Assange for those activities.

Now I’m not trying to say two wrongs make a right — that because FBI collected data implicating innocent supporters of Wikileaks, it is okay for Julian Assange to dox all the DNC’s supporters.

Rather, I’m trying to raise this in the context of the issues that Singer and Goldsmith lay out. Whether Wikileaks cooperated with Russia (if Russia did the hack) or not, it is a key player in this leak. Even if Russia did this to help Trump, Assange executed the leaks to maximal damage to Hillary (and I suspect Wikileaks will continue to do more damage with further leaks). What does this say about issues of retaliation against non-state actors working with the sphere of state actors, as people consider information war in the era of cyber?

I don’t know the answer to that, but as we raise the question, those issues need to be addressed as readily as the state actor question. The way this rolls out may be as much a question of a non-state actor retaliating against a political figure as it is a state actor trying to elect its preferred candidate.

 

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Hacking John Brennan, Hacking OPM

In Salon, I’ve got my take on the hack of John Brennan’s AOL account by a 13-year old stoner.

While I think it sucks that WikiLeaks posted unredacted data on Brennan’s family, I’m not at all sympathetic to Brennan himself. After all he’s the guy who decided hacking his SSCI overseers would be appropriate. He’s one of the people who’ve been telling us we have no expectation of privacy in the kinds of data hackers obtained from Verizon — alternate phone number, account ID, password, and credit card information — for years.

But most of all, I think we should remember that Brennan left this data on an AOL server through his entire Obama Administration career, which includes 4 years of service as Homeland Security Czar, a position which bears key responsibility for cybersecurity.

Finally, this hack exposes the Director of the CIA exercising almost laughable operational security. The files appear to date from the period leading up to Brennan’s appointment as White House Homeland Security Czar, where a big part of Brennan’s job was to prevent hacks in this country. To think he was storing sensitive documents on an AOL server — AOL! — while in that role, really demonstrates how laughable are the practices of those who purport to be fighting hackers as the biggest threat to the country. For at least 6 years, the Homeland Security Czar, then the CIA Director — one of the key intelligence officials throughout the Obama Administration — left that stuff out there for some teenagers to steal.

Hacking is a serious problem in this country. Like Brennan, private individuals and corporations suffer serious damage when they get hacked (and the OPM hack of Brennan’s materials may be far more serious). Rather than really fixing the problem, the intelligence community is pushing to give corporations regulatory immunity in exchange for sharing information that won’t be all that useful.

A far more useful initial step in securing the country from really basic types of hacking would be for people like Brennan to stop acting in stupid ways, to stop leaving both their own and the public’s sensitive data in places where even stoned kids can obtain it, to provide a good object lesson in how to limit the data that might be available for malicious hackers to steal.

I would add, however, that there’s one more level of responsibility here.

As I noted in my piece, Brennan’s not the only one who got his security clearance application stolen recently. He is joined in that by 21 million other people, most of whom don’t have a key role in cybersecurity and counterintelligence. Most of those 21 million people haven’t even got official notice their very sensitive data got hacked by one of this country’s adversaries — not even those people who might be particularly targeted by China. Like Brennan, the families of those people have all been put at risk. Unlike Brennan, they didn’t get to choose to leave that data sitting on a server.

In fact, John Brennan and his colleagues have not yet put in place a counterintelligence plan to protect those 21 million people.

If it sucks that John Brennan’s kids got exposed by a hacker (and it does), then it sucks even more than people with far fewer protections and authority to fix things got exposed, as well.

John Brennan should focus on that, not on the 13 year old stoner who hacked his AOL account.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Transcribing James Clapper

Hamid Karzai refused to meet with Obama during a surprise visit just after MYSTIC disclosures, so Obama called from Air Force One instead.

Hamid Karzai refused to meet with Obama during a surprise visit just after MYSTIC disclosures, so Obama called from Air Force One instead.

Yesterday, during the Q&A to his speech at INSA (which is where defense and intelligence contractors huddle with government paymasters), James Clapper conceded that Edward Snowden brought needed transparency but had also damaged operations. Rather than obliquely pointing to the exposure that Skype was no longer safe from surveillance, as he and his ilk normally do, Clapper pointed to what he claimed was a concrete example: what journalists have reported as revelations about full take cell phone content (SOMALGET or MYSTIC) leading to loss of access in Afghanistan.

After Clapper made the claim, a lot of reporters did what reporters do: they transcribed his comments uncritically. Lots of journalists did this, but here’s WaPo’s version from Ellen Nakashima:

One of the disclosures based on documents leaked by Edward Snowden, the former National Security Agency contractor, prompted the shutdown of a key intelligence program in Afghanistan, the nation’s top spy said Wednesday.

“It was the single most important source of force protection and warning for our people in Afghanistan,” Director of National Intelligence James R. Clapper Jr. said at an intelligence conference.

He was addressing a question about the impact of revelations by Snowden, whose leaks led to a global debate about the proper scope of U.S. surveillance at home and abroad.

Nakashima and other reporters assumed Clapper meant the MYSTIC/SOMALGET program, which Nakashima noted the WaPo first described (on March 18, 2014), followed by The Intercept two months later (on May 19, 2014), followed by WikiLeaks revealing Afghanistan as the target country several days later (on May 23, 2014). [Update: Note Cryptome correctly determined Afghanistan was the country on May 19, the day the Intercept published.]

Having laid all that out, however, Nakashima doesn’t quote the part of Clapper’s answer that would either discredit his description or reveal it’s something else. Here’s Ars Technica’s transcription of that part of it.

And programs that had a real impact on the security of American forces overseas, including one program in Afghanistan, “which he exposed and Glenn Greenwald wrote about, and the day after he wrote about it, the program was shut down by the government of Afghanistan,” Clapper noted.

If it’s the MYSTIC/SOMALGET program Clapper was really talking about, then his claim is self-refuting. Because either folks in Afghanistan recognized the program themselves back when WaPo wrote about it in March 2014, or probably didn’t until WikiLeaks confirmed they were the target. It wouldn’t have been Greenwald’s story, in which he withheld the information the government requested in any case.

For the moment, I’m going to assume that was the program, but let’s remember it might not be.

If so, consider what Clapper has done. As I mentioned, normally when people want to beat up Snowden, they point to his disclosure NSA had compromised Skype. But they never confirm that — they just mention it obliquely. Here, Clapper has confirmed the thing (actually just one of the things) that NSA had asked Greenwald to withhold. Given how vague WikiLeaks was about how they knew (after all, they’re not known to have the Snowden documents themselves), if this is MYSTIC/SOMALGET it seems that Clapper has definitively confirmed something that was at least of unknown provenance before.

Although, for reasons of source protection we cannot disclose how, WikiLeaks has confirmed that the identity of victim state is Afghanistan.

In other words, Clapper has confirmed something that hadn’t been confirmed before, precisely because the journalists involved had deferred to the government’s request not to publish it.

Or did he?

Clapper claimed “the program was shut down by the government of Afghanistan.”

Admittedly, the MYSTIC/SOMALGET disclosures came at an awkward time for US-Afghan relations. Hamid Karzai had been pushing back against night raids, prisoner transfers, and CIA militias. In part because the US wouldn’t cede Afghan sovereignty on such issues, Karzai was refusing to sign the Bilateral Security Agreement (raising the same kind of SOFA negotiation problems that forced us to withdraw troops from Iraq). Throughout this two month period, the election and run-off were going on.

So the disclosure that the US had compromised Afghanistan’s entire cell phone system — and implicitly, had copies of every cell call that Karzai and his potential replacements might make — would surely anger the Afghans, especially Karzai. Notably, two days after the WikiLeaks disclosure, Karzai refused to meet when President Obama made a surprise visit to the country on May 25, so (as shown by the White House image above) Obama called him from Air Force One instead.

But if that’s the case — if Afghanistan forced the US to shut down the full-take collection of cell phone content even as Obama was making surprise last minute visits (which may even have been an attempt to convince Karzai to reverse that decision) — then the fault lies not just, or even primarily, with Snowden. It lies with a long history of US refusal to cede to Afghanistan’s demands for some kind of functional sovereignty. This telecom disclosure may have been one more in a series of aggravations, but it was by no means the only one. Moreover, given that President Ghani’s relationship with the US is, thus far at least, far better than Karzai’s was at the time, it’s quite possible he has permitted the US to resume full-take collection.

James Clapper would be a lot more likely to confirm that Afghanistan had shut down NSA’s full-take collection if it had been resumed again under Karzai’s successor. Not least, because it would provide adversaries with false confidence the NSA didn’t have full take coverage.

Now consider this description of the Bahamian fallout from the equivalent disclosure. It shows that two parties were involved — the country’s telecom as well as the government. Indeed, all stories on this make it clear telecom providers are centrally involved in the collection program.

Moreover, the Intercept version of the story makes it quite clear they withheld not just the target country, but also the provider at the center of it.

The NSA documents don’t specify who is providing access in the Bahamas. But they do describe SOMALGET as an “umbrella term” for systems provided by a private firm, which is described elsewhere in the documents as a “MYSTIC access provider.” (The documents don’t name the firm, but rather refer to a cover name that The Intercept has agreed not to publish in response to a specific, credible concern that doing so could lead to violence.) Communications experts consulted by The Intercept say the descriptions in the documents suggest a company able to install lawful intercept equipment on phone networks.

And they withheld it for the same reason, because revealing it would lead to violence. That provider name has not been made public (though for a variety of reasons I think that’s the key secret here). Shutting down the system would have to involve, at a minimum, the Afghan government, this provider, plus Afghanistan’s multiple cell providers.

There are more reasons to believe Clapper’s story is bullshit. From the 2005 STELLAR WIND disclosures, which revealed the US was collecting all US-Afghanistan calls, to reports as early as 2008 that the Taliban were targeting cell providers because they recognized the security risk the networks posed, there is zero chance our adversaries in Afghanistan were unaware that the US had close to full dominance over the communications lines. There were also earlier Snowden disclosures — including Tempora, XKeyscore, and what sounded like transcripts obtained using a Stingray from a Afghan raid — that would have confirmed that view. The US is collecting close to everything from most countries where it remains at war, via a variety of overlapping means. There’s little about this disclosure in particular that added to the risk — but then, our adversaries had long been learning of our tactics and adjusting accordingly.

There is, then, the possibility it was one of these other disclosures Clapper was whining about — such as the potential Stingray one.

But if Clapper was talking about SOMALGET, and if it is true that the full-take collection got shut down, it means he and the government are blaming Snowden for long-term mismanagement of the Afghan relationship. It also may well mean that Ghani has let the US resume collection and Clapper’s public “confirmation” was designed — in addition to launching some unwarranted shots at Edward Snowden — to create the false impression the collection remains inactive.

James Clapper is a confirmed liar. Even setting aside his lies to Congress, it is his job to lie to adversaries. While that doesn’t mean journalists shouldn’t report what he says, there’s a great deal of context that should accompany such transcriptions.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.