Posts

GRU’s Alice Donovan Persona Warned of a WannaCry-Like Event a Year before It Happened

As I disclosed last month, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In this post, I suggested that The Shadow Brokers persona served as a stick to the carrots Vladimir Putin dangled in front of Donald Trump. When Donald Trump took an action — bombing Syria to punish Bashar al-Assad — that violated what I believe to be one of the key payoffs in the election quid pro quo, Shadow Brokers first bitched mightily, then released a bunch of powerful NSA tools that would soon lead to the WannaCry global malware attack.

It turns out GRU warned of that kind of attack a year before it happened.

One of the tidbits dropped into a very tidbit-filled GRU indictment is that GRU ran the Alice Donovan propaganda persona.

On or about June 8, 2016, and at approximately the same time that the dcleaks.com website was launched, the Conspirators created a DCLeaks Facebook page using a preexisting social media account under the fictitious name “Alice Donovan.”

That tidbit has led to some follow-up on the Donovan figure, including this typically great DFRLab piece arguing that Russia had two parallel streams of troll campaigns, the Internet Research Agency one focused on the election, and the GRU one focused on foreign policy.

Donovan was first exposed in December of last year after WaPo reported on and CounterPunch did a review of “her” work after then WaPo reporter Adam Entous contacted CP after learning the FBI believed “she” had some tie to Russia.

We received a call on Thursday morning, November 30, from Adam Entous, a national security reporter at the Washington Post. Entous said that he had a weird question to ask about one of our contributors. What did we know about Alice Donovan? It was indeed an odd question. The name was only faintly familiar. Entous said that he was asking because he’d been leaked an FBI document alleging that “Alice Donovan” was a fictitious identity with some relationship to Russia. He described the FBI document as stating that “Donovan” began pitching stories to websites in early 2016. The document cites an article titled “Cyberwarfare: Challenge of Tomorrow.”

As both pieces emphasize, the first article that Donovan pitched — and “she” pitched it to multiple outlets — pertained to cyberattacks, specifically to ransomware attacks on hospitals.

The article was first published in Veterans Today on April 26, 2016. That’s the same day that Joseph Mifsud first told George Papadopoulos Russia had emails — emails hacked by Donovan’s operators — they planned to leak to help defeat Hillary Clinton.

CounterPunch published the cybersecurity article on April 29. That’s the day the DNC first figured out that GRU (and FSB’s APT 29) had hacked them.

Those dates may well be coincidences (though they make it clear the Donovan persona paralleled the hack-and-leak campaign). I’m less sure about the third publication of the article, in Mint Press, on August 17, 2016, just four days after Shadow Brokers went live. So just days after Shadow Brokers had called out, “!!! Attention government sponsors of cyber warfare and those who profit from it !!!” an article was republished with the penultimate paragraph accusing the US of planning to shut down Iran’s power grid.

Moreover, the U.S. has been designing crippling cyber attack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the U.S. was prepared to shut down the country’s power grid and communications networks.

The basis for that accusation was actually this article, but “Donovan” took out the reference (bolded below) to GRU’s attack on Ukraine’s power grid in the original.

Today such ransomware attacks are largely the work of criminal actors looking for a quick payoff, but the underlying techniques are already part of military planning for state-sponsored cyberwarfare. Russia showcased the civilian targeting of modern hybrid operations in its attack on Ukraine’s power grid, which included software designed to physically destroy computer equipment. Even the US has been designing crippling cyberattack plans targeting the civilian sector. In case its nuclear negotiations with Iran failed, the US was prepared to shut down the country’s power grid and communications networks.

Imagine a future “first strike” cyberattack in which a nation burrowed its way deeply into the industrial and commercial networks of another state and deployed ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think. [my emphasis]

And “Donovan” adds in this sentence (from elsewhere in the Forbes article).

Government itself, including its most senior intelligence and national security officials are no better off when a single phishing email can redirect their home phone service and personal email accounts.

When this article was first published, the memory was still fresh of the Crackas with Attitude hack, where self-described teenagers managed to hack John Brennan and James Clapper and forward the latter’s communications (among the men serving prison sentences for this attack are two adult Americans, Andrew Otto Boggs and Justin Liverman).

Most of the rest of the article uses the threat of malware attacks on hospitals to illustrate the vulnerability of civilian infrastructure to cyberattack. It cites a Kaspersky proof of concept (recall that Shadow Brokers included a long play with Kaspersky). It cites an FBI agent attributing much of this hacking to Eastern Europe.

Stangl said the hackers, most of them from Eastern Europe, have increasingly targeted businesses, which are often able to pay more than individuals to unlock data. The hackers “scan the Internet for companies that post their contact information,” then send them email phishing attacks. Unsuspecting employees, Stangl said, are asked to click on what seem to be innocuous links or attachments — perhaps something as simple as a .PDF purporting to be a customer complaint — and before they know it, their computers are infected.

And the “Donovan” article explains at length — stealing from this article — why hospitals are especially vulnerable to malware attacks.

Such attacks may all sound like nightmare scenarios, but the experts say they’re becoming almost routine. And hospitals have not made cybersecurity a priority in their budgets. On average hospitals spent about 2 percent on IT, and security might be 10 percent of that. Compare that percentage to the security spending by financial institutions: for example, Fidelity spends 35 percent of its budget on IT.

Moreover, medical facilities are vulnerable to these attacks in part because they don’t properly train their employees on how to avoid being hacked, according to Sinan Eren, who has worked in cybersecurity for government and health-care organizations for two decades.

“It’s not like the financial-services industry, where they train employees how to spot suspicious emails,” said Eren, general manager at Avast Mobile Enterprise. Also, many hospital computer systems are outdated, bulky and in dire need of upgrades or newer software, he said. But such institutions often don’t have — or don’t want to spend — the money to make sweeping changes.

While it’s still unclear which computer WannaCry first infected in May 2017, Britain’s National Health Service was easily the most famous victim, with about a third of the system being shut down. Not long after WannaCry, NotPetya similarly spanned the globe in wiperware designed to appear as ransomware (though the latter’s use of NSA tools was mostly just show). While the US and UK have publicly attributed WannaCry to North Korea (I’m not convinced), NotPetya was pretty clearly done by entities close to GRU.

And a year before those global pseudo-ransomware worms were launched, repeated just days after Shadow Brokers started releasing NSA’s own tools, GRU stole language to warn of “a nation burrow[ing] its way deeply into the industrial and commercial networks of another state and deploy[ing] ransomware across its entire private sector, flipping a single switch to hold the entire country for ransom. Such a nightmare scenario is unfortunately far closer than anyone might think.”

(h/t TC for the heads up on this file and a number of the insights in this piece)

Update: MB noted that the “added” sentence actually also comes from the original Forbes article (it links to an earlier column that notes the Crackas tie explicitly).

As the Summit Arrives, Keep in Mind that Putin Manages Trump with Carrots and Sticks

As I laid out last week, I provided information to the FBI on issues related to the Mueller investigation, so I’m going to include disclosure statements on Mueller investigation posts from here on out. I will include the disclosure whether or not the stuff I shared with the FBI pertains to the subject of the post. 

In my post revealing that I went to the FBI with information about someone who played a significant role in Russia’s attack on US elections, I revealed that the person sent me a text less than 15 hours after polls closed indicating Trump had ordered Mike Flynn to start working on Syrian issues.

Both Jared Kushner’s public statement and Mike Flynn’s anonymous confidant’s comments corroborate that Trump focused on Syria immediately after the election. I have taken from that that conceding to Russian plans to leave Bashar al-Assad in place is one of the payoffs Trump owed Putin for help winning the election.

For that reason, I want to look at the Shadow Brokers Don’t Forget Your  Base post, posted on April 9, 2017, just three days after Trump retaliated against Syria for a chemical weapons attack on civilians. It was the first post after Shadow Brokers had announced he was going away on January 12 (which, I now realize, was the day after the Seychelles meeting set up a back channel with Russia through Erik Prince). It preceded by days the Lost in Translation post, which released powerful NSA hacking tools that would lead directly to the WannaCry malware attack in May. And while the Don’t Forget Your Base post did release files, it was mostly about messaging.

That messaging included a bunch of things. Among other things (such as that Trump shouldn’t have fired Steve Bannon and should refocus on his racist domestic policies), the post argues that Trump should just own up to Russia helping Trump win the election.

Your Supporters:

  • Don’t care what is written in the NYT, Washington Post, or any newspaper, so just ignore it.
  • Don’t care if you swapped wives with Mr Putin, double down on it, “Putin is not just my firend he is my BFF”.
  • Don’t care if the election was hacked or rigged, celebrate it “so what if I did, what are you going to do about it”.

It talks about what the people who got Trump elected expect.

The peoples whose voted for you, voted against the Republican Party, the party that tried to destroying your character in the primaries. The peoples who voted for you, voted against the Democrat Party, the party that hates, mocks, and laughs at you. Without the support of the peoples who voted for you, what do you think will be happening to your Presidency? Without the support of the people who voted for you, do you think you’ll be still making America great again?

It claims that embracing Russian foreign policy will make America great.

TheShadowBrokers isn’t not fans of Russia or Putin but “The enemy of my enemy is my friend.” We recognize Americans’ having more in common with Russians than Chinese or Globalist or Socialist. Russia and Putin are nationalist and enemies of the Globalist, examples: NATO encroachment and Ukraine conflict. Therefore Russia and Putin are being best allies until the common enemies are defeated and America is great again.

And it argues (in a thoroughly muddled description of what happened) that Trump shouldn’t have bombed Syria.

Respectfully, what the fuck are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.

Good Evidence:

#1 — Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
#2 — Backtracked on Obamacare
#3 — Attacked the Freedom Causcus (TheMovement)
#4 — Removed Bannon from the NSC
#5 — Increased U.S. involvement in a foreign war (Syria Strike)

[snip]

Because from theshadowbrokers seat is looking really bad. If you made deal(s) be telling the peoples about them, peoples is appreciating transparency. But what kind of deal can be resulting in chemical weapons used in Syria, Mr. Bannon’s removal from the NSC, US military strike on Syria, and successful vote for SCOTUS without change rules?

[snip]

Mr Trump, we getting it. You having special empathy for father whose daughter is killed. We know this is root cause for anti-illegal immigrant policy. Illegal immigrant shoot man’s daughter in San Francisco. Now is Syrian man daughter killed by chemical gas. We agree its needless tragedy. But tragedies happening everyday and wars endangers all the children not just Syrian.

There is, admittedly, a lot going on here, even ignoring that it sounds like a batshit insane rant.

But is also that case that Shadow Brokers had gone away in the transition period. And then shortly after Trump bombed Syria, he came back, and very quickly released tools he had threatened to release during the transition period. The release of those tools did significant damage to the NSA (and its relations with Microsoft and other US tech companies) and led directly to one of the most damaging malware attacks in history.

It is my opinion that Russia manages Trump with both carrots — in the form of election year assistance and promises of graft — and sticks — in this case, in the form of grave damage to US security and to innocent people around the world.

And Trump is poised to head into a meeting with Vladimir Putin on Monday — showing no embarrassment about the proof laid out yesterday that without Putin, Trump wouldn’t have won the election — to discuss (among other things) a deal on Syria.

Meanwhile, Trump’s own Director of National Intelligence, Dan Coats, says the lights are blinking red like they were in advance of 9/11.

Director of National Intelligence Dan Coats raised the alarm on growing cyberattack threats against the United States, saying the situation is at a “critical point” and coming out forcefully against Russia.

“The warning signs are there. The system is blinking. It is why I believe we are at a critical point,” Coats said, addressing the Hudson Institute in Washington, DC, on Friday.

“Today, the digital infrastructure that serves this country is literally under attack,” he said.
Coats compared the “warning signs” to those the United States faced ahead of the September 11 terrorist attacks.

Rather than doing the things to prepare for an attack, Trump has virtually stood down, firing his very competent cyber czar and providing no order to take more assertive steps to prepare for an attack.

This is why I came forward two weeks ago to talk about how quickly someone involved in the election attack learned of Trump’s policy shift on Syria. I believe Trump is cornered — has allowed himself to be cornered. And in spite of everything, Trump is prepared to go alone into a meeting on Monday with Vladimir Putin — the guy wielding both carrots and sticks against Trump — and make a deal.

Everyone is worried that Putin might release a pee tape. I think what Putin holds over Trump may be far more serious. And if something happens, know that there’s good reason to believe Trump brought it on the country himself, willingly.

The Papadopoulos Interfax Interview and Another Syria Data Point

The other day, the WaPo had a story reviewing the larger role in the Trump campaign George Papadopoulos had than the Trump folks admit. Much of this work has appeared elsewhere, but I’m particularly interested in the WaPo’s account of the direction Deputy Comms Director Brian Lanza gave to George Papadopoulos regarding an Interfax interview he would do. He emphasized that the campaign wanted the message that it wanted a partnership with Russia on Syria.

When a Russian news agency reached out to George Papadopoulos to request an interview shortly before the 2016 election, the young adviser to then-
candidate Donald Trump made sure to seek approval from campaign headquarters.

“You should do it,” deputy communications director Bryan Lanza urged Papadopoulos in a September 2016 email, emphasizing the benefits of a U.S. “partnership with Russia.”

[snip]

“Received a request from Interfax Russian News Agency with Ksenia Baygarova on U.S.-Russia ties under a President Trump. What do you think?” he wrote to Lanza on Sept. 9, 2016. “If the campaign wants me to do it, can answer similar to the answers I gave in April while in Israel.”

Lanza gave the go-ahead, citing the conflict in Syria as a reason to work with the Russians. Papadopoulos then offered to send the campaign a copy of the interview after it was published.

“You’re the best. Thank you!” Lanza responded.

Lanza declined to comment.

In the interview, published Sept. 30, 2016, Papadopoulos told the Russian media outlet that Trump had been “open about his willingness to usher in a new chapter in U.S.-Russia ties,” specifically citing the need for cooperation in Syria.

As WaPo notes, the resulting interview is one Papadopoulos made sure Ivan Timofeev saw, in what may be part of a signaling process to Russia on Trump policy questions. In it, Papadopoulos specifically came out against regime change, one of the US policies Putin especially loathes.

Q.: Do you share the opinion that the Assad regime should be immediately removed from power in Syria?

A.: We do not support aggressive changes of regimes anywhere including Syria. Look what had happened in Lybia and Iraq. We all remember this. However, it does not mean that we support Assad either.

Syria was key in other signaling — and in Jared’s top policy priorities immediately after the election.

The focus on Syria is key: remember that Jared Kushner explained his request to Sergei Kislyak for a Russian-run secure back challenge as an effort to cooperate on Syria.

The Ambassador expressed similar sentiments about relations, and then said he especially wanted to address U.S. policy in Syria, and that he wanted to convey information from what he called his “generals.” He said he wanted to provide information that would help inform the new administration. He said the generals could not easily come to the U.S. to convey this information and he asked if there was a secure line in the transition office to conduct a conversation. General Flynn or I explained that there were no such lines. I believed developing a thoughtful approach on Syria was a very high priority given the ongoing humanitarian crisis, and I asked if they had an existing communications channel at his embassy we could use where they would be comfortable transmitting the information they wanted to relay to General Flynn.

So it’s possible the attacks on Hillary’s Syria policy were a signal — as the earlier speech’s call for engagement with Russia apparently was — to Timofeev.

The Papadopoulos interview was published on September 30, just 11 days before Don Jr. flew to Paris to meet with some pro-Russian Syrians.

One meeting that Donald Trump Jr. has not fully explained is a speech in Paris on October 11, 2016, just weeks before the election.

In his capacity as a key member of the Trump campaign, Trump Jr. spoke at the meeting at the request of a French think tank, The Center of Political and Foreign Affairs. Trump Jr. was likely paid about $50,000 for the speech, according to the speaking fees listed by talent booking agency that represents him.

The CFPR has a reputation in the French press as being “openly connected to the Russians.” It is difficult, however, to track just how connected they are, as France does not require it’s nonprofit organizations to disclose their finances.

The founders of the center have worked closely with the Russian government to end the conflict in Syria and in 2016, nominated Russian President Vladimir for the Nobel Peace Prize. The center’s director, Fabien Baussart, has been described as “a former lobbyist for Russian oligarchs in France.” He cited Putin’s “peace-making efforts” as reason for his nomination. One of the founders, Baussart’s wife Randa Kassis, heads a political party called the Movement for a Pluralistic Society, which is in part endorsed by Russia in support of Syrian president Bashar al-Asssad.

Now we know, then, that even at the level of flacks, the emphasis in this period was on publicizing (to Russians, in a Russian outlet) the Trump willingness to work together on Syria, and specifically to depart from US efforts to remove Assad.

 

Why Is CIA Avoiding the Conclusion that Putin Hacked Hillary to Retaliate for Its Covert Actions?

The most logical explanation for the parade of leaks since Friday about why Russia hacked the Democrats is that the CIA has been avoiding admitting — perhaps even considering — the conclusion that Russia hacked Hillary in retaliation for the covert actions the CIA itself has taken against Russian interests.

Based on WaPo’s big story Friday, I guessed that there was more disagreement about Russia’s hack than its sources — who seemed to be close to Senate Democrats — let on. I was right. Whereas on Friday WaPo reported that it was the consensus view that Russia hacked Hillary to get Trump elected, on Saturday the same journalists reported that CIA and FBI were giving dramatically different briefings to Intelligence Committees.

The question the Republicans and Democrats in attendance wanted answered was whether the bureau concurred with the conclusions the CIA had just shared with senators that Russia “quite” clearly intended to help Republican Donald Trump defeat Democrat Hillary Clinton and clinch the White House.

For the Democrats in the room, the FBI’s response was frustrating — even shocking.

During a similar Senate Intelligence Committee briefing held the previous week, the CIA’s statements, as reflected in the letter the lawmakers now held in their hands, were “direct and bald and unqualified” about Russia’s intentions to help Trump, according to one of the officials who attended the House briefing.

[snip]

“The FBI briefers think in terms of criminal standards — can we prove this in court,” one of the officials said. “The CIA briefers weigh the preponderance of intelligence and then make judgment calls to help policymakers make informed decisions. High confidence for them means ‘we’re pretty damn sure.’ It doesn’t mean they can prove it in court.”

The FBI is not sold on the idea that Russia had a particular aim in its meddling. “There’s no question that [the Russians’] efforts went one way, but it’s not clear that they have a specific goal or mix of related goals,” said one U.S. official.

Subsequent leaks have continued to make it clear there’s a dispute both about what motive Russia had to target Hillary (to destabilize the US? to get Trump elected?) and how much evidence there is (the FBI thinks it is circumstantial, the CIA thinks it a  smoking gun). In addition, there have been unanswered questions about why CIA only briefed that Russia affirmatively supported Hillary this week, when reportedly they have had the evidence that conclusion is based on for months.

Remarkably, only secondary commenters (including me, in point 13 here) have suggested the most obvious explanation: The likelihood that Russia targeted the former Secretary of State for a series of covert actions, all impacting key Russian interests, that at least started while she was Secretary of State. Those are:

  • Misleadingly getting the UN to sanction the Libya intervention based off the claim that it was about protecting civilians as opposed to regime change
  • Generating protests targeting Putin in response to 2011 parliamentary elections
  • Sponsoring “moderate rebels” to defeat Bashar al-Assad
  • Removing Viktor Yanukovych to install a pro-NATO government

Importantly, the first three of these happened on Hillary’s watch, with her active involvement. And Putin blamed Hillary, personally, for the protests in 2011.

Never mind the relative merit of these covert operations. Never mind that Putin has not, yet, released any evidence to support his claim that Hillary (or CIA) supported the 2011 protests targeting him personally; there is no doubt he believes it. During the primary Hillary as much as confirmed that when her diplomats negotiated the UN voted in 2011, they had regime change in mind the whole time. The US has acknowledged its covert operations against Assad in Congressional testimony. And hackers released a call from Victoria Nuland acting like she was in charge of deciding what post-Yanukovych Ukraine would look like.

In other words, whatever the merits and evidence behind these four events, there is no doubt Putin sees them as a threat to Russian interests and blames the US for all of them, with merit in at least some of the cases.

And yet, this most obvious motive has not been leaked to the press, creating the impression that it has never been considered by the people who carried out these covert actions.

To admit this possible motive publicly, of course, would require admitting that the US still tampers in other governments, including some that are elected (even if in elections of dubious fairness). It would also require admitting that our own government got targeted as a response to these covert interventions, which would make concerns about how novel this intervention was a lot less convincing.

Finally, if this motive were the real reason Putin tampered in our election, it might explain why Obama has been reluctant to respond. Perhaps the US believes that Putin has evidence that might prove — or at least create a convincing case that — that the US did intervene to try to weaken him in 2011. And again, the US has already stated on the record they’ve got a covert operation to topple Assad.

Update: I’ll add that DC Leaks, which has always been conflated with Guccifer 2 (which released only Democratic files) and the DNC and Podesta leaks to Wikileaks, started by releasing documents with very clear ties to Ukraine, including a great many targeted at George Soros. If DC Leaks is considered part of the same operation, it is all the more unbelievable that CIA has not considered this explanation.

Update: At an October 18 event, Michael Hayden said (after 20:30) Putin did this because he believes that we do this to him all the time, citing the Rose Revolution, 2011 protests, and Maidan, but not mentioning Libya and Syria. Hayden did claim that the US doesn’t actually do those things (again, not mentioning Libya and Syria), but earlier he said he had done similar things to the actual hack while Director of NSA.

Unpacking the New CIA Leak: Don’t Ignore the Aluminum Tube Footnote

This post will unpack the leak from the CIA published in the WaPo tonight.

Before I start with the substance of the story, consider this background. First, if Trump comes into office on the current trajectory, the US will let Russia help Bashar al-Assad stay in power, thwarting a 4-year effort on the part of the Saudis to remove him from power. It will also restructure the hierarchy of horrible human rights abusing allies the US has, with the Saudis losing out to other human rights abusers, potentially up to and including that other petrostate, Russia. It will also install a ton of people with ties to the US oil industry in the cabinet, meaning the US will effectively subsidize oil production in this country, which will have the perhaps inadvertent result of ensuring the US remains oil-independent even though the market can’t justify fracking right now.

The CIA is institutionally quite close with the Saudis right now, and has been in charge of their covert war against Assad.

This story came 24 days after the White House released an anonymous statement asserting, among other things, “the Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day,” suggesting that the Russians may have been deterred.

This story was leaked within hours of the time the White House announced it was calling for an all-intelligence community review of the Russia intelligence, offered without much detail. Indeed, this story was leaked and published as an update to that story.

Which is to say, the CIA and/or people in Congress (this story seems primarily to come from Democratic Senators) leaked this, apparently in response to President Obama’s not terribly urgent call to have all intelligence agencies weigh in on the subject of Russian influence, after weeks of Democrats pressuring him to release more information. It was designed to both make the White House-ordered review more urgent and influence the outcome.

So here’s what that story says.

In September, the spooks briefed “congressional leaders” (which for a variety of reasons I wildarseguess is either a Gang of Four briefing including Paul Ryan, Nancy Pelosi, Mitch McConnell, and Harry Reid or a briefing to SSCI plus McConnell, Reid, Jack Reed, and John McCain). Apparently, the substance of the briefing was that Russia’s intent in hacking Democratic entities was not to increase distrust of institutions, but instead to elect Trump.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

The difference between this story and other public assessments is that it seems to identify the people — who sound like people with ties to the Russian government but not necessarily part of it — who funneled documents from Russia’s GRU to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees.

This is the part that has always been missing in the past: how the documents got from GRU, which hacked the DNC and John Podesta, to Wikileaks, which released them. It appears that CIA now thinks they know the answer: some people one step removed from the Russian government, funneling the documents from GRU hackers (presumably) to Wikileaks to be leaked, with the intent of electing Trump.

Not everyone buys this story. Mitch McConnell doesn’t buy the intelligence.

In September, during a secret briefing for congressional leaders, Senate Republican Leader Mitch McConnell (Ky.) voiced doubts about the veracity of the intelligence, according to officials present.

That’s one doubt raised about CIA’s claim — though like you all, I assume Mitch McConnell shouldn’t be trusted on this front.

But McConnell wasn’t the only one. One source for this story — which sounds like someone like Harry Reid or Dianne Feinstein — claimed that this CIA judgment is the “consensus” view of all the intelligence agencies, a term of art.

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

Except that in a briefing this week (which may have been what impressed John McCain and Lindsey Graham to do their own investigation), that’s not what this represented.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

The CIA presentation to senators about Russia’s intentions fell short of a formal U.S. assessment produced by all 17 intelligence agencies. A senior U.S. official said there were minor disagreements among intelligence officials about the agency’s assessment, in part because some questions remain unanswered. [my emphasis]

That’s a conflict. Some senior US official (often code for senior member of Congress) says this is the consensus view. Another senior US official (or maybe the very same one) says there are “minor disagreements.”

Remember: we went to war against Iraq, which turned out to have no WMD, in part because no one read the “minor disagreements” from a few agencies about some aluminum tubes. A number of Senators who didn’t read that footnote closely (and at least one that did) are involved in this story. What we’re being told is there are some aluminum tube type disagreements.

Let’s hear about those disagreements this time, shall we?

Here’s the big takeaway. The language “a formal US assessment produced by all 17 intelligence agencies” is, like “a consensus view,” a term of art. It’s an opportunity for agencies which may have differing theories of what happened here to submit their footnotes.

That may be what Obama called for today: the formal assessment from all agencies (though admittedly, the White House purposely left the scope and intent of it vague).

Whatever that review is intended to be, what happened as soon as Obama announced it is that the CIA and/or Democratic Senators started leaking their conclusion. That’s what this story is.

Update: One other really critical detail. When the White House announced the Obama review today, Wikileaks made what was a bizarre statement. Linking to a CNN story on the Obama ordered review that erred on the side of blaming Russia for everything, it said, “CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency.” Even though none of the statements on the review focused on what this story does — that is, on the way that the DNC and Podesta emails got to Wikileaks — Wikileaks nevertheless interpreted it as an inquiry targeted at it.

Update: And now David Sanger (whose story on the Obama-ordered review was particularly bad) and Scott Shane reveal the RNC also got hacked, and it is the differential leaking that leads the spooks to believe the Russians wanted Trump to win.

They based that conclusion, in part, on another finding — which they say was also reached with high confidence — that the Russians hacked the Republican National Committee’s computer systems in addition to their attacks on Democratic organizations, but did not release whatever information they gleaned from the Republican networks.

In the months before the election, it was largely documents from Democratic Party systems that were leaked to the public.

This may be a fair assessment. But you would have to account for two things before making it. First, you’d need to know the timing and hacker behind the RNC hack. That’s because two entities are believed to have hacked the DNC: an FSB appearing hacking group, and a GRU one. The FSB is not believed to have leaked. GRU is believed to have. So if the FSB hacked the RNC but didn’t leak it, it would be completely consistent with what FSB did with DNC.

NYT now says the RNC hack was by GRU in the spring, so it is a fair question why the DNC things got leaked but RNC did not.

Also, Sanger and Shane say “largely documents” from Dems were leaked. That’s false. There were two streams of non-Wikileaks releases, Guccifer, which did leak all-Dem stuff, and DC Leaks, which leaked stuff that might be better qualified as Ukrainian related. The most publicized of documents from the latter were from Colin Powell, which didn’t help Trump at all.

Update: It’s clear that Harry Reid (who of course is retiring and so can leak speech and debate protected classified information without worrying he’ll be shut off in the future) is one key driver of this story. Last night he was saying, “”I was right. Comey was wrong. I hope he can look in the mirror and see what he did to this country.” This morning he is on the TV saying he believes Comey had information on this before the election.

Update, 12/10: This follow-up from WaPo is instructive, as it compares what CIA briefed the Senate Intelligence Committee about the current state of evidence with what FBI briefed the House Intelligence Committee about the current state of evidence. While the focus is on different Republican and Democratic understandings of both, the story also makes it clear that FBI definitely doesn’t back what WaPo’s sources from yesterday said was a consensus view.

CyberCommand Turns Its “Cyberbombs” from Assad to ISIS

David Sanger has a long piece on how CyberCom is — for the first time, he says! — launching cyberattacks on ISIS.

The United States has opened a new line of combat against the Islamic State, directing the military’s six-year-old Cyber Command for the first time to mount computer-network attacks that are now being used alongside more traditional weapons.

The effort reflects President Obama’s desire to bring many of the secret American cyberweapons that have been aimed elsewhere, notably at Iran, into the fight against the Islamic State — which has proved effective in using modern communications and encryption to recruit and carry out operations.

The National Security Agency, which specializes in electronic surveillance, has for years listened intensely to the militants of the Islamic State, and those reports are often part of the president’s daily intelligence briefing. But the N.S.A.’s military counterpart, Cyber Command, was focused largely on Russia, China, Iran and North Korea — where cyberattacks on the United States most frequently originate — and had run virtually no operations against what has become the most dangerous terrorist organization in the world.

[snip]

The goal of the new campaign is to disrupt the ability of the Islamic State to spread its message, attract new adherents, circulate orders from commanders and carry out day-to-day functions, like paying its fighters. A benefit of the administration’s exceedingly rare public discussion of the campaign, officials said, is to rattle the Islamic State’s commanders, who have begun to realize that sophisticated hacking efforts are manipulating their data. Potential recruits may also be deterred if they come to worry about the security of their communications with the militant group.

[snip]

“We are dropping cyberbombs,” Mr. Work said. “We have never done that before.”

The campaign has been conducted by a small number of “national mission teams,” newly created cyberunits loosely modeled on Special Operations forces.

Golly, what a novel idea, hacking an adversary that relies on the Internet for its external strength? Imagine how many people we could have saved if we had done that a few years ago? And all this time CyberCom has just been sitting on its thumbs?

Sanger suggests, of course, that CyberCom has been otherwise focused on Russia, China, Iran, and North Korea, which (post-StuxNet) would be significantly an active defense. He pretends that cyber attacks have not been used in the ISIS theater at all.

Of course they have. They’ve been going on so long they even made the Snowden leaks (as when NSA “accidentally” caused a blackout in Syria).

But it would be inconvenient to mention attacks on Syria (as distinct from its ally Iran), I guess, because it might raise even more questions about why we’d let ISIS get strong enough, largely using the Internet, to hit two European capitals without undercutting them in the most obvious way. It all makes a lot of sense if you realize we have, at the same time, been directing those resources instead at Bashar al-Assad.

With One Bombing Run Russia Gets the US to Acknowledge CIA’s “Covert” Regime Change Forces

For some time, a number of us have been tracking the collective forgetfulness about CIA’s acknowledged covert forces on the ground in Syria. I often point back to the day two years ago when Chuck Hagel confirmed our covert efforts in Syria in a congressional hearing, as well as Senate Foreign Relations Committee member frustration with their inability to get details on the acknowledged covert ops (that already numbered in the thousands, according to Tom Udall) there. Jim and I have written a slew of other posts about CIA’s covert forces there (one two three four five six seven are just a small sampling).

More recently, Adam Johnson caught NYT and Vox pretending CIA’s efforts don’t exist at all.

This past week, two pieces—one in the New York Timesdetailing the “finger pointing” over Obama’s “failed” Syria policy, and a Vox“explainer” of the Syrian civil war—did one better: They didn’t just omit the fact that the CIA has been arming, training and funding rebels since 2012, they heavily implied they had never done so.

To be fair, some intelligence reporters have done consistently good reporting on CIA’s covert war in Syria. But the policy people — especially the ones reporting how if Obama had supported “moderate” rebels sooner — usually pretend no one knows that Obama did support Qatar and Saudi-vetted liver-eating rebels sooner and they often turned out to be Islamists.

The selective ignorance about CIA’s covert operations in Syria seems to have been eliminated, however, with one Russian bombing run that targeted them.

Russia launched airstrikes in Syria on Wednesday, catching U.S. and Western officials off guard and drawing new condemnation as evidence suggested Moscow wasn’t targeting extremist group Islamic State, but rather other opponents of Bashar al-Assad’s regime.

One of the airstrikes hit an area primarily held by rebels backed by the Central Intelligence Agency and allied spy services, U.S. officials said, catapulting the Syrian crisis to a new level of danger and uncertainty. Moscow’s entry means the world’s most powerful militaries—including the U.S., Britain and France—now are flying uncoordinated combat missions, heightening the risk of conflict in the skies over Syria.

Thus far, of course, US officials are insisting that the anti-Assad troops Russia targeted are wholly distinct from ISIS (even while they remain silent about whether they’re Islamic extremists).

Secretary of State John Kerry met with Russian Foreign Minister Sergei Lavrov and said he raised U.S. concerns about attacks that target regime opponents other than Islamic State, also known as ISIS or ISIL. In Syria’s multi-sided war, Mr. Assad’s military—aided by Iran and the Lebanese Shiite group Hezbollah—is fighting both Islamic State and opposition rebel groups, some of which are supported by the U.S. and its allies.

[snip]

The U.S. and its allies were angry at the Russians on many scores: that they are supporting Mr. Assad; that they aren’t coordinating their actions with the existing, U.S.-led anti-Islamic State coalition; that they provided terse notice only an hour before their operations; that they demanded the U.S. coalition stay out of Syrian airspace; and that they struck in areas where anti-Assad rebels—not Islamic State—operate.

“It does appear that they were in areas where there probably were not ISIL forces, and that is precisely one of the problems with this whole approach,” said Mr. Carter, the U.S. defense chief.

This attempt to distinguish ISIS from the CIA-backed rebels will quickly lead to an awkward place for the Administration and its allies, not least because making any distinction will require providing details on the vetting process used to select these forces, as well as addressing the evidence of cooperation with ISIS or traditional al Qaeda in the past. Plus, the more the US argues these groups that aren’t entirely distinct from al Qaeda are entirely distinct from ISIS, it will make the Administration’s claim that the 2001 AUMF against Al Qaeda authorizes it to fight ISIS (in related news, DOJ just denied USAT’s FOIA request for 3 OLC documents making that case) really wobbly. Any claim Russia makes that these anti-Assad forces are also Islamic extremists (and therefore entirely legitimate targets in the fight against ISIS) will be based on intelligence that is no more shitty than US intelligence that they’re not, especially given that CentCom admits on the record it can’t even trust (much less vet) the communications it is getting from rebels on the ground about their coordination with al Qaeda. It will devolve into a he-said-she-said about whose claims are more suspect, Assad’s or the Saudis’ who’ve been pushing for regime change long before the Arab Spring gave then an opportunity to push it along.

And all the while, any pretense that CIA’s involvement is covert will grow more and more laughable. Reporting like this — which claims Putin has “hijacked” Obama’s war on ISIS when the content only makes sense if Putin has more urgently hijacked Obama’s regime change efforts against Assad — will become more and more laughable.

Whatever Russia’s entry does for the tactical confrontation (I have no hopes it will do anything but make this conflict even bloodier, and possibly expand it into other countries), it has clarified a discussion the US has always tried to obscure. There are plenty of US backed forces on the ground — which may or may not be Islamic extremists (see Pat Lang on this point) — whose priority is toppling Bashar al-Assad, not defeating ISIS. While there will be some interesting fights about who they really are in coming days (and whether CIA has already acknowledged that it inflamed Islamists with its regime change efforts), American priorities will become increasingly clear.

Make no mistake: I am not defending Russia, Syria, our vetted “moderate” rebels, Saudi Arabia, or anyone else. It’s a volatile situation and none of the outside intervention seems to be helping. But one big reason we’ve been failing is because we’ve been lying publicly about the forces on the ground. Those lies just got a lot harder to sustain.

(As always on the Syrian quagmire, see Moon of Alabama’s latest.)

While We’re Investigating Intelligence Failures on Syria…

For the past several weeks, we’ve had a series of stories about how the intelligence on ISIS was cooked — at least within DIA. I had grand plans to write some posts on it — to track DIA’s past recent politicization (which I think should raise some skepticism about these claims, though I find them largely credible), to how the story has developed, and to a number of things that likely aren’t even being considered in whether the intelligence is cooked (such as whether treating ISIS as a terrorist group serves an analytical disservice).

Ah well — the posts that might have been.

But amid that frenzy about politicized Syria intelligence, the Guardian reports that in 2012 Russian ambassador Vitaly Churkin offered up Bashar al-Assad as part of a proposed peace deal, purportedly at his government’s direction.

Russia proposed more than three years ago that Syria’s president, Bashar al-Assad, could step down as part of a peace deal, according to a senior negotiator involved in back-channel discussions at the time.

Former Finnish president and Nobel peace prize laureate Martti Ahtisaari said western powers failed to seize on the proposal. Since it was made, in 2012, tens of thousands of people have been killed and millions uprooted, causing the world’s gravest refugee crisis since the second world war.

Ahtisaari held talks with envoys from the five permanent members of the UN security council in February 2012. He said that during those discussions, the Russian ambassador, Vitaly Churkin, laid out a three-point plan, which included a proposal for Assad to cede power at some point after peace talks had started between the regime and the opposition.

But he said that the US, Britain and France were so convinced that the Syrian dictator was about to fall, they ignored the proposal.

[snip]

“The most intriguing was the meeting I had with Vitaly Churkin because I know this guy,” Ahtisaari recalled. “We don’t necessarily agree on many issues but we can talk candidly. I explained what I was doing there and he said: ‘Martti, sit down and I’ll tell you what we should do.’

“He said three things: One – we should not give arms to the opposition. Two – we should get a dialogue going between the opposition and Assad straight away. Three – we should find an elegant way for Assad to step aside.”

I’m not so sure I buy this was a real offer from Russia. Possibly it was a trial balloon designed to prove that on Syria, as on Libya, the western powers were lying about their ultimate goals being regime change (though obviously this was an offer to remove Assad, though not his regime).

China Matters has a lot to say about this disclosure, arguing that it confirms his observation in the wake of a July 17, 2012 terrorist attack on Assad that the US was probably partnering with al Qaeda. Those posts are well worth reading (and the potential roles of David Petraeus and Hillary Clinton in such a scheme — one which Obama temporarily halted in summer 2012, only to reconsider it in 2013 — are equally worth considering).

But here’s the other question that must be raised from this article.

What the fuck kind of intelligence failure in 2012 had everyone in the US government believing that Assad was about to fall? I mean, I get that that was the conventional wisdom at the time (a CW China Matters rightly takes on in his post). But there were plenty of people (CM is one, Moon of Alabama another, Joshua Landis another) who were predicting Assad would be able to withstand that assault. Indeed, CM argues that Assad’s ability to withstand the July 2012 decapitation strike should have been the clue.

What sources were leading both the press and US intelligence to believe Assad was going to fall?

If you buy that the Russians were willing to make a reasonable deal of some sort in 2012, then the mistaken belief Assad was about to fall has been almost as catastrophic as the intelligence failures that got us into the Iraq War in terms of deaths and dislocation. They’ve been far more damaging, at least thus far, than cooked intelligence on ISIS. That bad intelligence likely comes the same vicinity as the intelligence that said we could insert a small group of fighters in al Nusra’s vicinity without the al Qaeda affiliate responding.

Admittedly, it’s likely there has been some internal accountability for this intelligence failure. David Petraeus probably could have withstood sharing code word intelligence with his mistress, after all. And Bandar bin Sultan, who surely was in charge of this effort, lost the Saudi intelligence portfolio.

But it is likely we’re taking advice from the same people as we did then, with the same disastrous consequences. Which go far beyond fluffing US success against ISIS.

Neoliberalism Helped Syrian Banks Evade Sanctions

I’ve written a lot about how neoliberalism has been counterproductive for any soft war we’re waging against ISIS, Russia, or China. We keep forcing allies and client states — including post Arab Spring Egypt and, especially, Ukraine — to adopt neoliberal policies. That creates more instability at precisely the time the new regime (like it or not) is trying to consolidate.

Neoliberalism doesn’t offer much benefit for many of the hearts and minds we’d like to win over.

But it has helped someone.

According to this fascinating WaPo analysis (and underlying study), the reason Syrian elites and their banks have been able to withstand sanctions is because Bashar al-Assad adopted (mixed) neoliberal policies when he assumed control. It created an interconnected elite whose ties with were Assad more inextricably linked than they had previously been, such that people doing business with sanction targets have too much invested in the regime itself to stop doing business with the sanctioned entities.

Bashar aimed to revamp the three decades of populist structure in an ‘authoritarian upgrading’ to pursue neoliberal economic policies, eventuallyshifting public assets to a network of crony capitalists close to the regime. The abandonment of socialist policies in a post-populist era culminated with the establishment of the Damascus Securities Exchange (DSE) in 2009. The number of firms listed on the exchange has since grown, even after 2011, and currently comprises 23 companies spanning sectors such as transport, media, industry, agriculture, banking and insurance.

[snip]

The newly established Syrian private banking system redistributed the monopolistic market share of public banks with private lenders, while maintaining a degree of protectionism so the state-owned banks preserved their banking services monopoly. This arrangement was part of what Raymond Hinnebusch termed a ‘middle way’ of allowing the expansion of the private sector while ostensibly reforming state owned enterprises.

The booming private banks attracted politically connected businessmen, including many former politicians and senior security officials, natural partners for foreign institutional investors for whom a 49 percent Syrian ownership was required for an operating license until 2010.

[snip]

Thorough review of disclosures made by publicly listed private banks on the DSE indicate a similar trend, in which prominent Syrian businessmen— some of whom have been sanctioned for their support to the regime— own a substantial number of shares and even sit on the board of directors in multiple banks. As my research shows, there are at least 23 individual investors whose shareholdings exceed 1 million shares. With more than 36 million shares in aggregate, these individuals make up at least 4.5 percent of overall shares of private banks and 11 percent of total retail investors’ stock ownership.

This is symptomatic of the emergence of a new generation of ‘regime businessmen,’ whose relationship with the state transformed from a de facto alliance since Bashar al-Assad came to power to the central backbone of the regime now. Through joint business ventures and inter-family marriages, this alliance translated into the regime businessmen’s dominance of profitable sectors, including energy, banking and finance, construction, and tourism, and has in turn ensured the regime’s economic survival.

[snip]

Most of these businessmen have substantial investments in the country that outweighed their overseas assets and commercial interests. Their inextricable connections with the ruling political elite have made them highly invested in the survival of the regime.

I suspect the same is true of Russia.

That’s not all that surprising. With the exception of the largest banks, our business elite is pretty committed to the US regime, largely as a result of the cronyist benefits that those ties afford.

Indeed, the analysis raises more general questions about whether neoliberalism makes dangerous regimes more resilient.

But I also note the irony.

Emergency Fundraising Succeeds: World Food Programme Restarts Suspended Aid for Syrian Refugees

A week ago today, I pointed out the moral depravity of a situation in which the US never hesitates to find funding to increase air strikes and the flow of weapons into Syria and other fronts in the battle against ISIS while the UN World Food Programme was forced to suspend emergency food aid to 1.7 million Syrian refugees due to a funding shortfall. There is a rare bit of good news on that front, as the WFP announced today that the emergency appeal for funds has made up for the shortfall and food aid is restarting. In fact, more than $80 million has been raised, so some funding will carry over into January.

It appears that private donations made up only a small part of this influx of funds:

Among individuals contributing online through wfp.org, the third largest number by nationality were Syrians, after Americans (first) and Canadians (second). The online campaign featured Aloe Blacc’s song “I Need A Dollar” as the soundtrack for the #ADollarALifeline video which launched on social media channels. Almost 14,000 individuals and private sector donors in 158 countries contributed US$1.8 million dollars.

It is indeed heartwarming to see so many individuals step up to do what they can. However, considering how many US amoral contractors are making outrageous amounts of money shipping weapons into the region, I find it repulsive they didn’t make up the funding shortfall entirely on their own. Just their lobbying funds alone could have taken that hit without affecting their other funds. We have not yet gotten the list of countries that stepped up for the bulk of the emergency funds nor how much each gave, but we can only hope that the countries doing the most meddling in the region are also providing the most funding for the residents they have displaced.

Sadly, this stopgap funding is merely the beginning. The New York Times reports this morning that the UN’s budget request for 2015 for all humanitarian assistance will go up 27% over the amount needed in 2014:

The appeal, a barometer of the global impact of wars and disasters, calls for 27 percent more funding in 2015 than the amount requested a year ago for 2014 and is intended to aid more than 57 million people in 22 countries.

The number of people affected by conflict “has reached record levels” for the post-World War II era, Valerie Amos, the United Nations emergency aid chief, told a news conference in Geneva. She said that aid agencies had assessed that 78 million people were in need of assistance, but the appeal targeted only the most vulnerable.

Nearly three-quarters of the funds were designated for just four crises: in Syria, Iraq, South Sudan and the protracted but little-reported conflict in Sudan. Other priorities included the Central African Republic, Somalia, the Democratic Republic of Congo and Yemen.

The number of people displaced by conflict reached the highest level since World War II at the end of 2013 but is still rising “exponentially,” António Guterres, the United Nations refugee chief, told the news conference, climbing to 32,000 a day last year from 14,000 a day in 2011. In 2014, he said, the figure would certainly have increased further.

Given the US role in those countries leading the way in terms of number of refugees, it is fitting that a large portion of the costs of caring for the refugees should fall to us as well. And of course, those first two are problem areas very much because of our meddling. We broke Iraq and have continued to feed its dysfunction ever since. We helped start the unrest in Syria, too. In fact, as the torture report drops today, don’t forget that we relied on Bashar al-Assad as an “ally” for outsourcing of torture early in that program, so getting rid of him is needed to help hide what we did.

However, I still long for the day when the US response to a crisis gets out of the “which group do we fund” approach and instead looks to “how can we help the people” as the approach that will work. As we see from the record numbers of displaced people, our approach now spreads hunger and death. What would happen if instead of sending in weapons, we sent in food, housing construction materials and medical assistance? What if we even actively excluded weapons from these areas?

Of course, that has little chance of happening in our lifetimes. In the meantime, your donations for assistance to Syrian refugees can be made here and the WFP provides updates here.