The Collective Response to Russia’s Ukraine Invasion

Yesterday, the government rolled out two hacking indictments from last year as part of its effort to use legal documents to expose Russian spying operations. While the indictments are important speaking documents, I realized from the response that the subset of journalists who focus primarily on cybersecurity were unaware that this effort was part of a larger effort to demonstrate Russia’s spying that DOJ (and, surely, other agencies of the IC) have been pursuing since the Russian invasion.

So I wanted to start collecting all instances here as a way to see the entire package of what DOJ is doing. I’ll try to keep this up-to-date.

February 22, 2022: Treasury sanctions Russian banks

Individual targets include Denis Aleksandrovich Bortnikov, Petr Mikhailovich Fradkov, Vladimir Sergeevich Kiriyenko.

(press release)

February 24, 2022: Treasury sanctions Russian banks

Targets include Sberbank, VTB, Gazprom, Rostelecom, Alfa Bank, Sergei Sergeevich Ivanov, Andrey Patrushev, Ivan Sechin (the latter sons of key oligarchs).

(press release)

February 25, 2022: Treasury sanctions Putin and Sergei Lavrov

(press release)

February 28, 2022: Treasury sanctions Kirill Dmitriev

Targets include Dmitriev and RDIF.

(press release)

US expels 12 Russian diplomats at UN.

March 3, 2022: Treasury sanctions key Putin cronies

Targets include Alisher Burhanovich Usmanov, Nikolay Petrovich Tokarev, Yevgeniy Prigozhin and their families.

(press release)

March 3, 2022: US v. Jack Hanick

November 4, 2021 sealed indictment against a former Fox employee who helped sanctioned oligarch Konstantin Malofeyev set up some media outlets to push Russian propaganda. Hanick was arrested in the UK on February 3, 2022 and is being extradited. (press release; my post)

SDNY 21-cr-676

March 7, 2022: US v. Elena Branson

March 7, 2022 complaint against the one-time chair of the Russian Community Council of the USA. Branson attempted to set up meetings with Trump. (press release; my post)

SDNY 22-mj-2178

March 11, 2022: Treasury sanctions Oligarchs

Targets include Dmitri Peskov and his family, Viktor Feliksovich Vekselberg, and the VTB board.

(press release)

March 14, 2022: US v. Andrey Muraviev

September 17, 2020 indictment against the funder for Lev Parnas’ cannabis donations, Andrey Murviev. The S2 indictment is otherwise identical to the S1 indictment obtained the same day, though with Muraviev identified. (press release; my post)

SDNY 19-cr-725

March 17, 2022: Treasury creates task force to target Oligarchs

(press release)

March 18, 2022: Baltic states expel diplomats

Baltic states expel 10 diplomats.

March 24, 2021: Treasury sanctions targeting industrial base

Sanctions targeting military industrial complex, Duma members, Herman Oskarovich Gref.

(press release)

March 24, 2022: US v. Evgeny Viktorovich Gladkikh

June 29, 2021 indictment against Evgeny Gladkikh for Triton hacking operations targeting refineries and other energy facilities

(press release)

DC 21-cr-442

March 24, 2022: US v. Pavel Aleksandrovich Akulov

August 26, 2021 indictment against three FSB officers working as part of the Dragonfly or Berzerk Bear hacking group for targeting ICS systems.

(press release)

KS 21-cr-20047

March 29, 2022: Europeans expel diplomats

Ireland expels 4 “diplomats.”

Lithuania expels

March 31, 2022: Treasury focuses on sanctions-evasion network

Treasury adds sanctions against companies used to evade sanctions, four key Russian tech companies, and the head of the organization for which Gladkikh works, TsNIIKhM’s General Director, Sergei Alekseevich Bobkov and itsDeputy General Director, Konstantin Vasilyevich Malevanyy.

April 4, 2022: FBI and Spanish authorities freeze Viktor Vekselberg’s yacht, Tango

FBI and Spanish authorities freeze Viktor Vekselberg’s yacht, Tango, for sanction violations and money laundering efforts to evade those sanctions.

Also Germany expels 40 “diplomats” and France expels 35.

April 5: Dmitry Pavlov and Hydra Market

DOJ charged Dmitry Pavlov and, with German assistance, shut down the Hydra Market to which he leased a server.

(press release)

April 6: Semion Meogilevich, Konstantin Malofeyev, additional sanctions on Sberbank, Alfa Bank, and Putin, Medvedev, and Lavrov’s families, Cyclops Blink

Department of State offers a $5 million reward for information leading to Semion Mogilevich’s arrest.

FBI wanted poster

DOJ charged Konstantin Malofeyev under the mirror charges to those against Jack Hanick.

(press release)

The White House added sanctions to Sberbank and Alfa Bank, added new restrictions on US investments in Russia, and added family members of Putin, Medvedev, and Lavrov’s families.

(press release)

DOJ rolled out the shut-down, in March, of the Cyclops Blink botnet run by Sandworm.

March 18 warrant

March 23 warrant

(press release)

April 14: Aleksandr Mikhaylovich Babakov

(press release)

Indictment

April 20: Malofeyev’s network

Treasury sanctions Malofeyev’s family, sanctions-evasion, and influence networks

(press release)

April 26: Sandworm

State offers a $10 million reward for six hackers involved in the Sandworm NotPetya attack.

(press release)

May 5: Pursuant to a US warrant, Fiji seizes Oligarch Suleiman Kerimov’s yacht

Fiji seized the $300 million yacht pursuant to a US based warrant.

(press release)

September 30: Treasury sanctions a ton of Duma and Federation members

These sanctions were prepared as a response to Russia’s claim to have annexed additional parts of Ukraine.

Poor Donald Trump Got Dumped

h/t rocksunderwater (public domain)

Poor Donald Trump.

He’s been having a terrible, horrible, no good, very bad day, every day for about the last six weeks. He lost the election, then in his battle to overturn things in court he lost and lost and lost and lost some more, each time more bigly than that last. But the worst day, the most terrible horrible no good very bad day of them all, had to be last Sunday, when the Russian electronic spying operation using Solar Wind to hack into highly sensitive government and corporate networks became public.

There has been a lot written about the potential damage of the Solar Wind mess, both in terms of national security and corporate secrets, most of which is speculation. But there is one bit of enormous damage that is obvious, not at all speculative, but is getting no attention at all from anyone.

Along with the rest of the world, Donald Trump just learned that he got dumped by Vladimir Putin.

We almost made it up where they are
But losing your love
Brought me down hard
Now I’m just hanging, just getting by
Where expectations aren’t that high, but

Here on cloud 8
A lotta nothing’s going on
I’m just drifting day to day
Out here on my own
While up on cloud 9
I hear ’em party all the time
They don’t hear my heart break
Down here on cloud 8

Poor Donald. He just learned that Putin has been doing stuff behind his back, all while Putin has been telling him that he’s Putin’s BFF. It’s been almost a week, and poor Donald still can’t come to grips with it.

He’s tweeted about getting the COVID-19 vaccines out (“Yay Me!”) He’s tweeted about the “fact” that he actually won the election and condemned everyone who has failed to have his back (Brian Kemp, he’s looking at you). He’s tweeted about bizarre public health theories (“masks and lockdowns don’t work!”). He’s tweeted about vetoing the defense bill in order to defend 19th century traitors. He’s tweeted about Senator-to-be Tommy Tuberville, on whom he’s pinning his hopes of overturning the election when the electoral college vote gets to Congress. He’s tweeted against Mitch McConnell for arguing against this. But despite this flood of tweets, the one thing he can’t bear to tweet about is being dumped.

And it’s not just that he got dumped. It’s that Putin cheated on him.

He cheated on Trump for months, privately whispering sweet nothings in his ear in their special phone calls, while working behind Trump’s back. Worst of all, in Trump’s mind the hack tells Trump that Putin believed that Trump would lose, and Putin needed to take advantage of Trump’s blindness while he could.

And it’s not just that Putin cheated on him and didn’t believe in him. It’s that everyone knows that Putin cheated on him

Angela Merkel knows. Boris Johnson knows. Emmanuel Macron knows. Justin Trudeau knows. Xi Jinping knows. Kim Jong Un knows. Jacinda Ardern knows. Even Andrés Manuel López Obrador knows about it, and Trump is sure that everyone in Mexico is laughing at him. Even the nobodies who rule those shithole countries know, and they’re laughing too. Putin made him look like a fool in front of everyone in the whole cafeteria world, and they’re all laughing at him.

And it’s not just that Putin made him look like a fool. It’s that there’s not a damn thing that Trump can do about it.

Everyone knows that Trump has been played, bigly. Trump can’t run a PR operation to deflect things. He can’t deny that it ever happened. He can’t say that he dumped Putin and not the other way around. He can’t pretend it doesn’t hurt. And he can’t keep everyone in the whole damn world from talking about it, and from laughing about him behind his back.

While up on cloud 9
I hear ’em party all the time
They don’t hear my heart break
Down here on cloud 8
They don’t hear my heart break
Down here on cloud 8

And before you think this is all a good laugh, and that Trump got what’s been coming to him, I’ve got two words for you: John Hinckley. Something tells me that Trump does not take well to being dumped, being cheated on, and being held up before the world as a fool.

And that scares me.

“These Actions Have Targeted Not Only against Russia, But Also Against the President Elect”

Given the news that Donald Trump is considering pardoning Edward Snowden, there has been a lot of discussion about why Trump would do this.

It’s actually not a deviation from past actions. Just seven days after the election, Trump’s rat-fucker started working on a pardon for Julian Assange, something that Trump offered a very circumscribed answer to Mueller about. He continued to entertain such proposals, and even ordered then CIA Director Mike Pompeo to consider a theory purporting to undermine the Russian attribution of the hack, one understood to be tied to an Assange pardon.

And on March 15, 2017, Trump shared information with Tucker Carlson that would have tipped off Joshua Schulte that the FBI considered him the culprit behind the Vault 7 leaks. While Trump shared that information hours before the FBI searched Schulte’s residence and seized his passports (including a diplomatic passport he never returned to CIA), there’s no evidence that information was made public before the FBI confronted Schulte that night. Had it, though, Trump’s comments might have led Schulte to accelerate a trip to Mexico he already had scheduled. John Solomon would even go on to blame Jim Comey for not pardoning Assange in advance of the Vault 7 releases.

So Trump has repeatedly undermined the prosecution of people who released large amounts of intelligence community secrets. Snowden would just be part of a pattern.

There’s some complaint that Trump opponents — including Adam Schiff — have suggested Trump would do this (dramatically altering his prior stance) because of Putin.

In fact, Russia has deliberately encouraged Trump to believe Russia and Trump were on the same side, opposed to the US intelligence community, since weeks before he was even inaugurated.

When, on December 31, 2016, Sergey Kislyak called Mike Flynn to tell him that his intervention to undermine sanctions on Russia for interfering in the 2016 election had succeeded in persuading Putin to take no action, Kislyak told Flynn that Russia considered the sanctions — for a hostile attack on this country!!! — to be an attack targeting not just Russia, but Trump himself.

KISLYAK: Uh, you know I have a small message to pass to you from Moscow and uh, probably you have heard about the decision taken by Moscow about action and counter-action.

FLYNN: yeah, yeah well I appreciate it, you know, on our phone call the other day, you know, I, I, appreciate the steps that uh your president has taken. I think that it is was wise.

KISLYAK: I, I just wanted to tell you that our conversation was also taken into account in Moscow and …

FLYNN: Good

KISLYAK: Your proposal that we need to act with cold heads~ uh, is exactly what is uh, invested in the decision.

FLYNN: Good

KISLYAK: And I just wanted to tell you that we found that these actions have targeted not only against Russia, but also against the president elect.

FLYNN: yeah, yeah.

“Yeah, yeah,” Trump’s weak-kneed National Security Advisor with 30 years intelligence experience said in reply.

We don’t need to speculate about whether Russia has encouraged Trump to view Russia as an ally against a hostile American Intelligence Community. We have proof. And even Mike Flynn, with a victim complex only a fraction as Yuge as Trump’s own, simply nodded along.

I mean, if Trump does pardon Snowden, by all means he should accept it — it likely would save his life.

But if you believe Trump is considering this out of any belief in whistleblowing or transparency — or even opposition to the surveillance that has ratcheted up and gotten less accountable under his Administration — you’re simply deceiving yourself.

And, yes, there is concrete evidence that Russia has cultivated Trump’s antagonism against the IC — well before Trump’s own actions led the FBI investigate him personally — so much that he might pardon Snowden to harm them.

George Papadopoulos Tied the Utility of Russian Dirt to the Campaign’s Plan to Use Dirt to Win

Judicial Watch has once again liberated documents from DOJ that undermine their narrative about the Russian investigation (and, in this case, provides yet another reason to question the fidelity of the DOJ IG Report on Carter Page).

In the DOJ IG Report, it provides a description of the tip Australia provided to State which got passed on to the FBI. The most complete description of that (pages 51 to 52) introduces a block quote describing the tip by explaining the Australian tip “stated, in part, that Papadopoulos”

suggested the Trump team had received some kind of suggestion from Russia that it could assist this process with the anonymous release of information during the campaign that would be damaging to Mrs. Clinton (and President Obama). It was unclear whether he or the Russians were referring to material acquired publicly of [sic] through other means. It was also unclear how Mr. Trump’s team reacted to the offer. We note the Trump team’s reaction could, in the end, have little bearing of what Russia decides to do, with or without Mr. Trump’s cooperation.

The IG Report never quotes what the other part of the memo is, but it does quote a long excerpt from a Bill Priestap transcript describing that Papadopoulos expressed confidence (in April!) that Trump would win, in part because of how much dirt the campaign had on Hillary.

In fact, the information we received indicated that Papadopoulos told the [FFG] he felt confident Mr. Trump would win the election, and Papadopoulos commented that the Clintons had a lot of baggage and that the Trump team had plenty of material to use in its campaign.

Priestap understood that the campaign planned to win by using the dirt it had on Hillary Clinton.

Judicial Watch just liberated the FBI document memorializing on the tip. It too, redacts that other part of what Australia passed on (bizarrely, under source and law enforcement exemptions, not privacy, which seem like easily challenged exemptions).

But laid out like this (particularly given the length of the redaction as compared to Priestap’s description), it makes the context more clear.

Papadopoulos said Trump would win because they had dirt on Hillary and then suggested Russia could “assist this process” — that is, using dirt to win the election — by anonymously releasing information damaging to Hillary.

The “this process” hidden behind the redaction is “using dirt to win the election.” The antecedent of “this process” must be (because that description does not and could not appear anywhere else), using dirt to win the election.

It is, perhaps, a subtle thing. But in context as the FBI received it, Papadopoulos tied Russia anonymously dropping dirt on Hillary to the centrality of dirt on Hillary in the Trump campaign’s plan to win. It is true that the tip does not describe Papadopoulos confirming that the campaign would use the Russian dirt or had entered into a relationship to do so.

But particularly given the way Roger Stone claimed WikiLeaks was going to release Clinton Foundation documents while he was boasting of ties to WikiLeaks — that is, the dirt Trump had treated as the Holy Grail all along — the way Papadopoulos tied anonymously released damaging information from Russia to the utility of using dirt to win the election explains the FBI reaction.

Papadopoulos didn’t just raise Russia offering dirt to help win. It raised it in the context of the Trump plan to win by using dirt.

The Kinds and Significance of Russian Interference — 2016 and 2020

Trump’s meltdown last week — in which he purged top staffers at the Director of National Intelligence after a briefing on Russian interference in the 2020 election, followed by National Security Advisor Robert O’Brien making shit up on Meet the Press — has created a firestorm about Russian interference in the 2020 election. That firestorm, however, has spun free of what ways Russia interfered in 2016 and what effect it had.

Five ways Russia interfered in 2016

First, remember that there were at least five ways Russia interfered in 2016:

  • Stealing information then releasing it in a way that treats it as dirt
  • Creating on-going security challenges for Hillary
  • Using trolls to magnify divisions and feed disinformation
  • Tampering with the voting infrastructure
  • Influence peddling and/or attempting to recruit Trump aides for policy benefits

Stealing information then releasing it in a way that treats it as dirt

The most obvious way Russia interfered in 2016 was by hacking the DNC, DCCC, and John Podesta (it also hacked some Republicans it did not like). It released both the DNC and Podesta data in such a way as to exaggerate any derogatory information in the releases, successfully distracting the press for much of the campaign and focusing attention on Hillary rather than Trump. It released DCCC information that was of some use for Republican candidates.

Roger Stone took steps — not all of which are public yet — to optimize this effort. In the wake of Stone’s efforts, he moved to pay off one participant in this effort by trying to get a pardon for Julian Assange.

Creating on-going security challenges for Hillary

In addition to creating a messaging problem, the hack-and-leak campaign created ongoing security challenges for Hillary. Someone who played a key role in InfoSec on the campaign has described the Russian effort as a series of waves of attacks. The GRU indictment describes one of those waves — the efforts to hack Hillary’s personal server — which came in seeming response to Trump’s “Russia are you listening” comment. An attack that is often forgotten, and from a data perspective was likely one of the most dangerous, involved a month-long effort to obtain Hillary’s analytics from the campaign’s AWS server.

Whatever happened with this data, the persistence of these attacks created additional problems for Hillary, as her staff had to spend time playing whack-a-mole with Russian hackers rather than optimizing their campaign efforts.

Using trolls to magnify divisions and feed disinformation

Putin’s “chef,” Yevgeniy Prigozhin, also had staffers from his troll factory in St. Petersburg shift an ongoing campaign that attempted to sow division in the US to adopt a specific campaign focus, pushing Trump and attacking Hillary. Importantly, Prigozhin’s US-based troll effort was part of a larger multinational effort. And it was in no way the only disinformation and trolling entity involved in the election. Both parties did some of this, other countries did some, and mercenaries trying to exploit social media algorithms for profit did some as well.

Tampering with the voting infrastructure

Russia also tampered with US voting infrastructure. In 2016, this consisted of probing most states and accessing voter rolls in at least two, though there’s no evidence that Russian hackers made any changes. In addition, Russian hackers targeted a vendor that provided polling books, with uncertain results. The most substantive evidence of possible success affecting the vote in 2016 involved failures of polling books in Durham County, NC, which created a real slowdown in voting in one of the state’s most Democratic areas.

In recent days, there have been reports of a ransomware attack hitting Palm Beach County in September 2016, but it is unclear whether this was part of the Russian effort.

Because there’s no certainty whether the Russian hack of VR Systems was behind the Durham County problems, there’s no proof that any of these efforts affected the outcome. But they point to the easiest way to use hacking to do so: by making it harder for voters in particular areas to vote and harder for specific localities to count the vote.

Some of what Russia did in 2016 — such as probes of a particularly conservative county in FL — may have been part of Russia’s effort to discredit the outcome. They didn’t fully deploy this effort because Trump won.

Influence peddling and/or attempting to recruit Trump aides for policy benefits

Finally, Russia accompanied its other efforts with various kinds of influence peddling targeting Trump’s aides. It was not the only country that did so: Saudi Arabia, Egypt, Turkey, UAE, and Israel were some of the others. Foreign countries were similarly trying to target Hillary’s campaign — and the UAE effort, at least, targeted both campaigns at once, through George Nader.

Importantly, however, these efforts intersected with Russia’s other efforts to interfere in the election in ways that tied specific policy outcomes to Russia’s interference:

  • An unrealistically lucrative Trump Tower deal involved a former GRU officer and sanctioned banks
  • At a meeting convened to offer Trump dirt about Hillary, Don Jr agreed in principle to revisit ending Magnitsky sanctions if Trump won
  • George Papadopoulos pitched ending sanctions to Joseph Mifsud, who had alerted him that Russia had emails they intended to drop to help Trump
  • Paul Manafort had a meeting that tied winning the Rust Belt, carving up Ukraine, and getting paid personally together; the meeting took place against the background of sharing internal polling data throughout the campaign

As I’ll note in a follow-up, information coming out in FOIAed 302s makes it clear that Mike Flynn’s effort to undercut Obama’s December 2016 sanctions was more systematic than the Mueller Report concludes. So not only did Russia make it clear it wanted sanctions relief, Trump moved to give it to them even before he got elected (and his Administration found a way to exempt Oleg Deripaska from some of these sanctions).

Manafort continued to pursue efforts to carve up Ukraine until he went to jail. In addition, Trump continues to take actions that undercut Ukraine’s efforts to fight Russia and corruption. Neither of these have been tied to a specific quid pro quo (though the investigation into Manafort’s actions, especially, remained inconclusive at the time of the Mueller Report).

So while none of these was charged as a quid pro quo or a conspiracy (and the reasons why they weren’t vary; Manafort lied about what he was doing, and why, whereas Mueller couldn’t prove Don Jr had the mens rea of entering into a quid pro quo), Russia tied certain policy outcomes to its interference.

Trump’s narcissism and legal exposure exacerbated the effects

The Russian attack was more effective than it otherwise would have been for two reasons. First, because he’s a narcissist and because Russia built in plausible deniability, Trump refused to admit that Russia did try to help him. Indeed, he clings more and more to Russian disinformation about what happened, leading the IC to refuse to brief him on the threat, leading to last week’s meltdown.

In addition, rather than let FBI investigate the people who had entered into discussions of a quid pro quo, Trump obstructed the investigation. Trump has spent years now attacking the rule of law and institutions of government rather than admit what DOJ IG found — there was reason to open the investigation, or admit what DOJ found — there was reason to prosecute six of his aides for lying about what happened.

The Russian effort was just one of the reasons Hillary lost

It’s also important to remember that Russia’s interference was just one of the many things that contributed to Hillary’s loss.

Other aspects were probably more important. For example, Republican voter suppression, particularly in Wisconsin and North Carolina, was far more important than any effect the VR Systems hack may have had in Durham County. Jim Comey’s public statements about the email investigation had at least as much effect as the Russian hack-and-leak campaign did on press focus. Hillary made some boneheaded choices — like barely campaigning in WI and MI; while I had worried that she made those choices because Russia tampered with her analytics (with the AWS hack), that doesn’t seem to have happened. Disinformation sent by the Trump campaign and associates was more significant than Russian disinformation. It didn’t help that the Obama Administration announced a sharp spike in ObamaCare prices right before the election.

The response matters

As noted, Trump’s narcissism dramatically increased the effect of the Russian efforts in 2016, because he has always refused to admit it happened.

Compare that to Bernie’s response to learning that Russia was trying to help his campaign, which accepted that it is happening and rejected the help.

“I don’t care, frankly, who [Russian President Vladimir] Putin wants to be president,” Sanders said in a statement. “My message to Putin is clear: Stay out of American elections, and as president I will make sure that you do.

“In 2016, Russia used Internet propaganda to sow division in our country, and my understanding is that they are doing it again in 2020. Some of the ugly stuff on the Internet attributed to our campaign may well not be coming from real supporters.”

This was not perfect — Bernie could have revealed this briefing himself weeks ago, Bernie blamed the WaPo for reporting it when it seems like the story was seeded by O’Brien. But it was very good, in that it highlighted the point of Russian interference — sowing divisions — and it reaffirmed the import of Americans selecting who wins. Plus, contrary to Trump, there’s no reason to believe Bernie would pursue policies that specifically advantaged Russia.

Other factors remain more important than Russian interference

There’s very serious reason to be concerned that Russia will hack the outcome of 2020. After all, it would need only to affect the outcome in a small number of precincts to tip the result, and the prospect of power outages or ransomware doing so in urgent fashion have grown since 2016.

That said, as with 2016, there are far more urgent concerns, and those concerns are entirely American.

Republicans continue to seek out new ways to suppress the vote, including by throwing large swaths of voters off the rolls without adequate vetting. There are real concerns about voting machines, particularly in Georgia (and there are credible concerns about the reliability of GA’s tally in past elections). Republicans have continued to make polling locations less accessible in Democratic precincts than in Republican ones.

Facebook refuses to police the accuracy of political ads, and Trump has flooded Facebook with disinformation.

And Bloomberg’s efforts this year — which include a good deal of trolling and disinformation — are unprecedented in recent memory. His ad spending has undercut the ability to weigh candidates. And his personnel spending is increasing the costs for other candidates.

Russian efforts to sway the vote are real. Denying them — as some of Bernie’s supporters are doing in ways that hurt the candidate — does not help. But, assuming DHS continues to work with localities to ensure the integrity of voting infrastructure, neither does overplaying them. Between now and November there’s far more reason to be concerned about American-funded disinformation and American money distorting our democratic process.

Cloud Computing and the Single Server

[NB: Check the byline, thanks. /~Rayne]

I’ve been meaning to write about this for a while. Push came to shove with Marcy’s post this past week on Roger Stone and the Russian hack of the DNC’s emails as well as her post on Rick Gates’ status update which intersects with Roger Stone’s case.

First, an abbreviated primer about cloud computing. You’ve likely heard the term before even if you’re not an information technology professional because many of the services you use on the internet rely on cloud computing.

Blogging, for example, wouldn’t have taken off and become popular if it wasn’t for the concept of software and content storage hosted somewhere in a data center. The first blogging application I used required users to download the application and then transfer their blogpost using FTP (file transfer protocol) to a server. What a nuisance. Once platforms like Blogger provided a user application accessible by a browser as well as the blog application and hosting on a remote server, blogging exploded. This is just one example of cloud computing made commonplace.

Email is another example of cloud computing you probably don’t even think about, though some users still do use a local email client application like Microsoft’s proprietary application Outlook or Mozilla’s open source application Thunderbird. Even these client applications at a user’s fingertips rely on files received, sent, managed, and stored by software in a data center.

I won’t get into more technical terms like network attached storage or storage area network or other more challenging topics like virtualization. What the average American needs to know is that a lot of computing they come in contact every day isn’t done on desktop or laptop computers, or even servers located in a small business’s office.

A massive amount of computing and the related storage operates and resides in the cloud — a cutesy name for a remotely located data center.

This is a data center:

Located in Council Bluffs, Iowa, this is one of Google’s many data centers. In this photo you can see racks of servers and all the infrastructure supporting the servers, though some of it isn’t readily visible to the untrained eye.

This is another data center:

This is an Amazon data center, possibly one supporting Amazon Web Services (AWS), one of the biggest cloud service providers. Many of the sites you visit on the internet every day purchase their hosting and other services from AWS. Some companies ‘rent’ hosting space for their email service from AWS.

Here’s a snapshot of a technician working in a Google data center:

Beneath those white tiles making up the ‘floor’ are miles and miles of network cables and wiring for power as well as ventilation systems. More cables, wires, and ventilation run overhead.

Note the red bubble I’ve added to the photo — that’s a single blade-type server inserted into a rack. It’s hard to say how much computing power and storage that one blade might have had on it because that information would have been (and remains) proprietary — made to AWS specifications, which change with technology’s improvements.

These blades are swapped out on a regular maintenance cycle, too, their load shifted to other blades as they are taken down and replaced with a new blade.

Now ask yourself which of these servers in this or some other data center might have hosted John Podesta’s emails, or those of 300 other people linked to the Clinton campaign and the Democratic Party targeted by Russia in the same March 2016 bulk phishing attack?

Not a single one of them — probably many of them.

And the data and applications may not stay in one server, one rack, one site alone. It could be spread all over depending on what’s most efficient and available at any time, and the architecture of failover redundancy.

~ ~ ~
Some enterprises may not rely on software-as-a-service (SaaS), like email, hosted in a massive data center cloud. They might instead operate their own email server farm. Depending on the size of the organization, this can be a server that looks not unlike a desktop computer, or it can be a server farm in a small data center.

(The Fortune 100 company for which I once worked had multiple data centers located globally, as well as smaller server clusters located on site for specialized needs, ex. a cluster collecting real-time telemetry from customers. Their very specific needs as well as the realistic possibility that smaller businesses could be spun off required more flexibility than purchasing hosted services could provide at the time.)

And some enterprises may rely on a mix of cloud-based SaaS and self-maintained and -hosted applications.

In 2016 the DNC used Microsoft Exchange Server software for its email across different servers. Like the much larger Google-hosted Gmail service, users accessed their mail through browsers or client applications on their devices. The diagrams reflecting these two different email systems aren’t very different.

This is a representation of Google’s Gmail:

[source: MakeInJava(.)com]

This is a representation of Microsoft Exchange Server:

Users, through client/browser applications, access their email on a remote server via the internet. Same-same in general terms, except for scale and location.

If you’ve been following along with the Trump-Russia investigation, you know that there’s been considerable whining on the part of the pro-Trump faction about the DNC’s email server. They question why a victim of a hack would not have turned over their server to the FBI for forensic investigation and instead went to a well-known cybersecurity firm, Crowdstrike, to both stop the hack, remove whatever invasive tools had been used, and determine the entity/ies behind the hack.

A number of articles have been written explaining the hacking scenario and laying out a timeline. A couple pieces in particular noted that turning over the server to the FBI would have been disruptive — see Kevin Poulsen in The Daily Beast last July, quoting former FBI cybercrime agent James Harris:

“In most cases you don’t even ask, you just assume you’re going to make forensic copies…For example when the Google breach happened back in 2009, agents were sent out with express instructions that you image what they allow you to image, because they’re the victim, you don’t have a search warrant, and you don’t want to disrupt their business.”

Poulsen also quantified the affected computing equipment as “140 servers, most of them cloud-based” meaning some email and other communications services may have been hosted outside the DNC’s site. It would make sense to use contracted cloud computing based on the ability to serve widespread locations and scale up as the election season crunched on.

But what’s disturbing about the demands for the server — implying the DNC’s email was located on a single computer within DNC’s physical control — is not just ignorance about cloud computing and how it works.

It’s that demands for the DNC to turn over their single server went all the way to the top of the Republican Party when Trump himself complained — from Helsinki, under Putin’s watchful eye — about the DNC’s server:

“You have groups that are wondering why the FBI never took the server. Why didn’t they take the server? Where is the server, I want to know, and what is the server saying?”

And the rest of the right-wing Trumpist ecosphere picked up the refrain and maintains it to this day.

Except none of them are demanding Google turn over the original Gmail servers through which John Podesta was hacked and hundreds of contacts phished.

And none of the demands are expressly about AWS servers used to host some of DNC’s email, communications, and data.

The demands are focused on some indeterminate yet singular server belonging to or used by the DNC.

~ ~ ~
The DNC had to shut down their affected equipment and remove it from their network in order to clean out the intrusion; some of their equipment had to be stripped down to “bare metal,” meaning all software and data on affected systems were removed before they were rebuilt or replaced. 180 desktops and laptops had to be replaced — a measure which in enterprise settings is highly disruptive.

Imagine, too, how sensitive DNC staff were going forward about sharing materials freely within their organization, not knowing whether someone might slip and fall prey to spearphishing. There must have been communications and impromptu retraining about information security after the hack was discovered and the network remediated.

All of this done smack in the middle of the 2016 election season — the most important days of the entire four-year-long election cycle — leading into the Democratic Party’s convention.

(This remediation still wasn’t enough because the Russians remained in the machines into October 2016.)

If the right-wing monkey horde cares only about the DNC’s “the server” and not the Google Gmail servers accessed in March 2016 or the AWS servers accessed April through October 2016, this should tell you their true aim: It’s to disrupt and shut down the DNC again.

The interference with the 2016 election wasn’t just Russian-aided disinformation attacking Hillary Clinton and allies, or Russian hacks stealing emails and other files in order to leak them through Wikileaks.

The interference included forcing the DNC to shut down and/or reroute parts of its operation:

(excerpt, p. 22, DNC lawsuit against Russian Federation, GRU, et al)

And the attack continues unabated, going into the 2020 general election season as long as the right-wing Trumpists continue to demand the DNC turn over the server.

There is no one server. The DNC shouldn’t slow or halt its operations to accommodate opponents’ and suspects’ bad faith.

~ ~ ~
As for Trump’s complaint from Helsinki: he knows diddly-squat about technology. It’s not surprising his comments reflected this.

But he made these comments in Helsinki, after meeting with Putin. Was he repeating part of what he had been told, that Russia didn’t hack the server? Was he not only parroting Putin’s denial but attempting to obstruct justice by interfering in the investigation by insisting the server needed to be physically seized for forensic inspection?

~ ~ ~
With regard to Roger Stone’s claims about Crowdstrike, his complaints aren’t just a means to distract and redirect from his personal exposure. They provide another means to disrupt the DNC’s normal business going forward.

The demands are also a means to verify what exactly the Special Counsel’s Office and Crowdstrike found in order to determine what will be more effective next time.

The interference continues under our noses.

This is an open thread.

What if Julian Assange Flipped?

I’ve said this before, I’ll say it again: I hope to hell Chelsea Manning’s advisors are cognizant of the ways her attempts to avoid testifying against Julian Assange may put her in unforeseen legal jeopardy.

I’m thinking of that anew given my consideration of what I consider to be a distant, but real, possibility: that the US government would offer Assange a plea deal on the current charge he faces in exchange for testimony in a range of other issues. The idea is crazy, but perhaps not as crazy as it sounds.

As I laid out in this post, it seems the US government has been carefully orchestrating the Assange arrest since Ecuador first applied for diplomatic status for him in 2017 in an attempt to exfiltrate him, possibly to Russia. They’re now on the clock, with (depending on which expert you ask) just 44 more days to lard on the additional charges multiple outlets have reported are coming. Meanwhile, he’s being held at Belmarsh, with conflicting stories about what kind of visitors he’s been permitted — though the UN Special Rapporteur for Privacy did visit him this week. Though I’ve asked some top experts, it’s not entirely clear whether, if he were being interrogated right now, that’d be under UK law or US law; the former has fewer protections against self-incrimination for people being detained.

One passage of the Mueller Report may provide an explanation for why his prosecutors didn’t obtain Julian Assange’s testimony.

The Office limited its pursuit of other witnesses and information-such as information known to attorneys or individuals claiming to be members of the media-in light of internal Department of Justice policies. See, e.g., Justice Manual §§ 9-13.400, 13.410.

Assange would fall squarely within DOJ policy covering people who are subjects or targets of an investigation for activities related to their news-gathering activities.

Member of the news media as subject or target. In matters in which a member of the Department determines that a member of the news media is a subject or target of an investigation relating to an offense committed in the course of, or arising out of, newsgathering activities, the member of the Department requesting Attorney General authorization to use a subpoena, 2703(d) order, or 3123 order to obtain from a third party the communications records or business records of a member of the news media shall provide all facts necessary to a determination by the Attorney General regarding both whether the member of the news media is a subject or target of the investigation and whether to authorize the use of such subpoena or court order. 28 C.F.R. 50.10(c)(5)(i). If the Attorney General determines that the member of the news media is a subject or target of an investigation relating to an offense committed in the course of, or arising out of, newsgathering activities, the Attorney General’s determination should take into account the principles reflected in 28 C.F.R. 50.10(a), but need not take into account the considerations identified in 28 C.F.R. 50.10(c)(5)(ii) – (viii). Id. Members of the Department must consult with the PSEU regarding whether a member of the news media is a subject or target of an investigation related to an offense committed in the course of, or arising out of, newsgathering activities.

The EDVA case appears to have gotten over this policy (perhaps by distinguishing the assistance on cracking a password from newsgathering activities); but it’s not clear Mueller did (especially given the discussion of First Amendment considerations in passages relating to WikiLeaks). In any case, this calculus may change given that he’s in British, not US custody.

And there has been very little reporting on what’s going on with him — or with US investigations into him.

There are a number of investigations the government would love to get his testimony on, including:

Testimony against Joshua Schulte

Schulte is the accused Vault 7 leaker. WikiLeaks has been far less circumspect about the possibility he’s their source than with other leakers (while also engaging in far less of an effort to lay the case that he’s a whistleblower). Plus, the government has video evidence of Schulte attempting to leak classified information.

But thus far, Schulte’s prosecution has been slowed by CIA’s reluctance to share the classified information Schulte needs to defend himself. Plus, the FBI apparently bolloxed up the initial search warrants for Schulte (in what I suspect was a sloppy effort at parallel construction), which Schulte has been trying to win the ability to speak publicly about for over a year; he recently appealed a decision denying him a request to exempt those initial warrants from his protective order.

To the extent that Assange and Schulte (if he is really the Vault 7 source) communicated — and there’s good reason to believe WikiLeaks did communicate in advance of this publication — then Assange might be able to provide testimony that would get beyond the classification problems.

Testimony about the response to his pardon requests (including Roger Stone’s role in it)

I also believe that DOJ continues to investigate the long effort — an effort that includes Roger Stone, whom prosecutors say is still under investigation — in brokering a pardon for Assange, possibly in part for Assange providing disinformation about where the Democratic documents came from. Consider that, as recently as November, Mueller was trying to learn whether Trump had discussed pardoning Assange before his inauguration, a question about which Trump was especially contemptuous, even given his overall contempt for responding to questions.

Then there’s a subtle point I find really interesting. When the Mueller Report lays out all the times Don Jr magnified Russian trolls, it noted that the failson’s fondness for Russian propaganda continued after the election.

96 See, e.g., @DonaldJTrumpJr 10/26/16 Tweet (“RT @TEN_GOP: BREAKING Thousands of names changed on voter rolls in Indiana. Police investigating #VoterFraud. #DrainTheSwamp.”); @DonaldJTrumpJr 11/2/16 Tweet (“RT @TEN_GOP: BREAKING: #VoterFraud by counting tens of thousands of ineligible mail in Hillary votes being reported in Broward County, Florida.”); @DonaldJTrumpJr 11/8/16 Tweet CRT @TEN_GOP: This vet passed away last month before he could vote for Trump. Here he is in his #MAGA hat. #voted #ElectionDay.”). Trump Jr. retweeted additional @TEN_GOP content subsequent to the election.

[snip]

103 @DonaldJTrumpJr 11/7/16 Tweet (“RT @Pamela jetonc13. Detroit residents speak out against the failed policies of Obama, Hillary & democrats . . . . “) [my emphasis]

The page-long section (page 60) that lays out Don Jr’s innocuous pre-election interactions (which is how I described them when they were first published) does not, similarly, note the President’s son’s more damning interactions with WikiLeaks that took place after the election, where Assange once privately

Hi Don. Hope you’re doing well! In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to DC “That’s a really smart tough guy and the most famous australian you have! ” or something similar. They won’t do it, but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons. 12/16/16 12:38PM

And then publicly asked for an Ambassadorship that would amount to a pardon.

Given the thoroughness of the report, I find the silence about these exchanges to be notable.

Admittedly, one aspect of the pardon campaign implicates Assange far more than (at least given the public details) it does Trump: his seeming attempt at extortion using the CIA’s hacking tools. But that doesn’t mean the government wouldn’t like his testimony about the larger effort, and I have reason to suspect that is something they were pursuing via other channels as well.

WikiLeaks’ ongoing interactions with Russia

Finally, I’m sure the US government would be willing to give Assange some consideration if he offered to describe his interactions with Russia over the years. The most public aspect of that was the WikiLeaks effort to get Snowden safely out of Hong Kong, which ended unexpectedly in Russia. But there are also credible allegations WikiLeaks engaged in some catch-and-kill of damning documents, most publicly with an incriminating document from the Syria Files. Emma Best looks more closely at that incident in a longer profile of a Russian hacker, Maksym Igor Popov, who seemed to shift loyalties back and forth from the US to Russia even while cultivating Anonymous.

Simultaneously, Sabu, who had been boasting about an alleged breach of Iranian systems, pivoted to the then-pending Syria files. “We owned central syrian bank and got all their emails,” he told Popov. There were “a lot of scandals” in those emails. In the 2012 exchange, Popov is told about an alleged email revealing that Syria had secretly sent Russia billions of Euros. Sabu appears to confuse the amount, which was 2 billion, with an amount from a similar transfer involving an Austrian bank. Reporting by The Daily Dot implies that the two emails were often discussed in the same conversation, while also revealing that the email Sabu was describing to the alleged Russian contractor was omitted from WikiLeaks’ eventual release.

WikiLeaks responded to the reporting by claiming that they “either never had the data or [that it was] in some strange MIME format so it isn’t indexed,” and that the reporting was an attack on WikiLeaks that was meant “to help HRC.”

Popov was impressed by Sabu’s description of the Syria emails, though he briefly confused them with another, unspecified cache that Sabu hinted Popov helped release. “If you want real access to the emails, I can [give it to you],” Sabu offered. Popov responded ecstatically, saying he could use it to create disinformation and fabricate conspiracies. Undaunted by Popov’s intended use for the emails, Sabu said he’d “try to set it all up soon.”

This exchange occurred several months after WikiLeaks received the first batch of the Syria files and several weeks after WikiLeaks gave the LulzSec hackers private access to a search engine to help parse the Stratfor emails which the group had also provided to WikiLeaks.

19:16 <Sabu> though we did very well on syria.. we owned central syrian bank and got all their emails 19:16 <LoD> and Nepalese hack 19:16 <Sabu> a lot of scandals ... like syria sending russia 5 billion euros before civil unrest and when russia sent warsip to trait of whateves its called 19:16 <LoD> Ive actually checked it RESPECT syria gave me some things to mastermind my next operations those email accounts were of much help to improve our strategy 19:17 <LoD> i give you thumbs up 19:17 <Sabu> well we didn't realease it yet ... that was another small hack you released. if you want real access to emails I can ive you 19:17 <LoD> really? 19:17 <LoD> can you? 19:17 <LoD> man I WILL BE in DEBT 19:17 <LoD> I can utilize it in my release 19:18 <LoD> to create a conspiracy 19:18 <Sabu> ya I'll try to set it all up soon

If Popov acquired early access to the Syria files, it would have been the score of a lifetime, giving him an exclusive early inside look at corporations and governments. However, as any later logs of discussions between Popov and Sabu aren’t part of the leaked file, it’s unclear if Popov actually received early access to the Syria files.

Already by this time period in 2011, some former Anons were expressing concern that their operations were being facilitated by Russian infrastructure.

Some followers came to believe that the leaders sought only personal aggrandisement or were effectively in cahoots with the organised criminals who may have raided Sony’s credit-card hoard after Anonymous knocked down the door. Even stalwarts such as Housh are unhappy that much of Anonymous’s infrastructure is now housed on computers used by Russian criminals. “It’s not like the Russians wanted us to get HBGary, but I want to know personally why they are doing this,” he says of the chat hosts. “Where is the money coming from?”

To be sure: a tie with Anonymous is different than a tie directly with WikiLeaks, even if Anonymous was serving as one of WikiLeaks’ important source streams at the time. Further, Best notes that there’s no evidence in available files that Popov interacted directly with WikiLeaks — nor would there be, given the scope of the publicly available chat logs.

But, particularly given the allegations that Assange fed the Seth Rich hoax as part of an effort to deny that he knew he had gotten the Democratic files from Russia, I’m sure the US government would love to know from him about any ties between WikiLeaks and Russia.

Offering Assange a plea deal might be one way to close the book on WikiLeaks without the political controversy of a trial.

The question, of course, is whether Assange would take one. Admittedly, it’s highly unlikely.

Still, as noted, he repeatedly claimed he’d love to tell all if he could avoid prison altogether. But even in a best case scenario, he’s looking at a long extradition fight from Belmarsh in conditions that are reportedly pretty shitty. A plea deal might be one way to limit how much more time in custody he faces.

Which could bode poorly for people like Chelsea Manning, making significant sacrifices to protect Assange.

As I disclosed last July, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

Bamford’s Silence about How Maria Butina Got Thrown Back into Solitary

A number of people have asked me what I make of this piece from James Bamford, pitching the case against Maria Butina as a grave injustice, just after Paul Erickson (who may be the real intended beneficiary of this piece) was charged in the first of what is likely to be two indictments, and as the government extends her cooperation by two weeks.

There are parts that are worthwhile — such as his argument that because Butina didn’t return a bragging email from JD Gordon, it suggests she wasn’t trying to recruit him.

There are other parts I find weak.

Bamford oversells the degree to which the press sustained the serial honeypot angle — after all, some of us were debunking that claim back in September, when he appears to have been silent — without mentioning the fact that Butina first started proffering cooperation with prosecutors, presumably against Paul Erickson and George O’Neill, on September 26. The word “visa” doesn’t appear in the article’s discussion of Butina’s status as a grad student, leaving unrebutted the government’s claim that Butina chose to come to the US as a student because it provided travel privileges that served her influence operation. Bamford (who hasn’t covered the Mueller investigation) grossly overstates the significance of Mueller’s choice not to integrate Butina’s case into his own investigation. He also falsely treats all counterintelligence investigations into Russia as one ongoing investigation (see this post for my ongoing complaints about virtually everyone doing the same). He suggests that Butina will need to be traded for Paul Nicholas Whelan, when the government has already said she’ll be deported once she serves her sentence (which will likely be time served). He quotes Putin’s interest in Butina’s case, without noting that Russia has only shown the interest they showed in her in one other defendant, Yevgeniy Nikulin. And those are just a few of the details with which I take issue.

But these passages, in particular, strike me as problematic.

Since August 17, Butina has been housed at the Alexandria Detention Center, the same fortresslike building that holds Donald Trump’s former campaign manager, Paul Manafort. On November 10, she spent her 30th birthday in solitary confinement, in cell 2F02, a seven-by-ten-foot room with a steel door, cement bed, and two narrow windows, each three inches wide. She has been allowed outside for a total of 45 minutes. On December 13, Butina pleaded guilty to conspiracy to act as an unregistered agent of the Russian Federation. She faces a possible five-year sentence in federal prison.

[snip]

On November 23, 2018, Butina went to sleep on a blue mat atop the gray cement bed in her cell, her 81st day in solitary confinement. Hours later, in the middle of the night, she was awakened and marched to a new cell, 2E05, this one with a solid steel door and no food slot, preventing even the slightest communication. No reason was given, but her case had reached a critical point.

That’s true not just for the way Bamford obscures the timeline here — suggesting she was always in solitary — but because by obscuring that timeline, Bamford serves to hide that it was Bamford’s own communications with and about Butina that got her thrown back into solitary.

Butina’s lawyers laid out her protective custody status in a filing on November 27.

In addition to general population prisoners, the Alexandria detention center houses federal detainees awaiting trial before this court in “administrative segregation,” more commonly known as solitary confinement. This form of restrictive housing is not a disciplinary measure, but is purportedly used by corrections personnel to isolate inmates for their own protection or the safe operation of the facility.

[snip]

Between her commitment at the Correctional Treatment Facility in Washington, DC and then Alexandria detention center, Ms. Butina has been isolated in solitary confinement for approximately 67 days straight. Despite a subsequent release into general population that came at the undersigned’s repeated requests, correctional staff reinstated her total isolation on November 21, 2018 although no infraction nor occurrence justified the same.

The timeline they lay out makes it clear Butina was in protective custody from July 15 to around September 21, but then placed in the general population. The timeline is absolutely consistent with Butina agreeing to cooperate in order to get placed in general population (the motion to transport her was submitted September 21, so at the same time she was placed in the general population). The fact that the government uses solitary to coerce cooperation from prisoners deserves condemnation, and that definitely seems to have been at play here.

But even at a time she had active orders to be transported for cooperation (the court authorized a second request for transfer from late October through the time she pled guilty), Butina was placed back in solitary. The timeline her defense attorneys lay out, however, suggests that Bamford was incorrect in stating she was in solitary on her birthday on November 10. She wasn’t moved back to solitary until November 21.

On the afternoon of November 21, 2018, counsel received a never-before urgent phone call from a jailhouse counselor regarding Ms. Butina. The basis for that call was her return to solitary confinement. The undersigned called Chief Joseph Pankey and Captain Craig Davie in Alexandria in response. After conferring with them, however, it has become clear that the facility’s use of administrative segregation is a false pretext to mask an indefinite solitary confinement that is unjust and without cause.

Staff purported to base their decision to segregate on Ms. Butina referring a fellow inmate to her lawyers (that is, she gave her lawyers’ phone number to a fellow inmate), but staff did not find a disciplinary violation—major or minor. Chief Pankey and Captain Davie then resorted to the decision being “for her safety,” knowing that administrative segregation disallows an appeal internally.

As of the date of this filing, Ms. Butina has now been in solitary confinement for 22 hours a day for 6 consecutive days with no prospective release date. According to at least one deputy, the move to solitary confinement has also not been entered into the Alexandria detention center computer system, and Ms. Butina’s status is disclosed only by a piece of tape with handwriting attached to the guard stand.

And that’s important because of a detail that Bamford remains utterly silent about.

As laid out in a hearing transcript, around that time, the government recorded calls from Butina to “certain journalists” suggesting the journalist consult someone who had her lawyers’ first name.

DRISCOLL: The conflict raised by the government, I think the government does not think there’s been any violation of order by defense counsel, but due to circumstances regarding recorded calls that the government had of Ms. Butina and to certain journalists, the government raised the concern to us; and we wanted to raise it with the Court so that there would be no question when the plea is entered that the plea is knowing and voluntary, and we wanted to kind of preemptively, if necessary, get Ms. Butina separate counsel briefly to advise her on her rights, to make sure that she got her constitutional right to conflict-free advice.

[snip]

MR. KENERSON: The basic nature of the potential conflict is that this Court, I think, issued in an order back in September regarding Local Rule 57.7. The government has some jail calls from Ms. Butina in which she is talking to a reporter numerous times on those calls. She makes some references on those calls to individuals who could be — we don’t know that they’re defense counsel, but shares first name with defense counsel potentially acting as go-between at a certain point. That’s part one of the potential conflict. Part two is —

THE COURT: Wait. So, wait. Stop. Part one is a potential conflict. Do you see a conflict because you believe she’s acting at the behest of her attorneys or as a conduit for her attorneys to violate the Court’s order?

MR. KENERSON: It’s — someone viewing that in the light least favorable to defense counsel might be able to argue that this is some quantum of evidence that defense counsel possibly were engaged in assisting Ms. Butina in violating the Court’s order.

THE COURT: All right. But that goes to whether counsel, with the aid of his client, violated my — and I’ll use the colloquial term for it, my “gag order.” How does that go to — and maybe you’ll tell me; I cut you off. But how does that go to the voluntariness of her plea?

MR. KENERSON: So if there is an allegation that defense counsel assisting her somehow in violating the, again, to use the colloquial term the “gag order,” that would give defense counsel a reason to want to basically plead the case to avoid that potential violation from becoming public. And curry favor with the government.

Driscoll went on to explain why his client was talking to a journalist with whom she had a friendship that “predates all of this” in spite of her being subject to a gag order.

The circumstances, just so the Court’s aware, Ms. Butina has a friendship with a particular journalist that predates all of this. The journalist was working on a story about Ms. Butina prior to any of this coming up, prior to her Senate testimony, prior to her arrest, and had numerous on-the-record conversations with her prior to any of this happening. At the time the gag order was entered, I took the step of informing the journalist that, although he could continue to talk to Ms. Butina, he could not use any of their post gag-order conversations as the basis for any reporting, and the journalist has not, in any event, made any public statement or done any public reporting on the case to date.

Bamford’s own description of “a number of long lunches starting last March at a private club in downtown Washington, D.C.” make it clear he is the journalist in question.

Judge Chutkan was none too impressed with Driscoll’s advice.

THE COURT: Well, putting aside the questionable advisability of having your client talk to a reporter while she is pending trial and there’s a gag order present — and I understand you told the reporter that they couldn’t make any public statements, but as a former criminal defense attorney myself, I find that curious strategy.

Now, to be clear: Bamford never did publish anything on Butina during the period when the gag was in place (Chutkan lifted the gag on December 21). Even if Bamford had published something during that period, so long as Bamford did respect Driscoll’s advice that their ongoing conversations should be off the record, there was nothing Bamford could publish that would directly reflect her own statements.

And there’s very good reason to question whether the government threw Butina back into solitary because Bamford was reporting on her treatment. That is, it’s not outside the realm of our criminal justice system that Butina was placed back in solitary because a reporter had been tracking her case since before the investigation became public.

Instead of laying out the case for that, however, Bamford instead hides his own role in the process.

To be honest, I think the story is better understood as one about Paul Erickson and not Maria Butina. This story won’t help her at sentencing — that’s going to be based on her cooperation, not what a journalist who has already antagonized the government says about her. But it may help to spin Erickson and George O’Neill’s interest, as well as that of the NRA.

The public record certainly sustains the case that the government used solitary to induce Butina to cooperate — presumably to cooperate against Erickson and O’Neill. That certainly merits attention.

But then the government also used solitary to cut off Butina’s communications with Bamford himself. If it’s this story the government was retaliating against, Bamford should say that, rather than obscuring it.

This is a story about America’s reprehensible use of solitary confinement. But it doesn’t explain a key part of that process here. Given that the story seems to most benefit Erickson, I find that silence remarkable.

Unwinding a Multithreaded Beast

This is more than the usual caveat asking readers to note the byline on this post. I’m not the expert at this site on the investigations by Special Counsel’s Office or any other law enforcement body — for that see Marcy’s or bmaz’s posts and comments.

However I spend a lot of time on information technology, which is how I ended up reading a report on internet-mediated information warfare.

Last year the Senate Select Committee on Intelligence held a hearing about Foreign Influence on Social Media. One of the commissioned and invited research organizations was New Knowledge (NK), a cybersecurity/information integrity consultancy. NK’s director of research delivered prepared remarks and a whitepaper providing an overview of Russia’s influence operations and information warfare program.

The paper is a peppy read; it will little surprise those who have followed the Trump-Russia investigation and the role social media played in the 2016 election. But there are still bits which are intriguing — more so months after the paper was first delivered,  in light of long-time ratfucker Roger Stone’s indictment this past week.

Note these two excerpts from the report:

There wasn’t a link in the indictment last year of the Russian Internet Research Agency personnel with Stone’s indictment. The IRA charges don’t overlap with Stone’s at all (count numbers from indictments in paren.).

Stone:
(1) Obstruction of Proceeding
(2-6) False Statements
(7) Witness Tampering

IRA:
(1) Conspiracy (to gain unauthorized access, hack and steal information)
(1) Wire Fraud Conspiracy
(3-7) Wire Fraud
(8,9) Aggravated Identity Theft
(10) Conspiracy Commit to Money Laundering

But Stone’s indictment reveals an interesting overlap of threads between Stone’s efforts on behalf of the Trump campaign and the information warfare operation the IRA conducted in 2016.

Why was the IRA propelling content to fluff Assange’s credibility in the days before the release of the hacked emails Stone was trying to manage? This is a rather odd service to offer as a tenth anniversary gift to a so-called journalism outlet which should be able to point to its achievements on its own.

The IRA wasn’t alone in its Assange cred-fluffing. What a coincidence the UK tabloid DailyMail also touted Assange’s ability to affect Clinton’s campaign with a release of hacked emails — and at nearly the same time the IRA was pumping up Assange’s image.

How odd this DailyMail piece was pegged to Wikileaks’ anniversary, but the headline on the article and subhead treat the anniversary as an afterthought compared to the hacked emails and their effect on the Clinton campaign.

It doesn’t look like social media alone manipulated public perception, or that manipulation was confined to U.S. media.

Perhaps these two threads — the IRA’s influence operation/information warfare and Stone’s hacked email ratfucking — weren’t directed by a common entity. The public may not know depending on the course of SCO’s criminal and counterintelligence investigations and what information is released. But they certainly sewed toward the same outcome.

Three Things: Russia and China Spying, Kavanope

[NB: Yes, it’s Rayne, not Marcy. Check the byline.]

Huge news earlier today related to spying. Really big. MASSIVE.

And a MASSIVE cover-up pawned off on the feeble-minded as a ‘complete investigation‘ into Dr. Ford’s and Deborah Ramirez’s accusations against Brett Kavanaugh.

~ 3 ~

Bloomberg published an epic piece of investigative journalism this morning about China’s spying on U.S. businesses by way of tiny chips embedded in server motherboards. The photos in the story are just as important as the must-read story itself as they crystallize a challenge for U.S. intelligence and tech communities. Like this pic:

That tiny pale obelisk to the right of the penny represents one of the malicious chips found in affected Supermicro brand motherboards shipped to the U.S. market — nearly as small as the numbers in the date on the coin. Imagine looking for something this puny before a machine is turned on and begins to launch its operating system. Imagine trying to find it when it is sandwiched inside the board itself, embedded in the fiberglass on top of which components are cemented.

The chip could undermine encryption and passwords, making any system open to those who know about its presence. According to Bloomberg reporters  Jordan Robertson and Michael Riley, the chips found their way into motherboards used by Apple and Amazon.

Information security folks are scrambling right now because this report rocks their assumptions about the supply chain and their overall infosec worldview. Quite a few doubt this Bloomberg report, their skepticism heightened by the carefully worded denials offered by affected and relevant parties Apple, Amazon, Supermicro, and China. Apple provided an itemization of what it believed Bloomberg Businessweek got wrong along with its denial.

I’ll have more on this in a future post. Yes, indeedy.

~ 2 ~

A cooperative, organized response by Britain, The Netherlands, U.S., and Canada today included the indictment of seven Russians by the U.S. for conspiracy, conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to launder money. The Russians have been identified as members of a GRU team organized out of a facility in Moscow, working on hacking and a disinformation influence campaign focused on anti-doping entities and non-Russian Olympic athletic competitors.

Note the underlined bit in this excerpt from the indictment (pdf) — the last indictment I copied with similar wording was that of Evgeny Buryakov and his two comrades, the three spies based in New York City who worked with “Male-1”, now known to be Carter Page. Who are the known and unknown? Persons who have flipped or co-conspirators yet to be named?

The UK released a statement as did the Canadians, and Netherlands issued a joint statement with the UK about the entirety of spying for which this GRU team is believed to be responsible, including an attempt to breach the Organisation for the Prohibition of Chemical Weapons’ (OPCW) facility analyzing the Novichok nerve agent used to poison the Skripals in the UK as well as chemicals used against Syrians.

Cryptocurrency news outlets report concerns that this indictment reveals the extent of USDOJ’s ability to trace cryptocurrency.

An interesting coincidence took place overnight as well — Russian Deputy Attorney General Saak Karapetyan died last night when an unauthorized helicopter flight crashed northeast of Moscow. Karapetyan had been linked this past January to Natalia Veselnitskaya and an attempt to recruit Switzerland’s top investigator as double-agents. But Karapetyan had also been involved in Russia’s response to the poisoning of Alexander Litvinenko and the aftermath of the Skripals’ poisoning in the UK.

What remarkable timing.

One might wonder if this accident had anything to do with the unusual release of GRU personnel details by the Dutch Military Intelligence and Security Service (MIVD) and the United Kingdom’s Ministry of Justice during their joint statement today.

By comparing the released identity documents, passports, automobile registrations and the address provided when cars were rented, the identities of a total 305 GRU agents may have been identified by bellingcat and The Insider including the four out of the seven men wanted by the U.S. for the anti-doping hackingas well as attempted breach of OPCW.

The identity of the four GRU agents accused of targeting the OPCW was cinched by a taxi receipt in one agent’s pocket from a location on the road next to the GRU’s facility in Russia. Four agents also had consecutive passport numbers.

What remarkably bad opsec.

~ 1 ~

As for the impending vote on Brett Kavanaugh:

– Senator Heidi Heitkamp is voting her conscience — NO on Kavanaugh.
– Senator Joe Manchin is now the lone Dem holdout; he says he’s still listening but hasn’t seen anything incriminating from Kavanaugh’s adulthood. (Gee, I wonder why.)
– Senator Bob Menendez didn’t mince words. He said “It’s a bullshit investigation.” (He should know what a thorough investigation looks like).

And the beer-loving former Yale frat boy had an op-ed published in the Wall Street Journal which pleads with us to lose all intelligence and believe that he is really very neutral. I am not even going to link to that POS which has re-enraged women all over the country.

GTFO.

Continue calling your senators to thank them for a NO vote on Kavanaugh so that they aren’t hearing right-wing demands alone. Congressional switchboard: (202) 224-3121

~ 0 ~

This is an open thread. Sic ’em.

image_print