Posts

SSCI’s Asymmetric Interest in Partisan Use of Oppo Research

/16 Comments/in , /by

As I’ve said in past post, the SSCI Report on Russia is better than I expected, but it has some significant gaps (which I’ll discuss in more detail once I’m done reading the whole thing). One fairly inexcusable asymmetry in the committee’s interests, however, pertains to how the two parties dealt with the oppo research floating around in the summer of 2016.

Here’s some of the discussion of SSCI’s effort to figure out how much of Steele’s information got back to both the Clinton campaign and the DNC.

(U) Simpson implied in his interview with the Committee-but would not state outright-that Perkins Coie knew he had hired a subcontractor, along with pursuing other overseas iines of inquiry. 5722 In his book, Simpson said that Elias “had never even heard of Steele. While Elias was aware that Fusion had engaged someone outside the United States to gather information on Trump’s ties to Russia, he did not ask who it was or what the person’s credentials were.”5723 –

(U) Elias represented that the charges associated with Fusion GPS were around $60,000 per month, unevenly split between the Clinton Campaign and the DNC, including the $10,000 per-month fee paid to Perkins Coie.5724

(U) The Committee was unable to fully establish how much of the Steele information was actually transferred to the DNC and the Clinton Campaign. As a general practice, Fusion GPS passed research back to Elias weekly, sending both original source materials and summary documents.5725 Simpson would not say whether or when he gave the memos to Perkins Coie.5726 Elias, through counsel, did not provide details on what information he provided to the DNC or the Clinton Campaign, citing attorney-client privilege. His attorneys conveyed that he provided “advice on communications strategies and the information from.Fusion when warranted. Such information was infrequent, provided orally, and given to both the Clinton Campaign and the DNC.”s121

(U) Robby Mook told the Committee that counsel starting in the summer had briefed him, Podesta, Clinton Campaign Communications Director Jen Palmieri, Jake Sullivan, and Glenn Caplan (a communications staffer) on “pieces of the reporting” in the dossier.5728 The briefings were oral, generally, but Mook remembered one paper memo that counsel distributed then retrieved at the end of the meeting.5729 Palmieri told the Committee she never saw the dossier during the campaign, but she also recalled the Elias briefings: “I don’t recall the term ‘dossier’ being used. He had reports. Some of the things … that I know are in the dossier. Some of the things that I have read are in the dossier I had heard about from Marc, including the famous encounter at the hotel.”573° Congresswoman Debbie Wasserman Schultz told the Committee she had no awareness of the dossier, Steele, or Simpson, until the dossier and those names appeared in the press.5731

(U) The Committee also asked Mook whether he fourid the briefings by Elias to be alarming enough to warrant sharing the information with law enforcement. Mook said “No, I don’t recall ever feeling like we had sufficient evidence to go to law enforcement with anything. “5732

SSCI not only interviewed key people from both the campaign and the party (elsewhere, the report also describes what Donna Brazile and John Podesta knew, when), but it tried to understand the communication between them, even though that communication was attorney-client privileged in the same way coordinated attempts to doctor statements to the committee were privileged.

Here is the extent of SSCI’s curiosity in response to learning, from Rick Gates’ 302s and the Mueller Report, that the Trump campaign was working with the RNC to optimize WikiLeaks releases.

(U) Nonetheless, a possible WikiLeaks release appeared central to the Campaign’s · strategic focus. For example, after the June 12 announcement by Assange, Gates described learning from Manafort that the RNC was “energized” by the potential of a WikiLeaks release. Further, Manafort told Gates that the RNC was going to “run the WikiLeaks issue to ground.”1492 Trump and Kushner were reportedly willing to “cooperate” with the RNC’s efforts on this front, overcoming their earlier skepticism of working with the RNC, and demonstrating that both were focused on the possibility of WikiLeaks. releasing Clinton documents. 1493

1492 (U) FBI, FD-302, Gates 4/10/2018. Gates also said that the RNC “indicated they knew the timing of the upcoming releases,” but did not convey who specifically had this information, how it was acquired, or when. The RNC has denied that it had advance knowledge of the timing of WikiLeaks releases.

1493 (U) Ibid It is not clear to the Committee exactly when the notion of cooperation between the RNC and the Campaign arose, and Kushner never mentioned it in any interviews with the Committee. However, the context of these statements suggests that this was in response to early warnings about a pending WikiLeaks d9cument dump and before the July 22 release occurred. The Committee did not examine the RNC’s activity or its interactions with the Campaign on this topic. [my emphasis]

This is supposed to be a counterintelligence investigation of the ways that dalliances with foreign actors might compromise American security. RNC efforts to maximize the impact of documents stolen by Russia had just as much a possibility of compromising those involved as Trump’s own efforts.

And yet, SSCI was far more concerned about Democratic awareness of a report that — the SSCI report makes clear — was done by a guy (Steele) described as having no partisan leanings besides being anti-Putin working for a guy (Glenn Simpson) who didn’t much care for the Clintons but who wanted to make a buck off research already completed.

Speech and Email Release: The Three Public Statement Signals Tied to Russia’s Dirt-as-Emails

/36 Comments/in , , /by

In this post I did a timeline of all the known George Papadopoulos communications. The timeline made something clear: on two occasions, Papadopoulos alerted Ivan Timofeev to something in a Trump speech. On each occasion, something happened with emails. And there may actually be a third instance of Papadopoulos signaling to his handler.

April 26 notice of emails precedes Trump’s April 27 speech including a “signal to meet”

First, on April 26, 2016, over breakfast London time, he learned the Russians had thousands of email as dirt on Hillary Clinton.

On or about April 26, 2016, defendant PAPADOPOULOS met the Professor for breakfast at a London hotel. During this meeting, the Professor told defendant PAPADOPOULOS that hehadjust returned from a trip to Moscow where he had met with high level Russian government officials. The Professor told defendant PAPADOPOULOS that on that trip he(the Professor) learned that the Russians had obtained “dirt” on then-candidate Clinton. The Professor told defendant PAPADOPOULOS, as defendant PAPADOPOULOS later described to the FBI, that “They [the Russians] have dirt on her”; “the Russians had emails of Clinton”; “they have thousands of emails.”

The next day he discusses his outreach to Russians with both Stephen Miller and Corey Lewandowski. He emails Miller to say he “Ha[s] some interesting messages coming in from Moscow about a trip when the time is right.” And he emails Lewandowski, apparently asking to speak by phone, “to discuss Russia’s interest in hosting Mr. Trump. Have been receiving a lot of calls over the last month about Putin wanting to host him and the team when the time is right.”

That all happened while Papadopoulos was helping draft Trump’s first speech, in which Trump said,

We desire to live peacefully and in friendship with Russia and China. We have serious differences with these two nations, and must regard them with open eyes, but we are not bound to be adversaries. We should seek common ground based on shared interests.

Russia, for instance, has also seen the horror of Islamic terrorism. I believe an easing of tensions, and improved relations with Russia from a position of strength only is possible, absolutely possible. Common sense says this cycle, this horrible cycle of hostility must end and ideally will end soon. Good for both countries.

Some say the Russians won’t be reasonable. I intend to find out. If we can’t make a deal under my administration, a deal that’s great — not good, great — for America, but also good for Russia, then we will quickly walk from the table. It’s as simple as that. We’re going to find out.

As the NYT revealed the other day, Papadopoulos helped draft that speech, and he told Timofeev that it was the “signal to meet.”

Papadopoulos was trusted enough to edit the outline of Mr. Trump’s first major foreign policy speech on April 27, an address in which the candidate said it was possible to improve relations with Russia. Mr. Papadopoulos flagged the speech to his newfound Russia contacts, telling Mr. Timofeev that it should be taken as “the signal to meet.”

So the Russians mentioned emails, and the next day Papadopoulos delivered a speech that signaled (at least according to Papadopoulos, who at times oversold these things) Trump’s interest in meeting.

July 21 RNC speech precedes the WikiLeaks dump

A second coincidence comes in July. On July 21, a week after Papadopoulos informed Timofeev that a ““meeting for August or September in the UK (London) with me and my national chairman” had been approved, he then messages Timofeev the day of Trump’s RNC speech, saying, “How are things [Timofeev]? Keep an eye on the speech tonight. Should be good.” This message is one of the ones he tried to destroy by nuking his Facebook account after his second interview with the FBI last February.

Trump’s RNC speech included no mention of Russia. But it did include an indictment of Hillary’s actions as Secretary of State, focusing on a number of the issues that lay behind Putin’s loathing of Hillary.

Another humiliation came when president Obama drew a red line in Syria – and the whole world knew it meant nothing.

In Libya, our consulate – the symbol of American prestige around the globe – was brought down in flames. America is far less safe – and the world is far less stable – than when Obama made the decision to put Hillary Clinton in charge of America’s foreign policy.

I am certain it is a decision he truly regrets. Her bad instincts and her bad judgment – something pointed out by Bernie Sanders – are what caused the disasters unfolding today. Let’s review the record. In 2009, pre-Hillary, ISIS was not even on the map.

Libya was cooperating. Egypt was peaceful. Iraq was seeing a reduction in violence. Iran was being choked by sanctions. Syria was under control. After four years of Hillary Clinton, what do we have? ISIS has spread across the region, and the world. Libya is in ruins, and our Ambassador and his staff were left helpless to die at the hands of savage killers. Egypt was turned over to the radical Muslim brotherhood, forcing the military to retake control. Iraq is in chaos.

Iran is on the path to nuclear weapons. Syria is engulfed in a civil war and a refugee crisis that now threatens the West. After fifteen years of wars in the Middle East, after trillions of dollars spent and thousands of lives lost, the situation is worse than it has ever been before.

[snip]

We must abandon the failed policy of nation building and regime change that Hillary Clinton pushed in Iraq, Libya, Egypt and Syria. Instead, we must work with all of our allies who share our goal of destroying ISIS and stamping out Islamic terror.

The focus on Syria is key: remember that Jared Kushner explained his request to Sergei Kislyak for a Russian-run secure back challenge as an effort to cooperate on Syria.

The Ambassador expressed similar sentiments about relations, and then said he especially wanted to address U.S. policy in Syria, and that he wanted to convey information from what he called his “generals.” He said he wanted to provide information that would help inform the new administration. He said the generals could not easily come to the U.S. to convey this information and he asked if there was a secure line in the transition office to conduct a conversation. General Flynn or I explained that there were no such lines. I believed developing a thoughtful approach on Syria was a very high priority given the ongoing humanitarian crisis, and I asked if they had an existing communications channel at his embassy we could use where they would be comfortable transmitting the information they wanted to relay to General Flynn.

So it’s possible the attacks on Hillary’s Syria policy were a signal — as the earlier speech’s call for engagement with Russia apparently was — to Timofeev.

In any case, the next day, WikiLeaks started releasing the DNC emails, just in time to bollox the DNC (though I maintain that forcing the Democrats to finally fire Debbie Wasserman Schultz was a necessary move).

A possible third message?

Which brings us to a possible third signal. Another of the Facebook messages that Papadopoulos attempted to destroy was a link he shared with Timofeev to this interview. Among the other things Papadopoulos says in the interview is that sanctions on Russia have hurt the US.

Q.: Do you agree that the U.S. sanctions against Russia did not help to resolve the crisis in Ukraine?

A.: Sanctions have done little more than to turn Russia towards China as a primary market for Russian goods, services and energy. It is not in the interest of the West to align China and Russia in a geopolitical alliance that can have unpredictable consequences for U.S. interests in the South China Sea, Eastern Mediterranean and Middle East.

[snip]

Q.: Your professional background is related to global energy. Do you agree that European countries should reduce their dependence on Russian energy?

A.: The U.S. and Russia will compete over both the European and Pacific gas markets. This is inevitable. Unfortunately for the U.S., sanctions on Russia have resulted in massive energy deals between Russia and China.

Papadopoulos also poo poos the idea of expanding NATO.

Q.: How do you see the future of NATO? Do you support a further expansion of the alliance? If so, do you think that NATO should take into the account Russia’s concerns regarding this issue?

A.: If NATO is to expand, all new members must spend the required 2% of GDP on defense expenditure. Currently only five members do. Without a common mission that all countries subscribe to, or the pledge that all members spend 2% of GDP on defense, the alliance in its current form is likely not sustainable. The three largest threats NATO will have to combat over the next couple decades will be a rising and belligerent China, radical Islam and a nuclear Iran. Russia can be helpful in mitigating the dangerous consequences of these three forces colliding simultaneously.

Q.: You did not answer the question on whether you would support a possible NATO extension or not. Russia has repeatedly expressed its concerns about NATO’s military infrastructure moving toward Russia’s borders…

A.: We should look at the circumstances. If mutual confidence between our countries exists, then we will better understand the expectations of each other, and we can more accurately define the ‘red lines‘ which cannot be crossed. However, what is happening today between Russia and NATO, and between Russia and the West in general, creates an extremely dangerous and unstable situation in which every incident could become fatal.

An interview with a policy advisor is nowhere near as momentous as a speech from Trump. But by this point — the NYT informs us — Papadopoulos’ interventions were being reviewed closely by the campaign. So it’s likely this was closely vetted.

Papadopoulos shared that link on October 1. Later that week, the John Podesta emails started coming out.

The timing wasn’t dictated by these speeches

Let me make something clear: I’m not saying that the timing of these email releases were dictated by the speeches. Of course they weren’t. They were timed to do maximal damage to the Hillary campaign (not incidentally, in a way that coincided with the “later in the summer” timing Don Jr asked for in his communications with Rob Goldstone).

Rather, I’m saying that Papadopoulos seems to have been signaling Timofeev, and those signals closely mapped to email releases.

And those signals are among the things he tried to destroy.

Why Did Guccifer 2.0 Keep Harping on VAN?

/16 Comments/in , /by

One problem with the skeptics’ claims that Guccifer 2.0 is not Russian, but instead a Democrat or Crowdstrike blaming Russia, is they misread how his original post responded to the WaPo article announcing the hack. The assumption at the time was that Guccifer 2.0 was disinformation to disclaim the attack. But it more immediately discredited the claims the Democrats and Crowdstrike made to WaPo.

There’s Shawn Henry’s claim the hackers took just two documents.

The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.

In response Guccifer 2.0 posted eleven documents and taunted Crowdstrike.

Shame on CrowdStrike: Do you think I’ve been in the DNC’s networks for almost a year and saved only 2 documents? Do you really believe it?

[snip]

I guess CrowdStrike customers should think twice about company’s competence.

Fuck the Illuminati and their conspiracies!!!!!!!!! Fuck CrowdStrike!!!!!!!!!

There’s the bizarre pitch suggesting that only documents affecting Trump had been stolen, describing it as typical foreign espionage (which APT 29 might have been doing).

the entire database of opposition research on GOP presidential candidate Donald Trump

[snip]

The DNC said that no financial, donor or personal information appears to have been accessed or taken, suggesting that the breach was traditional espionage, not the work of criminal hackers.

[snip]

“It’s the job of every foreign intelligence service to collect intelligence against their adversaries,” said Shawn Henry, president of CrowdStrike, the cyber firm called in to handle the DNC breach and a former head of the FBI’s cyber division.

Guccifer 2.0 did post a Trump document. But the DNC, Hillary, and Crowdstrike should have known that (even if there had been one stolen) it wasn’t the one they had in mind. That was a document stolen from Podesta, not the DNC.

Which would have been a response — one her aides might understand, but the rest of us would not — to this claim by Hillary.

Clinton called the intrusion “troubling” in an interview with Telemundo. She also said, “So far as we know, my campaign has not been hacked into,” and added that cybersecurity is an issue that she “will be absolutely focused on” if she becomes president.

Because it would have been a sign that, indeed, her campaign had been hacked.

Similarly, by posting documents that dated from months earlier, Guccifer 2.0 would have made it clear to DWS that her lie — that the DNC responded quickly — could be exposed.

“The security of our system is critical to our operation and to the confidence of the campaigns and state parties we work with,” said Rep. Debbie Wasserman Schultz (Fla.), the DNC chairwoman. “When we discovered the intrusion, we treated this like the serious incident it is and reached out to CrowdStrike immediately. Our team moved as quickly as possible to kick out the intruders and secure our network.”

Finally, there’s Michael Sussman’s claim that no donor or voter information was stolen.

CrowdStrike is continuing the forensic investigation, said Sussmann, the DNC lawyer. “But at this time, it appears that no financial information or sensitive employee, donor or voter information was accessed by the Russian attackers,” he said.

Guccifer 2.0 proved that wrong by posting a number of financial documents.

In other words, the initial post was designed to discredit anything Crowdstrike and Democrats said. More importantly, it included a number of threats that Hillary and her aides should have recognized: Guccifer 2.0 had more, had more of the stuff closer to Hillary.

This was dick-waving, not obfuscation (which is consistent with what we see in the documents, and consistent with what I understand was left in some of the servers). It’s just that most of the public wouldn’t have seen that dick-waving; just the Democrats and Crowdstrike would.

Which is why I want to return to something that commentators have long been hung up on: Guccifer 2.0’s claim to have gotten in through VAN.

The DNC had NGP VAN software installed on their system so I used the 0-day exploit and then deployed my backdoor.

I suspect his reference to zero-days was actually a further taunt to Dmitri Alperovitch, who had fluffed up the Russians in the original WaPo.

The two crews have “superb operational tradecraft,” he said. They often use previously unknown software bugs — known as “zero-day” vulnerabilities — to compromise applications.

But why did dick-wagging Guccifer 2.0 focus on VAN? One obvious reason is that it invoked the events of December, when a Bernie staffer got fired for having saved Hillary files when the wall between the two campaigns in VAN came down, literally at the moment the Sanders campaign finished their best fundraiser to date. That is, it might be that VAN just invoked a really sore subject between the two sides.

Guccifer 2.0 may have raised it because Crowdstrike was brought in and did a cursory review to endorse the official view. Had Crowdstrike done more at the time, it they might have discovered the Russians.

The reason I ask, though, is that Guccifer 2.0 kept harping on VAN. A big file that has been the focus of recent attention — in the last few days credibly shown to come from the same file set as the documents later released falsely labeled as Clinton Foundation documents — was called NGP VAN, even though the file has nothing to do with VAN.

Notably, too, some of the last files stolen and shared with WikiLeaks included a series providing VAN access to the finance team. That is, one of the last things that happened before Russia got dumped from the system is a new set of VAN passwords got set up.

Amid the discussion of how the Russians got targeting data, I think it worth noting that having VAN access would have provided a lot of the information the Russians would have wanted.

Even (Especially?) the FBI Is Susceptible to Fake News

/18 Comments/in /by

The WaPo has an utterly dispiriting story providing more detail on a document first revealed in this big NYT story on Jim Comey. Here’s how the NYT described it:

During Russia’s hacking campaign against the United States, intelligence agencies could peer, at times, into Russian networks and see what had been taken. Early last year, F.B.I. agents received a batch of hacked documents, and one caught their attention.

The document, which has been described as both a memo and an email, was written by a Democratic operative who expressed confidence that Ms. Lynch would keep the Clinton investigation from going too far, according to several former officials familiar with the document.

Read one way, it was standard Washington political chatter. Read another way, it suggested that a political operative might have insight into Ms. Lynch’s thinking.

[snip]

The document complicated that calculation, according to officials. If Ms. Lynch announced that the case was closed, and Russia leaked the document, Mr. Comey believed it would raise doubts about the independence of the investigation.

But as the WaPo reveals, the document was not an email, but rather a Russian document purportedly reporting on email. And while in August the FBI deemed the document a hoax, it took five months — covering the all important July announcement ending the Hillary investigation — to get to that point.

The document, obtained by the FBI, was a piece of purported analysis by Russian intelligence, the people said. It referred to an email supposedly written by the then-chair of the Democratic National Committee, Rep. Debbie Wasserman Schultz (D-Fla.), and sent to Leonard Benardo, an official with the Open Society Foundations, an organization founded by billionaire George Soros and dedicated to promoting democracy.

The Russian document did not contain a copy of the email, but it described some of the contents of the purported message.

[snip]

Comey had little choice, these people have said, because he feared that if Lynch announced no charges against Clinton, and then the secret document leaked, the legitimacy of the entire case would be questioned.

From the moment the bureau received the document from a source in early March 2016, its veracity was the subject of an internal debate at the FBI. Several people familiar with the matter said the bureau’s doubts about the document hardened in August when officials became more certain that there was nothing to substantiate the claims in the Russian document. FBI officials knew the bureau never had the underlying email with the explosive allegation, if it ever existed.

Yet senior officials at the bureau continued to rely on the document as part of their justification for how they handled the case before and after the election.

As the WaPo lays out, the FBI hadn’t even asked Loretta Lynch, much less the other participants in the alleged emails, about them before Comey used the document to justify his July statement on the investigation into Hillary’s emails. They simply relied on it, in spite of the way a Debbie Wasserman Schultz and George Soros screams of the worst kind of fevered misinformation that circulated last year. Or, at a minimum, they acted based on the assumption that they couldn’t combat evidently fake news were it to leak.

We talk a lot about dumb ordinary voters who can’t sort through PizzaGate and Seth Rich conspiracies on their own.

But even the FBI, with all the investigative tools you can imagine, was unable to sort through fake news. And that had a role in one of the most significant events in last year’s election.

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

/29 Comments/in , , /by

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

The Democrats’ “Diversity Problem”

/17 Comments/in /by

[youtube]S_Rjj8onm2c[/youtube]

There was a bit of a stink after Chuck Todd suggested the Democrats wish they had the diversity the GOP showed at the RNC this week. Josh Marshall said it was, “one of the stupidest things I’ve ever heard anyone say.” And then Marshall and Todd debated about it over Twitter. At which point Todd made it clear that he was reporting what the Obama campaign had said to him.

And this is reported material btw, not pundit speculation.

Marshall pointed out how diverse the Democratic party is.

Dude. Actually, let me rephrase that … DUDE. Black prez. 2 asian-am sens, 1 Hisp sen, black gov. (1/3)

2 huge caucuses of hispanic & af-am lawmakers in House, do u really believe the dems “had to go” to a red state to (2/3)

To which Todd repeatedly suggested that this came from the Obama Administration and claimed he was talking about “high profile” positions.

how many govs and senators do the dems have on this front? That was my point. High profile positions

ask the Obama campaign if they wish they had govs and sens as diverse as GOP right now.

Now, frankly, I think Chuck Todd’s problem–in this particular instance–is that he repeated what the Obama campaign said to him, rather than pointing out how crazy the Obama campaign is. It’s not just diversity they want, it’s the right kind of diversity.

Which brings me to the Sunday shows, which include the following lineups–which presumably were made with the significant input of the Obama Administration. (h/t Elliott)

ABC’s This Week:  White House senior adviser David Plouffe.

 

CBS’ Face the Nation:Gov. Martin O’Malley (D-MD), former New Mexico Gov. Bill Richardson and Obama Deputy Campaign Manager Stephanie Cutter.
 

CNN’s State of the Union: Los Angeles Mayor Antonio Villaraigosa, Gov. Bev Perdue (D-NC), and Gov. Martin O’Malley (D-MD). Then, Obama Senior Campaign Adviser Robert Gibbs. Senior Romney Campaign Adviser Eric Fehrnstrom.
 

Fox News Sunday:DNC Chair Los Angeles Mayor Antonio Villaraigosa, Obama Campaign Senior Advisor David Axelrod.
 

NBC’s Meet the Press:Chicago Mayor Rahm Emmanuel.

The Latino Mayor of Los Angeles, a tainted but Latino former Governor of New Mexico, lots of dickish top campaign advisors, dickish Rahm, Governor O’Malley (who’s been a superb campaign surrogate).

And just two women, one Stephanie Cutter appearance and one appearance from the Governor of the state hosting the Convention.

Not even DNC Chair Debbie Wasserman Schultz, who whatever else I might say about her is also a terrific media figure. Read more

The Democrats Had Already Conceded the War on Women

/17 Comments/in /by

Curiously, in his chronology of the talking point, “the War on Women,” Dave Weigel doesn’t mention the actual terrorist attack on a Planned Parenthood clinic a few weeks back. Nor does Marc Ambinder in his thoughtful piece on the outrage mobilized by the term. And these men commenting on the Democratic Party’s effort to mobilize its tribes by raising outrage over the GOP’s treatment of women are right, up to a point. In DC, that metaphor, “War on Women,” has been cognitively divorced from what happens when a man conducts a terrorist attack (one not treated as a terrorist attack, mind you) on a clinic designed to help women access the same life choices men get by default.

In their review of the outraged response to Hillary Rosen’s suggestion that Ann Romney had never worked a day in her life, neither Weigel nor Ambinder nor just about anyone else noted the unspoken implication of Mitt Romney’s defense of his wife that raising their five children (with help, mind you) was a full time job. Mitt effectively admitted that he wasn’t doing the child-rearing–still a common gender assumption among men of Mitt’s age, but nevertheless stunning in the way no one noticed that Mitt admitted his role as father involves outsourcing all the child-rearing to the mother. The true scandal of the Hillary Rosen poutrage, IMO, is that no one considered the flip side of Ann’s full-time job as mother: Mitt’s abdication of child-rearing as a father. Sure. When his boys were little, he was a busy man and all that–he had people to fire and jobs to outsource. But he was able to focus so closely on those things because Ann did the parenting work for the two of them.

Meanwhile, the Democrats are still going to use GOP attacks on women as a political stunt. DNC Chair Debbie Wasserman Schultz tweeted or re-tweeted 7 comments about women’s issues yesterday, in addition to the seemingly mandatory condemnation of Rosen.

I was particularly amused by this DWS tweet:

Bottom line: Choice, affordable contraception, and Planned Parenthood are at stake in this election. http://j.mp/I6A8c0

As it happened, a few hours after DWS sent that tweet, I went to a Debbie Stabenow event hosted by a local women’s group. As we were waiting for the Senator to speak, a top county Democrat was sitting several rows behind me trying to convince some of the women not to support Trevor Thomas. “There is absolutely no way he can win,” the guy said (the polling says he’s wrong, and I suspect he knows that). In addition to saying a gay man can’t win, he also said a pro-choice person can’t win in the district (his listeners pointed out that Stabenow herself had won the district; so have at least two other pro-choice candidates). Then he described Steven Pestka, using the line Michigan Democrats used to defend Bart Stupak as he was rolling back access to choice for women across the country.

He’s with us on everything else.

Read more

Haynes’ Multiple Choice Memos

/38 Comments/in /by

Back in May, I wrote a post observing that when David Addington testified before the House Judiciary Committee, he seemed to be carefully choosing which August 1, 2002 Bybee Memo he answered questions about. For example, when Debbie Wasserman Schultz asks Addington whether he discussed torture methods described in the memo the Committee had been discussing (by context, the Bybee One memo), he response that that memo didn’t discuss torture methods.

Ms. WASSERMAN SCHULTZ. On any of the trips, did you discuss interrogation methods that were directly referenced in the memo that we have been discussing here for this hearing?

Mr. ADDINGTON. I am not sure I remember this memo having methods discussed in it, frankly. [my emphasis]

So he never answers a much more interesting question–whether he shared the Bybee Two memo–which did list torture methods–with those at Gitmo.

Curiously, Jim Haynes seems to be doing the same in the Questions for the Record following up on his testimony before the Senate Armed Services Committee.

36. Senator CLINTON. Mr. Haynes, do you recall when you received the August 1, 2002, OLC memorandum from Jay Bybee to Attorney General Gonzales regarding the legality of interrogation methods?

Mr. HAYNES. I do not recall precisely when I received a copy of the August 1, 2002 opinion interpreting 18 U.S.C. §§ 2340–2340A. Too much time has passed and I have now seen the memo in so many contexts that I can no longer be certain when I saw it for the first time. I cannot even recall whether I simply read the opinion al some point or whether I received a copy of the opinion and, if so, who transmitted the copy. I did, eventually, get a copy of that opinion, but I do not remember when I first got it.

From the context, Hillary may have referred to the Bybee One memo (the one equating torture with organ failure) using a description more apt for the Bybee Two memo (since the latter discussed the legality of interrogation methods).

But regardless of what Hillary meant to ask, Haynes crafts his answer to answer the question he wants to answer. She asks about the memo describing interrogation methods (which would be Bybee Two); he responds about the memo interpreting the statute (which would by Bybee One). 

Someone really ought to ask these thugs these same questions about the Bybee Two memo.

Addington’s Multiple Choice Torture Memos

/43 Comments/in /by

When I read the transcript from the House Judiciary Committee’s Assholes Who Torture hearing after the torture memos got released, one thing became clear. Addington was hiding his involvement with the Bybee Two memo (about techniques) by answering questions only about Bybee One.

Twice during the hearing, David Addington answered a question about the  Bybee One memo (abstract authorization for torture–which had been declassified long before this hearing), but made sure to clarify in the record that his answer pertained specifically to that memo. This suggests his answers may have been dramatically different had he been asked about the Bybee Two memo (concrete techniques–the one released last month). If I’m right, it suggests that Addington discussed the Bybee Two memo on his September 25, 2002 field trip to Gitmo with John Yoo, Jim Haynes, and John Rizzo (and others). 

In the first of these exchanges, Jerry Nadler asks Addington what role he had in drafting the Bybee memo (without specifying which one he meant).

Mr. NADLER.  Mr. Addington, It has been reported in several books and in the The Washington Post that you contributed to the analysis or assisted in the drafting of the August 1, 2002 interrogation memo signed by Jay Bibey. [sic] Is this correct?

Mr. ADDINGTON. No.

Mr. NADLER. You had nothing to do with that.

Mr. ADDINGTON. No. I didn’t say I had nothing to do with it. You asked if I assisted in contribution, and let me read to you something I think will be helpful to you.

Addington filibusters for a bit, so Nadler interrupts and instructs him to tell what his role was (did I mention this was the Assholes Who Torture hearing?). 

Mr. NADLER. Wait a minute. Mr. Addington, please, we don’t need all these quotes.

Mr. ADDINGTON. Okay.

Mr. NADLER. Just tell us what your role was, if you can.

Mr. ADDINGTON. Yes, I will.

At which point Addington asks precisely which one Nadler was talking about.

Mr. NADLER. Because you said it wasn’t nonexistant but you didn’t help shape it. So what was it?

Mr. ADDINGTON. Mr. Chairman, my recollection, first of all, I would be interested in seeing the document you are questioning me about. I think you are talking about a document of August 2002.

Mr. NADLER. Yes.

Mr. ADDINGTON. It would be useful to have that in front of me so I can make sure that what I am remembering relates to the document you have and not a lot of other legal opinions I looked at. Read more