Crowdsource: Build a Timeline on ODNI Whistleblower Complaint [UPDATED-4]

[NB: Updates will appear within the timeline or at the bottom of the text. /~Rayne]

Hey gang, Rayne here.  I have to confess I am completely over my head right now. I have a huge pile of projects and I can’t get through them fast enough to pull a post together. I have family coming to visit, a garden to harvest, laundry to do — the list is a mile long. I could use more hands.

Are you up for crowdsourced investigation into one of the writing projects on my list? Whatever you put in comments I will go through and pull together into a more complete timeline.

The topic: The whistleblower complaint believed to be withheld by acting Director of National Intelligence Joseph Maguire to prevent investigation.

Point of origin: Schiff accuses top intel official of illegally withholding ‘urgent’ whistleblower complaint, by Kyle Cheney, POLITICO, published 13-SEP-2019, 8:12 p.m. EDT

Note carefully this piece ended up in the news dump zone — a Friday evening after 5:00 p.m.

What could the whistleblower complaint have been about, assuming there are other related matters in the public eye? A timeline might help us piece together the topic, or it may help us prepare for anticipated hearings.

I want to point out again that one of the five drafted Articles of Impeachment against Richard Nixon was about unauthorized activity disclosed by a whistleblower. We may be looking at yet another impeachable offense (as if there haven’t been enough already).

Here’s what I have so far — help me fill in some blanks you think may be relevant to a possible “urgent concern” in a whistleblower complaint, the Office of Director of National Intelligence, the Intelligence Community, and the House Permanent Subcommittee on Intelligence over the last 33 months.

10-MAY-2017 — Trump met Russian Foreign Minister Sergey Lavrov and Russian ambassador to the US Sergey Kislyak in the Oval Office. [UPDATE-3b]

15-MAY-2017 — Washington Post reported Trump revealed code word level classified information to Lavrov and Kislyak during Oval Office meeting. The information covered ISIL’s bomb-making capabilities and may have exposed allies’ intelligence gathering means and methods. [UPDATE-3b]

XX-MAY-2017 — Decision made to exfiltrate key Russian asset. Unclear exactly when decision made or when exfiltration occurred, only that it happened after the Oval Office meeting with Lavrov and Kislyak, and before the G20 meeting in Hamburg, Germany. [UPDATE-3b]

7/8-JUL-2017 — Trump meets Putin at G20 meeting in Hamburg, Germany.[UPDATE-3b]

________

09-APR-2018 — John Bolton begins as National Security Adviser.

16-JUL-2018 — U.S.-Russia Summit meeting in Helsinki, Finland; Trump meets with Putin.

XX-JUL-2018 — Coats expressed opinion differing from Trump’s after Helsinki summit. Rumors began about Trump replacing Coats.

________

29-JAN-2019 — Coats testified before Senate Intelligence Committee; he said North Korea “is unlikely to completely give up its nuclear weapons and production capabilities,” in contrast to Trump’s claims that Kim Jong-un has committed to denuclearization.

XX-FEB-2019 — Trump discussed replacements for DNI.

24-MAY-2019 — Trump issued a directive allowing Attorney General William Barr to declassify any intelligence that sparked the opening of the Russia investigation. [UPDATE-3c]

20-JUN-2019 — In retaliation for downing a U.S. drone, Trump approved strikes on Iran which were abruptly aborted. [UPDATE-4a]

24-JUL-2019 – The same day that John Ratcliffe used his time to question Robert Mueller before the Judiciary Committee to accuse Mueller of breaking DOJ regulations — CNN reported that “Ratcliffe has been under consideration for a job within the Trump administration, sources told CNN, including an intelligence or national security role.” [UPDATE-2a]

28-JUL-2019 — Coats’ departure and John Ratcliffe nominated as replacement announced by Trump via Twitter.

02-AUG-2019 — Ratcliffe withdraws from consideration. [UPDATE-2b]

08-AUG-2019 — Primary Deputy Director DNI Sue Gordon resigned effective 15-AUG-2019, without additional prior notice, as ordered. Resignation letter without handwritten note.

Copy of former PDDNI’s resignation letter with handwritten cover: ODNI_LTR_08AUG2019

12-AUG-19ICIG received the whistleblower compaint, via Schiff’s 10-SEP letter [UPDATE-1]

15-AUG-2019 — Coats’ last day as DNI.

26-AUG-19 — IC IG transmitted the whistleblower complaint to the Acting DNI, via Schiff’s 10-SEP letter [UPDATE-1]

30-AUG-2019 — Trump tweeted a high-resolution satellite image of Iran’s failed Safir SLV launch while claiming the U.S. was not involved. The image may have been classified and ‘insta-declassified’ by Trump.

01/02-SEP-2o19 — US Special Rep. for Afghanistan Zalmay Khalizad met with Afghan president Ashraf Ghani in Kabul where the Taliban, Afghan government and the U.S. had “reached an agreement in principle” toward an eventual “total and permanent cease-fire.” [UPDATE-4a]

02-SEP-19 — Deadline for ADNI to forward the complaint to Intelligence committees of Congress passes without a referral, via Schiff’s 10-SEP letter [UPDATE-1]

03-SEP-2019 — Russian media outlet Tass reported that Russian Deputy Foreign Minister said the U.S. and Taliban “insist that Russia must be present in one capacity or another at the possible signing of the agreements that the parties are working on now.” [UPDATE-4a]

04-SEP-2019 — Secretary of State Mike Pompeo refused to sign the agreement with the Taliban. [UPDATE-4b]

09-SEP-2019 — CNN broke story of a CIA asset extracted from Russia in 2017; followed by NYT on the 9th (and then NBC’s Ken Dilanian appears at the asset’s house…) [UPDATE-3a]

09-SEP-2019 — Trump asked for Bolton’s resignation and tweeted about it the next morning.

09-SEP-2019 — Intelligence Community Inspector General (IC IG) sent a letter to the House Permanent Select Committee on Intelligence, notifying it of a whistleblower complaint which it had determined to be credible and a matter of “urgent concern.”

10-SEP-2019 — Bolton tells Fox’s Brian Kilmeade by text that he quit.

10-SEP-2019 — HPSCI Rep. Adam Schiff requested the full, unredacted complaint, the IC IG’s determination about the complaint, and all documentation of ODNI’s action regarding this complaint, including correspondence with the White House.

11-SEP-2019 — Bloomberg reported Bolton pushed back Monday-Tuesday at Trump over Iran sanctions; Bolton wanted maximum pressure while Trump wanted to encourage a meeting with Iran’s Rouhani later in September. [UPDATE-4a]

12-SEP-19 — Schiff and ADNI “discussed at length” the need to protect the whistleblower from any retaliation, including if the whistleblower subsequently comes forward to the committee with his/her concerns, via Schiff’s 13-SEP letter [UPDATE-1]

13-SEP-2019 — ODNI declined the request, claiming the request as “it involves confidentially and potentially privileged communications by persons outside the Intelligence Community.”

13-SEP-2019 — HPSCI subpoenaed acting DNI Joseph Maguire for materials declined by ODNI.

_____

Future items:

17- SEP-2019 — Deadline, materials responsive to subpoena must be turned over by this date

19- SEP-2019 — Date when Maguire will be compelled to appear before Congress in a public hearing

What a freaking mess. I have nothing here about Mike Pompeo or any other intelligence personnel or issues. The bit about Coats’ departure and Bolton’s termination stick out as well as that insta-declassified intelligence photo, but what might have been an “urgent concern”?

Knock yourselves out — I’ll check in as time permits. Let’s see if a narrative emerges besides the obvious fact the Trump administration has severely damaged our national security apparatus.

To The Phones: Stop the Gulf of Tonkin, Iran Edition

[NB: Check the byline, thanks. /~Rayne]

Some crazy bullshit happened last evening, probably while our fearless Agent Orange Chaos was under the influence of anti-anxiety medication/two scoops/Hannity’s fluffery:

This is like a half-assed Gulf of Tonkin event, a deliberately staged precursor to war. The Gulf of Tonkin was the rationale for the Vietnam War which resulted in 58,318 dead and 303,644 wounded U.S. military personnel and nearly 4,000,000 total dead, along with billions in defense expenditures.

It’s not like we haven’t seen other similar bullshit lies leading us into war, and some of the key lies propelled by the same news outlet quoted above, written by NYT’s Judith Miller. NYT has clearly prepped itself for more of the same — just look at the specialty Twitter account it set up called “NYTimesAtWar.”

We’re being dragged into a wholly unnecessary war because other non-US factions want to use our military for their ends. We have total shit for soft power right now because Trump doesn’t believe in diplomacy unless he’s conducting it with some other Big Authoritarian Man[™]. He will definitely trash anything the previous administration negotiated as part of the JCPOA (read: something a black man did). Trump’s also pliable depending on when he’s approached and by whom — like this propaganda by Fox News yesterday catching him first thing in the morning when he watches television, conditioning his responses for the day:

And again today, after the attack last night was canceled, Fox News is again beating the drum for war and tacitly questioning Trump’s manhood:

Who else was working on Trump’s head all day yesterday, pushing this bullshit narrative based on manufactured evidence?

Thankfully the House has finally voted this Wednesday to end the 2001 Authorization to Use Military Force (AUMF) which has been used to support all manner of military action against real and claimed terrorist threats:

The House of Representatives voted today to repeal the 2001 Authorization for Use of Military Force (AUMF). Presidents have used the AUMF to justify never-ending wars that lack Congressional approval.

This is the first time in nearly 18 years that a chamber of Congress has repealed this law. The measure, sponsored by Rep. Barbara Lee (CA), was included in the Department of Defense Appropriations Act (H.R. 2968). Designed to take effect eight months after being signed, Congress would need to pass a new AUMF or the administration would need to remove military personnel from current conflicts during that time.

Prescient timing, or no? Whatever the case, if factions within the Trump administration were going to rely on the 2001 AUMF to execute their attacks on Iran, the support is gone in the House.

This is where YOU come in. The Senate hasn’t voted on the Defense Appropriations Act including the rescindment of the 2001 AUMF; it could be stalled once again on Senate Majority Leader Mitch McConnell’s desk. Stalled or not, the Senate needs to hear from its constituents about this absurd run up to war — denounce this incompetent attempt at launching war without adequate Congressional approval and ask for an investigation into whatever happened last evening to launch an attack without a legitimate AUMF and then reversed the attack mid-flight. This behavior is irrational and only more likely to trigger events the American people have no desire to see happen.

If you need another briefing and a script for making your calls to your senators, visit @Celeste_pewter’s TinyLetter page.

Congressional switchboard: (202) 224-3121

Do call your House reps and praise them if they supported the rescindment and admonish them if they didn’t. They need to know constituents are paying close attention.

The really scary/aggravating part of last night’s near-miss was that fossil fuel corporations can’t be happy about this. If they aren’t happy and they weren’t consulted, who’s running our foreign policy besides a guy responsible in no small part for hundreds of thousands of unnecessary deaths in the Iraq War and another Christianist doofus too stupid to realize he’s being used as a pawn by other non-Christian geopolitical forces?

This is an open thread.

[Photo: Emily Morter via Unsplash]

Three Things: Nuke Rebuke

[NB: Note the byline, thanks! /~Rayne]

Looks like we need another open thread — here’s three things we should discuss.

~ 3 ~

You’ve probably seen the story this week about the rush to transfer nuclear technology to Saudi Arabia revealed to the House Oversight Committee by whistleblowers.

What I want to know: when did we have a public debate about nuclear proliferation? The House Oversight Committee has launched an investigation but Congress knew Michael Flynn had been up to hijinks with nuclear proliferation more than a year ago which Jim White wrote about here in 2017.

Did the GOP-led 115th Congress just roll over and play dead throughout all of 2018, simply forgetting we had laws against nuclear proliferation? There was a Senate Armed Services Committee hearing about our own weapons last April — what about proliferation abroad?

Why are we trying to denuclearize North Korea at the same time Trump administration officials are rushing to transfer nuclear technology to KSA?

What ensures KSA will use this technology for its own electricity generation instead of selling it or trading it to an entity hostile to U.S. interests?

What’s to keep NK from claiming they’ve denuclearized and then acquiring U.S. nuclear technology?

~ 2 ~

Speaking of North Korea, why is special envoy Stephen Biegun not on the same page with John Bolton?

Jesus Christ, don’t make me side with Bolton but what the hell is going on that Biegun is more worried about producing some flimsy pretense of a win for Trump at the expense of real progress?

Especially since Russia is negotiating with NK on nuclear technology transfer.

~ 1 ~

Has the Trump administration done anything at all to prepare for a no-deal hard Brexit? At this rate thanks to Theresa May’s hacktacular negotiations (or lack thereof), relations between the UK and EU will simply end

Which means the UK will be unable to import goods and clear them through customs on a timely basis, posing a realistic threat of a humanitarian crisis.

Has the U.S. State Department, led by Mike Pompeo, ensured the U.S. will be able to continue trade with the UK on an uninterrupted basis? Are we prepared to aid our ally if they have critical supply disruptions?

~ 0 ~
I have the impression our foreign and nuclear policies are utterly trashed.

This is a open thread.

Open Thread: Is that a Smile? [UPDATE]

[FYI, update is at the bottom of this post./~Rayne]

I’m putting up an open thread since the BDTS thread is filling up as the Oversight Committee’s hearing continues.

There have been some developments in the case of National Enquirer owner AMI’s extortive letter to Amazon founder Jeff Bezos, threatening to leak sext images exchanged with his paramour.

If you haven’t read Bezos’ open letter to AMI you really should. There’s something about AMI’s attempt that’s more than squicky; it smells sloppy and desperate.

Perhaps it merely reflects what Bezos says about AMI’s David Pecker — that Pecker was “apoplectic” about Bezos’ attempt to investigate the source of personal text messages leaked by AMI outlet National Enquirer.

Or perhaps it reflects some urgency related to the level of interest from other parties.

In any case, there were a number of discussions in Twitter last night as to whether AMI’s letter met the legal definition of extortion. Former fed prosecutor Renato Mariotti published a thread on the topic and former fed prosecutor Mimi Rocah also had questions about the letter.

Bloomberg reported today that the feds in SDNY are now looking into National Enquirer’s treatment of Bezos’ affair and whether it violates the agreement AMI entered into regarding the Michael Cohen “Catch and Kill” hush money case. The agreement prohibited further illegal activity.

What was it about Bezos’ private investigations that set off David Pecker so badly he’d not think about the implications to AMI’s agreements?

Bezos appears confident — though he hasn’t confirmed this in public — that the messages he exchanged with his married lover were entirely private. This suggests that their leakage was through illegal means.

Why would Pecker risk the possibility such an extortive act might expose illegal surveillance methods had been used against Bezos?

The one other recent case where Pecker’s name has come up in regard to aggressive surveillance and shaping news media coverage was that of Hollywood film producer Harvey Weinstein. Pecker and Weinstein have been characterized as friends:

Mr. Weinstein held off press scrutiny with a mix of threats and enticements, drawing reporters close with the lure of access to stars, directors and celebrity-packed parties. Some journalists negotiated book and movie deals with him even as they were assigned to cover him. The studio chief once paid a gossip writer to collect juicy celebrity tidbits that Mr. Weinstein could use to barter if other reporters stumbled onto an affair he was trying to keep quiet. He was so close to David J. Pecker, the chief executive of American Media Inc., which owns The Enquirer, that he was known in the tabloid industry as an untouchable “F.O.P.,” or “friend of Pecker.” That status was shared by a chosen few, including President Trump.

(source: Weinstein’s Complicity Machine, 05-DEC-2017)

Weinstein had hired Black Cube to bat clean up on stories about his sexually abusive behavior. Who referred this private investigation firm to Weinstein?

It’s also possible the effort to silence Jeff Bezos and the Washington Post (owned by Bezos through holding company Nash Holdings) was driven not by Pecker’s relationship with Donald Trump but by Pecker’s desire to do business in Saudi Arabia. What resources would have been used to obtain Bezos’ text messages if Pecker was already tied up with KSA?

Saudi Arabia has now responded by denying any involvement in the conflict between Bezos and AMI, minimizing the dispute as a “soap opera.”

Again, treat this as an open thread.
_______

UPDATE — 4:15 P.M. ET —

Activist Iyad El-Baghdadi has just finished a thread looking at the Bezos-AMI dispute. He had already pointed out each allusion to Saudi Arabia in Bezos’ letter; in his Twitter thread he says a Saudi whistleblower told him Crown Prince MBS is obsessed with the Washington Post and targeting WaPo journalists.

But the bit that clicked for me with regard to David Pecker: with its extortive letter attempting to blackmail performance from Bezos, if AMI was acting on behalf of or in coordination with a foreign nation-state, they may be in violation of Foreign Agents Registration Act.

Now one needs to ask themselves, assuming AMI did this for MBS/KSA, was this the first time they acted on behalf of another nation-state? Or have they acted as agents for foreign powers before and it’s all in their vaults?

Where’s that popcorn?

Rattled: China’s Hardware Hack – PRC’s Response

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response Bloomberg Businessweek received from the Ministry of Foreign Affairs for the People’s Republic of China (PRC) in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. PRC’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses to Bloomberg’s story will be posted separately.
__________

People’s Republic of China

China is a resolute defender of cybersecurity.[1] It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit.

[1] It’s hard to argue that PRC does not defend its own cybersecurity resolutely.

[2] There are four themes here, at least:

— collaboration and ongoing dialog, but this requires trust which are difficult to develop without openness;
— mutuality, which again requires trust;
— equality, an insistence that footing of those in dialog is level;
— benefit, implying a transactional nature.

This may be a very small paragraph but it is heavily loaded and not for the kind of lightweight, half-assed diplomacy we’ve seen from this administration.

Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.[3] China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011.[4] It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries.[5] We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.[6] —Translated by Bloomberg News in Beijing[7]

[3] What is PRC alleging here? Are they accusing the U.S. of compromising their supply chain? Difficult for the American public to debate this when it is so opaque though this comment may be based directly on NSA interception of networking equipment to be used in China as one example.
[4] What was happening between U.S. and Russia at that point in time? PRC acts as if an agreement to this code would happen in a vacuum.
[5] A dig at U.S.
[6] Another dig at U.S.
[7] There has been no apparent demand for correction to any of this translation.

Like Supermicro’s response this one is very short and effective, giving little away.

Still Rattled: Fallout and Pushback

[NB: Note the byline. Portions of this post may be speculative. / ~Rayne]

The tech industry and technology journalism outlets remain rattled by Bloomberg Businessweek’s The Big Hack article.

Bloomberg Businessweek’s Jordan Robertson and Michael Riley published a second article last Tuesday in which a security expert went on the record about compromised servers with Supermicro motherboards in an unnamed telecommunications provider. Do read the article; the timing of the discovery of the unexpected network communications and the off-spec covert chip fit within the timeline of Apple and Amazon problems with Supermicro motherboards.

The FBI’s and DHS’ responses are also interesting — the first refused to comment and the second offered a tepid endorsement of Apple’s and Amazon’s denials.

The second article hasn’t assuaged industry members or journalists, though, in spite of a source on the record about a third affected entity.

The main criticisms of Bloomberg piece are:

— No affected equipment or firmware has been produced for review;

— Too much of Bloomberg’s sourcing remains anonymous;

— The claims cannot be validated by other journalists, technology companies, persons at Apple and Amazon who have been contacted and interviewed by non-Bloomberg journalists;

— Contacts inside the companies in question continue to deny knowledge if they don’t express confusion about the alleged hack;

— Apple and Amazon have published firm denials, including Apple’s preemptive letter to Congress.

However,

— Something drove both Apple and Amazon to change their relationship with Supermicro within a fairly tight time frame;

— The uniformity of their early denials in which they avoid mentioning hardware and lean toward web application as a point of conflict is odd;

— Neither of these enormous firms nor Supermicro have filed a lawsuit against Bloomberg for libel that the public can see, preventing questioning of Bloomberg’s journalists and sources under subpoena;

— Securities and Exchange Commission doesn’t appear to have been engaged to investigate the claims (although it’s possible the SEC is on this and may simply not have disclosed this publicly);

— None of the other unnamed companies alleged to have received compromised motherboards have uttered a peep to defend (or rebut) Apple or Amazon.

I have not seen in any reporting I’ve read to date — from either Bloomberg Businessweek in The Big Hack or subsequent articles examining the claims or rebutting them — that any journalist, tech industry member or infosecurity community member has asked whether Apple, Amazon, or the other affected companies ordered customized motherboards or servers with customized motherboards made to their company’s specifications. Supermicro has also said nothing about any possible differentiation between motherboards for different companies which would affect the scenario. The silence on this point is confounding.

This piece in Ars Technica captures many of the concerns other tech news outlets have with the Bloomberg reports. Complaints that software — meaning firmware — is easier to hack than adding off-spec hardware miss two key points.

Made-to-order components or assemblies in Just-In-Time lean manufacturing enterprises make it easier to ensure that adulterated products reach their intended mark because each order represents an identified, traceable batch. Adherence to ISO standards in manufacturing processes may even make traceability easier.

We know Supermicro uses lean manufacturing techniques because it’s in job postings online (lousy pay, by the way, which may also say something).

Does Supermicro use the same lean manufacturing approach overseas? Do any of its suppliers also use lean manufacturing?

In contrast, release of firmware (without corresponding adulterated hardware) to a single target is more difficult to control than hardware — the example given is Stuxnet (excerpt here from Ars Technica).

Why wouldn’t a determined nation-state ensure there was a failover, a Plan B method for accessing specific intelligence from a narrow range of sources instead of betting the farm on one method alone? Given the means to deploy both malicious firmware and adulterated hardware, why wouldn’t they try both?

~ | ~ | ~

In spite of tech industry and journalists’ criticisms of Bloomberg’s reporting, these facts remain:

1 — Technology supply chain has been compromised;

2 — U.S. government has known about it (pdf);

3 — U.S. government has not been forthcoming about it or the blacklists it has implemented;

4 — U.S. government has tried to investigate the compromise but with insufficient success;

5 — Some companies are also aware of the compromised supply chain.

We’re no closer to resolving this question: has the compromise of the supply chain remained limited to counterfeiting, or does the compromise now include altered products?

At what point will the tech industry and infosecurity community begin to take supply chain hacks more seriously?

_________

[AN: I still have to analyze both Apple’s letter to Congress and its second response posted on their website along with Amazon’s published response. More to come./~Rayne]

Before Trump Did Nothing When Mohammed bin Salman Went After Jamal Khashoggi, He Did Nothing When MBS Went After Alwaleed bin Talal

There are a number of stories suggesting that the Trump administration will do nothing in response to the evidence that Mohammed bin Salman lured journalist Jamal Khashoggi to the Saudi consulate in Turkey to have him murdered and dismembered.

Trump has made a show of pretending to get to the bottom of things, while saying doing anything about it would hurt US-Saudi relations (meaning arms sales).

As outrage started to grow, MBS called Jared Kushner, with whom he has a close relationship sealed over all night conversations.

The White House said Wednesday that the powerful Saudi crown prince, Mohammed bin Salman, had spoken about Khashoggi the previous day with White House national security adviser John Bolton and Trump’s son-in-law and senior adviser Jared Kushner. Kushner and the crown prince, who is commonly referred to as MBS, are known to be close.

A former administration official told POLITICO that MBS had demanded the call earlier in the week after the top official at the U.S. Embassy in Riyadh asked MBS directly about the Khashoggi case. The crown prince denied any wrongdoing in his conversation with that embassy official, the former official said.

Neither the White House nor the State Department would comment on the Saudi crown prince’s demand or most other aspects of this story. But the former official said the crown prince’s insistence on talking directly to the White House indicates he is hoping to leverage his close ties with Kushner and others in Trump’s inner circle to avoid repercussions.

And the business community — including close Trump allies — seem prepared to head for an investors conference in Saudi Arabia in spite of the assassination.

But if it becomes clear that the prince ordered the assassination of Mr. Khashoggi or was connected to it in some way, it will provoke an outcry on Capitol Hill; embarrass American executives, dozens of whom are flocking to Riyadh for a conference next week where the crown prince is scheduled to speak; and put Mr. Kushner, who was once himself a newspaper publisher, in an extremely awkward position.

Among the prominent figures scheduled to take part are Jamie Dimon, the chief executive of JPMorgan Chase; Stephen A. Schwarzman, the chief executive of the Blackstone Group; and Dara Khosrowshahi, the chief executive of Uber.

Two other scheduled attendees have ties to Mr. Trump: Thomas J. Barrack Jr., a financier who is a friend of the president’s; and Dina H. Powell, a Goldman Sachs executive and former deputy national security adviser who worked closely with Mr. Kushner on Saudi Arabia and is a leading candidate to replace Nikki R. Haley as ambassador to the United Nations.

The Treasury Department said Mr. Mnuchin was still planning to attend.

While Congress has responded to this assassination by leveraging the Magnitsky Act, it seems the Administration would just like attention to the killing to fade.

Which really shouldn’t be a surprise.

The Administration did nothing last year when MBS targeted an even more prominent western-connected Saudi, Alwaleed bin Talal. Alwaleed was detained for 83 days by MBS until such time as he agreed to some kind of deal with the government, which may have involved handing over a substantial part of his fortune and acceptance of greater involvement in his business decisions.

Did you have to pay the government any money, did you have to hand over any land, did you have to surrender any shares?

When I say it’s a confidential and secret agreement, an arrangement based on a confirmed understanding between me and the government of Saudi Arabia, you have to respect that.

I’m a Saudi citizen. But I’m also a member of the royal family. The king is my uncle. Mohammed bin Salman is my cousin. So my interest is in maintaining the relationship between us and keeping it unscratched.

While Alwaleed is in no way a Saudi dissident, as Khashoggi was, he was a crucial cog not only in Saudi-US relations, but by virtue of his substantial investments in key US companies, in the US economy.

And western observers watched as MBS exerted some kind of influence over Alwaleed with only hushed complaints.

Far from criticizing the crackdown, Trump (and Jared, before the fact) appeared to sanction it.

Trump might do so not just because he has a fondness for authoritarianism. Starting fairly early in his presidential campaign, Trump had responded to Alwaleed’s criticisms of him with public mockery.

The Alwaleed-Trump tiff began in 2015, when candidate Trump called for curbing Muslim travel to the US in a bid to prevent terrorist attacks. Because of that, Alwaleed tweeted that the Republican front-runner was a “disgrace” and should bow out of the race. Mr. Trump responded that the prince was “dopey” and was seeking to “control our US politicians with daddy’s money.”

At one point, the future president tweeted a photo of Alwaleed alongside Megyn Kelly, then a Fox News correspondent who had clashed with Mr. Trump. It turned out that the image was a fake, and Mr. Trump falsely claimed that Alwaleed was “the co-owner of Fox News.” In fact, the prince had a stake in Fox’s (FOXA) sibling company, News Corp. (NWS), amounting to about 7 percent. He since has cut it drastically.

Alwaleed has countered Mr. Trump’s attacks by pointing out that he helped bail out the New York developer when the highly indebted Trump empire teetered on collapse in the early 1990s. First, the prince bought Mr. Trump’s 283-foot yacht for a bargain price of $18 million and with a partner bought out the Plaza, a storied New York hotel, which the Trump Organization owned.

Indeed, the Intercept reported that Jared provided intelligence from the Presidential Daily Brief to MBS on people he deemed disloyal to the regime.

In late October, Jared Kushner made an unannounced trip to Riyadh, catching some intelligence officials off guard. “The two princes are said to have stayed up until nearly 4 a.m. several nights, swapping stories and planning strategy,” the Washington Post’s David Ignatius reported at the time.

What exactly Kushner and the Saudi royal talked about in Riyadh may be known only to them, but after the meeting, Crown Prince Mohammed told confidants that Kushner had discussed the names of Saudis disloyal to the crown prince, according to three sources who have been in contact with members of the Saudi and Emirati royal families since the crackdown. Kushner, through his attorney’s spokesperson, denies having done so.

“Some questions by the media are so obviously false and ridiculous that they merit no response. This is one. The Intercept should know better,” said Peter Mirijanian, a spokesperson for Kushner’s lawyer Abbe Lowell.

On November 4, a week after Kushner returned to the U.S., the crown prince, known in official Washington by his initials MBS, launched what he called an anti-corruption crackdown. The Saudi government arrested dozens of members of the Saudi royal family and imprisoned them in the Ritz-Carlton Riyadh, which was first reported in English by The Intercept. The Saudi figures named in the President’s Daily Brief were among those rounded up; at least one was reportedly tortured.

While that story line of Trump’s response to the persecution was largely dropped as Alwaleed’s detention drew on early this year, I don’t doubt that Trump’s personal animosity to Alwaleed made him, if anything, at least comfortable if not enthusiastic about MBS’s power grab at Alwaleed’s expense. If so, MBS would have played to Trump’s own penchant for revenge to undercut what otherwise might have been more vocal criticism of the arbitrary treatment of a key international businessman (that said, the US made surprisingly little noise when MBS sidelined Mohammed bin Nayef, either).

And at that moment, MBS established that Trump would not interfere with any crackdown on opposition — because Trump has already bought into it.

Rattled: China’s Hardware Hack – SMCI’s Response

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response Bloomberg Businessweek received from Super Micro Computer in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Super Micro Computer’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses to Bloomberg’s story will be posted separately.
__________

Supermicro

While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard.[1] We are not aware of any customer dropping Supermicro as a supplier for this type of issue.[2]

[1] (a) “we are not aware” “nor have we been contacted” — who is we?

(b) “nor have we been contacted by any government agency” — has Supermicro been contacted by customers or their auditors or their security teams, contract or not, about security problems?

[2] Were one or more of Supermicro’s customers dropped by their customers because of security concerns including problems with firmware? Are any of the customers or customers of customers U.S. government entities?

Every major corporation in today’s security climate is constantly responding to threats and evolving their security posture. As part of that effort we are in regular contact with a variety of vendors, industry partners and government agencies sharing information on threats, best practices and new tools. This is standard practice in the industry today. However, we have not been in contact with any government agency regarding the issues you raised.[3]

[3] Has Supermicro been in contact with any government agency regarding any security issues including firmware updates?

Furthermore, Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.[4]

[4] Interesting pointer about networking chips. What other motherboard content does Supermicro not design or manufacture, procuring from other companies? What procured motherboard components have firmware associated with them?

Rattled: China’s Hardware Hack – Amazon’s Response

[NB: Note the byline. Portions of my analysis may be speculative. / ~Rayne]

The following analysis includes a copy of an initial response  received from Amazon by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story Amazon’s response was published on October 4 at this link. The text of Amazon’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses by Amazon to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Amazon

It’s untrue that AWS[1] knew about a supply chain compromise, an issue with malicious chips, or hardware modifications[2] when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI[3] to investigate or provide data about malicious hardware.

[1] Identity – were there ever any third-party contractors or representatives involved in the relationship with Elemental? With Supermicro? Are there more than one Amazon subsidiary entity involved in the evaluation, purchasing, implementation of Elemental or Supermicro products into Amazon or its subsidiary enterprise? Which entity submitted this denial to Bloomberg Businessweek: Amazon, AWS, or some other subsidiary?

[2] What about evidence of bad or mismatched firmware and firmware updates?

[3] Did any law enforcement, military, or intelligence agency work with Amazon or any of its subsidiaries or contractors to investigate or provide data on hardware which failed to operate to specification or as expected?

We’ve re-reviewed our records[4] relating to the Elemental acquisition for any issues related to SuperMicro, including re-examining a third-party security audit[5] that we conducted in 2015 as part of our due diligence prior to the acquisition. We’ve found no evidence to support claims of malicious chips or hardware modifications.[6]

[4] “our records” — whose records and what kind? Identity needs clarification as well as the type of records.

[5] Who is the third-party security auditor? How and why were they engaged?

[6] What about evidence of bad or mismatched firmware and firmware updates?

The pre-acquisition audit described four issues with a web application (not hardware or chips)[7] that SuperMicro provides for management of their motherboards. All these findings were fully addressed before we acquired Elemental. The first two issues, which the auditor[8] deemed as critical, related to a vulnerability in versions prior to 3.15 of this web application (our audit covered prior versions of Elemental appliances as well), and these vulnerabilities had been publicly disclosed by SuperMicro on 12/13/2013.[9]

[7] “web application” — but not firmware?

[8] Is this still the unnamed third-party security auditor or an internal auditor employed by Amazon or a subsidiary?

[9] How was this “publicly disclosed by SuperMicro”? SMCI’s website does not currently have either a press release or an SEC filing matching this date (see screenshots at bottom of this page).

Because Elemental appliances are not designed to be exposed to the public internet, our customers are protected against the vulnerability by default.[10] Nevertheless, the Elemental team had taken the extra action on or about 1/9/2014 to communicate with customers and provide instructions to download a new version of the web application from SuperMicro (and after 1/9/2014, all appliances shipped by Elemental had updated versions of the web application).[11] So, the two “critical” issues that the auditor found, were actually fixed long before we acquired Elemental. The remaining two non-critical issues with the web application were determined to be fully mitigated by the auditors if customers used the appliances as intended, without exposing them to the public internet.[12]

[10] “exposed to the public internet” — did customer data run through Elemental’s Supermicro devices between 2013 and 2015?

[11] What about firmware?

[12] Did customer data still run through devices with the two non-critical issues? Are any machines with these non-critical issues still in production?

Additionally, in June 2018, researchers made public reports of vulnerabilities in SuperMicro firmware.[13] As part of our standard operating procedure, we notified affected customers promptly, and recommended they upgrade the firmware in their appliances.[14]

[13] Researchers at Eclypsium are reported to have told Supermicro of vulnerabilities in January 2018. When was Amazon, AWS, or other Amazon subsidiary notified of these vulnerabilties?

[14] Give the six-month gap between Eclypsium’s notification to Supermicro and the public’s notification, when were Amazon’s, AWS’, or other Amazon subsidiary’s customers notified of these vulnerabilties?

__________

Screenshots

Supermicro’s SEC filings – last of year 2013:

Supermicro’s press releases – last of year 2013:

Rattled: China’s Hardware Hack – Apple’s Response

[NB: Note the byline. Portions of my content are speculative. / ~Rayne]

The following analysis includes a copy of an initial response received from Apple by Bloomberg Businessweek in response to its story, The Big Hack. In tandem with the Bloomberg story this was published on October 4 at this link. Apple’s response is offset in blockquote format. No signer was indicated in the published response. Additional responses from Apple to Bloomberg’s story will be assessed separately in a future post.

This analysis is a work in progress and subject to change.
__________

Apple

Over the course of the past year, Bloomberg has contacted us multiple times with claims, sometimes vague and sometimes elaborate, of an alleged security incident at Apple.[1] Each time, we have conducted rigorous internal investigations based on their inquiries and each time we have found absolutely no evidence to support any of them.[2] We have repeatedly and consistently offered factual responses, on the record, refuting virtually every aspect of Bloomberg’s story relating to Apple.[3]

[1] Phrasing avoids who made the allegation(s).

[2] “rigorous internal investigations” doesn’t describe what they actually investigated; “each time” refers to investigations AFTER Bloomberg contacted Apple, AFTER 2016 when Apple had broken off relations with Supermicro.

[3] “refuting virtually aspect” does not mean “every and all.”

On this we can be very clear: Apple has never found malicious chips, “hardware manipulations” or vulnerabilities purposely planted in any server.[4] Apple never had any contact with the FBI or any other agency about such an incident.[5] We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

[4] (a) What about problems with firmware updates, including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

(b) “purposely planted in any server” refers not to Supermicro’s motherboards but Elemental or other server assemblies.

[5] What about contact with any government agency regarding firmware? What about contact with a third-party entity regarding firmware problems, including security researchers?

[6] This phrasing focuses on law enforcement but not on other possibilities like intelligence entities or non-law enforcement functions like Commerce or Treasury Departments.

In response to Bloomberg’s latest version of the narrative, we present the following facts: Siri and Topsy never shared servers;[7] Siri has never been deployed on servers sold to us by Super Micro; and Topsy data was limited to approximately 2,000 Super Micro servers, not 7,000. None of those servers has ever been found to hold malicious chips.[9]

[7] (a) What about earlier versions of Bloomberg’s narrative the public hasn’t seen?

(b) Did Siri and Topsy ever share a data farm facility?

[8] (a) Was Siri ever deployed on Elemental brand servers?

(b) Was Topsy ever deployed on Elemental brand servers?

[9] Did any of the servers on which Siri and Topsy were deployed experience firmware problems including malicious firmware, firmware not issued by Supermicro, or hijacking to firmware upgrade sites not created by Supermicro?

As a matter of practice, before servers are put into production at Apple they are inspected for security vulnerabilities and we update all firmware and software with the latest protections. We did not uncover any unusual vulnerabilities in the servers we purchased from Super Micro when we updated the firmware and software according to our standard procedures.[10]

[10] Is this a statement of current practices or practices during the period of time about which Bloomberg reported? Why did Apple end its relationship with Supermicro?

We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed. Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs.[11] That one-time event was determined to be accidental and not a targeted attack against Apple.[12]

[11] Gaslighting about the journalists’ credibility. Have there ever been any servers from Elemental or other server manufacturer with “infected drivers,” including the “single Super Micro server in one of our labs”? Were any servers of any make with “infected drivers” in production environments, whether they faced customers or not?

[12] How is an “infected driver” an accident?

While there has been no claim that customer data was involved, we take these allegations seriously and we want users to know that we do everything possible to safeguard the personal information they entrust to us.[13] We also want them to know that what Bloomberg is reporting about Apple is inaccurate.[14]

[13] This is not the same as saying “customer data was not exposed.”

[14] “inaccurate” but not “wrong,” “erroneous,” “false,” or “untrue”?

Apple has always believed in being transparent about the ways we handle and protect data.[15] If there were ever such an event as Bloomberg News has claimed, we would be forthcoming about it and we would work closely with law enforcement.[16] Apple engineers conduct regular and rigorous security screenings to ensure that our systems are safe. We know that security is an endless race and that’s why we constantly fortify our systems against increasingly sophisticated hackers and cybercriminals who want to steal our data.[17]

[15] Tell us about iPhone encryption.

[16] “an event” is not “events”. “Forthcoming” may not mean “public disclosure” or “reveal that we are under non-disclosure agreements.” “Would work closely with law enforcement” is not the same as “working with intelligence community,” or “working with Commerce/Treasury Departments.”

[17] No specific mention of nation-state actors.

image_print