The Hack or Attack Debate: Answer Old Questions While Waiting to Learn Enough to Answer That One

As people in government, particularly members of Congress posturing for the cameras, start responding to the SolarWinds compromise, some have adopted a bellicose language unsupported by the facts, at least those that are public. Dick Durbin, for example, called it, “virtually a declaration of war.” That has led to some necessary pushback noting that as far as we know, this is an act of espionage, not sabotage. It’s the kind of thing we do as well without declaring war.

As usual, I substantially agree with Jack Goldsmith on these issues.

The lack of self-awareness in these and similar reactions to the Russia breach is astounding. The U.S. government has no principled basis to complain about the Russia hack, much less retaliate for it with military means, since the U.S. government hacks foreign government networks on a huge scale every day. Indeed, a military response to the Russian hack would violate international law. The United States does have options, but none are terribly attractive.

[snip]

The larger context here is that for many reasons—the Snowden revelations, the infamous digital attack on Iranian centrifuges (and other warlike uses of digital weapons), the U.S. “internet freedom” program (which subsidizes tools to circumvent constraints in authoritarian networks), Defend Forward, and more—the United States is widely viewed abroad as the most fearsome global cyber bully. From our adversaries’ perspective, the United States uses its prodigious digital tools, short of war, to achieve whatever advantage it can, and so adversaries feel justified in doing whatever they can as well, often with fewer scruples. We can tell ourselves that our digital exploits in foreign governmental systems serve good ends, and that our adversaries’ exploits in our systems do not, and often that is true. But this moral judgment, and the norms we push around it, have had no apparent influence in tamping down our adversaries’ harmful attacks on our networks—especially since the U.S. approach to norms has been to give up nothing that it wants to do in the digital realm, but at the same time to try to cajole, coerce, or shame our adversaries into not engaging in digital practices that harm the United States.

Goldsmith’s point about the Defend Forward approach adopted under Trump deserves particular focus given that, purportedly in the days since the compromise became known, Kash Patel is taking steps to split NSA and CyberCommand, something that would separate the Defend Forward effort from NSA.

Trump administration officials at the Pentagon late this week delivered to the Joint Chiefs of Staff a proposal to split up the leadership of the National Security Agency and U.S. Cyber Command. It is the latest push to dramatically reshape defense policy advanced by a handful of key political officials who were installed in acting roles in the Pentagon after Donald Trump lost his re-election bid.

A U.S. official confirmed on Saturday that Joint Chiefs Chairman Gen. Mark Milley — who along with Acting Defense Secretary Chris Miller must certify that the move meets certain standards laid out by Congress in 2016 — received the proposal in the last few days.

With Miller expected to sign off on the move, the fate of the proposal ultimately falls to Milley, who told Congress in 2019 that the dual-hat leadership structure was working and should be maintained.

As Reuters has reported, General Nakasone was pretty hubristic about NSA’s recent efforts to infiltrate our adversaries (Nakasone has, in unprecedented fashion, also chosen to officially confirm efforts CyberCom has made, which he must think has a deterrent effect that, it’s now clear, did not).

Speaking at a private dinner for tech security executives at the St. Regis Hotel in San Francisco in late February, America’s cyber defense chief boasted how well his organizations protect the country from spies.

U.S. teams were “understanding the adversary better than the adversary understands themselves,” said General Paul Nakasone, boss of the National Security Agency (NSA) and U.S. Cyber Command, according to a Reuters reporter present at the Feb. 26 dinner. His speech has not been previously reported.

Yet even as he spoke, hackers were embedding malicious code into the network of a Texas software company called SolarWinds Corp, according to a timeline published by Microsoft and more than a dozen government and corporate cyber researchers.

A little over three weeks after that dinner, the hackers began a sweeping intelligence operation that has penetrated the heart of America’s government and numerous corporations and other institutions around the world.

The failures of Defend Forward to identify this breach may raise questions about the dual hatting of NSA and CyberCommand, but there’s no good reason for these Trump flunkies to take any substantive steps in the last month of a Lame Duck period while it is serially refusing briefings to President Elect Biden’s team. All the more so because the more pressing issue, it seems, is giving CISA, the government’s defensive agency, more resources and authority.

More importantly, while it is too early to determine whether this goes beyond traditional espionage, there are questions that we can identify. For example, one detail that might suggest this was intended to do more than espionage is that the hackers stole FireEye’s Red Team tools. There are information gathering purposes for doing so, but they’re probably not important enough to risk blowing this entire operation, as happened. So we should at least consider whether the SolarWinds compromise aimed to pair intelligence (including that gathered from FERC, one of the agencies targeted) with the means to launch deniable sabotage on key critical infrastructure using FireEye’s tools.

Measurements of whether this is a hack or attack must also consider that the hackers are in a position where they could alter data. Consider what kind of mayhem Russia could do to our economy or world markets by altering data from Treasury. That is, the hackers are in a position where it’s possible, at least, to engage in sabotage without engaging in any kinetic act.

Finally, adopting the shorthand the industry uses for such things, there’s a bit of sloppiness about attribution. The working assumption this is APT 29, and the working reference is that APT 29 works for SVR, Russia’s foreign intelligence agency (even though when it was implicated in key hacks in 2016, it was assumed to work for FSB). I’ve been told by someone with more local knowledge that the relationship between these hackers and the intelligence agencies they work for may be more transactional. The people who’ve best understood the attack, including FireEye, think this may be a new “group.”

While intelligence officials and security experts generally agree Russia is responsible, and some believe it is the handiwork of Moscow’s foreign intelligence service, FireEye and Microsoft, as well as some government officials, believe the attack was perpetrated by a hacking group never seen before, one whose tools and techniques had been previously unknown.

Which brings me to a question we should be able to answer, one I’ve been harping on since the DNC leak first became public: what was the relationship between the hackers, APT 28 (the ones who stole files and shared the with WikiLeaks) and APT 29 (who then, and still, have been described as “just” spying). From the very first — and even in March 2017, after which discussions of the hack have become irredeemably politicized beyond recovery — there was some complexity surrounding the issue.

I have previously pointed to a conflict between what Crowdstrike claimed in its report on the DNC hack and what the FBI told FireEye. Crowdstrike basically said the two hacking groups didn’t coordinate at all (which Crowdstrike took as proof of sophistication). Whereas FireEye said they did coordinate (which it took as proof of sophistication and uniqueness of this hack). I understand the truth is closer to the latter. APT 28 largely operated on its own, but at times, when it hit a wall of sorts, it got help from APT 29 (though there may have been some back and forth before APT 29 did share).

When I said I understood the truth was closer to the latter — that there was some cooperated between APT 28 and 29, it was based on what a firsthand witness, who had been involved in defending a related target in 2016, told me. He said, in general, there was no cooperation between the two sets of hackers, but on a few occasions APT 29 seemed to assist APT 28. That’s unsurprising. The attack in 2016 was ambitious, years in planning, and Putin was personally involved. He would obviously have the ability to demand coordination for this operation, so intelligence collected by APT 29 may well have dictated choices made in where to throw GRU’s efforts.

The point is important now, especially as people like CrowdStrike’s former CTO Dmitri Alperovitch recommends responses based on the assumption that this is SVR and therefore that dictates what Russia intends.

So we should assume this is espionage and therefore avoid escalating language for the moment. But having had our assess handed to us already, with a sophisticated campaign launched as we were busy looking for election hackers, it would be a big mistake IMO to rely on easy old categories to try to understand this.

Update: Corrected to reflect that Alperovitch is no longer with CrowdStrike.

Tom Bossert Gives Trump the Advice Trump Refused Four Years Ago

Almost exactly four years ago, at a time when (seemingly unbeknownst to Trump’s incoming Homeland Security advisor Tom Bossert) Mike Flynn and his Deputy KT McFarland were secretly making asks of the Russian government, top Transition team officials discussed what to do about sanctions Obama imposed, in part, to punish Russia for interfering in the just finished election.

As part of that discussion, Bossert asked his predecessor Lisa Monaco how the Russians were responding to sanctions. At 4:01 PM on December 29, he reported back to Flynn, McFarland, Steve Bannon (at Bannon’s personal email), Keith Kellogg, and Reince Priebus:

[Monaco] confirms the Russiand [sic] have already responded with strong threats, promising to retaliate. [She] characterized the Russian response as bellicose. My thoughts, sans the Russia angle, on which I defer to Mike and KT: [redacted] : Cyber attacks by forcing [sic] governments or anyone else are unacceptable and must be taken seriously. The alleged Russian hack of US entities involved in the US political process is a problem. Of course we must separate their attempts to influence our election from the rash conclusion that they succeeded in altering the views of any American voter. We must be wary of escalatory retaliation to follow.

Immediately after receiving this call, Flynn called McFarland using the phone in his Dominican Republic hotel room. They spoke for 11 minutes.

Approximately eight minutes after Flynn and McFarland hung up, at 4:20, Flynn called Sergey Kislyak from that same hotel room phone to a phone at the Russian Embassy wiretapped by the FBI. The person who transcribed the intercept observed that it sounded like Flynn might be using his speaker phone.

On the call, Flynn raised the sanctions. He asked the Russian Ambassador not to box the Trump Administration in and further asked not to escalate things to avoid getting into a tit-for-tat.

Approximately 12 minutes after the end of Flynn’s call with Kislyak, KT McFarland responded to Bossert’s email, claiming Flynn would call Kislyak later than evening, yet quoting the phrases “tit-for-tat” and “box” Trump in directly from the call Flynn had just made to the Ambassador — the one the transcriber believed may have been made on a speaker phone.

On Dec. 29, a transition adviser to Mr. Trump, K. T. McFarland, wrote in an email to a colleague that sanctions announced hours before by the Obama administration in retaliation for Russian election meddling were aimed at discrediting Mr. Trump’s victory. The sanctions could also make it much harder for Mr. Trump to ease tensions with Russia, “which has just thrown the U.S.A. election to him,” she wrote in the emails obtained by The Times.

[snip]

Mr. Obama, she wrote, was trying to “box Trump in diplomatically with Russia,” which could limit his options with other countries, including Iran and Syria. “Russia is key that unlocks door,” she wrote.

She also wrote that the sanctions over Russian election meddling were intended to “lure Trump in trap of saying something” in defense of Russia, and were aimed at “discrediting Trump’s victory by saying it was due to Russian interference.”

“If there is a tit-for-tat escalation Trump will have difficulty improving relations with Russia, which has just thrown U.S.A. election to him,” she wrote.

Either because Trump’s incoming Homeland Security advisor was, like Bannon, also conducting this discussion on his personal email (Kislyak would make a comment that may reflect knowledge of the email exchange in his next call with Flynn) or because he somehow had access to his Transition email later, Tom Bossert was able to share this very damning exchange with investigators before they obtained the counterparties to it using a warrant.

Between the time of the Kislyak call and the time when Bossert shared those emails with investigators, he would be involved in the alteration of the MemCon recording Trump’s first face-to-face meeting with Russia, in which Trump said he didn’t much care that Russia had interfered in the election.

Tom Bossert has seen firsthand, more than once, how Trump has refused to hold Russia accountable.

Which is very interesting background to this NYT op-ed Bossert wrote, trying to convince his former boss to put the national interest ahead of his own temper tantrum and respond with leadership and cooperation to the SolarWinds hack.

After describing what a dangerous time a Presidential transition is for such a compromise, Bossert lays out the significance of the SolarWinds hack, explaining that the US government has no idea which of its networks Russia has control over.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them. It will take years to know for certain which networks the Russians control and which ones they just occupy.

He then explains that with that access, the Russians could alter data (at Treasury, among other places) or impersonate people, potentially using official credentials to sow disinformation.

The actual and perceived control of so many important networks could easily be used to undermine public and consumer trust in data, written communications and services. In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people. Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior.

Bossert provides some steps the government must take to respond — including replacing entire networks — and then turns to advising his old boss. He starts with soft-pedaling, the way one has to when advising a President who is a narcissist, suggesting that Trump’s threats to veto an NDAA that broad majorities of both parties support because he’s mad at Twitter are instead a partisan dispute.

The National Defense Authorization Act, which each year provides the Defense Department and other agencies the authority to perform its work, is caught up in partisan wrangling. Among other important provisions, the act would authorize the Department of Homeland Security to perform network hunting in federal networks. If it wasn’t already, it is now a must-sign piece of legislation, and it will not be the last congressional action needed before this is resolved.

Then Bossert gets more direct: Trump has to rebuke the Russians in a way he refused to in December 2016 and refused to do again in May 2017 and refused again in July 2018 in Helsinki (though Bossert had been fired before Helsinki).

While all indicators point to the Russian government, the United States, and ideally its allies, must publicly and formally attribute responsibility for these hacks. If it is Russia, President Trump must make it clear to Vladimir Putin that these actions are unacceptable. The U.S. military and intelligence community must be placed on increased alert; all elements of national power must be placed on the table. [my emphasis]

Bossert then gets close to, without actually, describing how Trump could be blamed for this if he doesn’t punish Russia.

President Trump is on the verge of leaving behind a federal government, and perhaps a large number of major industries, compromised by the Russian government. He must use whatever leverage he can muster to protect the United States and severely punish the Russians.

And, finally, the guy who got sent out to report back on President Obama four years ago to prepare Flynn for a call that Bossert probably had no way of knowing would undermine sanctions designed to punish Russia for the last attack, tells his former boss, who from start to finish has refused to cooperate with Democrats, that he has to cooperate now.

At this moment, the two teams must find a way to cooperate.

President Trump must get past his grievances about the election and govern for the remainder of his term. This moment requires unity, purpose and discipline. An intrusion so brazen and of this size and scope cannot be tolerated by any sovereign nation.

We are sick, distracted, and now under cyberattack. Leadership is essential.

Tom Bossert is trying to convince his former boss to serve the good of the country when Bossert never managed to do that when he actually was Trump’s direct advisor.

He would do better to threaten to make it clear the degree to which Trump has been “colluding” with Russia all along.

Update: Relatedly, Trump’s White House tried to gag IC leaders from reporting on how bad this is to Congress.

Rubio’s counterpart on the committee, Vice Chair Mark Warner (D-Va.), said the government is “still assessing the extent of the penetration,” but lamented that “the current president of the United States has not said a word about this.”

Despite the series of briefings, there are signs that the White House was trying to muzzle top officials seeking to fill in lawmakers on what they know.

During a National Security Council meeting on Tuesday night, national security leaders were instructed not to reach out to Capitol Hill for briefings on the massive hack without explicit approval from the White House or ODNI, according to people familiar with the episode.

Missing the National Security Crises for the Trump Temper Tantrums

Even after Republicans and Vladimir Putin have conceded that Donald Trump will no longer be President in 35 days, key parts of the press corps seem unable to look beyond Trump’s temper tantrums to the state of the country.

NBC,  for example, has a 17-paragraph story about Pat Cipollone’s efforts to persuade Trump not to fire Chris Wray and maybe Chad Wolf and maybe Gina Haspel and who knows maybe some more national security figures Trump is pissy about because they haven’t catered to his personal demands. The story doesn’t once mention that these same national security officials — especially Wray and Wolf — are neck deep in a crisis attempting to assess and respond to the SolarWinds compromise of multiple US agencies.

While Trump’s frustrations with Attorney General Bill Barr boiled over in recent days, and Barr resigned on Monday, the president’s advisers hope he’s been persuaded against ousting Wray. Multiple current and former senior administration officials said firing Wray does not appear imminent, but they also point out that the president could make such a decision on a whim at any time. Indeed officials said they are prepared for Trump to go on a firing spree before leaving office next month.

“I wouldn’t take anything off the table in coming weeks,” the senior administration official said of personnel changes, as well as presidential pardons. The official said to expect “some more fairly significant terminations in the national security or intelligence community.”

That this story could even be reported with an unrelenting focus on Trump’s revenge fantasies and not, instead, an extended discussion of the way these revenge fantasies have distracted the entire Administration from urgent crises which Trump’s past revenge fantasies have invited and made worse is an alarming failure of basic framing.

Similarly, in the middle of a 19-paragraph AP story on the transition at DOJ from Bill Barr to Jeffrey Rosen, it summarizes the main point of the story: the biggest issue before DOJ as it prepares for pardonpalooza, continues to cope with running prisons and fraud investigations during a pandemic, sues some of the world’s biggest tech companies, and deals with Mexico’s withdrawal from virtually all drug enforcement cooperation is whether or not the Attorney General, some Attorney General, any Attorney General appoints a special counsel to investigate Hunter Biden.

As Barr exits, the biggest thing by far hanging over the Trump Justice Department is its investigation into Hunter Biden, which involves multiple U.S. attorney offices and FBI field offices.

The AP is so deep inside Trump’s manic delusions that it states, as fact, that appointing a special counsel would by itself make for a more complicated investigation, as if someone could just chase Rudy Giuliani conspiracies for four years without Biden’s Attorney General making a solid case the person should be fired.

Appointing a special counsel for the Hunter Biden probe would also signal a more prolonged and complicated investigation than the current inquiry, so far largely centered on his taxes.

DOJ has already spent something like 4 US Attorney years investigating Hunter Biden and has yet to charge him with a single crime; while it remains to be seen whether the tax charges are real, at some point an investigation will butt up against the reality that even the politicized Scott Brady one did: most of the allegations against Hunter Biden are the product of very frothy conspiracy theorizing and aggressive disinformation that straight reporters are not obliged to adopt.

It is useful — important even — to report on the Trump’s temper tantrums. But his tantrums, at this point, are most important for the way they’ve paralyzed and corrupted the entire government during a time it faces multiple urgent crises. Don’t let sources dodge how indulging the President’s childish whims means they, too, are failing to do their real job serving the country.

The country is burning. It is burning, in significant part, because the President has always prioritized his own personal vendettas over the good of the country.

If you need to report on how Trump has put his own revenge fantasies over all else during his Lame Duck, do so as a first step towards holding him accountable for the wreckage that has resulted, not to indulge those fantasies as if the rest of us should care about them anymore.

Joshua Schulte Undermines the WikiLeaks Claim to Publish “Whistleblowers”

In this post, I noted that The Intercept — including Micah Lee — had fairly systematically ignored the most recent superseding indictment against Julian Assange, and as such had ignored the overt acts in it tied to helping Edward Snowden flee. I think the outlet has real ethical responsibility to actually report the truth of that detail — which they should do in any case to address the legally suspect aspects of some of the claims made about Snowden.

I’d like to look at an earlier Micah Lee post, not because of anything it (necessarily) says about The Intercept, but as background for a larger post about WikiLeaks I hope to move towards. In an article subtitled, “The Trump Administration Is Using the Full Power of the U.S. Surveillance State Against Whistleblowers,” Micah laid out how (according to his read of what he claimed were the court filings) the government had found a bunch of “whistleblowers.” Before he gets there, though, he describes the subjects of his post to be “government whistleblowers” who, only after they see something wrong, do they reach out to journalists and share information.

GOVERNMENT WHISTLEBLOWERS ARE increasingly being charged under laws such as the Espionage Act, but they aren’t spies.

They’re ordinary Americans and, like most of us, they carry smartphones that automatically get backed up to the cloud. When they want to talk to someone, they send them a text or call them on the phone. They use Gmail and share memes and talk politics on Facebook. Sometimes they even log in to these accounts from their work computers.

Then, during the course of their work, they see something disturbing. Maybe it’s that the government often has no idea if the people it kills in drone strikes are civilians. Or that the NSA witnessed a cyberattack against local election officials in 2016 that U.S. intelligence believes was orchestrated by Russia, even though the president is always on TV saying the opposite. Or that the FBI uses hidden loopholes to bypass its own rules against infiltrating political and religious groups. Or that Donald Trump’s associates are implicated in sketchy financial transactions.

So they search government databases for more information and maybe print some of the documents they find. They search for related information using Google. Maybe they even send a text message to a friend about how insane this is while they consider possible next steps. Should they contact a journalist? They look up the tips pages of news organizations they like and start researching how to use Tor Browser. All of this happens before they’ve reached out to a journalist for the first time.

Having laid out certain assumptions not just that all these people are whistleblowers, but also about what whistleblowing entails (and made certain claims about motive that don’t necessarily match the claimed motive of some of the subjects of the story, though some of that has become public since Micah wrote this), Micah explains that Joshua Schulte is an exception with regards to how he was caught.

Of the four Espionage Act cases based on alleged leaks in the Trump era, the most unusual concerned Joshua Schulte, a former CIA software developer accused of leaking CIA documents and hacking tools known as the Vault 7 disclosures to WikiLeaks. Schulte’s case is different from the others because, after the FBI confiscated his desktop computer, phone, and other devices in a March 2017 raid, the government allegedly discovered over 10,000 images depicting child sexual abuse on his computer, as well as a file and chat server he ran that included logs of him discussing child sexual abuse images and screenshots of him using racist slurs. Prosecutors initially charged Schulte with several counts related to child pornography and later with sexual assault in a separate case, based on evidence from his phone. Only in June 2018, in a superseding indictment, did the government finally charge him under the Espionage Act for leaking the hacking tools. He has pleaded not guilty to all charges.

He doesn’t return to Schulte’s case for the rest of the piece.

About the rest of the subjects of the story, Micah describes how, whether the subject took some measure to protect himself (such as with Terry Albury and James Wolfe) or did not (such as Reality Winner), they all got caught. What they all have in common is that they were among a very limited circle of people who had access to the stuff that got leaked, and therefore could be ultimately identified with more investigation.

I think Micah’s comment was meant to suggest that Schulte wasn’t identified that same way, but was instead identified only after he was busted for child porn. I texted Micah at the time and let him know that’s not what the court records reflect (he had not, in fact, reviewed the affidavits in the court docket). By that point, a slew of the warrants in the case had been revealed, including the first ones, which showed that Schulte was identified as a suspect almost immediately, in part the same way the others were — because he was one of three people who had access to the files believed to have been leaked. (It would later become clear that at least a few more people had access to the server and that the files were copied on a different, more incriminating date than FBI originally suspected.)

Micah never corrected his post.

Of note, however, even that initial warrant raised real questions about any claim that Schulte was a whistleblower — a claim WikiLeaks made it its first Vault 7 post.

In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency. The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.

That first warrant revealed that Schulte,

  • Had already restored his access to the exact files in question without authorization once (FBI would later discover he did this at least two more times)
  • Was pissy about something that had nothing to do with the hacking CIA did with the tools that Schulte wrote, basically a juvenile work dispute with a colleague
  • Had laid a paper trail in the weeks before he left CIA, making a claim to be a whistleblower, but the claim was not backed by any prior record of concern (per the FBI agent who admittedly should not be trusted on face value)

That is, even that first affidavit suggested that Schulte had used the claim to be a whistleblower as cover.

Schulte declined to present much of a defense at his first trial, a decision that (given the hung jury) absolutely was the right decision. So we can’t claim to have fully assessed all his claims to be a whistleblower, claims he made in pro se filings and deceitful Tweets he intended to post from jail. He chose not to make that case personally and he didn’t need to make the case to avoid a guilty verdict.

That said, all the evidence presented at trial strongly backs the initial FBI assessment that he was just an angry shithole who thought he was god, aiming to get back at people at the CIA he thought had dissed him. Indeed, two pieces of evidence submitted seriously undermine his claim to be a whistleblower, because they show he acted in ways that would be inconsistent from someone who genuinely had the concerns Schulte claimed to have — both a concern about the role of contractors and about security.

First, at one point when he was pissy because the CIA had contracted with a consultant to finish off a project that had been taking too long under him, Schulte actually considered become a contractor. Yes, he was pissy that a contractor could take away his project. But considering a job as a contractor is inconsistent with his claims about the use of them. It makes the claims translated into the WikiLeaks statement yet another cover for Schulte’s own resentment.

Then, at trial, the government showed that Schulte himself was responsible for setting up a root password that he allegedly used to steal the files. That is, to the extent the files were totally insecure from someone like Schulte, they were insecure because Schulte set them up to be. So not only was he not complaining to anyone else about the insecurity of these files, he was the one making them insecure.

Again, maybe Schulte could make a persuasive case he leaked these files to expose wrong-doing. But thus far, every piece of evidence suggests not only that Schulte was not a whistleblower, that every time he wrote up a claim to be one he otherwise told identifiable lies, and that he’s mostly just a rage-driven dude who decided to burn the CIA to the ground for spite.

Now, if WikiLeaks is a publisher, as it claims, that doesn’t necessarily matter. Journalists get information from sources operating out of a variety of motives, and personal pique is a common one. Except it raises the stakes on the newsworthiness of the files published. And on that front, WikiLeaks (on Twitter especially) vastly oversold the newsworthiness of the CIA files it published. Yes, it was useful for security firms to have CIA’s files identified publicly. But there was never anything published showing that CIA was operating outside of its mandate, and much of what was published showed tools that would be narrowly targeted. Just as importantly, CIA wasn’t actually doing anything particularly exotic with its hacking files. Spies were spying, news at 11.

I’ve written before about how a close associate of Assange’s sternly asked me to downplay Schulte because he hurt the public case for Julian Assange. I think that’s partly the allegations of child porn, racism, and sexual assault against him. People associated with WikiLeaks also knew before it was public that there was evidence involving Schulte implicating Russia (though the record on what the import of various pieces of evidence about Schulte pertaining to Russia mean is very mixed; Sabrina Shroff argued fairly convincingly that some of what is there stems from work Schulte was doing for his cellmate). Still, that may be another reason WikiLeaks boosters don’t want anyone to talk seriously about Schulte, because in the wake of Julian Assange working with Russia to get harm Hillary, their next big source also had some tie, of uncertain nature, to Russia.

But the existing record on Schulte, at least, not only undermines WikiLeaks’ claim to facilitate whistleblowers. On the contrary, WikiLeaks gave a disgruntled spook an easy way to burn the place down. More importantly, somewhere along the way, Schulte decided to cloak his bitter revenge plot inside a false claim to be a whistleblower.

People can certainly still defend WikiLeaks as an outlet permitting disgruntled spooks to burn their agencies to the ground out of spite. Certainly, if you believe the CIA is inherently, uniquely evil, you might still champion this leak. But on the Vault 7 leak, WikiLeaks boosters should be clear that’s what they’re doing.

“Show Me the Metadata:” A Forensic Tie Between Shadow Brokers and Guccifer 2.0

On October 16, 2017, some of the last words the persona Shadow Brokers (TSB) ever wrote hailed my journalism.

TSB special shouts outs to Marcy “EmptyWheel” Wheeler, is being what true journalist and journalism is looking like thepeoples!

TheShadowBrokers, brokers of shadows.

As I noted at the time, I really didn’t need or appreciate the shout-out. I wrote a serious post analyzing that TSB post, but mostly I was trying to tell TSB to fuck off and leave me alone.

That was months after I told the FBI that I thought that someone I knew, whom I will refer by the pseudonym “Phil,” might be the voice of TSB, and less than a week after I got a Psycho-themed threat I deemed worthy of calling the cops.

As I laid out here, I told the FBI that months before Phil had left a comment on my site on July 28, 2016, signed [email protected], he had done some paranoid things starting on June 14, 2016, including making multiple references to ties he claimed to have with Russia. He then attended a Trump rally on August 13, 2016, taking pictures he would later suggest were really sensitive.

In addition to my suspicions about Guccifer 2.0, I also told the FBI that I suspected Phil was part of the operation that had been dumping NSA exploits and other records on the Internet starting in August 2016.

Unlike with Guccifer 2.0, Phil never signed a comment at the site under the name TSB — though on September 21, 2017, someone left a comment asking for my opinion about the ways the government was pursuing TSB.

‘Merican

September 21, 2017 at 1:58 am

Is what you say easier get FISA than Criminal warrant or FISA keep secret from rest of government, but Criminal warrant maybe not? FBI is not intelligence agency is law enforcement agency why have access FISA? You write many articles about the shadow brokers, what you think FISA or Criminal for the shadow brokers? You thinking anyone in US government is looking for the shadow brokers? US government not even say name “name that shall never be spoken”. What is best way discover national security letter sent to your service provider? …asking for a friend!

I thought Phil might be TSB, in part, because Phil had said almost identical things to me in private that TSB said publicly months later. There were other things in TSB’s writing that resonated with stuff I knew about Phil. And while Phil and I never (as far as I recall) talked about TSB, at least once he did say some other things that went a long way to convincing me he could be TSB; I thought he was seeking my approval for what TSB was doing, approval I was unwilling to give.

There are, however, public exchanges between the persona TSB and me, in addition to that shout out in what turned out to be TSB’s swan song.

For example, after I wrote a post on January 5, 2017 wondering why the government hadn’t included TSB in any of its discussions of election year hacking, TSB tweeted to me, complaining that I had described TSB as “bitching” about the coverage, rather than calling it “trolling.” (Note, the language in these screen caps reflects the language used by the people who first archived these tweets, so don’t go nuts about the Russian.)

TSB then RTed my article, suggesting other outlets were complicit for not asking the same questions.

The first tweet, at least, didn’t adopt the fake Borat voice that TSB used to mask a very fluent English, though I think there were some other tweets TSB sent that day where that may be true as well. In neither of these tweets did TSB mock me for misspelling “Whither” (the post’s title originally spelled it “Wither”); that’s a bit odd, because TSB rarely passed up any opportunity to be an asshole on Twitter.

Then, on July 18, 2018, after I had revealed I had shared information with the FBI, someone started a Twitter account under the name LexingtonAl that ultimately claimed to be — and was largely viewed as, by those who followed it — TSB (the persona deleted most tweets in February 2019, but many are saved here). Starting in December 2018, Lex and I had several exchanges about what TSB had actually done. 

Here’s my side of one from that month where I pointed out a problem with Lex’s claim that TSB consisted of just three contractors who leaked the files to reveal US complicity with tech companies to other Americans. The claim didn’t accord with having sent the files to WikiLeaks (as both WikiLeaks and TSB claimed in real time).

At the time, Lex went on an anti-Semitic rant about things he hated. Assuming that Lex is TSB (as he claimed), I got demoted from being TSB’s favorite journalist to third on the list of things Lex hated.

Note: when I interacted with Phil, he was never anti-Semitic (though he was a raging asshole when angry), but Lex was clearly even more disturbed than Phil was in the period when I interacted with him.

Then, in January, Lex bitched (again, in anti-Semitic terms) about a post I had done noting that, given Twitter’s poor security at the time, the Twitter DMs that Hal Martin allegedly sent Kaspersky might have served to frame him.

The post had noted that the early TSB posts — including a number sent after Martin was arrested — had relied on similar cultural allusions as the DMs sent from Martin’s Twitter account. Shortly thereafter the FBI arrested Martin in a guns-wagging raid on his home in Maryland. Per this Kim Zetter story, the Tweets had mentioned the 2016 version of Jason Bourne and Inception. I reiterated that on Twitter.

It was a factual observation supported by the content of the earlier TSB posts, not a comment about any spookiness behind the release of the files.

I asked why TSB was so defensive about having those cultural allusions called out.

Lex responded with another anti-Semitic rant.

I responded,

Finally, in February 2019, Lex invoked me — including that I had “had a breakdown and outed her source” — sort of out of the blue in the middle of what might be called his claimed doctrine behind the leaks.

I noted that if his claimed doctrinal explanation were true, then TSB would have done a victory lap (and stopped dropping files) when Microsoft President Brad Smith started advocating for a Digital Geneva Convention in February 2017, which would have brought about an end to the practice that, Lex claimed, was his reason for dumping the files.

Not only didn’t TSB mention that in real time (instead choosing to exacerbate the tensions between the US and Microsoft), but TSB kept dropping files for six months after that.

Lex responded with another attack.

I have far less evidence that I could share to prove that TSB or Lex are Phil. But little noticed in the midst of TSB’s widely-discussed obsession with Jake Williams, a former NSA hacker whom TSB probably tried to frame as the source of the files, TSB also had an obsession with me — and certainly took notice when I revealed that I had gone to the FBI.

All that said, virtually all of these communications post-dated the time when I went to the FBI.

I went to the FBI in the wake of the WannaCry attack. The attack, reportedly a North Korean effort to make use of the tools dropped by TSB that went haywire, ended up causing a global worm attack that shut down hospitals and caused hundreds of billions of dollars in damage. When I have alluded to the ongoing damage I was trying to prevent, that’s what I mean: the indiscriminate release of NSA exploits to the public which, in that case, literally shut down hospitals on the other side of the world. 

There’s no defense for that.

While I had been trying to find some way to share my concerns long before that, I may never have met directly with the FBI about any of my suspicions except for another detail: I learned that there was a forensic tie between the Guccifer 2.0 and TSB personas. While, at the time, I had moderate confidence about both my belief that Phil had a role in the Guccifer operation and moderate confidence that he was TSB, when I learned there was a forensic tie between the two of them, it increased my confidence in both. 

A strong caveat is in order: the forensic tie isn’t decisive; it could be insignificant, or untrue.

The forensic tie is that someone logged into one of the Guccifer 2.0 accounts — I think the WordPress account — using the same IP address as someone who logged into the early staging sites — either Pastebin or GitHub — for the TSB operation.

If someone using the same IP address accessed both sites — probably using a VPN — it could mean either that the same person was involved, or whoever staged these things was doing little to cover their tracks and outsiders were accessing their infrastructure. One of the people who told me about this forensic tie interpreted it as a deliberate attempt to tie the two operations together, sort of yanking the government’s chain.

I learned of this forensic tie from multiple people, all of whom are credible. That said, I can’t rule out that they learned it from the same person. No one has reported on this in the years since these operations, even though I’ve tried to get better sourced journalists to go chase it down. Indeed, I recently learned that a top outside expert on issues related to TSB did not know this forensic detail.

The FBI had to chase down a lot of weird forensic shit pertaining to these influence operations, because that’s how this kind of operation works. I have noted in the past, for example, that some script kiddies tried to hijack an early Guccifer 2.0 email account; that was investigated by a Philadelphia grand jury in spring of 2017. So this forensic tidbit could be similarly unrelated to the people behind the operation.

So I don’t want to oversell this forensic tie. I do want to encourage others to try to chase it down. 

But it was something that significantly influenced my understanding of all this in 2017, when files released by TSB had just caused the worst damage of any cyber attack in history, to date.

When I mentioned the forensic tie during my FBI interview, the lead agent responded that they couldn’t confirm or deny anything during the interview. I wasn’t there to get confirmation.

Still, if it’s true — given what we’ve learned since about the Guccifer 2.0 operation — it is hugely significant.

TSB started staging its release — per this really helpful SwitHak timeline — on July 25, the same day Trump directed people to get Roger Stone to chase down the next WikiLeaks releases. The first files were encrypted on August 1, after Stone had already pitched Paul Manafort on a way to “save Trump’s ass.” TSB loaded the NSA files on GitHub just after Stone published a piece suggesting that Guccifer 2.0, and not Russia, had hacked the DNC. TSB went live overnight on August 12-13, not long after Guccifer 2.0 publicly tweeted to Stone, “Thanks that u believe in the real #Guccifer2.” WikiLeaks publicized the effort on August 15, after some private back and forth between Guccifer 2.0 and Stone, including Guccifer 2.0’s question, “thank u for writing back . . . do u find anyt[h]ing interesting in the docs i posted?” And, per the SSCI analysis and my own, WikiLeaks helped to boost TSB the same day Jerome Corsi may have started giving Roger Stone advance information about the content of the John Podesta emails that wouldn’t be dropped for another two months (SSCI appears not to have considered, much less concluded, that Guccifer 2.0 might be Stone’s source).

If the forensic tie between Guccifer 2.0 and TSB is real, it means that during precisely the same period when Roger Stone was desperately trying to optimize the release of the John Podesta files to save his buddies Paul Manafort and Donald Trump, related actor TSB was beginning a year-long effort to burn the NSA to the ground.

GRU Adopted the Identity of Two UK Journalists to Phish the OPCW

Yesterday, the government rolled out another indictment against GRU. DOJ earlier indicted those involved in the 2016 election operation and those behind the WADA hack; one person, Antoliy Kovalev, was named in both yesterday’s indictment and the election one, and a second unit of the GRU was named in the earlier indictments along with Unit 74455, on which this focuses.

Down the road I’ll circle back to some of the similarities and differences between these three indictments (I compared the earlier two here). For now, I want to look at how the hackers targeted for spearphishing people at the Organisation for the Prohibition of Chemical Weapons (OPCW) and Defence Science and Technology Laboratory, which runs Porton Downs, after the two organizations attributed the Sergey Skripal attack on GRU.

The spoofed actual journalists:

66. On or about April 5, 2018, KOVALEV created an email account with a username that mimicked the name of a German national weekly newspaper. Shortly after creating the account, KOVALEV sent spearphishing emails regarding the “Incident in Salisbury,” purporting to be from a German journalist, to approximately 60 official DSTL email addresses. The next day, KOVALEV used the above-described Email Service to send emails, with malware attached, that appeared to be from a legitimate DSTL email address.

67. Also on or about April 6, 2018, the Conspirators conducted three related spearphishing campaigns that targeted the OPCW and U.K. agencies involved in the investigation of the poisoning.

a. On or about April 6, 2018, the Conspirators used an operational account which was created on or about April 5, 2018, and had a username mimicking the name of a U.K. journalist working for a U.K. media entity-to send approximately 20 spearphishing emails with the email subject line “Salisbury Spy Poisoning Investigation” to official OPCW email addresses. In the emails, the Conspirators purported to have information to share regarding the poisoning.

b. After the Conspirators received an email from OPCW directing them to instead share their information with certain U.K. authorities at three particular email addresses, the Conspirators used the same operational account to send spearphishing emails to those three email addresses.

c. Also on or about April 6, 2018, the Conspirators created another operational account, with a username mimicking the name of another U.K. journalist at the same U.K. media entity, and shortly thereafter sent approximately 19 spearphishing emails with the subject line “Salisbury Spy Poisoning Investigation” to official OPCW email addresses. In the emails, the Conspirators again purported to have information to share regarding the poisoning.

They provide no hints about who the journalists were (though I have some guesses), but obviously they would have pretended to be people with close ties and significant trust in the national security community. Effectively, then, they were banking on the trust NatSec officials would have in familiar journalists.

The tactic is particularly interesting given the way GRU has targeted journalists in phishing attempts in recent years, preferring the kind of NatSec friendly ones that might be useful for such a phish.

The indictment provides no other information about whether the GRU succeeded in this hack, and if so, what they did with it, leaving out any details obtained when the Netherlands caught the field hackers in the act later that year.

It’s as if this passage in the indictment exists solely to make public this tactic and signal that Kovalev (the one person also involved in the 2016 operation) was part of it.

“A Digital Pearl Harbor:” The Ways in Which the Vault 7 Leak Could Have Compromised US and British Assets’ Identities

The Julian Assange extradition defense yesterday started presenting evidence that Assange suffers from conditions — Aspergers, depression, and suicidal tendencies — that would make US prisons particularly lethal. It’s the defense that Lauri Love used to avoid extradition, and is Assange’s most likely chance of success. And given our inhumane prisons, it’s a perfectly fair defense against his extradition.

Before that, though, the most interesting evidence submitted by Assange’s team pertained to the three charges that he identified the identities of US and Coalition (and so, British) informants in the Afghan, Iraq, and Cablegate releases. For each of those releases, Assange’s team presented evidence that someone else — Cryptome, in one case, some Guardian journalists in another — released the informants’ identities first. At one point, the lawyer for the US seemed to suggest that Assange had made such disclosures more readily available after the identities had already been published. But Assange can only be extradited for charges that are illegal in the UK as well, and while the UK’s Official Secrets Act explicitly prohibits the publication of covert identities, it does not prohibit republication of names.

In other words, it’s the one evidentiary question where I think WikiLeaks might have the better case (the government has yet to present its own counter-evidence, and Assange has to prove that the charges are baseless to prevent the extradition, so it’s a high hurdle).

The question is particularly interesting for several reasons. Publishing the names of informants is the one charge specifically tied to publication, rather than conspiring to get Chelsea Manning to leak, making it dangerous for journalism in a different way than most of the other charges (save the CFAA charge).

But also because — in a Mike Pompeo screed that many WikiLeaks witnesses have cited completely out of context, in which the then-CIA Director named WikiLeaks a non-state hostile intelligence agency — he accused WikiLeaks of being like Philip Agee, a disillusioned CIA officer who went on to leak the identities of numerous CIA officers who was credibly accused of working with Cuban and Russian intelligence services.

So I thought I’d start today by telling you a story about a bright, well-educated young man. He was described as industrious, intelligent, and likeable, if inclined towards a little impulsiveness and impatience. At some point, he became disillusioned with intelligence work, and angry at his government. He left the government and decided to devote himself to what he regarded as public advocacy: exposing the intelligence officers and operations that he had sworn to keep secret. He appealed to agency employees to send him leads, tips, suggestions. He wrote in a widely-circulated bulletin quote “We are particularly anxious to receive – and anonymously, if you desire – copies of U.S. diplomatic lists and U.S. embassy staff,” end of quote.

That man was Philip Agee, one of the founding members of the magazine CounterSpy, which in its first issue, in 1973, called for the exposure of the CIA undercover operatives overseas. In its September 1974 issue, CounterSpy publicly identified Richard Welch as the CIA station chief in Athens. Later, Richard’s home address and phone number were outed in the press, in Greece. In December 1975, Richard and his wife were returning home from a Christmas party in Athens. When he got out of his car to open the gate in front of his house, Richard Welch was assassinated by a Greek terrorist cell.

At the time of his death, Richard was the highest-ranking CIA officer killed in the line of duty. He had led a rich and honorable life – one that is celebrated with a star on the agency’s memorial wall. He’s buried at Arlington National Cemetery, and has remained dearly remembered by his family and colleagues.

Meanwhile, Philip Agee propped up his dwindling celebrity with an occasional stunt, including a Playboy interview. He eventually settled down as the privileged guest of an authoritarian regime – one that would have put him in front of a firing squad without a second thought had he betrayed its secrets instead of ours.

Today, there are still plenty of Philip Agees in the world, and the harm they inflict on U.S. institutions and personnel is just as serious today as it was back then. They don’t come from the intelligence community, they don’t all share the same background, or use precisely the same tactics as Agee, but they are soulmates. Like him, they choose to see themselves under a romantic light as heroes above the law, saviors of our free and open society. They cling to this fiction even though their disclosures often inflict irreparable harm on both individuals and democratic governments, pleasing despots along the way.

The one thing they don’t share with Agee is the need for a publisher. All they require now is a smartphone and internet access. In today’s digital environment, they can disseminate stolen U.S. secrets instantly around the globe to terrorists, dictators, hackers and anyone else seeking to do us harm.

The reference to Richard Welch is inaccurate (in the same way the claim that WikiLeaks is responsible for release of these informants’ identities could be too). Much of the rest of what Pompeo said was tone-deaf, at best. And that Pompeo — who months earlier had been celebrating WikiLeaks’ cooperation with Russia in interfering in the 2016 election — said this is the kind of breathtaking hypocrisy he specializes in.

Still, I want to revisit Pompeo’s insinuation, made weeks after the release of the Vault 7 files, that Julian Assange is like Philip Agee. The comment struck me at the time, particularly given that the only thing he mentioned to back the claim — also floated during the Chelsea Manning trial — was that WikiLeaks’ releases had helped al-Qaeda.

And as for Assange, his actions have attracted a devoted following among some of our most determined enemies. Following the recent WikiLeaks disclosure, an al-Qaida in the Arabian Peninsula member posted a comment online thanking WikiLeaks for providing a means to fight America in a way that AQAP had not previously envisioned. AQAP represents one of the most serious threats to our country and around the world today. It’s a group that is devoted not only to bringing down civil passenger planes but our way of life as well. That Assange is the darling of these terrorists is nothing short of reprehensible. Have no doubt that the disclosures in recent years caused harm, great harm, to our nation’s national security, and they will continue to do so for the long term.

They also threaten the trust we’ve developed with our foreign partners when that trust is crucial currency among allies. They risk damaging morale for the good officers at the intelligence community and who take the high road every day. And I can’t stress enough how these disclosures have severely hindered our ability to keep you all safe.

But given what we’ve learned about the Vault 7 release since, I’d like to consider the multiple ways via which the Vault 7 identities could have — and did, in some cases — identify sensitive identities. Pompeo’s a flaming douchebag, and the CIA’s complaint about being targeted like it targets others is unsympathetic, but understanding Pompeo’s analogy to Agee provides some insight into why DOJ charged WikiLeaks in 2017 when it hadn’t in 2013.

Vault 7, justifiably or not, may have changed how the government treated WikiLeaks’ facilitation of the exposure of US intelligence assets.

Before I start, let me emphasize the Vault 7 leak is not charged in the superseding indictment against Assange, and Assange’s treatment of Vault 7 may be radically different than his earlier genuine attempts to at least forestall or delegate the publication of US informant identities. Even if DOJ’s understanding of WikiLeaks’ facilitation of the exposure of US intelligence assets may have changed with the Vault 7 release, DOJ understanding may not be correct. Nor do I think this changes the risk to journalism of the current charges, as charged.

But it may provide insight into why the government did charge those counts, and what a superseding indictment integrating the Vault 7 leak might look like.

First, although WikiLeaks made a big show of redacting the identities of the coders who developed the CIA’s hacking tools (as they did with the 2010 and 2011 releases), some were left unredacted in the content of the release. That may be unintentional. But the first FBI affidavit against accused Vault 7 leaker Joshua Schulte noted that the pseudonyms of the two other SysAdmins who had access to the files were left unredacted in the first release, something that suggests more intentional disclosure, one that would presumably require the involvement of Schulte or someone else who knew these identities.

i. Names used by the other two CIA Group Systems Administrators were, in fact, published in the publicly released Classified Information.

ii. SCHULTE’s name, on the other hand, was not apparently published in the Classified Inforamtion.

iii. Thus, SCHULTE was the only one of the three Systems Administrators with access to the Classified Information on the Back-Up Server who was not publicly identified via WikiLeaks’s publication of the Classified Information.

A subsequent WikiLeaks release (after the FBI had already made it clear he was a, if not the, suspect) would include Schulte’s username, but I believe that is distinguishable from the release of the other men’s cover names.

Schulte would later threaten to leak more details (including, presumably, either his cover or his real name) on one of those same guys, someone he was particularly angry at, from jail, including the intriguing hint that he had been exposed in the Ashley Madison hack.

 

At trial, Schulte’s lawyer explained that the leaking he attempted or threatened from jail reflected the anger built up over almost a year of incarceration, but there’s at least some reason to believe that the initial Vault 7 release intentionally exposed the identities of CIA employees whom Schulte had personal gripes with, or at the very least he hoped would be blamed other than him.

Then there’s the damage done to ongoing operations. At trial, one after another CIA witness described the damage the Vault 7 leak had done. While the testimony was typically vague, it was also more stark in terms of scale than what you generally find in CIA trials.

After describing the leak the “equivalent of a digital Pearl Harbor,” for example, Sean Roche, who was the Deputy Director for Digital Innovation at the time of the leak, testified how on the day of the first release, the CIA had to shut down “the vast, vast majority” of operations that used the CIA tools (at a time, of course, when the CIA was actively trying to understand how Russia had attacked the US the prior year), and then CIA had to reach out to those affected.

It was the equivalent of a digital Pearl Harbor.

Q. What do you mean by that?

A. Our capabilities were revealed, and hence, we were not able to operate and our — the capabilities we had been developing for years that were now described in public were decimated. Our operations were immediately at risk, and we began terminating operations; that is, operations that were enabled with tools that were now described and out there and capabilities that were described, information about operations where we’re providing streams of information. It immediately undermined the relationships we had with other parts of the government as well as with vital foreign partners, who had often put themselves at risk to assist the agency. And it put our officers and our facilities, both domestically and overseas, at risk.

Q. Just staying at a very general level, what steps did you take in the immediate aftermath of those disclosures to address those concerns?

A. A task force was formed. Because operations were involved we had to get a team together that did nothing but focus on three things, in this priority order. In an emergency, and that’s what we had, it was operate, navigate, communicate, in that order. So the first job was to assess the risk posture for all of these operations across the world and figure out how to mitigate that risk, and most often, the vast, vast majority we had to back out of those operations, shut them down and create a situation where the agency’s activities would not be revealed, because we are a clandestine agency.

The next part of that was to navigate across all the people affected. It was not just the CIA. There were equities for other government agencies. There were, of course, equities at places and bases across the world, where we had relationships with foreign partners. People heeded immediately, were calling and asking what do I do, what do I say?

And the third part of that was to communicate, which was — in the course of looking at this as a what systemic issues led to the ability to have our information out there — was to document that and write a report that would serve as a lessons learned with the idea of preventing it from ever happening again. [my emphasis]

Notably, given that Assange could be vulnerable to Official Secrets Act charges in the UK if this leak affected any British intelligence officers or assets, Roche mentioned “foreign partners” twice in just this short passage. You don’t get very far down the list of CIA’s foreign partners before you’ve damaged MI6 assets.

Of course, shutting down ongoing operations would not have been enough to protect CIA’s assets. It took just 40 days for Symantec and Kaspersky to publicly identify the tools described in the Vault 7 releases as those found targeting their clients. If the CIA (or its foreign partners) had used human assets to introduce malware into target computers, as a number of these tools required, then those assets might be easily identifiable to the organizations affected.

Part of that same leak Schulte attempted from jail explains how this might work. He described how a tool from a particular vendor (which he would have named) was actually “Bartender,” by name presumably a watering hole attack, which had been released in Vault 7.

Had he succeeded in tweeting this out, Schulte would have identified either a cover organization or one in which CIA had recruited assets which was loading malware onto target computers while also loading some kind of vendor software.

I’m not defending CIA’s use of such assets to provide a side-helping of malware when targeted organizations install real software, though all major state-actors do this. But what Schulte (without any known active involvement of WikiLeaks, though he did continue to communicate with WikiLeaks, at least indirectly, while in jail) was allegedly attempting to do was burn either a cover organization or CIA assets, who would have been immediate targets if not exfiltrated. And it provides a good example of what could have happened over and over again on March 7, 2017, when these files were first released.

But there’s one other, possibly even more significant risk.

WikiLeaks has, in the past, preferentially withheld or shared files with Russia and other countries. Most obviously, at least one file hacked as part of the Syria Files which was damning to Russia never got published, and Emma Best claimed recently there were far more. The risk that something like that would have happened in this case is quite real. That’s because the files were leaked at a time when WikiLeaks was actively involved in another Russian operation. There was a ten month delay between the time the files were allegedly shared (in early May 2016) and the time WikiLeaks published them on March 7, 2017. The government has never made any public claim about how they got shared with WikiLeaks. Details of contacts between Guccifer 2.0 and WikiLeaks demonstrate that it would have been impossible to send the volume of data involved in this hack directly to WikiLeaks’ public facing submission system in the time which Schulte did so, and several people familiar with the submission system at the time of that hack have suggested it served more as cover than a functional system. That suggests that Schulte either would have had to have prior contact with WikiLeaks to arrange an alternate upload process, or shared them with WikiLeaks via some third party (notably, Schulte bragged in jail that compressing data to do this efficiently was one of his specialties at CIA).

At trial, even though the government in no way focused on this evidence themselves, there was (inconsistent) evidence that Schulte planned to involve Russia in his efforts to take revenge on the CIA. I’ve heard a related allegation independently.

Remember, too, that WikiLeaks has never published the vast majority of the code for these tools, even though Schulte did leak it, which would make it still easier to identify anyone who had used these tools.

So imagine what might have happened had Russia gotten advance notice (either via WikiLeaks, a WikiLeaks associate, or Schulte himself) of these tools? Russia would have had months — starting well before US intelligence had begun to understand the full extent of the election year operation — to identify any of the CIA tools used against it. To be clear, what follows is speculative (though I’m providing it, in part, because I’m trying to summarize the Vault 7 information so people who are experts on other parts of the Russian treason case can test the theory). But if it had, the aftermath might have looked something like Russia’s prosecution of several FSB officers for treason starting in December 2016. And the response — if CIA recognized that its assets had already been compromised by the Vault 7 release — might look something like the Yahoo indictment charging one of the same FSB officers rolled out, with great fanfare, on March 15, just over a week after the Vault 7 release (DOJ obtained the indictment on February 28, after the CIA knew that WikiLeaks had the release coming and months after the treason arrest, but a week before the actual release). That is, Russia might move to prosecute months before the CIA got specific notice, using the years-old complaints of Pavel Vrublevsky to hide the real reason for the prosecution, and the US might move to disclaim any tie to the FSB officers by criminally prosecuting them and identifying many of the foreign targets they had used Yahoo infrastructure to spy on. Speaking just hypothetically, then, that’s the kind of damage we’d expect if any country — and Russia has been raised here explicitly — got advance access to the CIA tools before the CIA did its damage mitigation starting on March 7, 2017.

This scenario (again, it is speculative at this point) is Spy versus Spy stuff, the kind of thing that state intelligence agencies pull off against each other all the time. But it’s not journalism.

And even the stuff that would have happened after the public release of the CIA files would not just have exposed CIA collection points, but also, probably, some of the human beings who activated those collection points.

WikiLeaks would have you believe that nothing that happened after 2013 could change DOJ’s understanding of those earlier exposures of US (and British) assets.

But the very same Mike Pompeo speech that they’ve all been citing explained precisely what changed.

The US Asks Spain to Pin Down the UC Global Accusations before Responding

Back in February, I noted some wild inconsistencies and unsupported claims in various reports that UC Global — a security firm employed at the time by Ecuador to protect their London embassy — worked with Sheldon Adelson and the CIA to spy on Julian Assange’s meetings with his lawyers.

As I noted, the actual details of the surveillance (which I don’t contest or minimize) are actually most consistent with UC Global head David Morales being served a subpoena and follow-up legal process served on UC Global’s US location by the known grand jury investigation in Alexandria, VA targeting both Assange and accused Vault 7 leaker Joshua Schulte, who appears to have remained in active communication with WikiLeaks at the time.

In his talk, AMM mentions that the US was unhappy about certain “publications,” plural, without describing them. There’s good reason to be silent about it — the same silence that WikiLeaks supporters like to enforce elsewhere. WikiLeaks was not only publishing CIA’s hacking tools with thin — and inaccurate — claims to justify doing so in the guise of journalism, but WikiLeaks was and is sitting on CIA’s actual hacking tools.

At the time, WikiLeaks was in ongoing communications with accused Vault 7 leaker Joshua Schulte (communication it continued at least as long as June 2018, when WikiLeaks posted the blogs Schulte published from jail, but probably even after that). The targeting of Schulte, himself, might explain some of this surveillance. And Morales’ presence in Alexandria (which AMM misstates as Arlington) is utterly consistent with someone subject to US subpoena appearing before a grand jury in EDVA; surveillance records are considered business records in the US subject to subpoena.

Certainly, questions about what WikiLeaks was doing with the still unpublished hacking tools might have elicited the surveillance. And in the months before the surveillance actually ratcheted up in December 2017 (which is when the surveillance in question really began), Schulte was doing some things on Tor that may have included reactionary communications with WikiLeaks.

Even AMM’s presentation, however, confirms that before December 2017 — that is, before the US finally detained Schulte and charged Assange — much of Assange’s private space was not covered by the surveillance.

Given the way WikiLeaks’ claims about this surveillance don’t match the public details of it, I’m particularly interested in the way that the US responded to Spain’s request for more information about it: They’re demanding that Spain nail down precisely what they’re claiming happened, who is behind the accusations, and what IP addresses Spain believes the US government had some tie to.

US prosecutors have now sent a letter to María de las Heras, a liaison judge for Spain in the US, asking her to convey their demands to De la Mata. These include showing proof that the requested IP addresses are “relevant and substantial to the investigation.” The document requests further details about the Spanish probe, including the sources of information for most of the assertions made in the request for judicial cooperation.

The Spanish judge has been asked to answer a long list of questions regarding every aspect of his investigation, including who he believes that Morales was providing information to, or whether the judge thinks Morales was working for a foreign information service or as an agent for a foreign power – or whether it was simply a case of bribery.

US prosecutors have asked for all this information to be relayed before October 16, otherwise “we will assume that Spanish authorities are not interested” and the request will be shelved.

The Spanish accusations, as released to the public, make no sense. At the very least, the US may be trying to get Spain to pick one of the inconsistent explanations for the surveillance before denying or explaining it to avoid playing whack-a-mole regarding all the other claims.

The US may be asking totally inappropriate questions about a sovereign Spanish investigation. But they do have a point about the nature of the claims.

Returning to Venue in the Peter Debbins Case

In my post on the Peter Debbins indictment, I noted with curiosity the EDVA venue for the former Special Forces guy charged with sharing information with GRU. Just one of the alleged acts, a January 3, 2011 email, took place in EDVA. I suggested that might mean Debbins would eventually be prosecuted for later acts, acts which took place in Virginia.

Several filings and the WaPo account of his detention hearing (not to mention the involvement of prosecutor David Aaron, one of the people who prosecuted Hal Martin, the guy originally accused of being the Shadow Brokers source) raise further questions whether that’s true.

According to the current story, DOJ discovered that Debbins had been recruited by Russia when he self-reported that recruitment in a SF-86 in July 2019. After that, FBI interviewed him 8 times; on July 11, 2019, they got him to describe that recruitment in a voluntary statement (PDF 5ff). As demonstrated below, the interactions with GRU officers map onto the indictment very closely (which is to say, in indicting Debbins, the government only told Debbins and his Russian handlers what he already told them).

That said, Debbins’ statement includes two later details: further emails with a guy named Nikolai, lasting until May 2011 (and therefore presumably extending venue in EDVA), and a description of GRU officers going to his Russian military officer father-in-law’s office in 2012, inquiring what Debbins was doing in DC, in response to which his wife’s father provided outdated information.

In December 2019, Debbins asked his Senator, Mike Rounds, to intercede in the investigation (PDF 10ff.), claiming that he couldn’t even get unclassified employment while the FBI was investigating. He also claimed that the FBI had told him “they [were] pretty well done with [his] case.” Debbins’ claim to Rounds had to have been false. His resume (PDF 16) shows he was continually employed in this period, working as an intelligence trainer for Cosolutions until January 2020 and then working as a Cyber Financial Crimes Project Manager for a Ukrainian American university after that. Which suggests he was trying to get his Senator to intervene based on a false representation, perhaps as a way to figure out what was really happening in the investigation.

The FBI also searched Debbins’ home in the UK and executed search warrants sometime after March 8, 2020 (to shift from a counterintelligence investigation to a criminal one, the FBI would want to parallel construct what they already knew with such searches).

To explain why they needed to detain Debbins now after letting him wander around freely for over a year after disclosing these decade old contacts, AUSA Thomas Traxler (who is also prosecuting Julian Assange) explained that they needed to corroborate his statement before arresting him.

Traxler said the government was “concerned” Debbins would flee over the past year but had to corroborate the statement. It would have been “premature” to arrest him any earlier, Traxler said.

The real thing that got Magistrate Judge John Anderson to deny Debbins bail was the list of things Debbins has done since the last act in his statement. Senior DIA CI Expert David Tomlinson described how, when Debbins worked at Booz Allen Hamilton from 2014 to 2016, he was read into one Special Access Program and six Alternative or Compensatory Control Measures (which are less classified but nevertheless restricted on a need-to-know basis). Defense Intelligence Senior Leader Joseph Simon described how Debbins’ training, both while in Special Forces and in his cybersecurity jobs since, would make it easy for him to flee if he were not detained. Both declarations make it clear that Debbins has been working on Russian language counterintelligence for almost a decade, precisely the kind of positions that would be most valuable to Russia. His resume further makes it clear he spent three years at Fort Meade and 20 months working for Booz at Quantico, VA.

It would be fairly remarkable if GRU were willing to let a former recruit work in such positions, with a signed admission of his involvement with them from years earlier, without asking for further cooperation.

All the declarations submitted for his detention hearing make clear the affiant is not revealing all he knows about this case.

Finally, as WaPo noted, in addition to having organizational ties that overlap with Mike Flynn and Erik Prince, Debbins told a friend he’d get a job in Donald Trump’s NSC.

In early 2017, Debbins told a friend via email that he was a candidate for a position on the National Security Council, “specifically Special Assistant to the President and Senior Director for Russia and Central Asia.”

It is not clear how serious his candidacy was; he never served in the Trump administration.

DOJ is not saying — and they might never say anything publicly if they wanted to obscure what damage Debbins has done and what they know or don’t know. DOJ could get Debbins to plead to facts he has already admitted to in his statement, and push for a stiff sentence based off classified declarations laying out related conduct.

But it sure seems likely his related conduct in EDVA extends beyond that one January 2011 email.

The EDVA Venue and the Peter Debbins Indictment

DOJ just rolled out the indictment of a former Special Forces officer for spying for Russia.

The general story is that GRU started recruiting Peter Rafael Dzibinski Debbins when he traveled to Russia via family ties when he was young. He went on to join the Army and then the Special Forces. Along the way, he told GRU about who was in his units and what their mission was. The timeline in the indictment starts in 1996, when Debbins traveled to Chelyabinsk as a student. Debbins met with GRU officers in Russia repeatedly; after he joined the Army he provided details of what his units did, including when he was stationed in Azerbijan in 2004, where his clearance was suspended and he was discharged from the Army.

After he was discharged, on his trips to Russia in 2008 and 2010, Debbins tried to drum up Russian business. The indictment seems to suggest he started to get cold feet in 2009, resisting the recruitment.

Beginning in April 2009, DEBBINS and [Russian Intelligence Officer] 7 began exchanging a series of emails that, on their face, referenced potential business opportunities. In an April 2009 email, RIS 7 encouraged DEBBINS to travel to Russia for a visit, but DEBBINS did not commit to the trip. Later, in August 2009, RIS sent an email to DEBBINS inviting DEBBINS to travel to Russia and offering to pay his expenses. DEBBINS, however, did not travel at that time.

Subsequent to that seeming moment of resistance, however, Debbins got a new TS/SCI security clearance and traveled to Russia to discuss business with someone linked to the GRU. He did not, as most recently instructed, bring a Field Manual, because (he said) he feared he’d be caught by DHS.

Nevertheless, his GRU handlers still pitched him on a business deal. On January 3, 2011, after being reminded of his ties to GRU, Debbins moved to DC and started working on the business deal with the Russian.

A January 3 email from Debbins to the business partner is the single thing that (presumably) happened in EDVA, and the single thing that happened in 2011, the last year of the scope of this indictment.

On January 3, 2011, DEBBINS sent the RUSSIAN NATIONAL an email stating that he had moved to “the capital,” meaning Washington, D.C., and that he was working on their business matter.

And yet, even though Debbins had closest ties to Minnesota for the span of this indictment (and could have gotten venue in North Carolina through Special Forces for some of the overseas stuff), the venue is EDVA.

That may be because that’s the easiest place to win a national security case.

Or it may be because what has happened since 2011, when Debbins has been traveling elite circles and working on cybersecurity, is of more interest to the government. [h/t Laura Rozen for both links] According to one online biography, Debbins was at Fort Meade from around 2012 to 2015 and then worked as a contractor since.

Later, I got a job working at Fort Meade as a Russian analyst and did that for three years. I then transitioned to working as a cyber instructor for CACI for another three years.

Which is to say it’s unclear whether this indictment is about what happened between 1996 and 2011 — the span covered by the indictment — or about what has happened since.

image_print