Password: [email protected]

Remember how infosec people made fun of John Podesta when they learned his iCloud password — which got exposed in the Wikileaks dump of his stolen emails — was Runner4567? 4Chan used the password to hack a bunch of Podesta’s accounts.

Among the pages that got exposed in this week’s Wikileaks dumps of CIA’s hacking tools was a page of Operational Support Branch passwords. For some time the page showed the root password for the network they used for development purposes.

These passwords, as well as one (“password”) for another part of their server, were available on the network site as well.

Throughout the period of updates, it included a meme joking about setting your password to Incorrect.

At the beginning of January 2015, it included the passwords for two unclassified laptops used by the department, one of which was the very guessable [email protected]

OSB unclass laptop #1 password (tag 2005K676, Dell service tag: 7731Y32): “OSBDemoLap9W53!” (Without quotes)

OSB unclass laptop #2 password (tag 2005K677, Dell service tag: CN81Y32): “[email protected]” (no quotes, first chracter is a zero)

Remember, Assange has claimed that CIA treated its exploits as unclassified so they could be spread outside of CIA facilities.

A discussion ensued about what a bad security practice this was.

2015-01-30 14:30 [User #14588054]:

Am I the only one who looked at this page and thought, “I wonder if security would have a heart attack if they saw this.”?

2015-01-30 14:50 [User #7995631]:

Its locked down to the OSB group… idk if that helps.

2015-01-30 15:10 [User #14588054]:

I noticed, but I still cringed when I first saw the page.

I have no idea whether these passwords exacerbated CIA’s exposure. The early 2015 discussion happened well before — at least as we currently understand it — the compromise that led to Wikileaks’ obtaining the files. The laptops themselves were unclassified, and would only be a problem if someone got physical custody of them. Though shared devices like laptops were one of the things for which CIA had a multi-factor authentication problem up until at least August of 2016.

But if we’re going to make fun of John Podesta for password hygiene exposed in a Wikileaks dump, we ought to at least acknowledge that CIA’s hackers, people who spent their days exploiting hygiene sloppiness like this, had (simple) passwords lying around on a server that — as it turns out — was nowhere near as secure as it needed to be.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

No More Secrets: Vault 7

Several days after Shadow Brokers first announced an auction of a bunch of NSA tools last August, Wikileaks announced it had its own “pristine” copy of the files, which it would soon release.

Wikileaks never did release that archive.

On January 7-8, Shadow Brokers got testy with Wikileaks, suggesting that Wikileaks had grown power hungry.

Shadow Brokers threw in several hashtags, two of which could be throw-offs or cultural references to a range of things (though as always with pop culture references, help me out if I’m missing something obvious). The third — “no more secrets” — in context invokes Sneakers, a movie full of devious US intelligence agencies, double dealing Russians, and the dilemma of what you do when you’ve got the power that comes from the ability to hack anything.

Moments later, Shadow Brokers called out Wikileaks, invoking (in the language of this season’s South Park) Wikileaks’ promise to release the file.

Of course, within a week, Shadow Brokers had reneged on a promise of sorts. Less than an hour before calling out Wikileaks for growing power hungry, Shadow Brokers suggested it would sell a range of Windows exploits. Four days later, it instead released a limited (and dated) subset of Windows files — ones curiously implicating Kaspersky Labs. All the “bullshit political talk,” SB wrote in a final message, was just marketing.

Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and bullshit political talk was being for marketing attention.

And with that, the entity called Shadow Brokers checked out, still claiming to be in possession of a range of (dated) NSA hacking exploits.

Less than a month later (and over a month before Monday’s release), Wikileaks started the prep for the Vault 7 release of CIA’s hacking tools. (Given the month of lead hype and persistent attention throughout, I’m not sure why any claimed rapid and “overwhelming” response to the release should be attributed to Russian bots.)

Having been called out for sitting on the Shadow Brokers’ files (if, indeed, Wikileaks actually had them), Wikileaks this time gave the appearance of being forthcoming, claiming “the largest ever publication of confidential documents on the [CIA].”

Except …

While Wikileaks released a great deal of information about CIA’s hacking, it didn’t release the code itself, or the IP addresses that would reveal targets or command and control servers.

Wikileaks has carefully reviewed the “Year Zero” disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in “Year Zero” for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States.

Now, perhaps Wikileaks really is doing all this out of a sense of responsibility. More likely, it is designed to create a buzz for more disclosure that WL can use to shift responsibility for further disclosure. Yesterday, Wikileaks even did a silly Twitter poll designed to get thousands to endorse further leaks.

In reality, whether for their own PR reasons or because it reflects the truth, tech companies have been issued statements reassuring users that some of the flaws identified in the Wikileaks dump have already been fixed (and in fact, for some of them, that was already reflected in the Wikileaks documents).

Thus far, however, Wikileaks is sitting on a substantial quantity of recent CIA exploits and may be sitting on a significant quantity of dated NSA exploits. Mind you, the CIA seems to know (belatedly) precisely what Wikileaks has; while NSA has a list of the exploits Shadow Brokers was purportedly trying to sell, it’s not clear whether NSA knew exactly what was in that dump. But CIA and NSA can’t exactly tell the rest of the world what might be coming at them in the form of repurposed leaked hacking tools.

There has been a lot of conversation — most lacking nuance — about what it means that CIA uses code from other hackers’ exploits (including Shamoon, the Iranian exploit that has recently been updated and deployed against European targets). There has been less discussion about what it means that Wikileaks and Shadow Brokers and whatever go-betweens were involved in those leaks might be involved have been sitting on US intelligence community exploits.

That seems like a worthwhile question.

Update: as his delayed presser on this release, Assange stated that he would work with tech companies to neutralize the exploits, then release them.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

CIA Did Not Have Multi-Factor Authentication Controls for All Users as Recently as August 2016

I know I keep harping on the disclosures about the intelligence community’s security practices disclosed in the House Intelligence Report on Edward Snowden. But they go some way to explain why people keep walking out of spy agencies with those agencies’ hacking tools.

Over three years after the Snowden leaks, multiple Intelligence Inspector General Reports show, agencies still hadn’t plugged holes identified in response to Snowden’s leaks. When the CIA did an audit mandated by 2015’s CISA bill, for example, it revealed that “CIA has not yet implemented multi-factor authentication controls such as a physical token for general or privileged users of the Agency’s enterprise or mission systems.”

As I understand it, this had something to do with multi-factor use on devices used by multiple persons. So it may not have been as bad as this sounds (and — again, as I understand it, the problem has since been fixed).

Nevertheless, the CIA is whining about how evil Wikileaks is for publishing documents that (per Wikileaks, anyway) CIA stored with inadequate protection.

The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harm.

Sorry. I mean, Americans can be pissed that its premier intelligence agency got pwned.

But Americans should also be pissed that CIA is storing powerful weapons in a way such that they can easily be leaked. We wouldn’t excuse this with CIA’s anthrax stash. We should not give the Agency a pass here.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Wikileaks Dumps CIA’s Hacking Tools

Today, Wikileaks released a big chunk of documents pertaining to CIA’s hacking tools.

People will — and already have — treated this as yet another Russian effort to use Wikileaks as a cutout to release documents it wants out there. And that may well be the case. It would follow closely on the release, by Shadow Brokers, of a small subset of what were billed as NSA hacking tools (more on that in a bit).

Wikileaks attributes the files to two sources. First, it suggests a “US government hacker and contractor … provided WikiLeaks with portions of the archive.”

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

In an apparent reference to this source, Wikileaks explains,

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

It also notes that developers may steal tools without a trace (though speaks of this in terms of proliferation, not this leak).

Securing such ‘weapons’ is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them.

But Wikileaks also suggests that, because the CIA doesn’t classify its attack tools, it leaves them more vulnerable to theft.

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of “Vault 7” — the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems — the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the ‘battlefield’ of cyber ‘war’.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

Wikileaks is trying to appear more responsible than it was with recent leaks, which doxed private individuals. It explains that it has anonymized names. (It very helpfully replaces those names with numbers, which leaves enough specificity such that over 30 CIA hackers will know Wikileaks has detailed information on them, down to their favorite memes.) And it has withheld the actual exploits, until such time — it claims — that further consensus can be developed on how such weapons should be analyzed. In addition, Wikileaks has withheld targets.

Wikileaks has carefully reviewed the “Year Zero” disclosure and published substantive CIA documentation while avoiding the distribution of ‘armed’ cyberweapons until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.

Wikileaks has also decided to redact and anonymise some identifying information in “Year Zero” for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout Latin America, Europe and the United States. While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in “Vault 7” part one (“Year Zero”) already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Several comments about this: First, whether for reasonable or unreasonable purpose, withholding such details (for now) is responsible. It prevents Wikileaks’ release from expanding the use of these tools. Wikileaks’ password for some of these files is, “SplinterItIntoAThousandPiecesAndScatterItIntoTheWinds,” suggesting the motive.

Of course, by revealing that these tools exist, but not releasing them, Wikileaks could (hypothetically) itself use them. Wikileaks doesn’t explain how it obtained upcoming parts of this release, but it’s possible that someone used CIA’s tools against itself.

In addition, by not revealing CIA’s targets, Wikileaks both explicitly and implicitly prevents CIA (and the US generally) to offer the excuse they always offer for their surveillance tools: that they’re chasing terrorists — though of course, this is just a matter of agency vocabulary.

Among the list of possible targets of the collection are ‘Asset’, ‘Liason [sic] Asset’, ‘System Administrator’, ‘Foreign Information Operations’, ‘Foreign Intelligence Agencies’ and ‘Foreign Government Entities’. Notably absent is any reference to extremists or transnational criminals.

We will no doubt have further debate about whether Wikileaks was responsible or not with this dump. But consider: various contractors (and to a much lesser degree, the US intelligence community) have been releasing details about Russian hacking for months. That is deemed to be in the common interest, because it permits targets to prevent being hacked by a state actor.

Any hacking CIA does comes on top of the simplified spying the US can do thanks to the presence of most tech companies in the US.

So why should CIA hacking be treated any differently than FSB or GRU hacking, at least by the non-American part of the world?

This leak may well be what Wikileaks claims it to be — a concerned insider exposing the CIA’s excesses. Or perhaps it’s part of a larger Russian op. (Those two things could even both be true.) But as we talk about cybersecurity, we would do well to remember that all nation-state hackers pose a threat to the digital commons.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Updates from the Russian Front

I’m working on a post on the fight over Congressional investigations into the Russian hack, but for the moment I wanted to point to two other pieces of news.

Buzzfeed gets sued

First, BuzzFeed is getting sued.

One of the people named in the partial Trump dossier published by BuzzFeed last month, Aleksej Gubarev, has sued for defamation to himself and his companies, which include the hosting company Webzilla. Gubarev also sued Christopher Steele in the UK. In an interview with CNN, Gubarev described the injury suffered as a result of the publication of the unredacted dossier.

The lawsuit criticizes BuzzFeed for publishing the memos, alleging that “BuzzFeed itself admitted it had no idea what — if anything — in the dossier was truthful.”

Indeed, when the news website published the memos on January 10, it justified “publishing the full document so that Americans can make up their own minds about allegations about the president-elect that have circulated at the highest levels of the US government.”

The lawsuit notes that the BuzzFeed story has been viewed almost six million times, and the news site has written eight follow-up articles that all link back to the unsubstantiated dossier.

Before he filed the lawsuit, Gubarev spoke to CNNMoney about the damage he had already experienced from the leaked dossier.

“I’m really damaged by this story. This is why I’m ready to spend money and go to court about this,” he told CNNMoney in mid-January.

“I have a multimillion dollar business. Why do I need these connections with hackers?” he said, speaking by phone from the Mediterranean island of Cyprus where he lives. “It’s absolutely not true, and I can go to the court and say this.”

In his interview with CNNMoney, Gubarev said that three of XBT’s European bank partners froze the company’s $5 million credit line because of reports about the memos. Gubarev declined to provide CNNMoney proof of those frozen credit lines.

After the suit got filed, Buzzfeed redacted Gubaev’s names from the still-published dossier and apologized.

I’m interested in this development for several reasons. First, Donald Trump has repeatedly suggested that he might have sued Steele had the former British spy not gone into hiding. Furthermore, this feels a bit like Peter Thiel. So I wonder whether Gubarev has been advanced as a proxy to go after Buzzfeed.

Also, as noted, the (now-redacted) reference to Gubarev appears in the last entry of the partial dossier Buzzfeed published. As I explained, that last entry is significant because it post-dates any known sharing of the dossier on the part of Steele. That, plus some other aspects of the dossier as released, might have raised more caution in Buzzfeed about provenance before publication. If this suit goes forward, Gubarev would have an opportunity to probe these areas.

Wikileaks didn’t release all DNC emails

Then there’s this story, that reveals numerous DNC staffers and reporters have identified emails of theirs that didn’t get released by WikiLeaks. While multiple people quoted in the story suggest the emails may have been curated to take out worthwhile context, they also admit that there was nothing “explosive” that was excluded.

The question of whether the emails were curated in some way, to appear as damaging as possible to the Democratic Party, has long been whispered about among campaign staffers.

“There was the fact that they were released in drips and drabs, and then, the fact that entire parts of an email chain were missing, which would have given a bit of context to the discussion, but a lot of us weren’t about to say, ‘Hey, you missed some emails!’” said one Democratic Party campaign staffer, who, like others, asked for anonymity to discuss the data breach while investigations continue.

“I think it is unknown that these emails were not just dumped, there was curation happening here,” said another campaign staffer, who also requested anonymity in exchange for discussing the emails. “I would find part of an email chain, but not other parts. At times, the parts missing were the parts that would have given context to the whole discussion.”

Still, he said, among the missing emails was nothing “explosive, or holy shit… a lot of it was mundane stuff or stuff that flushed out and gave context.”

The implication in the story is that WikiLeaks curated the emails (and Assange did not answer Buzzfeed’s query about the missing files).

“The idea that Wikileaks and Julian Assange is about some kind of high minded transparency is totally completely full of shit,” said one former Democratic campaign staffer. “What they wanted was to create the maximum amount of political pain.”

There is precedent for a time when Wikileaks did not publish the entire set of a known dataset — in 2012, when Wikileaks’ version of the Syria files did not include a letter from a Syrian bank to a Russian one reflecting 2 billion Euro in deposits.

[T]he Syria Files should still contain the central bank’s emails from Oct. 26, 2011, concerning its €2 billion and bank account in Moscow: For one, WikiLeaks has published several emails received by the same account ([email protected]) from that day. Secondly, the court records leaked to the Daily Dot reveal the Moscow bank’s emails were, in fact, part of the larger backup file containing numerous emails currently found on the WikiLeaks site. One such email, discussed in depth by RevoluSec members more than nine months before the WikiLeaks release, details the transfer of €5 million from a bank in Frankfurt, Germany, to a European central bank in Austria, the recipient of the email being Central Bank of Syria.

When asked about the missing file, a WikiLeaks spox responded aggressively.

In response to a request for comment, WikiLeaks said the preceding account “is speculation and it is false.” The spokesperson continued: “The release includes many emails referencing Syrian-Russian relations. As a matter of long standing policy we do not comment on claimed sources. It is disappointing to see Daily Dot pushing the Hillary Clinton campaign’s neo-McCarthyist conspiracy theories about critical media.” (WikiLeaks threatened to retaliate against the reporters if they pursued the story: “Go right ahead,” they said, “but you can be sure we will return the favour one day.”)

[snip]

Asked about the possibility it could be duped, WikiLeaks responded flatly: “All Syria files obtained by WikiLeaks have been published and are authentic.”

In both cases, of course, it is possible that WikiLeaks didn’t get all of the documents.

Indeed, perhaps the most interesting detail in this new report — one noted without considering the implications of it — is that at least some staffers at DNC had emails set to delete after 30 days.

Many of the Democratic Party campaign staffers who spoke to BuzzFeed News said it was hard to tell exactly how many messages were missing, since their emails were set to automatically delete every 30 days.

The emails go back to early 2015. Yet GRU — the Russian intelligence service attributed with stealing these emails — didn’t break in until March 2016. The emails would have been backed up (or perhaps not all staffers did have their emails set to delate). But the detail may suggest other things about how the emails obtained by Wikileaks were stolen.

Remember: when the emails were first released, FBI was unsure whether the emails hacked by GRU were the same ones released by Wikileaks.

Trump eyes Poland

Finally, to the actual Russian front. According to this review of Trump’s foreign policy so far, his aides have been seeking information on an alleged incursion by Poland into Belarus, a close Russian ally.

According to one U.S. official, national security aides have sought information about Polish incursions in Belarus, an eyebrow-raising request because little evidence of such activities appears to exist. Poland is among the Eastern European nations worried about Trump’s friendlier tone on Russia.

That suggests the aides in question are getting some wacky ideas from … somewhere.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

On Wikileaks and Chelsea Manning’s Commutation

Today, President Obama commuted Chelsea Manning’s sentence, effective May 17. May she have the fortitude to withstand five more months of prison.

Among the many responses to the commutation, many people are pointing to a tweet Julian Assange wrote in September, promising to agree to US prison if Manning got clemency.

Assange made a very similar comment more recently, on January 12.

To Assange’s credit, he has long called for clemency for Manning; and whatever you think of Assange, his anger against Hillary was in significant part motivated by Clinton’s response to the Manning leaks. Manning might have been able to cooperate against Assange for a lesser sentence, but there was nothing Assange did that was not, also, what the NYT has done.

Indeed, the oddity of Assange’s original tweet is that, as far as has been made public, he has never been charged, not even for aiding Edward Snowden as a fugitive.

Nevertheless, since the comments, Assange’s European lawyer said he stands by his earlier comment (though she points out the US has not asked for extradition).

But I’d like to point to a third tweet, which might explain why Assange would be so willing to be extradited now.

The day after Assange repeated his promise to undergo extradition, just as the uproar over the Trump dossier led Christopher Steele to go into hiding has been roiling, Assange also tweeted a comment at least pretending he thought he might be murdered.

Sure, Assange is paranoid. But while Assange has been hiding behind purportedly American IDed cutouts, claiming plausible deniability that he got the DNC emails from the Russians, he surely knows, now, those people were cut-outs. The Russians, Trump, and any American cutouts that Assange could ID would badly like him to sustain that plausible deniability.

And the Russians have a way of silencing people like that, even in fairly protected places in London.

So while Assange could just be blowing smoke, Assange may well be considering his options, coming to the US on a plea deal versus dealing with Putin’s goons.

All of which might make such deals more attractive.

Update: Here’s Assange’s latest on this.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

Lefties Learn to Love Leaks Again

Throughout the presidential campaign, observers have noted with irony that many on the right discovered a new-found love for WikiLeaks. Some of the same people who had earlier decried leaks, even called Chelsea Manning a traitor, were lapping up what Julian Assange was dealing on a daily basis.

There was a similar, though less marked, shift on the left. While many on the left had criticized — or at least cautioned about — WikiLeaks from the start, once Assange started targeting their presidential candidate, such leaks became an unprecedented, unparalleled assault on decency, which no one seemed to say when similar leaks targeted Bashar al-Assad.

Which is why I was so amused by the reception of this story yesterday.

After revealing that Donald Trump’s Secretary of State nominee “was the long-time director of a US-Russian oil firm based in the tax haven of the Bahamas, leaked documents show” in the first paragraph, the article admits, in the fourth paragraph that,

Though there is nothing untoward about this directorship, it has not been reported before and is likely to raise fresh questions over Tillerson’s relationship with Russia ahead of a potentially stormy confirmation hearing by the US senate foreign relations committee. Exxon said on Sunday that Tillerson was no longer a director after becoming the company’s CEO in 2006.

The people sharing it on Twitter didn’t seem to notice that (nor did the people RTing my ironic tweet about leaks seem to notice). Effectively, the headline “leaks reveal details I have sensationalized” served its purpose, with few people reading far enough to the caveats that admit this is fairly standard international business practice (indeed, it’s how Trump’s businesses work too). This is a more sober assessment of the import of the document detailing Tillerson’s ties with the Exxon subsidiary doing business in Russia.

This Guardian article worked just like all the articles about DNC and Podesta emails worked, even with — especially with — the people decrying the press for the way it irresponsibly sensationalized those leaks.

The response to this Tillerson document is all the more remarkable given the source of this leak. The Guardian reveals it came from an anonymous source for Süddeutsche Zeitung, which in turn shared the document with the Guardian and the International Consortium of Investigative Journalists.

The leaked 2001 document comes from the corporate registry in the Bahamas. It was one of 1.3m files given to the Germany newspaper Süddeutsche Zeitung by an anonymous source.

[snip]

The documents from the Bahamas corporate registry were shared by Süddeutsche Zeitung with the Guardian and the International Consortium of Investigative Journalists in Washington DC.

That is, this document implicating Vladimir Putin’s buddy Rex Tillerson came via the very same channel that the Panama Papers had, which Putin claimed, back in the time Russia was rifling around the DNC server, was a US intelligence community effort to discredit him and his kleptocratic cronies, largely because that was the initial focus of the US-NGO based consortium that managed the documents adopted, a focus replicated at outlets participating.

See this column for a worthwhile argument that Putin hacked the US as retaliation for the Panama Papers, which makes worthwhile points but would only work chronologically if Putin had advance notice of the Panama Papers (because John Podesta got hacked on March 19, before the first releases from the Panama Papers on April 3).

There really has been a remarkable lack of curiosity about where these files came from. That’s all the more striking in this case, given that the document (barely) implicating Tillerson comes from the Bahamas, where the US at least was collecting every single phone call made.

That’s all the more true given the almost non-existent focus on the Bahamas leaks before — from what I can tell just one story has been done on this stash, though the documents are available in the ICIJ database. Indeed, if the source for the leaks was the same, it would seem to point to an outside hacker rather than an inside leaker. That doesn’t mean the leak was done just to hurt Tillerson. The leak, which became public on September 21, precedes the election of Trump, much less the naming of Tillerson. But it deserves at least some notice.

For what it’s worth, I think it quite possible the US has been involved in such leaks — particularly given how few Americans get named in them. But I don’t think the Panama Papers, which implicated plenty of American friends and even the Saudis, actually did target Putin.

Still, people are going to start believing Putin’s claims that this effort is primarily targeted at him if documents conveniently appear from the leak as if on command.

I am highly interested in who handed off documents allegedly stolen by Russia’s GRU to Wikileaks. But I’m also interested in who the source enabling asymmetric corruption claims, as if on demand, is.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

The Evidence to Prove the Russian Hack

In this post, I’m going to lay out the evidence needed to fully explain the Russian hack. I think it will help to explain some of the timing around the story that the CIA believes Russia hacked the DNC to help win Trump win the election, as well as what is new in Friday’s story. I will do rolling updates on this and eventually turn it into a set of pages on Russia’s hacking.

As I see it, intelligence on all the following are necessary to substantiate some of the claims about Russia tampering in this year’s election.

  1. FSB-related hackers hacked the DNC
  2. GRU-related hackers hacked the DNC
  3. Russian state actors hacked John Podesta’s emails
  4. Russian state actors hacked related targets, including Colin Powell and some Republican sites
  5. Russian state actors hacked the RNC
  6. Russian state actors released information from DNC and DCCC via Guccifer 2
  7. Russian state actors released information via DC Leaks
  8. Russian state actors or someone acting on its behest passed information to Wikileaks
  9. The motive explaining why Wikileaks released the DNC and Podesta emails
  10. Russian state actors probed voter registration databases
  11. Russian state actors used bots and fake stories to make information more damaging and magnify its effects
  12. The level at which all Russian state actors’ actions were directed and approved
  13. The motive behind the actions of Russian state actors
  14. The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

I explain all of these in more detail below. For what it’s worth, I think there was strong publicly available information to prove 3, 4, 7, 11. I think there is weaker though still substantial information to support 2. It has always been the case that the evidence is weakest at point 6 and 8.

At a minimum, to blame Russia for tampering with the election, you need high degree of confidence that GRU hacked the DNC (item 2), and shared those documents via some means with Wikileaks (item 8). What is new about Friday’s story is that, after months of not knowing how the hacked documents got from Russian hackers to Wikileaks, CIA now appears to know that people close to the Russian government transferred the documents (item 8). In addition, CIA now appears confident that all this happened to help Trump win the presidency (item 13).

1) FSB-related hackers hacked the DNC

The original report from Crowdstrike on the DNC hack actually said two separate Russian-linked entities hacked the DNC: one tied to the FSB, which it calls “Cozy Bear” or APT 29, and one tied to GRU, which it calls “Fancy Bear” or APT 28. Crowdstrike says Cozy Bear was also responsible for hacks of unclassified networks at the White House, State Department, and US Joint Chiefs of Staff.

I’m not going to assess the strength of the FSB evidence here. As I’ll lay out, the necessary hack to attribute to the Russians is the GRU one, because that’s the one believed to be the source of the DNC and Podesta emails. The FSB one is important to keep in mind, as it suggests part of the Russian government may have been hacking US sites solely for intelligence collection, something our own intelligence agencies believe is firmly within acceptable norms of spying. In the months leading up to the 2012 election, for example, CIA and NSA hacked the messaging accounts of a bunch of Enrique Peña Nieto associates, pretty nearly the equivalent of the Podesta hack, though we don’t know what they did with that intelligence. The other reason to keep the FSB hack in mind is because, to the extent FSB hacked other sites, they also may be deemed part of normal spying.

2) GRU-related hackers hacked the DNC

As noted, Crowdstrike reported that GRU also hacked the DNC. As it explains, GRU does this by sending someone something that looks like an email password update, but which instead is a fake site designed to get someone to hand over their password. The reason this claim is strong is because people at the DNC say this happened to them.

Note that there are people who raise questions of whether this method is legitimately tied to GRU and/or that the method couldn’t be stolen and replicated. I will deal with those questions at length elsewhere. But for the purposes of this post, I will accept that this method is a clear sign of GRU involvement. There are also reports that deal with GRU hacking that note high confidence GRU hacked other entities, but less direct evidence they hacked the DNC.

Finally, there is the real possibility that other people hacked the DNC, in addition to FSB and GRU. That possibility is heightened because a DNC staffer was hacked via what may have been another method, and because DNC emails show a lot of password changes off services for which DNC staffers had had their accounts exposed in other hacks.

All of which is a way of saying, there is some confidence that DNC got hacked at least twice, with those two revealed efforts being done by hackers with ties to the Russian state.

3) Russian state actors (GRU) hacked John Podesta’s emails

Again, assuming that the fake Gmail phish is GRU’s handiwork, there is probably the best evidence that GRU hacked John Podesta and therefore that Russia, via some means, supplied Wikileaks, because we have a copy of the actual email used to hack him. The Smoking Gun has an accessible story describing how all this works. So in the case of Podesta, we know he got a malicious phish email, we know that someone clicked the link in the email, and we know that emails from precisely that time period were among the documents shared with Wikileaks. We just have no idea how they got there.

4) Russian state actors hacked related targets, including some other Democratic staffers, Colin Powell and some Republican sites

That same Gmail phish was used with victims — including at a minimum William Rinehart and Colin Powell — that got exposed in a site called DC Leaks. We can have the same high degree of confidence that GRU conducted this hack as we do with Podesta. As I note below, that’s more interesting for what it tells us about motive than anything else.

5) Russian state actors hacked the RNC

The allegation that Russia also hacked the RNC, but didn’t leak those documents — which the CIA seems to rely on in part to argue that Russia must have wanted to elect Trump — has been floating around for some time. I’ll return to what we know of this. RNC spox Sean Spicer is denying it, though so did Hillary’s people at one point deny that they had been hacked.

There are several points about this. First, hackers presumed to be GRU did hack and release emails from Colin Powell and an Republican-related server. The Powell emails (including some that weren’t picked up in the press), in particular, were detrimental to both candidates. The Republican ones were, like a great deal of the Democratic ones, utterly meaningless from a news standpoint.

So I don’t find this argument persuasive in its current form. But the details on it are still sketchy precisely because we don’t know about that hack.

6) Russian state actors released information from DNC and DCCC via Guccifer 2

Some entity going by the name Guccifer 2 started a website in the wake of the announcement that the DNC got hacked. The site is a crucial part of this assessment, both because it released DNC and DCCC documents directly (though sometimes misattributing what it was releasing) and because Guccifer 2 stated clearly that he had shared the DNC documents with Wikileaks. The claim has always been that Guccifer 2 was just a front for Russia — a way for them to adopt plausible deniability about the DNC hack.

That may be the case (and obvious falsehoods in Guccifer’s statements make it clear deception was part of the point), but there was always less conclusive (and sometimes downright contradictory) evidence to support this argument (this post summarizes what it claims are good arguments that Guccifer 2 was a front for Russia; on the most part I disagree and hope to return to it in the future). Moreover, this step has been one that past reporting said the FBI couldn’t confirm. Then there are other oddities about Guccifer’s behavior, such as his “appearance” at a security conference in London, or the way his own production seemed to fizzle as Wikileaks started releasing the Podesta emails. Those details of Guccifer’s behavior are, in my opinion, worth probing for a sense of how all this was orchestrated.

Yesterday’s story seems to suggest that the spooks have finally figured out this step, though we don’t have any idea what it entails.

7) Russian state actors released information via DC Leaks

Well before many people realized that DC Leaks existed, I suspected that it was a Russian operation. That’s because two of its main targets — SACEUR Philip Breedlove and George Soros — are targets Russia would obviously hit to retaliate for what it treats as a US-backed coup in Ukraine.

DC Leaks is also where the publicly released (and boring) GOP emails got released.

Perhaps most importantly, that’s where the Colin Powell emails got released (this post covers some of those stories). That’s significant because Powell’s emails were derogatory towards both candidates (though he ultimately endorsed Hillary).

It’s interesting for its haphazard targeting (if someone wants to pay me $$ I would do an assessment of all that’s there, because some just don’t make any clear sense from a Russian perspective, and some of the people most actively discussing the Russian hacks have clearly not even read all of it), but also because a number of the victims have been affirmatively tied to the GRU phishing methods.

So DC Leaks is where you get obvious Russian targets and Russian methods all packaged together. But of the documents it released, the Powell emails were the most interesting for electoral purposes, and they didn’t target Hillary as asymmetrically as the Wikileaks released documents did.

8) Russian state actors or someone acting on its behest passed information to Wikileaks

The basis for arguing that all these hacks were meant to affect the election is that they were released via Wikileaks. That is what was supposed to be new, beyond just spying (though we have almost certainly hacked documents and leaked them, most probably in the Syria Leaks case, but I suspect also in some others).

And as noted, how Wikileaks got two separate sets of emails has always been the big question. With the DNC emails, Guccifer 2 clearly said he had given them to WL, but the Guccifer 2 ties to Russia was relatively weak. And with the Podesta emails, I’m not aware of any known interim step between the GRU hack and Wikileaks.

A late July report said the FBI was still trying to determine how Russia got the emails to Wikileaks or even if they were the same emails.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

An even earlier report suggested that the IC wasn’t certain the files had been passed electronically.

And the joint DHS/ODNI statement largely attributed its confidence that Russia was involved in the the leaking (lumping Guccifer 2, DC Leaks, and Wikileaks all together) not because it had high confidence in that per se (a term of art saying, effectively, “we have seen the evidence”), but instead because leaking such files is consistent with what Russia has done elsewhere.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Importantly, that statement came out on October 7, so well after the September briefing at which CIA claimed to have further proof of all this.

Now, Julian Assange has repeatedly denied that Russia was his source. Craig Murray asserted, after having meeting with Assange, that the source is not the Russian state or a proxy. Wikileaks’ tweet in the wake of yesterday’s announcement — concluding that an inquiry directed at Russia in this election cycle is targeted at Wikileaks — suggests some doubt. Also, immediately after the election, Sergei Markov, in a statement deemed to be consistent with Putin’s views, suggested that “maybe we helped a bit with WikiLeaks,” even while denying Russia carried out the hacks.

That’s what’s new in yesterday’s story. It stated that “individuals with connections to the Russian government” handed the documents to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees. Moscow has in the past used middlemen to participate in sensitive intelligence operations so it has plausible deniability.

I suspect we’ll hear more leaked about these individuals in the coming days; obviously, the IC says it doesn’t have evidence of the Russian government ordering these people to share the documents with Wikileaks.

Nevertheless, the IC now has what it didn’t have in July: a clear idea of who gave Wikileaks the emails.

9) The motive explaining why Wikileaks released the DNC and Podesta emails

There has been a lot of focus on why Wikileaks did what it did, which notably includes timing the DNC documents to hit for maximum impact before the Democratic Convention and timing the Podesta emails to be a steady release leading up to the election.

I don’t rule out Russian involvement with all of that, but it is entirely unnecessary in this case. Wikileaks has long proven an ability to hype its releases as much as possible. More importantly, Assange has reason to have a personal gripe against Hillary, going back to State’s response to the cable release in 2010 and the subsequent prosecution of Chelsea Manning.

In other words, absent really good evidence to the contrary, I assume that Russia’s interests and Wikileaks’ coincided perfectly for this operation.

10) Russian state actors probed voter registration databases

Back in October, a slew of stories reported that “Russians” had breached voter related databases in a number of states. The evidence actually showed that hackers using a IP tied to Russia had done these hacks. Even if the hackers were Russian (about which there was no evidence in the first reports), there was also no evidence the hackers were tied to the Russian state. Furthermore, as I understand it, these hacks used a variety of methods, some or all of which aren’t known to be GRU related. A September DHS bulletin suggested these hacks were committed by cybercriminals (in the past, identity thieves have gone after voter registration lists). And the October 7 DHS/ODNI statement affirmatively said the government was not attributing the probes to the Russians.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In late November, an anonymous White House statement said there was no increased malicious hacking aimed at the electoral process, though remains agnostic about whether Russia ever planned on such a thing.

The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day. As we have noted before, we remained confident in the overall integrity of electoral infrastructure, a confidence that was borne out on election day. As a result, we believe our elections were free and fair from a cybersecurity perspective.

That said, since we do not know if the Russians had planned any malicious cyber activity for election day, we don’t know if they were deterred from further activity by the various warnings the U.S. government conveyed.

Absent further evidence, this suggests that reports about Russian trying to tamper with the actual election infrastructure were at most suspicions and possibly just a result of shoddy reporting conflating Russian IP with Russian people with Russian state.

11) Russian state actors used bots and fake stories to make information more damaging and magnify its effects

Russia has used bots and fake stories in the past to distort or magnify compromising information. There is definitely evidence some pro-Trump bots were based out of Russia. RT and Sputnik ran with inflammatory stories. Samantha Bee famously did an interview with some Russians who were spreading fake news. But there were also people spreading fake news from elsewhere, including Macedonia and Surburban LA. A somewhat spooky guy even sent out fake news in an attempt to discredit Wikileaks.

As I have argued, the real culprit in this economy of clickbait driven outrage is closer to home, in the algorithms that Silicon Valley companies use that are exploited by a whole range of people. So while Russian directed efforts may have magnified inflammatory stories, that was not a necessary part of any intervention in the election, because it was happening elsewhere.

12) The level at which all Russian state actors’ actions were directed and approved

The DHS/ODNI statement said clearly that “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.” But the WaPo story suggests they still don’t have proof of Russia directing even the go-between who gave WL the cables, much less the go-between directing how Wikileaks released these documents.

Mind you, this would be among the most sensitive information, if the NSA did have proof, because it would be collection targeted at Putin and his top advisors.

13) The motive behind the actions of Russian state actors

The motive behind all of this has varied. The joint DHS/ODNI statement said it was “These thefts and disclosures are intended to interfere with the US election process.” It didn’t provide a model for what that meant though.

Interim reporting — including the White House’s anonymous post-election statement — had suggested that spooks believed Russia was doing it to discredit American democracy.

The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect.

At one level, that made a lot of sense — the biggest reason to release the DNC and Podesta emails, it seems to me, was to confirm the beliefs a lot of people already had about how power works. I think one of the biggest mistakes of journalists who have political backgrounds was to avoid discussing how the sausage of politics gets made, because this material looks worse if you’ve never worked in a system where power is about winning support. All that said, there’s nothing in the emails (especially given the constant release of FOIAed emails) that uniquely exposed American democracy as corrupt.

All of which is to say that this explanation never made any sense to me; it was mostly advanced by people who live far away from people who already distrust US election systems, who ignored polls showing there was already a lot of distrust.

Which brings us to the other thing that is new in the WaPo story: the assertion that CIA now believes this was all intended to elect Trump, not just make us distrust elections.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

[snip]

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

For what it’s worth, there’s still some ambiguity in this. Did Putin really want Trump? Or did he want Hillary to be beat up and weak for an expected victory? Did he, like Assange, want to retaliate for specific things he perceived Hillary to have done, in both Libya, Syria, and Ukraine? That’s unclear.

14) The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

Finally, there’s the question that may explain Obama’s reticence about this issue, particularly in the anonymous post-election statement from the White House, which stated that the “election results … accurately reflect the will of the American people.” It’s not clear that Putin’s intervention, whatever it was, had anywhere near the effect as (for example) Jim Comey’s letters and Bret Baier’s false report that Hillary would be indicted shortly. There are a lot of other factors (including Hillary’s decision to ignore Jake Sullivan’s lonely advice to pay some attention to the Rust Belt).

And, as I’ve noted repeatedly, it is no way the case that Vladimir Putin had to teach Donald Trump about kompromat, the leaking of compromising information for political gain. Close Trump associates, including Roger Stone (who, by the way, may have had conversations with Julian Assange), have been rat-fucking US elections since the time Putin was in law school.

But because of the way this has rolled out (and particularly given the cabinet picks Trump has already made), it will remain a focus going forward, perhaps to the detriment of other issues that need attention.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

In Latest Russian Plot, WikiLeaks Reveals Hillary Opposes ISDS

Among the emails released as part of the Podesta leaks yesterday, WikiLeaks released this one showing that, almost a year before she was making the same argument in debates with Bernie Sanders, Hillary was opposed to Investor State Dispute Settlement that is part of the Trans Pacific Partnership. (h/t Matt Stoller) ISDS is the means by which corporations have used trade agreements to operate above the domestic laws of party countries (if you haven’t read this three part series from BuzzFeed to learn about the more exotic ways business are profiting off of ISDS).

The email also appears to echo her later public concern that she had changed her mind on TPP because of KORUS.

After our last talk with HRC, we revised our letter to oppose ISDS and include her caution about South Korea.

Sure, other Podesta emails show Hillary supporting a broad region of free trade (and labor) in the Americas. But this more recent email confirms that the views she expressed in debate were more than just an attempt to counter Bernie’s anti-trade platform.

Whether or not this is newsworthy enough to justify the WL dump, it is noteworthy in light of NYT’s rather bizarre article from some weeks back suggesting that WL always sides with Putin’s goals. As I noted, the article made a really strained effort to claim that WL exposed TPP materials because it served Putin’s interests. Now, here, WL is is releasing information that makes Hillary look better on precisely that issue.

That doesn’t advance the presumed narrative of helping Trump defeat Hillary!

Then, as I noted yesterday, in spite of all the huff and puff from Kurt Eichenwald, the release of a Sid Blumenthal email used by Trump is another case where the WL release, as released, doesn’t feed the presumed goals of Putin.

Which brings me to this Shane Harris piece, which describes four different NatSec sources revealing there’s still a good deal of debate about WL’s ties to Russia.

Military and intelligence officials are convinced that WikiLeaks is an ongoing threat to U.S. national security and privacy owing to its leaks of classified documents and emails. But its precise relationship with Russia has been a subject of internal debate. Some do see the group as being in cahoots with the Kremlin. But others find that WikiLeaks is acting mainly as the beneficiary of stolen documents, not unlike a journalistic organization.

There are some funny aspects to this story. Nothing in it considers the significant evidence that WL is (and has reason to be) affirmatively anti-Hillary, which means its interests may align with Russia, even if it doesn’t take orders from Russia.

It also suggests that if the spooks can prove some tie between WL and Russia, they can spy on it as an agent of foreign power.

But those facts don’t mean WikiLeaks isn’t acting at Russia’s behest. And that’s not a trivial matter. If the United States were to determine that WikiLeaks is an agent of a foreign power, as defined in U.S. law, it could allow intelligence and law enforcement agencies to spy on the group—as they do on the Russian government. The U.S. can also bring criminal charges against foreign agents.

WL has been intimately involved in two separate charges cases of leaking-as-espionage in the US, Chelsea Manning and Edward Snowden. The government has repeatedly told courts that it has National Security/Criminal investigations, plural, into WikiLeaks, and when pressed for details about how and whether the government is collecting on supporters and readers of WikiLeaks, the government has in part hidden those details under a b3 FOIA exemption, meaning a statute prevents disclosing it, while extraordinarily refusing to reveal what statute that is. We certainly know that FBI has used multiple informants to spy on WL and used a variety of collection methods against Jacob Appelbaum, including (according to Appelbaum) physical tails.

So there’s not only no doubt that the US government believes it can spy on WikiLeaks (which is, after all, headed by a foreigner and not a US organization), but that it already does, and has been doing for at least six years.

Perhaps Harris’ sources really mean they’ve never found a way to indict Julian Assange before, but if they can claim he’s working for Putin, then maybe they’ll overcome past problems of indicting him because it would criminalize journalism. If that’s the case, it may be shading analysis of WL, because the government would badly like a reason to shut down WL (as the comments about the direct threat to the US in the story back up).

As I’ve said before, the role of WL in this and prior leak events is a pretty complex one, one that if approached too rashly (or too sloppily) could have ramifications for other publishers. While a lot of people are rushing to collapse this (in spite of what sounds like a continuing absence of directly incriminating evidence) into a nation-state conflict, things like this TPP email suggest it’s not that simple.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

On Provenance and Putin: That Sid Blumenthal Story

At a campaign appearance yesterday, Donald Trump quoted a judgment that Kurt Eichenwald made in an article last year on the Benghazi investigation.

One important point has been universally acknowledged by the nine previous reports about Benghazi: The attack was almost certainly preventable. Clinton was in charge of the State Department, and it failed to protect U.S. personnel at an American consulate in Libya. If the GOP wants to raise that as a talking point against her, it is legitimate.

The rest of the article was about how politicized the inquiry was. But right there in the middle of his article, Eichenwald included a namby pamby both-sides paragraph — one that could have better nuanced the conclusions of the many Benghazi reports — that said Benghazi was a legitimate issue to raise against Hillary.

Sucks to be Eichenwald, because Trump just used it on his campaign, to thrilled cries from his frothy supporters.

The quote came up on the campaign trail because Sid Blumenthal had forwarded the article — highlighting the description about the politicized questioning he himself had undergone, but ultimately quoting the entire article, including that namby pamby paragraph — to a bunch of undisclosed recipients, including John Podesta, under the subject line “The truth…” Blumenthal surely meant that Eichenwald’s larger point — that the whole investigation was politicized — was the truth, but he did forward the whole thing, including the namby pamby paragraph, under that heading.

The forwarded story got released by WikiLeaks as part of its Podesta leaks (emails which Hillary effectively confirmed during the debate by explaining one of the emails that had attracted the most attention).

Now, as it turns out, Sputnik published a story on the email, erroneously attributing the entire judgment, including that attacking Hillary for Benghazi was a legit talking point, to Blumenthal, not Eichenwald. They apparently realized their error and took it down. But not before Eichenwald started wondering how Trump came to be quoting his own namby pamby paragraph on the campaign trail.

In an article asserting that Trump got his talking point from the Sputnik story, Eichenwald has given up not only his namby pamby tone, but moderation. In it, having already suggested the misattribution to Blumenthal was due to “incompetence,” he then claims it was also deliberate disinformation. He then states as fact that Trump got this “falsehood” from the Kremlin.

This is not funny. It is terrifying. The Russians engage in a sloppy disinformation effort and, before the day is out, the Republican nominee for president is standing on a stage reciting the manufactured story as truth. How did this happen? Who in the Trump campaign was feeding him falsehoods straight from the Kremlin? (The Trump campaign did not respond to a request for comment).

The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump? That is a topic for another time.

Here’s an earlier version of the article, in which Eichenwald even more obviously asserts that the Sputnik article is both an error and a deliberate falsification.

Of course, this might be seen as just an opportunity to laugh at the incompetence of the Russian hackers and government press—once they realized their error, Sputnik took the article down. But this is not funny at all. The Russians have been obtaining American emails and now are presenting complete misrepresentations of them—falsifying them—in hopes of setting off a cascade of events that might change the outcome of the presidential election. The big question, of course, is why are the Russians working so hard to damage Clinton and, in the process, aid Donald Trump. That is a topic for another time.

There are two interesting details about Eichenwald’s story. Nowhere in the piece does he link the actual Wikileaks email, which makes it clear that Blumenthal had, in fact, forwarded that namby pamby paragraph along with everything else. It is clear that the email was just a forwarded Newsweek article, but given that the part Blumenthal highlighted at the top was his own testimony, it is perhaps understandable why someone might make the misattribution.

More interesting still, while Eichenwald links this YouTube of what he says is Trump repeating the Sputnik talking point, he only selectively quotes from it. But it appears (and I admit that this, as with all of Trump’s ramblings, is not entirely clear) that Trump introduces the quote this way:

So Blumenthal writes a quote — this just came out a little while ago, I have to tell you this. “One important point has been …

It’s certainly possible Trump meant, “So Blumenthal writes, I quote,” but at least to my ear, he said, “Blumenthal writes a quote.” If that’s right, then Trump couldn’t have been working from Sputnik (or he at least wasn’t replicating their error), because he would have been properly attributing this judgment as a quote (of Eichenwald). Trump does go on to say “this is Sidney Blumenthal, the only one he was talking to,” after insinuating that one reason Hillary set up her email server may have been to continue talking to “Sleazy Sidney” after Obama told her to stop, but nowhere in the clip do I see Trump IDing it as an email from Blumenthal. Perhaps Eichenwald bases this assertion — “He told the assembled crowd that it was an email from Blumenthal” — on some other part of the appearance.

Eichenwald also notes that Trump was “holding a document in his hand.” But the document appears to be a transcribed talking point; it’s almost certainly not the Sputnik article. So that doesn’t tell us anything about provenance.

In other words, it’s not actually clear where Trump got this from, or whether Trump’s staffers had at least corrected Sputnik’s error. It may well be! But Eichenwald hasn’t made that case.

Apparently this frothy Trump supporter tweeted out the claim, just as Trump stated it, though he has since deleted it. (h/t Emma Jones) The supporter, who joined Twitter in February 2016, could well be a Russian troll (but one that long precedes this particular leak campaign), but he certainly models as an Infowars loving Hillary hater who overreads anything implicating her, something America has in ready supply without Putin’s help.

There’s one other part of this that I find notable, aside from the claim that Sputnik made this error out of both incompetence and deliberate disinformation. A big part of this narrative is that Wikileaks is doing Russia’s bidding rather than — a more logical explanation — attacking Hillary, with whom Julian Assange has had a 6-year adversarial relationship.

screen-shot-2016-10-11-at-8-39-57-am

Wikileaks may well be working with Russia and/or the effect of sharing a mutual interest in weakening Hillary may amount to the same.

But this is actually a case where Russia did not do what has been alleged they might. That is, Wikileaks released what is an email no one contests, a not very controversial one at all. While Wikileaks has made misleading claims about what it has released at times, this is not one of them.

One thing clearly did not happen though. Even assuming Russia is responsible for the Podesta email leak, Russia did not “falsify” the original email to say what Eichenwald is so convinced Russia wanted to claim, that Blumenthal himself had endorsed Eichenwald’s namby pamby judgment that Benghazi is a fair talking point to use against Hillary. That claim only came after Sputnik tried to make it a bigger issue (but then realized its error, according to Eichenwald).

If Russia were doing what Eichenwald claimed — and they might in the future!! — then they would have doctored the email on the front end, not when republishing it in a state outlet.

Update: Unsurprisingly, Glenn Greenwald rips this (especially Eichenwald’s inflammatory tweets about the story) apart. More interesting, WaPo also dings Eichenwald for overclaiming what this incident reveals.

Update, November 1: There’s a very strange coda to this story. The guy who, until this event, worked at Sputnik and was responsible for the mistake, Bill Moran, wrote up this story from his viewpoint. Here’s how he made the mistake.

On Columbus Day, I made an embarrassing mistake. I noticed a series of viral tweets attributing words to Sidney Blumenthal on the Benghazi scandal. The original WikiLeaks document, to which the original article linked, was lengthy – 75 pages. I reviewed the document in a hurry, but I did not read all of them.

[snip]

I was moving too fast and I made a mistake – a mistake that I remain embarrassed about making. I stepped outside to smoke a cigarette after scheduling our social media accounts, stopped halfway through, thought “why hasn’t anybody else picked this up?” gave the document a second review, realized my error, and proceeded to delete the story.

The story was up from 3:23PM EDT to 3:42PM EDT and received 1,061 views before being removed – I’d like to apologize to weekend readers for making that mistake no matter how honest an error it was.

What happened next is weirder. Eichenwald made a series of contacts with the guy, basically trying to persuade him not to tell the real story publicly, including by suggesting he could help him get a job at New Republic and then by threatening him.

Then, as Paste describes, they had a long conversation that Moran, at first, wasn’t going to release. In it, Eichenwald waggles around American spooks.

In Moran’s notes on the call, he quotes Eichenwald as repeating that the “intelligence community” was monitoring both Sputnik and a separate Twitter account, which he holds responsible for the blowback (as opposed to his own story). He went on to say that everyone at Sputnik had an intelligence file on them, and asked if Moran had made any foreign phone calls that might have raised eyebrows. He went on to imply that Moran might have issues getting a re-entry visa into America if he ever traveled abroad, and then offered to help Moran “find a real job” to extricate him from the situation. He went on to say that both Sputnik and Russia Today have been targeted by the intelligence community, and will soon be subject to sanctions that aim at shutting them down for good.

Which Eichenwald does again in a follow-up email (at which point Eichenwald seemed to be going nuts, because he didn’t realize that Moran included Newsweek’s own lawyer on the exchange and instead assumed it was Moran’s lawyer).

Next, he reverts to the threatening language—the “bad cop” persona—telling Moran that he could tie him to the Russians themselves: “Now, there is one alternative here,” Eichenwald writes. “I can write: ‘William Moran, the writer for Sputnik, said he based his article not on directives from the Russian government but on an anonymous tweet that used a clip of the image of the document. He said he accepted the anonymous tweeters’ description that this was from Blumenthal, and did so because he was rushed. However, as the government official with knowledge of the intelligence inquiry said, the original altered document that was tweeted onto the internet came from a location that has been identified as being connected to the Russian disinformation campaigns, and only the news outlet owned by the Russian government published an article based on it.”

In other words, perhaps in an attempt to salvage his reputation, or perhaps in truth, Eichenwald was dragging the intelligence community into this.

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.