White Man’s Burden: Trump Is Failing Six of Ten Metrics on His Own Open Book Test

/23 Comments/in , , , , , , /by

One reason I laid out what Stephen Miller and Trump’s other sad little advisors think they’re doing in their National Security Strategy is because once you do that, it makes it even more clear that their overestimation of their own competence is dooming the United States.

Fully seven pages of the short (33 pages as compared to Trump’s 68-page 2017 NSS and Sleepy Joe Biden’s 48-page 2022 one) document blather about what it is trying to accomplish: two pages announcing the adoption of utilitarianism over values, two laying out what the US should want, another laying out what Trump thinks the US wants from the world, and two more laying out what means the US has to get there.

This is the work of a bunch of men who imagine they are competent telling everyone who came before them that they were doing things wrong.

Yet by laying all that out — by writing down what they imagine competence would deliver — they make it clear how badly they’re screwing up.

Effectively, Donald Trump has already done significant, if not grave, damage to six of the ten things that Trump claims America wants:

  1. Continued survival of US sovereignty
  2. Protect the country from human trafficking, foreign influence, propaganda, and espionage
  3. “A resilient national infrastructure that can withstand natural disasters, resist and thwart foreign threat”
  4. The most dynamic economy
  5. A robust industrial base
  6. Unrivaled soft power that “believe[s] in our country’s inherent greatness and decency”)

Start with the obvious ones.

Donald Trump and Marco Rubio and Elon Musk spent the first six months of this Administration trashing America’s soft power. These boys seem to imagine they can replace it with something that “believe[s] in our country’s inherent greatness and decency.” Except no one else will believe in American decency after it suddenly withdrew funding that resulted in the deaths of 600,000 people, two thirds of them children. People won’t trust you after you renege on paying the bills.

Or consider that 2nd bullet, which reads this way:

We want to protect this country, its people, its territory, its economy, and its way of life from military attack and hostile foreign influence, whether espionage, predatory trade practices, drug and human trafficking, destructive propaganda and influence operations, cultural subversion, or any other threat to our nation.

Of course, Trump claims to combat drug trafficking with his murderboat killings, even while he lets increasingly major drug criminals out of prison.

As for the rest? On her first day in office, the Attorney General stopped policing foreign influence, destructive propaganda, and influence operations; then Kristi Noem piled on by shutting down other programs combatting foreign influence and propaganda.

And, as an endless stream of stories reveal, both Pam Bondi and Noem have reassigned those who would hunt spies and human traffickers to go hunt undocumented grannies and day laborers instead.

Worse, the priority on weaponization has resulted in the loss of those people. Just the firing of a bunch of people who took a knee during the George Floyd protests to deescalate resulted in the firing of a counterintelligence Deputy Assistant Director and a supervisor.

a. In late March 2025, Plaintiff Jane Doe 5 was informed that she was being removed at the direction of Defendant Patel from her position at FBI Headquarters as a Deputy Assistant Director for the FBI overseeing counterintelligence at the direction of Defendant Patel because she kneeled on June 4, 2020. Plaintiff Jane Doe 5 had been specifically identified in then-Representative Gaetz’s letter. Plaintiff Jane Doe 5 retained her SES status but was demoted to a Section Chief position.

b. In April 2025, Plaintiff Jane Doe 6 was serving as the Legal Attache for the FBI based overseas along with her family. In that capacity, Plaintiff Jane Doe 6 had previously provided briefings to Defendant Patel with which he said he was very impressed. Nevertheless, on April 3, 2025, an FBI senior leader informed her that she was being removed from her term position in the Senior Executive Service to a non-Senior Executive Service position, abruptly uprooting her entire family and resulting in a significant pay decrease. The FBI senior leader informed Plaintiff Jane Doe 6 that Defendant Patel had indicated that his mind was made up and could not be changed.

c. In April 2025, Plaintiff Jane Doe 9 was demoted from her position as a supervisor overseeing all FBI ransomware and malware investigations. An FBI senior leader informed her that the demotion came straight from top level FBI leadership.

d. In April 2025, Defendant Patel directed the removal of Plaintiff Jane Doe 8 from her position supervising a counterintelligence squad.

There were even greater losses in DHS’ purges.

That’s part of the problem with bullet 3: The NSS’ grand plan to make America’s infrastructure more resilient. Along with gutting those who protect against foreign influence, Noem has gutted those who protect against hacking and natural disasters.

As for bullets 4 and 5? Trump’s trade war has had the opposite effect than he claimed it would, with historic layoffs and struggling manufacturing and small businesses.

Again, Trump did affirmative damage rather than achieving his goals.

Then there’s the question of sovereignty.

For all its yapping about America First, the NSS doesn’t deal with the way that Trump has been trading away America’s advantages to any rich foreigner with millions in cryptocurrency. Just yesterday, for example, Trump approved the sale of one of Nvidia’s most complex chips to China on the same day Houston’s US Attorney rolled out showy prosecutions for Chinese men accused of illegally exporting those very same chips.

“The United States has long emphasized the importance of innovation and is responsible for an incredible amount of cutting-edge technology, such as the advanced computer chips that make modern AI possible,” said Assistant Attorney General for National Security John A. Eisenberg. “This advantage isn’t free but rather the result of our engineers’ and scientists’ hard work and sacrifice. The National Security Division, along with our partners, will vigorously enforce our export-control laws and protect this edge.”

Alan Hao Hsu aka Haochun Hsu, 43, Missouri City, and his company, Hao Global LLC, both pleaded guilty to smuggling and unlawful export activities Oct. 10.

According to now unsealed court documents, between October 2024 and May 2025, Hsu and others knowingly exported and attempted to export at least $160 million worth of export-controlled Nvidia H100 and H200 Tensor Core graphic processing units (GPUs).

Trump already authorized the export of even more complex chips to Saudi Arabia and Abu Dhabi, the same sovereigns backing Paramount’s hostile bid to take over a big chunk of the US entertainment industry (that’s after China’s Tencent was dropped).

And these are just the areas where Trump has most obviously failed his own standards.

He built in a gimme in those standards he actually accomplished by claiming to want nuclear deterrent but then stating, falsely, that the Golden Dome would deliver such a deterrent.

We want the world’s most robust, credible, and modern nuclear deterrent, plus next-generation missile defenses—including a Golden Dome for the American homeland—to protect the American people, American assets overseas, and American allies.

Mark Kelly explained how unrealistic this effort was months ago.

And as for the hope that the rest of the world will use American technology, one of the things Trump wants from the rest of the world?

We want to ensure that U.S. technology and U.S. standards—particularly in AI, biotech, and quantum computing—drive the world forward.

As for those chips Trump cleared for sale, China is limiting their use.

As for American biotech, the rest of the world is instead importing America’s scientists who’ve been defunded as part of Trump’s anti-intellectual purges.

There’s plenty else in this NSS (such as other references to America’s technical superiority) where the boys aspire to have skills they affirmatively destroyed.

As such, the NSS isn’t so much a strategy (a word they scare quote when they define it): it’s a confession that these self-declared competent people are failing to meet their own standards.

Share this entry

The Hacking Hole Where John Bolton Should Be

/6 Comments/in , , /by

Unless DOJ disguised him, the hack of John Bolton described in his indictment didn’t show up in the Iranian hack-and-leak indictment. It should have. After listing the 2022 attempt to assassinate Bolton (where he is described as “a former US National Security Advisor,” the indictment lists a slew of people that Iran IRGC attempted to hack (starting in 2020) and (starting in 2021) nine people it succeeded in hacking before it hacked Roger Stone and four other Trump flunkies.

Bolton should have, could have, been included along with those nine people.

As the (nifty color-coded) timeline below makes clear, Bolton told the FBI about the hack of him, on July 6, 2021, just as the Iranian hackers were setting up infrastructure to hack a set of people that include those, like Bolton, who played a role in the Qasem Soleimani assassination and Trump’s hardline first term approach with Iran.

To be sure, there are potentially good reasons why Bolton is not in there. There’s a sealed notice of related case in the Bolton docket (at docket entry 6), which could reflect charges against the people who hacked him, charges that might have been filed shortly after he alerted the FBI about the hack. Prosecutors could have left Bolton out to obscure that he told the FBI about the hack (and that therefore the FBI had been working backwards from that ever since, which is consistent with the timeline). Prosecutors could have left Bolton out because the criminal investigation into him remained open.

All plausible reasons to leave him out.

But when you put the hack and assassination targeting of Bolton on the same timeline as the hack-and-leak targeting first fellow Iran hawks and then the Trump campaign, as well as the second alleged assassination attempt by Asif Merchant, all presumed to be IRGC, it raises further questions.

First, one reason I was interested in Merchant’s disclosure yesterday that he was under surveillance from the moment he arrived in the US in April 2024 is because it suggests US spies were already well aware of the efforts to retaliate for the Soleimani killing. Indeed, the timeline explains how the FBI was magically able to get CHSes in both the Shahram Poursafi and the Asif Merchant attempt to hire hit squads to target Bolton and others: the FBI identified those people via those intercepts and flipped them early on in the plot.

It does raise questions about whether the FBI also knew of the hack-and-leak targeting Bolton in advance. The FBI would have been tracking the IRGC closely after their 2020 effort to attack Democrats under the guise of the Proud Boys (an earlier plot that makes the targeting of Proud Boy ally Roger Stone more interesting).

There is some separation between these two plots. While Poursafi eventually had access to non-public intelligence targeting Bolton, he didn’t even know Bolton’s home address at first, which he would have known if he had the emails stolen from Bolton available to him. But the hack-and-leak indictment, at least, lists as one of the goals of the hacking campaign, “to advance the IRGC’s malign activities, including ongoing efforts to avenge the death of Qasem Soleimani,” and the first hack included, of someone at State who led the Abraham Accords, implies that’s how they used, “travel, lodging and other information” from someone who was “a senior U.S. Department of State official at the time of Qasem Soleimani’s death and therefore of interest to the IRGC.” Near the tail end of the Poursafi complaint, so just weeks before the hack of that victim, Poursafi turned to another target.

But that’s the other reason this timeline is of such interest. The progression with Bolton went Hack > Extortion > Assassination Attempt. Bolton could simply have cooperated with the IRGC, but instead he went to the FBI (which has now led to his prosecution).

Trump, however did not.

It was over two months between the time hackers got into Roger Stone’s Hotmail account in May 2024 and the time the hack became public. In July, when they first became aware of the hack, the campaign affirmatively decided not to report it to the FBI.

Trump’s mistrust of federal agencies has complicated the investigation into Iran’s cyberattack on his campaign. When a technology firm first discovered the breach, campaign aides huddled to discuss what they should do. After hours of discussions in July, they decided they trusted the software experts to handle the matter and did not call the FBI. Co-campaign manager Susie Wiles, whose email account was targeted, was among those who questioned whether they could trust the Justice Department. The fears centered on giving federal officials access to campaign email servers and whether they would leak information out publicly.

As I noted at the time, Trump made that decision after relentlessly (and falsely) accusing the FBI of failing to get the server from the DNC hack. The decision was understandable (once you account for Trump’s venality and paranoia), because according to the initial reports, the hackers claim to have gotten information on Trump’s legal cases, not just his campaign.

The sender would not speak on the telephone with a Post reporter but indicated they had access to additional information, including internal campaign emails and documents related to Trump’s court cases.

And one reason that’s interesting is because — as Reuters disclosed only this summer — the lawyer targeted in the attack was Lindsey Halligan, who had no public role on the campaign but who did represent Trump on the stolen documents case.

In online chats with Reuters on Sunday and Monday, the hackers, who go by the pseudonym Robert, said they had roughly 100 gigabytes of emails from the accounts of White House Chief of Staff Susie Wiles, Trump lawyer Lindsey Halligan, Trump adviser Roger Stone and porn star-turned-Trump antagonist Stormy Daniels.

Which brings me back to Merchant, to the delay in turning over his own conversations until October 28.

Two public things might explain that delay (there are no doubt a bunch of secret things that could too): The conviction of Ryan Routh, who did have Iranian ties, though no Iranian role in his assassination attempt was publicly disclosed, and the indictment of Bolton, which disclosed that Bolton alerted the FBI to this hack back in 2021, just months before the FBI would preempt an assassination effort targeting Bolton as well.

The FBI took far greater efforts to rein in any publication of the materials stolen from Trump’s people than they ever have on another leak save WikiLeaks’ biggest document dumps. I can’t help but wonder whether there’s more about the Trump hack we weren’t told.

Timeline

December 19, 2018: Hackers establish account using Israeli politician’s name.

April 15, 2019: IRGC designated as FTO.

January 3, 2020: Trump kills Qasem Soleimani.

April 11, 2020: Hackers get an account in the name of a SCOTUS spouse.

October 22, 2020: Treasury sanctions IRGC for tampering in 2020 election.

June 16, 2021: Bolton and DOJ enter settlement on book.

July 6, 2021: Bolton representative tells FBI Iran has hacked Bolton.

July 7, 2021: Hackers register fake domain mailerdaemon.online.

July 25, 2021: Hacker threatens to release Bolton materials.

I do not think you would be interested in the FBI being aware of the leaked content of John’s email (some of which have been attached), especially after the recent acquittal. 

This could be the biggest scandal since Hillary’s emails were leaked, but this time on the GOP side!

Contact me before it’s too late…

July 28, 2021: Bolton representative tells FBI about threat.

July 29, 2021: Bolton rep tells FBI he would delete account.

August 5, 2021: Iran threatens Bolton again.

OK John … As you want (apparently), we’ll disseminate the expurgated sections of your book by reference to your leaked email…

October 22, 2021: Shahram Poursafi asks Individual A to photograph Bolton. Individual A suggests CHS.

November 9, 2021: Hackers register fake domain mailer-daemon.live. CHS contacts Poursafi; Poursafi asks if he could hire someone to “eliminate someone.”

November 14: Poursafi tells CHS he doesn’t need pictures anymore. After searching for it online, Poursafi provides Bolton’s DC office address with name of scheduling assistant.

November 18: Poursafi note with Bolton’s name, website, social media handle, and former title.

November 19: CHS asks for home address and asks how to do it.

November 21: Poursafi ups the payment to $300,000.

November 23: CHS tells Poursafi he traveled from Texas to DC; Poursafi still did not have home address, but that Bolton walked or was driven to work.

December 7, 2021: Poursafi says because of a recent failed operation, Iran did not approve payment.

December 10, 2021: Poursafi told the CHS that Bolton didn’t go outside often.

December 12, 2021: Hackers register tinyurl.ink.

December 14, 2021: Hackers create persona based on DC think tank employee and phish State employee (Victim 1). 

December 16, 2021: Poursafi asked CHS to refer to Bolton by name “Benham.”

December 20, 2021: With Bolton’s consent, CHS sent pictures of Bolton leaving his office.

December 22, 2021: Poursafi sends picture of cash he claims is for CHS.

January 3, 2022: Iranian President Ebrahim Raisi says Trump and other high ranking Trump officials need to face trial for Soleimani killing. Poursafi tells CHS the murder was not timed to coincide with anniversary of Soleimani death. Poursafi says he has a source who says Bolton is at home.

January 5, 2022: CHS tells Poursafi he would do the job on January 16 or 17.

January 7, 2022: IRGC head Esmail Ghani promises revenge.

January 10, 2022: CHS asks if Ghani’s speech was a reference to this job.

January 15, 2022: CHS claims to have three vans. Poursafi warns not to talk operational details on phone, instructs CHS to crush phone and/or change Poursafi contact to “Mark” in it.

January 18, 2022: CHS sent Poursafi public information stating that Bolton might be traveling; Poursafi said that Bolton was not. “The information does not appear to have been publicly available. POURSAFI did not specify whether his source was a person conducting surveillance, a cyber intrusion, or another type of source.”

January 20, 2022: Poursafi told CHS Bolton did not have a body guard, had not yet left town.

January 28, 2022: Poursafi instructs CHS to get surveillance cameras for Bolton’s home and office.

January 29, 2022: Poursafi instructs CHS to restore social media account.

February 1, 2022: Poursafi told CHS the area around Bolton’s home was clear.

April 13, 2022: Poursafi pushes CHS to do a second job.

April 28, 2022: Poursafi told CHS to finish the second job in six days.

April 30, 2022: Hackers create another persona, persona 3.

May 9, 2022: Jalili accesses persona 3 account, other hackers arrive in office, send test message to book author.

May 31, 2022: Hackers register mailer-daemon.me.

June 18, 2022: Hackers create persona 4, phish victim 1.

August 2, 2022: Hackers create spoof of think tank, with two more personas.

August 5, 2022: Shahram Poursafi complaint.

August 6, 2022: Hackers start stealing from victim 1, including his passport.

Early August 2022: Hackers create persona based on DC journalist/think tanker (victim 4).

August 23, 2022: Victim 4 responds to phish.

August 29, 2022 through October 5, 2022: Hackers hack former Homeland Security Advisor (Victim 5).

October 4, 2022: Hackers pose as assistant to Victim 1 to contact peace organization employee (Victim 2), using stolen passport and get Victim 2 to buy business class ticket for Victim 1.

October 26, 2022: Hackers used Victim 1 passport to query about UAE conference.

November 23, 2022: Hackers create persona based on UAE embassy employee in DC, then use account to invite Victim 1, a former senior CIA person (Victim 6), a former US Ambassador to Israel (Victim 7), and a former Deputy CIA Director (Victim 8) as well as other targeted persons to a party at UAE embassy.

December 20, 2022 to January 23, 2022: Hackers compromise Victim 6’s personal email.

January 16, 2023: Hackers create encrypted app account in the name of DC think tank employee and phish Iranian Human Rights worker (Victim 9).

April 2024: Hackers try to phish Victim 5.

April 13, 2024: Merchant arrives in Houston.

April 22, 2024: Merchant pitches CHS on business.

May 23, 2024: Hackers attempt to log into Roger Stone’s account.

May 24 ,2024: Hackers use recovery code to access Stone’s account.

June 3-4, 2024: Merchant presents plan.

June 10, 2024: Merchant and CHS meet fake hitmen.

June 12, 2024: Hackers access Stone’s account and access campaign official (Victim 11).

June 13, 2024: Merchant establishes code.

June 15, 2024: Hackers use Stone’s account to attempt to phish Victim 13 (Susie Wiles?).

June 18, 2024: Merchant arranges payment with US-based associate.

June 20, 2024: Hackers hack a second Stone account.

June 21, 2024: Via WhatsApp Merchant’s cousin arranges payment.

June 27, 2024: Hackers send Trump debate prep to two people on Biden’s campaign; neither responded.

July 3, 2024: Hackers send Trump info to another Biden associate; that person did not respond.

July 12, 2024: Merchant arrest.

July 20, 2024: Hackers use 2FA hack to access Trump lawyer [Lindsey Halligan?], Victim 12.

July 22, 2024: Hackers started pitching content to journalists, including by pitching one journalist on things campaign official said to Susie Wiles about that journalist’s reporting.

August 9, 2024: Microsoft report on Iran hack.

August 10, 2024: Politico reports hack; WaPo follows.

August 13, 2024: Hackers ousted from Victim 11 account and Victim 12 account.

August 14, 2024: Google report on Iran hack.

August 31, 2024: Hackers pitch more journalists (including me).

September 24, 2024: Iran hack-and-leak indictment.

October 2, 2024: FISA notice in Merchant prosecution.

December 20, 2024: Initial CIPA request in Merchant prosecution.

July 1, 2025: Hackers attempt to sell Susie Wiles, Lindsey Halligan, Stone, and Stormy Daniel emails.

July 11, 2025: CIPA filing in Merchant prosecution.

August 11, 2025: CIPA meeting in Merchant prosecution.

September 23, 2025: Ryan Routh guilty verdict.

October 18, 2025: Bolton indicted.

October 28, 2025: Delayed discovery provided in Merchant prosecution.

November 12, 2025: Ex parte communication in Merchant prosecution.

 

Purple: Shahram Poursafi complaint

Blue: Iran hack-and-leak indictment

Pink: Asif Merchant complaint

Green: Bolton prosecution

 

Share this entry

Digital Fascism is Still Just Fascism

/28 Comments/in , , , /by

The Death of the Internet and Karim Khan’s Inbox

International Criminal Court Prosecutor Karim Khan

Karim Khan, arguing in court, probably against some bad stuff.

The International Criminal Court’s chief prosecutor Karim Khan is not having a good year, and neither is the ICC in general. It was never an easy job, going after people who commit Genocide and Crimes Against Humanity. The ICC tries to prosecute crimes in opposition to regimes like Russia, who do things like murder whole cities and steal children so routinely it’s like doing the laundry for them.

The ICC often have to do that work with few resources, and a ever-growing list of true bastards who need to be stopped. This is complicated by countries who leave the ICC’s legal regime like Russia and America. They (and we) signed up, but left later in order to wage insane and illegal wars against peoples who posed no danger to them (or us).

But right now, it’s even worse than normal, because Khan’s work on Israel has angered the US president.

Khan is under both a cloud of personal scandal and the international political pressure the comes with catching the eye of Donald Trump. His staff have been warned that they could be detained or arrested if they try to enter the United States (including American staffers). His bank accounts have been frozen, he’s been put on leave pending investigation of sexual misconduct in his work place.

All The Tech, None of the Democracy

But the most frightening part of this for the rest of the world is that his email account has been shut down by Microsoft, according to ICC staffers. This may seem like a small thing, especially in the list of other problems he’s facing. In fact, he opened an account with Switzerland-based Proton mail, and presumably got back to emailing people, at least the ones whose email addresses he could remember.

What makes his account suspension so chilling, is what it implies, how it threatens much of the world. His suspension from a Microsoft email account wasn’t court ordered, nor did it legally need to be. Big Tech companies use click-though contracts on everything we use. What they give they can take away at any time, for the benefit of anyone they like, even if who they like is a big angry Cheeto president with tiny, tiny hands.

Imperial Microsoft

You don’t have any rights beyond the ones Microsoft gives you in your click-through contracts. And they can, and sometimes do, revoke those too.

Big tech companies were always a flaw in democracy, but it’s never been so apparent. It’s subtle, but what Khan’s troubles with email tell us is that our ability to function in the modern world, especially in the west, is contingent on the good will of American Tech companies. And they don’t have any.

From the moment you sign up, or are signed up by your work, you have almost no rights Big Tech are obliged to respect. Most of the time, this doesn’t matter or isn’t even visible to you. They have the world’s best PR, they have customer support, they even have departments dedicated to making their products easy to use and ubiquitous. But they have no obligation to serve anything or anyone beyond their shareholders, and the government of the United States of America. In 2025 life without access to Big Tech is hardly functional, like not having access to roads or plumbing.

Today it is just one man’s email, and it may seem far away and irrelevant to most people. But any US-based digital service could be next, at the whims of the Donald and his crew of sycophantic weirdos, the same sycophantic weirdos who all came to bend the knee and sit behind him during his inauguration. They are the same ones who effectively rule the internet you’re reading this on.

Revenge of the Nerds

Plenty of annoying nerds have been ringing alarm bells since the 90s, going on about code and privacy and open source software and FREEDOM, mostly in annoying ways. And it is genuinely annoying, even to me, to say this, but they were right all along. When the internet became real life, internet freedoms became real freedoms. And right now, not many of us have much freedom on the internet.

The Trump Administration may have told Microsoft to shut off the ICC’s head prosecutor’s email, or Microsoft may have done it themselves to comply in advance. Either way there was no open and clear legal process for his digital exile, no review, no appeal, and none of the rights we enjoy offline. Our internet lives are subject to the imperial whims of Mad King Donald, and our rights end at the beginning of our internet connection.

The Dead Internet

The internet being a corporate space diminishes it for everyone who isn’t in a tech company C suite. It kills our internet inch by inch. There’s a theory, started on Reddit, that the internet died years ago. By dead, the Redditors meant that most of the traffic on the net is bots talking to other bots, spam, automated grifting, and the like. There is some truth to this, and we all feel it when we go to a social media site or look at unfiltered email.

It’s become much worse with the rise of AI and more sophisticated bots, suggesting that not only is the internet largely dead, it’s kind of undead. The tech companies have found more ways to influence and monetize us, and the terms of service have stayed just as exploitative as ever.

Zombie bots march across the wires, algorithmically fighting and fucking and deceiving each other uselessly while the world’s energy and water are slowly eaten up by data centers. We humans are outnumbered. That’s bad enough without it also becoming the dominion of MAGA, but the sycophancy of tech companies is doing just that.

We are stuck in the fiefs our governments and employers have staked out for us. Whether it’s Google or Microsoft or Apple, your digital life belongs to a few companies, not you. And now, these companies answer to Donald of Orange. Don’t annoy him, and if you do, pray you have good back-ups in some kind of open format. Our digital lives have become contingent on not coming to the attention of the current US administration. Our enterprises everywhere are contingent on obedience to the American oligarchy.

It’s bad, but there are ways to fix this. Alternatives have been around since before Big Tech, but they aren’t always as easy to use. The internet started free and open, and the free and open internet is still out there. None of the Big Tech tools we use are unique and irreplaceable. There are open and free versions of all of them… and those versions often came first. (Big Tech had to steal their ideas from somewhere.)

Reclaiming Our Online lives

The Standard LogoNextcloud LogoThe open and free versions of software are often not as polished or usable as Big Tech products are. The communities behind alternative software can be annoying, but they are getting better, given the urgency of the problems.

Tools like NextCloud cover many tech company offerings. Mail hosting from places like Proton are privacy-preserving, and almost every kind of consumer software has a free and open alternative for anything you might want to do. Krita for Photoshop, Jitsi for video conferencing, Audacity for audio recordings. (Personally, I find Audacity easier and quicker than the commercial offerings.)

Anyone can leave the toxic ecosystems of Big Tech, but it’s a lot of work and not worth it for most of usProton Mail Logo PNG Vector (SVG) Free Download. It’s unlikely, to the point of impossibility, that the public will revolt and leave the current tech ecosystem to become millions of independent small lights on the net. But there’s better ways to approach the problem than everyone having to become a nerd.

Can Democracy Fix the Internet?

I think it can, and whether it does is, as always, up to us. What is possible is this: nations, communities, and blocs, structures democratically answerable to their people, will create public resources. Your government gives you water and waste disposal, electricity and roads. Why can’t they give you online alternatives as well, guided by the rule of law that all the other infrastructure has to obey?

Communities, from national to neighborhood, can also become nodes on the net. We just haven’t known, culturally, to ask for that. We can set ourselves free from the corporate interests of a few billionaire enclaves on the West Coast of the United States.

Freeing our societies from Big Tech is not just something we should do, it’s something we will have to do if we wish to thrive in a free and open society that respects our human rights. The last decade have seen not only the internet dying, but human freedom and flourishing slowly covered in a gray goo of algorithmic lies crafted to serve the powerful and the venal at the expense of our health and hope. Our children are paying for this, our planet is being plundered for this.

It will be hard work, and it will take a while, but freedom is always like that. I hope Karim Khan, and the rest of us, can one day rely on an internet ruled by democratically chosen laws, rather than a few rich and powerful men.

 

Share this entry

The White House Crypto Czar: Trump’s Election Has Helped Bitcoin Far More than the Dollar

/39 Comments/in , /by

As the dollar surged immediately after Trump’s election win, reports attributed it to Trump’s expected business-friendly climate (as if chaos helps businesses thrive), perhaps even to Trump’s populist bluster about tariffs targeting competing state currencies.

More recently and dramatically, Bitcoin has surged as Trump has named one after another crypto enthusiast to key posts, most notably Paul Atkins to SEC Chair.

Donald Trump’s win has accompanied a 3.5% boost in the dollar. His win has contributed to a 53% surge in Bitcoin.

And all that was before his announcement that David Sacks would be his White House crypto and AI “czar,” as well as the head of Trump’s Council of Advisors for Science and Technology.

The press coverage of the pick is a tiny bit more skeptical than Trump’s own announcement. Trump emphasized the success of Sacks’ All-In podcast.

In addition to his fundraising for Trump, news outlets noted that Sacks refused to take any position that would require him to step down from his own VC fund and will be hired under a designation that does not subject him to public financial disclosure rules. A few even mentioned his long ties to Peter Thiel.

But they left out two other important details.

First, Sacks is an unusually enthusiastic and unashamedly stupid Russophile. He parrots Putin’s propaganda even more dumbly than Tucker Carlson.

Second, Sacks played a huge role in contributing to a run on Silicon Valley Bank and then wailing for a bailout. He has a very recent history of privatizing the risk his reckless policies presents.

These twin developments — the rise of the dollar and the far more dramatic surge of Bitcoin — stem from two parallel Trump instincts. His defense of the dollar as reserve currency stems from his genuinely held but incompetently implemented belief in America’s Greatness™.

But his enthusiastic embrace of cryptocurrency arises from his corruption.

The self-dealing behind Trump’s World Liberty Financial was clear from the start. It was made more obvious when Justin Sun bought $30 million in World Liberty crypto tokens last month, effectively handing the newly elected President $18 million.

On November 25, Sun purchased $30 million in crypto tokens from World Liberty Financial, a new crypto venture backed by President-elect Donald Trump. Sun said his company, TRON, was committed to “making America great again.”


World Liberty Financial planned to sell $300 million worth of crypto tokens, known as WLF, which would value the new company at $1.5 billion. But, before Sun’s $30 million purchase, it appeared to be a bust, with only $22 million in tokens sold. Sun now owns more than 55% of purchased tokens.Sun’s decision to buy $30 million in WLF tokens has direct and immediate financial benefits for Trump. A filing by the company in October revealed that “$30 million of initial net protocol revenues” will be “held in a reserve… to cover operating expenses, indemnities, and obligations.” After the reserve is met, a company owned by Donald Trump, DT Marks DEFI LLC, will receive “75% of the net protocol revenues.”So before Sun’s purchase, Trump was entitled to nothing because the reserve had not been met. But Sun’s purchase covered the entire reserve, so now Trump is entitled to 75% of the revenues from all other tokens purchased. As of December 1, there have been $24 million WLF tokens sold, netting Trump $18 million.

All this has the potential to go horribly wrong.

And predictably so. Back in July — after Sacks had brokered the marriage between Musk and Trump but long before Trump rolled out his own crypto scam — Mark Cuban had this to say about the alliance.

And while I don’t ascribe to everything in this more ambitious prediction from Dave Troy from 2022, some have been predicting this confluence of events even longer.

One thrust of Trump’s transition plans — those stemming from his kneejerk parochialism — have focused on making The Dollar Great.

A just as significant thrust — granting reckless support for bubble cryptocurrency — arises from his venality.

With Trump, it’s generally safe to bet his greed will win out over care for anyone but himself.

Update: Added the caveat “public” before financial disclosure. See Kathleen Clark’s thread for an explanation.

Share this entry

The Missing Detail about Encryption in the Pavel Durov Investigation

/17 Comments/in /by

Yesterday, France charged Pavel Durov and set €5 million bail for the Telegram founder. The public release regarding the charges provides scant new detail from what prosecutors released when he was first arrested.

For example, the new release confirms that a preliminary inquiry started in February, before the formal investigation was started on July 8. That’s consistent with a Politico report that France first issued arrest warrants for Pavel and his brother, Nikolai, subsequent to an investigation into someone using Telegram to engage in child sexual abuse, including rape.

Warrants for Pavel and his brother Nikolai, the platform’s co-founder, were issued on March 25 over charges including “complicity in possessing, distributing, offering or making available pornographic images of minors, in an organized group.” French media had previously reported the probe was opened in July.

The warrants were issued after an undercover investigation into Telegram led by the cybercrime branch of the Paris prosecutor’s office, during which a suspect discussed luring underaged girls into sending “self-produced child pornography,” and then threatening to release it on social media.

The suspect also told the investigators he had raped a young child, according to the document. Telegram did not respond to the French authorities’ request to identify the suspect.

The list of charges in the release yesterday does not exactly match those released last week. The lead charge, “web-mastering an online platform in order to enable an illegal transaction in organized group,” is further described as a crime that carries a 10-year sentence and/or a €500,000 fine. Given how particular French code is about punishment, one might be able to hone in what lead crime that language is pursuing (it seems more common for five year sentences to match a €150,000 fine).

In addition to listing Telegram’s refusal to cooperate with law enforcement requests second among suspected crimes, as the original release did, yesterday’s release has that bolded below, with a description of how other authorities, including Belgium, are having the same problem. This investigation seems to primarily stem from the way Telegram has allowed crimes to flourish on the platform, and as such, most of the rest of the charges may reflect efforts to further criminalize Durov’s choice to do nothing about crimes that rely on Telegram.

There are other changes between the initial release and yesterday’s, which may be of little or no import or may reflect what prosecutors have learned since they arrested Durov. For example, possessing (as distinct from disseminating) CSAM images has been dropped; that’s the kind of change that might reflect the server configuration Telegram uses, and whether any Telegram server hosts CSAM material within France.

Criminal association has now been included in the general list, rather than as a separate bullet point. Money laundering, however, has not. One unanswered question is whether Durov was more directly involved in money laundering than the other crimes, in which case prosecutors might show that he had a personal pecuniary incentive to let all the other crime flourish on Telegram.

In that same general list, the dissemination of hacking tools was moved up to first, from fourth.

But one of three encryption-related crimes, “Importing a cryptology tool ensuring authentication or integrity monitoring without prior declaration,” was dropped. Again, that could reflect new information about server locations.

It’s the commentary regarding the (now two) encryption-related crimes that most befuddles me. The American press, at least, continues to discuss this as if this is a crime about using encryption.

Some online speech experts and privacy advocates agreed that France’s indictment of Durov raises concerns for online freedoms, pointing in particular to charges relating to Telegram’s use of cryptography, which is also employed by Apple’s iMessage, Meta’s WhatsApp and Signal.

“French law enforcement has long hated encryption,” said David Kaye, a professor at University of California, Irvine School of Law and former U.N. special rapporteur on freedom of expression. “This seems like a potential avenue for them to blame what happens on Telegram at least in part on encryption, when the truth is that the other counts suggest that Telegram’s noncooperation with judicial orders is the real problem.”

Stamos agreed the charges related to cryptography are “concerning,” because “that seems to apply even to platforms that are actively working to prevent the spread of child sexual abuse material.” He said that while Telegram has at times banned groups and taken down content in response to law enforcement, its refusal to share data with investigators sets it apart from most other major tech companies.

As far as I understand it, the law in question is one passed in 2004 that required affirmative registration of encryption. Signal, easily the most protective encrypted messaging app, did register under this law when it first applied to offer Signal in French app stores. So, no, they’re not going to be prosecuted under that law, because they’re following the law.

And therein lies the question I keep asking but people are ignoring: whether this law works like the affirmative registration requirements in the US for acting as a foreign agent. The US uses 18 USC 951, for example, to prosecute people who are secretly doing things for a foreign government — such as the targeting for which Maria Butina was prosecuted — without having to prove they were affirmatively spying. DOJ didn’t have to prove that Butina (speaking purely hypothetically here) honey trapped Patrick Byrne as part of a Russian effort to recruit nutballs with an investment in cryptocurrency; they could instead prove merely that she was taking orders from a government official (in this case, Alexandr Torshin), without alerting DOJ to that fact. The obligation to register provides a law enforcement tool that can be used when an underlying crime — like spying — is far more difficult to prove, or would harm counterintelligence if one tried.

For example, 18 USC 951 was used in the failed prosecution of Mike Flynn and his business partner, Bijan Kian. it wasn’t until the eve of the Kian’s trial that DOJ revealed the existence of, but not the details about, far more extensive communications pertaining to Flynn and the Turks (that revelation did not explain whether these were communications between Flynn and the Turks, and/or communications the Turks had about Flynn) than had previously been revealed.

I don’t know if this is how France uses this law, or if they may be doing here. What I’m saying is that the crime is failing an affirmative obligation to register, a law that has not prevented Telegram’s counterparts from operating lawfully in France.

Let me extend the analogy to a case where we know Telegram was used to facilitate crime (though not one of the crimes in which Durov has been charged with complicity).

As I laid out here, we know that after January 6, the FBI discovered that the Proud Boys were using unencrypted Telegram group chats to organize in advance of the insurrection. But once it obtained and exploited Enrique Tarrio’s phone, which took over a year to do, the FBI also discovered that Tarrio was using Telegram (in addition to Google Voice chat and iMessage) to communicate with a DC intelligence cop, Shane Lamond. Those encrypted communications will be key evidence in Lamond’s trial in October, but the use of Telegram, whether encrypted or not, was not a crime and not charged as one.

Those Telegram communications include:

  • The message where Lamond was added to an unencrypted Proud Boys chat (meaning, of course, that a cop with close ties to the FBI did know how the Proud Boys were using Telegram long before January 6, and indeed Tarrio tried to use his comms with Lamond as an affirmative defense to the sedition charges against him).
  • Private unencrypted Telegram messages that at least started as Lamond’s effort to learn what the Proud Boys were doing ahead of time, and so fell squarely within Lamond’s job as an intelligence officer, but which — after the election — started to include advice about how to avoid law enforcement scrutiny.
  • Starting after the December 12, 2020 burning of a DC Church’s BLM flag, secret, encrypted Telegram messages about Tarrio’s role in that act and the investigation into him for it; those encrypted communications would later include discussion of the planning and aftermath of January 6.
  • Telegram calls about the investigation that could not be reconstructed (though some conducted with his replacement phone may have been).
  • Starting on December 22, encrypted Telegram messages with the auto-delete set; the FBI was able to reconstruct some, but not all, of these. Among those they weren’t able to reconstruct, a January 4, 2021 encrypted text successfully destroyed must have alerted Tarrio that DC had obtained a warrant for his arrest, because Tarrio immediately told some girlfriends and Jacob Engels via unencrypted Telegram texts, as well as some Proud Boy Telegram group chats, that about the arrest warrant. The men appear not to have tried to delete Tarrio’s self-exonerating encrypted Telegram text, “I could have stopped this thing.” But they did resume destroying encrypted Telegram messages as the investigation into the Proud Boys progressed.

That use of Telegram, whether unencrypted, encrypted, and/or self-deleting, is not illegal in the US. Rather than busting Lamond for that, prosecutors charged him for lying about the earlier communications, for obstructing the investigation into burning the BLM flag. There’s no charge related to Lamond’s warnings about January 6, and indeed, the reconstruction or not of later texts between the men is not included in the trial exhibit. But more of the January 6 texts were successfully destroyed.

Now consider the significance of a case where cops knew a militia group were using Telegram’s unencrypted features, ones the FBI could have hacked, but that collusion between the militia and law enforcement was hidden via the use of Telegram’s encryption. The FBI wasn’t looking in any case, but even if they had been, it is at least conceivable where a seditionist like Tarrio used better operational security and didn’t immediately undercut the value of using encryption by blabbing to others, but that the encryption prevented the FBI from understanding the extent that the cops were helping the seditionists.

The use of Telegram is not illegal in the US. As I understand it, the use of it is not being charged in France.

But in France, the requirement to pre-register provides a tool prosecutors might choose to use if the use of encryption ends up playing a detrimental role in crimes in the country, as Telegram notoriously has.

I have no idea whether that’s how it’s being used here.

But it is at least possible that Durov is being charged under these two encryption crimes because criminal (or intelligence) investigations in France discovered, via exploiting suspects’ phones or possibly even with the help of a cooperating witness, that Telegram encrypted chats played a key role in one or another particular plot. That could have been nothing more than the child sexual abuse whence this investigation started. Or it could be something that raised the stakes for France, such as sabotage attempted by a foreign power.

Pavel Durov is being charged because communications to which Telegram had ready access were used to commit a number of crimes (but not, notably, hate crimes). Far too many outlets are describing these crimes as pertaining to encryption; it may not be. It pertains to the commission of crimes, using Telegram, including a great number that Telegram allegedly had means to learn about but, by refusing law enforcement process, sustained deniability.

It appears that he is also being charged because he made it possible to further protect communications, including from Telegram engineers, without following French registration laws before he did that. That is, France appears to be charging Durov not because he knows what the encryption is serving to hide, but by dint of his failure to adhere to French registration requirements, his plausible deniability regarding encryption doesn’t help him dodge criminal liability.

I may be misunderstand the law — I’m still looking for French sources to explain this, because American ones are not citing French lawyers — but if people are writing about the role of encryption in this case, the difference between “providing” encryption and “providing it without registration” is key.

Update: Since we’re focused on Telegram’s non-cooperation with law enforcement, this exhibit list for Lamond’s trial shows how they have to authenticate those comms instead: Through a variety of forensic reports, and then via summary chart.

Share this entry

Three Ways Jim Jordan and James Comer Made Trump Less Safe

/25 Comments/in , , , /by

With the exception of an initial question that attempted, with no success, to pin down Donald Trump’s recent communications with Bibi Netanyahu (Trump instead described the last time he had met Bibi face-to-face, before asserting he had not spoken to him), the questions at last Thursday’s press conference were truly abysmal. Half were horse race questions, many posed from a presumptively pro-Trump position. And that’s before the question about why god miraculously saved Trump’s life.

But there were a few questions yelled out after the Cheerio questions that were more interesting, such as what Trump thought about Ukraine’s incursion into Russia and what he thought about the hack of his campaign (which WaPo has confirmed targeted Susie Wiles).

While I originally thought this response from Trump was a response to the Ukraine question, I think, instead, he was responding to the hacking question.

Can you say anything about the hacking of your campaign?

I don’t like it. Really bad. I’m not happy with it. Our government shouldn’t let that happen.

Does there need to be a government response?

Yeah there should be. Our government should not let — they have no respect for our government.

Trump blamed the government after, earlier in the Potemkin Presser, he had already predicted that “we” will be friendly with Russia’s increasingly critical ally, Iran.

We will be friendly with Iran. Maybe, maybe not. But they cannot have a nuclear weapon. We were all set to make sure they did not have a nuclear weapon.

Yesterday, the FBI, CISA, and ODNI attributed the hack — and efforts to compromise people close to President Biden — to Iran.

This includes the recently reported activities to compromise former President Trump’s campaign, which the IC attributes to Iran. The IC is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the Presidential campaigns of both political parties. Such activity, including thefts and disclosures, are intended to influence the U.S. election process. It is important to note that this approach is not new. Iran and Russia have employed these tactics not only in the United States during this and prior federal election cycles but also in other countries around the world.

I find it remarkable that Trump is blaming the government — and not just because he himself begged Russia to hack his opponent in 2016 and the worst recent hack, Solar Winds, happened under his stewardship.

I find it remarkable because key Trump allies like Jim Jordan and James Comer have been working hard to make him less safe.

They’ve done so in several ways (and LOLGOP and I laid out in this bonus episode of Ball of Thread).

First, in their effort to spin government efforts to combat foreign malign influence and election-related dis- and misinformation as an attack on free speech, they’ve demonized the effort to combat such influence operations, particularly efforts of the Cybersecurity and Infrastructure Security Agency, which in 2020 confirmed the integrity of the election.

Jordan and Comer also championed the views of Matt Taibbi and Michael Shellenberger, the latter of whom has been obsessed about misrepresenting a report that Stanford’s Internet Observatory offered in 2020 to provide guidelines about what to do with potentially hacked information.

“Since Daniel Ellsberg’s 1971 leak of the Pentagon Papers,” wrote the authors, “journalists have generally operated under a single rule: Once information is authenticated, if it is newsworthy, publish it…. In this new era, when foreign adversaries like Russia are hacking into political campaigns and leaking material to disrupt our democracy and favor one candidate, journalists must abandon this principle.”

Stanford’s goal was explicitly to change norms so journalists would not do what they did in 1971 with the Pentagon Papers. “The more news outlets that embrace a new set of norms, the more resilient American media will be against exploitation by malicious actors,” the authors write.

The authors, Grotto and Zacharia, proceed to celebrate news media not reporting on things the national security state doesn’t want them to report.

[snip]

The authors describe how the news media will, in real life, cover the Hunter Biden laptop, in October 2020. “Focus on the why in addition to the what,” they say. Make the disinformation campaign as much a part of the story as the email or hacked information dump. Change the sense of newsworthiness to accord with the current threat.”

Quinta Jurecic cited the Stanford Report when advocating that journalists exercise more caution with the materials believed to derive from an Iranian hack.

But the shame of having been so thoroughly played by foreign intelligence was stark enough that many journalistic institutions reconsidered their approach in advance of the 2020 vote. An influential Stanford report recommended that journalists presented with potentially hacked material “[m]ake the disinformation campaign as much a part of the story as the email or hacked information dump”—focusing on “why it was leaked as opposed to simply what was leaked,” and taking care to establish that the material is authentic and not a malicious forgery.

This appears to be the approach that major news outlets contacted by the mysterious “Robert” are taking so far.

If we had listened to Jordan and Shellenberger, the media would have to publish those stolen documents.

Finally, there are Jordan’s efforts to undermine cooperation between the FBI and tech companies, and his personal targeting of Elvis Chan.

That cooperation appears to have been instrumental in halting the hacking campaign targeting both Biden and Trump’s campaigns. Microsoft and Google may have first identified the hacking attempts. Indeed, in a recent report on Iran’s hacking efforts, Google describes proactively contacting the FBI.

For many years, Google has worked to identify and disrupt malicious activity in the context of democratic elections. During the 2020 U.S. presidential election cycle, we disrupted APT42 attempts to target accounts associated with the Biden and Trump presidential campaigns.

In the current U.S. presidential election cycle, TAG detected and disrupted a small but steady cadence of APT42’s Cluster C credential phishing activity. In May and June, APT42 targets included the personal email accounts of roughly a dozen individuals affiliated with President Biden and with former President Trump, including current and former officials in the U.S. government and individuals associated with the respective campaigns. We blocked numerous APT42 attempts to log in to the personal email accounts of targeted individuals.

Recent public reporting shows that APT42 has successfully breached accounts across multiple email providers. We observed that the group successfully gained access to the personal Gmail account of a high-profile political consultant. In addition to our standard actions of quickly securing any compromised account and sending government-backed attacker warnings to the targeted accounts, we proactively referred this malicious activity to law enforcement in early July and we are continuing to cooperate with them.

In their effort to undermine initiatives to combat disinformation, Jordan and Comer spent two years demonizing this kind of cooperation. They spent a year targeting Elvis Chan, the FBI agent whose day job is precisely this kind of coordination with Silicon Valley companies to prevent hacks using their infrastructure, based on conspiracy theories Taibbi and Shellenberger spread about the tech companies decision to throttle the original Hunter Biden laptop story, going so far as suing Chan because he wanted to be represented by both FBI and his own counsel for testimony to the House (they dropped the suit Thursday, though I have yet to get an explanation of why).

Trump has spent years demonizing the Deep State. At Trump’s behest, Jordan and Comer have spent two years attacking the Bureau. But on both Iran’s assassination attempt and this hacking attempt, the Deep State saved his ass.

Share this entry

Josh Schulte Sentenced to 40 Years

/32 Comments/in , , , /by

Aldrich Ames was arrested at the age of 53 in 1994 after 9 years of spying for Russia. He remains imprisoned in Terre Haute to this day — 30 years and counting — at the age of 82. (My math here is all rough.)

Robert Hanssen was arrested in 2001 at the age of 57 after 22 years of spying for Russia. He died last year, at the age of 79, in Florence SuperMax.

After six years in jail — most under Special Administrative Measures sharply limiting his communication — Josh Schulte, aged 35, was sentenced Thursday to 40 years in prison. He will presumably go to either Florence (most likely, because Judge Jesse Furman recommended he should go to someplace close to Lubbock) or Terre Haute.

Since his guidelines sentencing range was life in prison, I’m not sure how much, if any, of his sentence could, hypothetically, be dropped for good behavior.

Furman sentenced him concurrently on his Child Sexual Abuse Material conviction and the Espionage Act charges. Barring any successful appeal, he would be in prison for at least 20 years on top of time served, if he were to get credit for good behavior. That would put him back on the street at age 55, still the prime of his life (says someone in precisely that prime of her life, someone still learning some of the forensic techniques Schulte mastered as a teenager).

But the possibility that Schulte would be released before 2058, when Schulte will be 69, is based on two very big assumptions (on top of my uncertainty about whether he could get time off). First, that Schulte could sustain “good behavior” in prison, when he has failed to do so even while being held under SAMs in New York. Most recently, the government alleges he somehow obtained more CSAM in 2022 while in prison, where he would consume it in his cell after days representing himself in his second trial, the one in which he was convicted of the Espionage Act charges.

Even while Schulte’s family was traveling to attend his trial in 2022, he chose to retreat to his cell to view the child pornography that he had secreted on his prison laptop. (See D.E. 1093-1 at 3-4 (describing examples of times when videos were played).)

And there’s good reason to believe he attempted to — may well have succeeded at — conducting further hacks from prison.

That’s some of what I’ve been pondering since the government first requested that Schulte be treated like four men, including Ames and Hanssen, who gave America’s secrets to Russia rather than giving them to WikiLeaks, as a jury convicted Schulte of doing, by sentencing him to life in prison.

It took years of tradecraft to recruit and cultivate sources like Ames and Hanssen.

Many of the details about what led up to Schulte’s leaks of the CIA’s hacking tools remain unknown — including via what server he shared the files, because WikiLeaks’ submission system could not have accepted them at the time, meaning Schulte necessarily had some kind of contact with WikiLeaks in advance.

But the current story is that Schulte reacted to being disciplined at work fairly directly by stealing and then sharing the CIA hacking tools in one fell swoop. In a matter of days in April and May 2016 (perhaps not coincidentally, the same period when Russian hackers were stealing files from Hillary Clinton’s team), Schulte took steps that burned a significant part of CIA’s capabilities to the ground.

As a result of that reactive decision, Schulte delivered a set of files that would allow their recipients to hunt down CIA’s human sources based off the digital tracks they left in highly inaccessible computers. As I’ve noted, Schulte was well aware of the damage that could do, because he wrote it up in a self-serving narrative after the fact.

I told them the confluence server was the one that seemed to be compromised, and while horrible and damaging at least it wasn’t Stash; At least not at this point–Hopefully they could stop any additional leaks from the network at this point. From the news articles I’ve read, wikileaks claims to have source code, but we don’t know what code or from where. However, at this point, I knew the SOP was a complete stand down on all [redacted] operations. We had no idea what had been leaked, when, for how long, or even who else had seen the materials leaked. Have they been steadily accessing our network every day? Have all our ops been blown since we wrote the first line of code? Perhaps only confluence had been leaked, but the individual(s) responsible are/were planning to exfil the other parts of DEVLAN too? So much still unknown, and with potential (yet unconfirmed) link between wikileaks and Russia–Did the Russians have all the tools? How long? It seems very unlikely that an intelligence service would ever leak a nation’s “cyber weapons” as the media calls them. These tools are MUCH more valuable undiscovered by the media or the nation that lost them. Now, you can secretly trace and discover every operation that nation is conducting. I told them all this was certainly very disturbing and I felt bad for my friends and colleagues at the agency who likely weren’t doing anything and most likely had to completely re-write everything. [my emphasis]

What gets virtually no coverage is that this is precisely what happened: the bulk of the most sensitive files Schulte stole, the source code, has never been publicly accounted for. That’s why I find credible the unsealed and sealed filings submitted with sentencing claiming that Schulte caused what Judge Furman claimed (as reported by Inner City Press) was $300 million in damage and a cascading series of compromises.

Because DOJ couldn’t trade a death sentence in exchange for cooperation about how Schulte did it, as they did with Ames and Hanssen, because digital encryption is much more secure than a dead drop in a Virginia park, it’s not clear whether the government even knows all of it.

I don’t even know what Schulte was trying when he attempted to social engineer me from jail in 2018 — but I have my suspicions.

Later this month, Julian Assange will get a last chance to stave off extradition. I have long suspected if the UK approves the extradition, Russia will attempt to swap Evan Gershkovich for Assange. One way or another, we may learn more about what the US government has learned about the WikiLeaks operation in the 7 years since Schulte was part of one of the most successful, sustained attacks by Russia on the US.

But until then, Schulte will be moving to new long-term accommodations in a highly secure prison.

Share this entry

Claiming Josh Schulte’s Leaks Cost CIA 100s of Millions, DOJ Asks for Life Sentence

/40 Comments/in , /by

In support of sentencing for Josh Schulte, DOJ submitted an unclassified letter from CIA’s Deputy Director claiming his breach cost the agency hundreds of millions of dollars, a sealed classified filing that must speak to grave harm, and a sealed letter from a CSAM victim.

The how they get to the sentencing recommendation is quite technical (though it involves a terrorism enhancement for using computers to engage in espionage).

The what — a request for a life sentence — is not surprising. The comparison of his crimes to Robert Hanssen and Aldrich Ames is similary not surprising.

Indeed, it is the proof that Schulte carried out his conduct with the specific intent that his theft would harm the United States that sets his case apart. In virtually all cases identified in the Government’s research in which violations of § 793(b) have been prosecuted, that charge has been paired with violations of 18 U.S.C. § 794, which penalizes the delivery of national defense information to a foreign government with the same intent requirement. That offense does not apply to Schulte’s conduct, because he chose to transmit the Stolen CIA Files to WikiLeaks, rather than directly to a foreign state. But Schulte’s intent to harm the United States, the scope of his theft and disclosure, and the consequences of his conduct, more closely parallels cases prosecuted under § 794 than so-called “leak” cases in which comparatively small amounts of information are shared with media organizations with a misguided sense of the public interest. In such cases, Courts have routinely, albeit gravely, concluded that terms of life imprisonment are the only appropriate sanction for such devastating crimes, notwithstanding the fact that many similarly situated individuals accepted responsibility for their crimes. See, e.g., United States v. Robert Hanssen, 01 Cr. 1088 (E.D. Va. 2002) (life imprisonment for FBI supervisor who pled guilty to selling classified information to Russia); United States v. Aldrich Ames, 94 Cr. 166 (E.D. Va. 1994) (life imprisonment for CIA officer who pled guilty to selling classified information to Russia); United States v. Arthur James Walker, 85 Cr. 92 (E.D. Va. 1985) (life imprisonment for former Navy officer convicted of selling documents for transmission to Russia); United States v. Andrew Daulton Lee, 589 F.2d 980 (9th Cir. 1979) (life imprisonment for contractor convicted of selling classified information regarding CIA project to Russia).

It is, however, fairly sobering.

Share this entry

Garrett Ziegler’s Landscaping Problem

/96 Comments/in , , , /by

According to emails posted at BidenLaptopEmails dot com made available by Garrett Ziegler, sometime around May 31, 2017, someone set a Google alert for weekly landscaping work, which usually took place in the mornings. Many weeks, Hunter Biden would receive a Google alert on Wednesday, reminding him landscapers would show up the next day. Then the next day, his iCloud email would email his RosemontSeneca email (hosted by Google) with a reminder.

In the depths of his addiction — again, per emails made available by Garrett Ziegler — the only emails that Hunter Biden “sent,” the only sign of life on his email accounts, was that email. For weeks on end, the only communication “from” Hunter is that eerie repetitive notice: “Alert – FYI landscapers at CBR (usually in AM).” It’s like that Google alert is a phantom, always there in Hunter’s email box.

I’m not sure the technical explanation for it — though I expect that experts would be able to use the nature of those weekly alerts to determine what inboxes were really used to load up the laptop that found its way to John Paul Mac Isaac and from there, on a hard drive, to Rudy Giuliani and then, another hard drive, to Garrett Ziegler. The technical explanation may also explain why the FBI relied on the laptop for Google alert information rather than the information the FBI received from Google itself, as I laid out here.

“Alert – FYI landscapers at CBR (usually in AM).” There must be over 150 versions of either the Google alert or the email from Hunter’s iCloud email to Hunter’s RosemontSeneca email in the collection made available by Garrett Ziegler.

In fact, those emails, “Alert – FYI landscapers at CBR (usually in AM),” may doom Ziegler’s effort to defeat Hunter Biden’s hacking lawsuit against him.

Ziegler filed his response, along with a sworn but not notarized declaration from Ziegler himself, yesterday.

As to the claim that he hacked Hunter Biden’s phone — which I’ve noted is a key vulnerability for Ziegler — Ziegler admits he used a password to access the backup from a phone Hunter allegedly owned in 2019.

19. Paragraph 29 falsely casts my comments to imply thta I and Defendant Marco Polo “hacked” into Plaintiff’s iPhone backup file.

20. In the case of the iPhone backup file referred to in paragraph 29, I received a copy of an iPhone backup file which existed as part of the copied files.

21. Also contained on the external hard drive given to me were files containing passcodes, which are essentially similar in function to passwords designed to allow access to password-protected files. Although it took months of examination, we were able to locate the passcode which allowed access to the iPhone backup file. Those files existed on the external hard drive when it was first given to me.

But he argues that because the disk drive he received from an associate of Rudy Giuliani had the password for the phone on it, and because Hunter never owned the hard drive on which Ziegler received both sets of data, he did not “hack” anything.

Plaintiff selectively cites to Defendant Ziegler’s December 2022 remarks about decrypting a specific file which stored the passcode to the iPhone backup file, both of which were on Defendants’ copy of the Laptop. (Compl. at ¶ 29). The Complaint falsely suggests Defendants “hacked” into Plaintiff’s iPhone backup. (Zeigler Decl. at ¶ 19). Defendants received a copy of Plaintiff’s iPhone backup file which existed as part of the files. (Id. at ¶ 20). When Defendants received the external hard drive, it contained passcodes, which allowed access to the iPhone backup file. (Id. at ¶ 21).

[snip]

Moreover, Plaintiff does not allege unlawful access to a computer within the meaning of the CFAA. A computer user “without authorization” is one who accesses a computer the user has no permission to access whatsoever—an “outside hacker[ ].” Van Buren v. United States, 141 S. Ct. 1648, 1658, (2021). Here, Plaintiff admitted that Defendants accessed and used a hard drive that Plaintiff never possessed. Specifically, Plaintiff alleges that Defendants accessed a hard drive provided by a third party which contains a copy (duplicates) of files. (Compl. at ¶ 18). Plaintiff does not allege that Defendants possessed or accessed Biden’s computer or original files.

Plaintiff alludes to his actual iPhone and iCloud account when he alleges that “at least some of the data that Defendants have accessed, tampered with, manipulated, damaged and copied without Plaintiff’s authorization or consent originally was stored on Plaintiff’s iPhone and backed-up to Plaintiff’s iCloud storage.” (Id. at ¶ 28). However, Plaintiff alleges no facts which demonstrate Defendants ever accessed any computer, storage, or service which Plaintiff either owns or has exclusive control over. Likewise, the Complaint also shows facts which conclusively prove that Defendants had no need to access any service or storage because the laptop copy in their possession admittedly contained all of the necessary information, including the passcode to view all of the files contained on the Biden Laptop regardless of encryption. (Id. at ¶ 18). Put simply, both the encrypted iPhone backup file and the passcode to open the iPhone backup file were on the Laptop copy.

Given that Hunter’s lawsuit also names a bunch of John Does, blaming his access to this backup on Rudy’s unnamed associate and Rudy and John Paul Mac Isaac may not help Ziegler.

In any case, Ziegler may hope he doesn’t have to rely on this argument. His response actually spends more time arguing that venue, in California, is improper than he does that using a password to access an encrypted backup is legal. The “work” Ziegler did to make ten years of Hunter Biden’s emails available took place in Illinois. He has no employees or board members in California. Fewer than 10% of Marco Polo’s supporters live in California (Ziegler doesn’t say what percentage of his donations they provide, however).

His venue argument and his hacking argument ignore a part of Hunter’s lawsuit, though, which alleges that Ziegler “directed illegal conduct to occur in California.”

Plaintiff is informed and believes that Defendant Ziegler intentionally directed illegal conduct to occur in California and has therefore subjected himself to jurisdiction in California.

Similarly, his response only mentions Hunter’s allegation that in addition to accessing that iPhone, he also accessed data in the cloud once.

Plaintiff accuses Defendants of “knowingly accessing and without permission taking and using data from” Plaintiff’s devices or “cloud” storage (Compl. at ¶¶ 40, 41), computer service (id. at ¶ 42), or protected computer (id. at ¶ 35) but fails to identify a single device Defendants accessed without authorization

That allegation is a key part of alleging that Ziegler broke the law in California.

40. Defendants have violated California Penal Code § 502(c)(1) by knowingly accessing and without permission taking and using data from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup to devise or execute a scheme to defraud or deceive, or to wrongfully obtain money, property, or data.

41. Defendants also have violated California Penal Code § 502(c)(2) by knowingly and without permission accessing, taking, copying, and making use of programs, data, and files from Plaintiff’s devices or “cloud” storage, including but not limited to, Plaintiff’s encrypted iPhone backup.

Ziegler denies accessing any computer in the possession of Hunter Biden. That falls short of denying that he hacked data owned by Hunter Biden.

22. Neither I nor any person associated with Marco Polo have accessed, or attempted to access, any computer, device, or system owned or controlled by Plaintiff. We are not hackers, we are simply publishers, and the Plaintiff is attempting to chill our First Amendment rights and harass us through a frivolous and vexatious lawsuit.

I think Ziegler has a problem with his description of where the iPhone backup came from in the first place: he says that the “laptop” was in Hunter Biden’s possession when the iPhone backup was saved to it on February 6, 2019.

The metadata concerning the duplicated iPhone backup file on our external hard drive indicates that the last backup made of the iPhone file to the plaintiff’s laptop, which he left at the repair show of John Paul Mac Isaac on April 12, 2019, occurred on February 6, 2019, while still in the plaintiff’s possession based upon all the facts known to me to be provably true beyond dispute.

Hunter may be able to prove that Ziegler, of all people, doesn’t believe that to be true, doesn’t believe that when that iPhone was backed up on February 6 — a day when someone presenting as Hunter was involved in a car accident in DC — Hunter was in possession of that laptop.

But the bigger problem Ziegler that has is that phantom landscaping reminder.

According to emails that Garrett Ziegler has made publicly available, an October 14, 2021 notice triggered by a Google alert was received on November 24, 2021, long past the time, per Ziegler’s declaration, he was in possession of this hard drive.

Again, I’m not sure how that happened technically. But if it involved either Apple servers or Google servers (or both, given that the notice was dated October 24, 2021), that would get you venue in California.

Hunter Biden may not have been in possession of Apple’s and Google’s servers in 2021, but accessing them using passwords stored on the hard drive — at least one password that Ziegler admits to using — would also constitute hacking.

Update, to answer a question below: The text of the email shows that the notice was October 14, but the email was received on November 24, 2021.

Share this entry

Hunter Biden Accused Rudy Giuliani of Hacking His Data, Not Defamation

/58 Comments/in , , , /by

Ruby Freeman and Shaye Moss’ civil trial against Rudy Giuliani goes to trial tomorrow.

In a number of the scene setters for the trial, people are making claims like this:

In addition to his criminal charges, disbarment proceedings and the lawsuit brought by Freeman and Moss, Giuliani has been sued by various other individuals — including President Joe Biden’s son Hunter — who claim he spread false allegations about them in 2020.

Or this:

He and one of his lawyers are being sued by Hunter Biden for allegedly mishandling the presidential son’s laptop,

Hunter Biden is not suing Robert Costello and Rudy Giuliani for defamation. He’s not suing Robert Costello and Rudy Giuliani for mishandling “his laptop,” which (even if John Paul Mac Isaac and Rudy Giuliani have told the truth about everything) would never have been in Rudy’s possession.

Hunter Biden is suing the former President’s former personal lawyer and that lawyer’s former personal lawyer for hacking his data. Hunter Biden is suing Rudy for violating the criminal Computer Fraud and Abuse Act: for accessing a computer without authorization or exceeding authorized access.

41. Defendants have violated the CFAA, specifically section 1030(a)(2)(C) of
the CFAA, by intentionally accessing a computer without authorization or exceeding
authorized access, and thereby obtaining information from any protected computer
which, pursuant to the CFAA, is a computer used in or affecting interstate commerce
or communication.

42. Defendants have violated the CFAA, specifically section 1030(a)(4) of the
CFAA, by knowingly and with intent to defraud, accessing a protected computer
without authorization or exceeding authorized access, and by means of such conduct
furthering the intended fraud and obtaining one or more things of value.

We will have to wait to see whether he can prove that claim. But particularly given that Hunter has since been charged with 12 criminal charges by a US Attorney appointed by Trump, let’s be clear what the claim is.

Hunter Biden has accused Rudy Giuliani of violating the criminal hacking statute.

One reason people make this mistake all the time — on top of the non-stop Fox News propaganda about this — is they think of the laptop like this:

The laptop, as it was brought to John Paul Mac Isaac’s shop, is better thought of like this.

There were dick pics on the laptop (I’m using artistic license in my choice of dick pics).

There were emails, including emails hosted by Google and emails tied to Hunter Biden’s iCloud account. But the laptop also included on it the means to get into Hunter’s iCloud account and at least some of his Google accounts.

There were other digital keys on the laptop and probably enough bank data to get into financial accounts.

And there was the contents of an iPhone, stored in encrypted form. As I’ve described, I first went down this rabbit hole — the entire Hunter Biden rabbit hole — when I read Gary Shapley’s description that the FBI needed a password to access some of the content, the content from the phone, on what was an actual laptop. That’s when I realized that anyone who accessed the encrypted contents of that phone without a warrant might be at risk for CFAA charges.

Several of the people who’ve been offering up Hunter Biden data confess, openly, that they broke the encryption on that phone.

In other words, no matter how all that stuff got put onto Hunter’s laptop, and no matter how it got brought to John Paul Mac Isaac’s shop, and no matter whether JPMI was perfectly in his legal rights to take possession of the laptop itself — all things that are very much contested — the laptop included the means to get into other data, data hosted in the cloud, to which neither JPMI nor anyone else had authorized access.

And then the blind computer repair man, after having chosen to copy that hard drive that, contrary to his claims was a removable hard drive, by cutting and pasting it and reading it along the way, packaged that all up on a hard drive and sent it, without Hunter’s consent, to the then-President’s lawyer.

We don’t know what kind of hard drive JPMI used — he said he constructed his own, to make it untraceable.

Instead of buying external drives from a local store, where the purchase might be traced back to me, or online, which also could be traced and moreover might lead to damage in transit, I built my own.

It took about a week to collect all the pieces and clone the drive from the store’s backup server. In essence, I created a copy that was as close to the original drive as possible.

As I have shown, at a time when Rudy says he (or Robert Costello) were in possession of that hard drive that had on it means to access several of Hunter’s cloud accounts, an email Hunter sent in 2016 was resent, showing some alterations.

Hunter Biden is not accusing Rudy Giuliani of saying things about him that aren’t true. Hunter Biden is accusing Rudy Giuliani of accessing data — whether on a hard drive copied from a laptop or in the cloud — to which he did not have legal access.

Share this entry