Russia Archives - Page 3 of 7

Posts

FaceApp and Its Targeted Audience

July 21, 2019/23 Comments/in Cybersecurity /by Rayne

[NB: Please check the byline, thanks! /~Rayne]

You may have seen the buzz earlier this week across social media when cellphone users loaded and used a mobile app which applied an aging filter to a selfie photo so users could see a predictive image of their future face.

Except the vain and foolish downloaded an app developed in Russia — an app with the most ridiculous terms of service. More at this Twitter thread by @PrivacyMatters:

If you are thinking of using the #FaceApp consider Section 5 of the ToS & that you grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable licence to use your content (and which may be of your friends or colleagues)

— Privacy Matters (@PrivacyMatters) July 17, 2019

The app doesn’t make it easy to find their Terms of Service (TOS) or Privacy Policy, which to me is a red flag.

Russia does not fall under the EU’s Global Data Privacy Regulation, meaning users cannot have expectations of privacy and government oversight protecting their data. Russia ratified the Council of Europe’s Data Protection Convention 108 in 2013 but this appears to be little more than a head fake when Russians have taken Facebook data and used it for adverse micro-targeting against U.S. citizens in 2016. If the convention had been taken seriously, Russia’s government would also have investigated the Internet Research Agency for abusing personal data without users’ consent after the Department of Justice indicted IRA members.

The app’s developers say users’ data isn’t hosted in Russia, clarifying after initial inquiries that only a limited amount of each users’ data was hosted on Amazon Web Services and Google Cloud — but how would the average user be able to validate this claim? The question of hosting seems at odds with the developers’ explanation that

The Democratic National Committee issued a warning to 2020 campaigns that FaceApp should not be used and should be removed from devices.

It’s ridiculous that after the DNC was hacked and state election systems breached or targeted by Russia in 2016 that any sentient Democrat working or volunteering for a Democratic candidate’s campaign would be stupid enough to download and use this app, if they even read the TOS. But the viral popularity of the application and the platforms on which its output was most often shared likely propelled its dispersion even among those who should know better.

Which brings up the app’s targeted audience: younger people who share images frequently in social media.

The app required users’ social media identity; it captured the IMEI address of the device they were using. Imagine being able to TREASUREMAP all these users over the internet and LANs.

Finally, the app captured the users’ image for editing. Imagine this data linked to all of a user’s Facebook data, matched to their DMV records including their photo, validated by phone number if recorded by DMV.

It’d be insanely easy to ‘clone’ these users in both content and in photos and in videos using Deep Fake technology.

It’d be a snap to micro-target them for political messaging and to make threats using manufactured kompromat.

All of this should be particularly worrying since the audience for this application is the youngest voter age groups which are least likely to vote for Trump and the GOP.

And they are the largest portion of the U.S. military. Think of what the FitBit app disclosed to any snoopers watching military bases. How many users who downloaded FaceApp were active duty or their family members?

Imagine FaceApp and all the other social data, public and private, synced with their phone which reveals their physical location. These users are entirely touchable.

There’ve been quite a few rebuttals to those worried about FaceApp; most complain that such concerns are merely Russia-as-boogeyman fearmongering and that U.S. Big Tech and Chinese apps like TikTok are just as bad (or worse) about collecting too much personal data and misusing it without users’ consent. Or they minimize the risk by theorizing the estimated 150 million selfies collected may train a Russian facial recognition app without users’ consent.

Except Europeans can rely on the GDPR for recourse and Americans have recourse through U.S. laws; they can also press for changes in legislation (assuming the obstructive Senate Majority Leader pulls his thumb out of his backside and does something constructive for once).

One other concern not touched upon is that we don’t know what this particular app can do over the long run even if deleted.

Researchers looking at it now may find it is rather inert apart from the invasive collection of personal photos.

But what about future updates? Can this app push malware which can collect other information from users’ devices?

And what about the photos themselves, once captured and stored. Could the developers embed detailed tracking in the images just as Facebook has?

Bottomline: FaceApp is a huge security risk. It may not be the only one but it’s one we know about now.

We need to regulate not only personal data collection but applications which collect data — their developers must be more transparent and upfront with what the app does with data before the app is downloaded.

We also need to work with Big Tech platforms through which apps like FaceApp are downloaded. We’re back to the question whether they’re publishers or utilities and what role they play in enabling dispersion of apps which can be weaponized against users.

And we may need to institute some kind of watchdog to detect risks before they reach the public. Perhaps as part of the regulation of personal data collection a licensing or clearinghouse process should be established before apps are permitted access to the marketplace. Apple has done the best job of the Big Tech so far in policing which apps are permitted in its market. Should gatekeeping for national security interests rest solely on a few corporations, though?

This is an open thread.

Three Things: Nuke Rebuke

February 21, 2019/49 Comments/in Foreign Policy, Trump Administration /by Rayne

[NB: Note the byline, thanks! /~Rayne]

Looks like we need another open thread — here’s three things we should discuss.

~ 3 ~
You’ve probably seen the story this week about the rush to transfer nuclear technology to Saudi Arabia revealed to the House Oversight Committee by whistleblowers.

What I want to know: when did we have a public debate about nuclear proliferation? The House Oversight Committee has launched an investigation but Congress knew Michael Flynn had been up to hijinks with nuclear proliferation more than a year ago which Jim White wrote about here in 2017.

Did the GOP-led 115th Congress just roll over and play dead throughout all of 2018, simply forgetting we had laws against nuclear proliferation? There was a Senate Armed Services Committee hearing about our own weapons last April — what about proliferation abroad?

Why are we trying to denuclearize North Korea at the same time Trump administration officials are rushing to transfer nuclear technology to KSA?

What ensures KSA will use this technology for its own electricity generation instead of selling it or trading it to an entity hostile to U.S. interests?

What’s to keep NK from claiming they’ve denuclearized and then acquiring U.S. nuclear technology?

~ 2 ~
Speaking of North Korea, why is special envoy Stephen Biegun not on the same page with John Bolton?

Jesus Christ, don’t make me side with Bolton but what the hell is going on that Biegun is more worried about producing some flimsy pretense of a win for Trump at the expense of real progress?

Especially since Russia is negotiating with NK on nuclear technology transfer.

~ 1 ~
Has the Trump administration done anything at all to prepare for a no-deal hard Brexit? At this rate thanks to Theresa May’s hacktacular negotiations (or lack thereof), relations between the UK and EU will simply end

Which means the UK will be unable to import goods and clear them through customs on a timely basis, posing a realistic threat of a humanitarian crisis.

Has the U.S. State Department, led by Mike Pompeo, ensured the U.S. will be able to continue trade with the UK on an uninterrupted basis? Are we prepared to aid our ally if they have critical supply disruptions?

~ 0 ~I have the impression our foreign and nuclear policies are utterly trashed.

This is a open thread.

A Less Obvious Question about NYT’s Reporting on Trump-Russia

January 12, 2019/155 Comments/in 2016 Election, Mueller Probe, Trump Administration /by Rayne

[NB: As always, check the byline. /~R.]

Over the last several years, one thing has bothered me about The New York Times, something not immediately obvious in these related pieces of what may be the most important work the paper published since the early 2000s and the Iraq War. By “important” I don’t mean effective, nor do I mean constructive.

October 31, 2016 —

Investigating Donald Trump, F.B.I. Sees No Clear Link to Russia
POLITICS By Eric Lichtblau and Steven Lee Myers

WASHINGTON — For much of the summer, the F.B.I. pursued a widening investigation into a Russian role in the American presidential campaign. Agents scrutinized advisers close to Donald J. Trump, looked for financial connections with Russian financial figures, searched for those involved in hacking the computers of Democrats, and even chased a lead — which they ultimately came to doubt — about a possible secret channel of email communication from the Trump Organization to a Russian bank.

Law enforcement officials say that none of the investigations so far have found any conclusive or direct link between Mr. Trump and the Russian government. And even the hacking into Democratic emails, F.B.I. and intelligence officials now believe, was aimed at disrupting the presidential election rather than electing Mr. Trump. …

January 20, 2017 —

Trump, Russia, and the News Story That Wasn’t
PUBLIC EDITOR By Liz Spayd

LATE September was a frantic period for New York Times reporters covering the country’s secretive national security apparatus. Working sources at the F.B.I., the C.I.A., Capitol Hill and various intelligence agencies, the team chased several bizarre but provocative leads that, if true, could upend the presidential race. The most serious question raised by the material was this: Did a covert connection exist between Donald Trump and Russian officials trying to influence an American election?

One vein of reporting centered on a possible channel of communication between a Trump organization computer server and a Russian bank with ties to Vladimir Putin. Another source was offering The Times salacious material describing an odd cross-continental dance between Trump and Moscow. The most damning claim was that Trump was aware of Russia’s efforts to hack Democratic computers, an allegation with implications of treason. Reporters Eric Lichtblau and Steven Lee Myers led the effort, aided by others. …

May 16, 2018 —

Code Name Crossfire Hurricane: The Secret Origins of the Trump Investigation
POLITICS By Matt Apuzzo, Adam Goldman and Nicholas Fandos

WASHINGTON — Within hours of opening an investigation into the Trump campaign’s ties to Russia in the summer of 2016, the F.B.I. dispatched a pair of agents to London on a mission so secretive that all but a handful of officials were kept in the dark.

Their assignment, which has not been previously reported, was to meet the Australian ambassador, who had evidence that one of Donald J. Trump’s advisers knew in advance about Russian election meddling. After tense deliberations between Washington and Canberra, top Australian officials broke with diplomatic protocol and allowed the ambassador, Alexander Downer, to sit for an F.B.I. interview to describe his meeting with the campaign adviser, George Papadopoulos.

The agents summarized their highly unusual interview and sent word to Washington on Aug. 2, 2016, two days after the investigation was opened. Their report helped provide the foundation for a case that, a year ago Thursday, became the special counsel investigation. But at the time, a small group of F.B.I. officials knew it by its code name: Crossfire Hurricane. …

January 11, 2019 —

F.B.I. Opened Inquiry Into Whether Trump Was Secretly Working on Behalf of Russia
POLITICS By Adam Goldman, Michael S. Schmidt and Nicholas Fandos

WASHINGTON — In the days after President Trump fired James B. Comey as F.B.I. director, law enforcement officials became so concerned by the president’s behavior that they began investigating whether he had been working on behalf of Russia against American interests, according to former law enforcement officials and others familiar with the investigation.

The inquiry carried explosive implications. Counterintelligence investigators had to consider whether the president’s own actions constituted a possible threat to national security. Agents also sought to determine whether Mr. Trump was knowingly working for Russia or had unwittingly fallen under Moscow’s influence.

The investigation the F.B.I. opened into Mr. Trump also had a criminal aspect, which has long been publicly known: whether his firing of Mr. Comey constituted obstruction of justice. …

I can’t help wondering what NYT’s former former executive editor Jill Abramson would have done in 2016 when presented with a draft of what would become the October 31st article.

I can’t help wondering yet again, a handful of years later, what the real reasons were that Abramson was fired in May 2014 — during a mid-term election year — after a mere 32 months in that role. Her predecessor Bill Keller had been in that same role for eight years.

Admittedly, I don’t think much of current executive editor Dean Baquet‘s decisions, and not just about this particular story arc. But it’s this arc which really gives me pause about NYT’s editorial management, as does the irrational amount of coverage the NYT focused during the 2016 campaign season on Hillary Clinton’s emails.

Did we end up with this mess because a traditional media company had difficulty with a woman’s editorial management style? Or because she might be sympathetic to women running for public office?

You’ve got a lot to say about the NYT’s reporting on this topic. Go for it.

Three Things: Russia and China Spying, Kavanope

October 4, 2018/241 Comments/in Cybersecurity, Foreign Policy, Law, Russian hacks /by Rayne

[NB: Yes, it’s Rayne, not Marcy. Check the byline.]

Huge news earlier today related to spying. Really big. MASSIVE.

And a MASSIVE cover-up pawned off on the feeble-minded as a ‘complete investigation‘ into Dr. Ford’s and Deborah Ramirez’s accusations against Brett Kavanaugh.

~ 3 ~

Bloomberg published an epic piece of investigative journalism this morning about China’s spying on U.S. businesses by way of tiny chips embedded in server motherboards. The photos in the story are just as important as the must-read story itself as they crystallize a challenge for U.S. intelligence and tech communities. Like this pic:

That tiny pale obelisk to the right of the penny represents one of the malicious chips found in affected Supermicro brand motherboards shipped to the U.S. market — nearly as small as the numbers in the date on the coin. Imagine looking for something this puny before a machine is turned on and begins to launch its operating system. Imagine trying to find it when it is sandwiched inside the board itself, embedded in the fiberglass on top of which components are cemented.

The chip could undermine encryption and passwords, making any system open to those who know about its presence. According to Bloomberg reporters Jordan Robertson and Michael Riley, the chips found their way into motherboards used by Apple and Amazon.

Information security folks are scrambling right now because this report rocks their assumptions about the supply chain and their overall infosec worldview. Quite a few doubt this Bloomberg report, their skepticism heightened by the carefully worded denials offered by affected and relevant parties Apple, Amazon, Supermicro, and China. Apple provided an itemization of what it believed Bloomberg Businessweek got wrong along with its denial.

I’ll have more on this in a future post. Yes, indeedy.

~ 2 ~

A cooperative, organized response by Britain, The Netherlands, U.S., and Canada today included the indictment of seven Russians by the U.S. for conspiracy, conspiracy to commit wire fraud, wire fraud, aggravated identity theft, and conspiracy to launder money. The Russians have been identified as members of a GRU team organized out of a facility in Moscow, working on hacking and a disinformation influence campaign focused on anti-doping entities and non-Russian Olympic athletic competitors.

Note the underlined bit in this excerpt from the indictment (pdf) — the last indictment I copied with similar wording was that of Evgeny Buryakov and his two comrades, the three spies based in New York City who worked with “Male-1”, now known to be Carter Page. Who are the known and unknown? Persons who have flipped or co-conspirators yet to be named?

The UK released a statement as did the Canadians, and Netherlands issued a joint statement with the UK about the entirety of spying for which this GRU team is believed to be responsible, including an attempt to breach the Organisation for the Prohibition of Chemical Weapons’ (OPCW) facility analyzing the Novichok nerve agent used to poison the Skripals in the UK as well as chemicals used against Syrians.

Cryptocurrency news outlets report concerns that this indictment reveals the extent of USDOJ’s ability to trace cryptocurrency.

An interesting coincidence took place overnight as well — Russian Deputy Attorney General Saak Karapetyan died last night when an unauthorized helicopter flight crashed northeast of Moscow. Karapetyan had been linked this past January to Natalia Veselnitskaya and an attempt to recruit Switzerland’s top investigator as double-agents. But Karapetyan had also been involved in Russia’s response to the poisoning of Alexander Litvinenko and the aftermath of the Skripals’ poisoning in the UK.

What remarkable timing.

One might wonder if this accident had anything to do with the unusual release of GRU personnel details by the Dutch Military Intelligence and Security Service (MIVD) and the United Kingdom’s Ministry of Justice during their joint statement today.

By comparing the released identity documents, passports, automobile registrations and the address provided when cars were rented, the identities of a total 305 GRU agents may have been identified by bellingcat and The Insider including the four out of the seven men wanted by the U.S. for the anti-doping hackingas well as attempted breach of OPCW.

The identity of the four GRU agents accused of targeting the OPCW was cinched by a taxi receipt in one agent’s pocket from a location on the road next to the GRU’s facility in Russia. Four agents also had consecutive passport numbers.

What remarkably bad opsec.

~ 1 ~

As for the impending vote on Brett Kavanaugh:

– Senator Heidi Heitkamp is voting her conscience — NO on Kavanaugh.
– Senator Joe Manchin is now the lone Dem holdout; he says he’s still listening but hasn’t seen anything incriminating from Kavanaugh’s adulthood. (Gee, I wonder why.)
– Senator Bob Menendez didn’t mince words. He said “It’s a bullshit investigation.” (He should know what a thorough investigation looks like).

And the beer-loving former Yale frat boy had an op-ed published in the Wall Street Journal which pleads with us to lose all intelligence and believe that he is really very neutral. I am not even going to link to that POS which has re-enraged women all over the country.

GTFO.

Continue calling your senators to thank them for a NO vote on Kavanaugh so that they aren’t hearing right-wing demands alone. Congressional switchboard: (202) 224-3121

~ 0 ~

This is an open thread. Sic ’em.

Hybrid or Ambiguous, Asymmetric Warfare is Here to Stay

July 15, 2018/21 Comments/in Culture, Cybersecurity, Intelligence /by Rayne

[As always, check the byline — this is Rayne with another minority report.]

After the hacking of the U.S. Office of Personnel Management, I wrote in early 2013 about asymmetric warfare. At the time I was puzzled by Americans’ surprise at such an extensive breach of a government asset by China.

We were warned in 1999 by the PRC in a white paper, Unrestricted Warfare, written by two Chinese military officers. They told us what they perceived about U.S.’ defense stance and where they were likely to press given their perception of our weaknesses and strengths.

Our own military processed this warning; it was incorporated into a number of military white papers. The U.S. intelligence community likewise digested the same white paper and military assessments of the same.

And yet the U.S. was not ready for an asymmetric attack.

More disturbingly, we were warned in 2013 — possibly earlier — that Russia was adopting asymmetric warfare. Valery Gerasimov, Chief of the General Staff of the Armed Forces of Russia, wrote a paper discussing the application of “hybrid warfare” or “ambiguous warfare,” partially exemplified in Russia’s 2014 annexation of Crimea.

Our Defense Department analyzed Gerasimov’s Doctrine, as it is now known. The CNA, a nonprofit research and analysis organization working for DOD, published a paper defining “ambiguous warfare” (pdf):

“Ambiguous warfare” is a term that has no proper definition and has been used within U.S. government circles since at least the 1980s. Generally speaking, the term applies in situations in which a state or non-state belligerent actor deploys troops and proxies in a deceptive and confusing manner—with the intent of achieving political and military effects while obscuring the belligerent’s direct participation. Russia’s actions in Crimea and Ukraine clearly align with this concept, though numerous participants pointed out that it is not a new concept for Russia.

CNA even applied a term used by the U.S. to describe Russia’s military action in Crimea — and yet the U.S. was not ready for an asymmetric attack.

The earlier paper PRC paper, Unrestricted Warfare, elaborated,

War in the age of technological integration and globalization has eliminated the right of weapons to label war and, with regard to the new starting point, has realigned the relationship of weapons to war, while the appearance of weapons of new concepts, and particularly new concepts of weapons, has gradually blurred the face of war. Does a single “hacker” attack count as a hostile act or not? Can using financial instruments to destroy a country’s economy be seen as a battle? Did CNN’s broadcast of an exposed corpse of a U.S. soldier in the streets of Mogadishu shake the determination of the Americans to act as the world’s policeman, thereby altering the world’s strategic situation? And should an assessment of wartime actions look at the means or the results? Obviously, proceeding with the traditional definition of war in mind, there is no longer any way to answer the above questions. When we suddenly realize that all these non-war actions may be the new factors constituting future warfare, we have to come up with a new name for this new form of war: Warfare which transcends all boundaries and limits, in short: unrestricted warfare.

If this name becomes established, this kind of war means that all means will be in readiness, that information will be omnipresent, and the battlefield will be everywhere. It means that all weapons and technology can be superimposed at will, it means that all the boundaries lying between the two worlds of war and non-war, of military and non-military, will be totally destroyed, and it also means that many of the current principles of combat will be modified, and even that the rules of war may need to be rewritten.

In spite of this warning, the U.S. has not been adequately prepared for asymmetric warfare.

More importantly, the U.S. has not grasped what is meant that “all the boundaries lying between the worlds of war and non-war” no longer exist.

We are in a permanent state of non-war warfare.

And we were warned.

If the CNA’s paper is any indication, the U.S. has been blinded by the lens of traditional warfare. This is an unintended conclusion we can take away from this paper: we are smack in the middle of a debris field in which our entire democratic system has been rattled hard and our president and his dominant political party in thrall to at least one other country’s leader, without a single traditional combat weapon aimed and fired at our military. Yet the paper on “Russia’s ‘Ambiguous Warfare'” looked at the possible effect such war would have on traditional defense, making only the barest effort to include information warfare. The shoot-down over Ukraine of Malaysian Airline flight MH-17 carrying EU citizens offers an example — there is little mention in this paper of Russian and separatists’ efforts to mask the source of the shooting using information warfare, thereby managing to avoid an official invocation of NATO Article 5.

Perhaps the scale of our traditional defense spending and the commitment to sustaining this spending driven by both states’ economies and by corporatocracy locked us into an unwieldy and obstructive mindset unable to respond quickly to new threats. But PRC warned us in 1999 — we have no excuses save for a lack of imagination at national scale, combined with a detrimental perception of American exceptionalism.

If there is something we can still use in this permanent state of non-war warfare, it is one of the oldest lessons of warfare, transcending place, culture, and tradition:

All warfare is based on deception. … Keep him under strain and wear him down. When he is united, divide him. Attack where he is unprepared; sally out when he does not expect you. …

— Sun Tzu, The Art of War

What were we not expecting? For what were we not prepared? What form may the next ambiguous attack assume, and are we ready to defend ourselves?

More importantly, what does an effective, ambiguous offense look like?

Meanwhile, Over In Turkey . . .

February 19, 2018/31 Comments/in Sanctions, State Department /by Peterr

Well isn’t this interesting? From Diplopundit last Friday comes a post with this title: Tillerson Meets Erdoğan in Ankara With Turkish Foreign Minister as Interpreter. The post is a series of tweets from all kinds of media folks, which include some of these gems:

Nicholas Wadhams of Bloomberg News:

Secretary of State Tillerson is currently meeting with Turkey’s President Recep Tayyip Erdogan. He is the lone US representative and Turkey’s foreign minister is translating.

Rajib Soylu, Washington correspondent for Daily Sabah:

This is the second Erdoğan – Tillerson meeting where all Turkish, American officials, and even the translators excluded.

Turkish FM functions as a translator.

Ihlan Tanir of Washington Hatti US:

Im trying to understand — I never expected Pres Erdogan and Sec Tillerson to have a press conference but they did not even read statements following 200 minutes of a meeting?

Let’s pause here for a moment to let that last one sink in.

It’s one thing if the Turkish Foreign Minister brings Erdogan over to Tillerson at a meet-and-greet and translates some friendly “let me show you pictures of my grandkids” chit-chat between the two. But that’s not what this was. This was a lengthy, official, and private meeting that lasted over three hours between some very high level folks at a time of rather significant tension between the two countries.

You don’t have meetings like this without your own translator. You just don’t. The typical process is that both sides have interpreters. Official A speaks, the interpreter for Official B tells Official B what was said, and the interpreter for Official A says some version of “Yes, that’s correct” to verify the interpretation. Then it all works in reverse when Official B replies. With difficult issues under discussion, the last thing either side wants is confusion about what each side is saying.

Excluding your own interpreter is so far outside of normal protocols it is unreal, and begs the ever-green question about most everything since 1/20/2017: idiot or crook?

As Diplopundit noted in his/her own tweet, someone else was missing from this meeting — an official note taker:

Saving money on translators*, too? And the foreign FM will just share his notes of the T-E discussion with the State Dept. Or EUR can use their Magic 8 ball. It knows everything and always willing to share.

(* Diplopundit later corrected this to “interpreters”, as a slip of the fingers since “translators” are more precisely those who deal with written documents while “interpreters” handle verbal communications.)

“EUR” in that last tweet is the State Department’s Office of European Affairs, where long ago I was an intern. I can only imagine the reaction in Foggy Bottom was when word of Tillerson’s meeting with Erdogan reached them. It likely involved multiple variations on “He did WHAT?!?!?” with various . . . ahem . . . flavoring words for emphasis added. As former State Department spokesperson and retired Rear Admiral John Kirby told CNN:

“If the meeting is not conducted in English, it is foolhardy in the extreme not to have at his side a State Department translator, who can ensure that Mr. Tillerson’s points are delivered accurately and with the proper emphasis,” said former State Department spokesman and CNN diplomatic and military analyst John Kirby.

“That Mr. Tillerson eschewed this sort of support in what he knew would be a tense and critical meeting with President Erdogan smacks of either poor staff work or dangerous naïveté on his part,” Kirby added.

And that’s what Kirby said about this in public. I’ll leave it to your imagination what he and other current and former State and Defense Department folks said to each other about it in private. Hold onto this for a moment, because we’ll come back to it in a bit.

Eventually, Tillerson and his Turkish counterpart Mevlut Cavusoglu did in fact have a press availability, which the State Department has up on their website. In the statements issued by both, as well as their answers to questions from the reporters, they talked about all manner of increasingly tense topics, from the Kurds to what’s happening in Syria to the failed coup and the Turkish demands for Fethullah Gulen to be extradited back to Turkey, and more.

Two items stood out here. First, there’s this from Tillerson about midway through:

SECRETARY TILLERSON: Well, with respect to how we’re going forward – and that’s what all of the discussion here was about, recognizing where we find ourselves. And I think as the foreign minister indicated, we find ourselves at a bit of a crisis point in the relationship. And we could go back and revisit how we got here, but we don’t think that’s useful. We’ve decided and President Erdogan decided last night we needed to talk about how do we go forward. The relationship is too important, it’s too valuable to NATO and our NATO allies, it’s too valuable to the American people, it’s too valuable to the Turkish people for us to not do anything other than concentrate on how are we going forward.

And out of the meetings last night – and much of our staff was up through the night to memorialize how we’re going to go about this, and we’ll share a little bit of that in the joint statement. We’re going to reserve a lot of the details because there’s a lot of work yet to be done, and we – and our working teams need to be allowed to do that work in a very open, frank, honest way with one another so that we can chart the way forward together.

I’ll bet the staff was up through the night. If no staff were allowed in the three hour meeting, then the only one who can tell them what was said, what kind of emphasis it was given, what threats were made, what promises were made, and what kind of nuance there was to each of the exchanges was Tillerson. No offense to the Secretary, but that makes the work of the staff very very difficult. To begin with, they had to interview Tillerson just to get all the information about the meeting (and pray he didn’t leave anything out), before they could even think about “how we’re going forward.”

But the larger item that stood out to me came in the very last pair of question asked, reprinted in full below but with emphasis added:

QUESTION:[ed: to Tillerson] Did you warn Turkey that they could be subject to sanctions under CAATSA legislation if they go ahead with the purchase of the S-400 system? [ed: CAATSA is the Russian sanctions legislation that Congress passed but Trump refuses to implement with any teeth.]

And for you, Mr. Foreign Minister, would the threat of U.S. sanctions stop you from going ahead with the purchase of the S-400 system? And if you do buy the system, do you still want to remain in NATO if you’re obtaining the weapons from Russia?

SECRETARY TILLERSON: We did discuss the impact of the CAATSA law that was passed by the Congress last summer that deals with purchases of Russian military equipment. I discussed it last night with President Erdogan; we had further discussions this morning about it. And indeed, it’s in the first group of issues that the foreign minister is referring to. We need to put a group of experts together, and we’ll look at the circumstances around that, as we’ve done with governments all over the world, not just Turkey, because the intent of that legislation was not to harm our friends and allies. But it is directed at Russia for its interference in our elections. So we’ve been advising countries around the world as to what the impact on their relationship and purchases that they might be considering with Russia, and many have reconsidered those and have decided to not proceed with those discussions.

Every case is individual on its own. We want to consult with Turkey and at least ensure they understand what might be at risk in this particular transaction. We don’t have all the details yet, so I can’t give you any kind of a conclusion, but it’ll be given very careful scrutiny, obviously, and we’ll fully comply with the law. And we are – we are now implementing CAATSA and fully applying it around the world.

FOREIGN MINISTER CAVUSOGLU: Thank you very much. First and foremost, I need to underline that I am against the terminology that you use. You used the threat terminology. That is not a correct terminology to be used because it is true for all countries and states. We never use the language of threat and we deny if it is used against us, because this is not correct.

But as Rex has also indicated, this was not something that we talked just yesterday and today. When we met in Vancouver, we talked about this, and from time to time when we have phone conversations, we talk about such issues. This was again brought to the agenda in one of those talks. Of course, there is a law that was enacted by the United States Congress, and they explained this legislation to us. But on the other hand, this is our national security, and it’s important for our national security. I have emergency need of an air defense system. We want to purchase this from our allies, but this does not exist. So even when we are purchasing small-scale arms, the Congress or some other European parliaments, we have – we have and we had difficulty in purchasing these because of these excuses, and I have an emergency need. And the Russian Federation came up with attractive proposals for us. We also talked to other countries, not just with Russia, but we talked about this issue of emergency need with many countries and we had bilateral talks.

Also, in the mid-term, we talked about joint production and technology transfer. We focused on this because this is important for Turkey. And lastly, during the Paris visit of our president – with Eurosam – this is a French-Italian partnership – there was a pre-agreement signed, a memorandum of understanding signed with these groups. So we do not have any problems with our allies. Why should we not meet this requirement with NATO? But, of course, when it is not met within this platform, we need to look for alternative resources. Otherwise, some batteries – some Patriot were withdrawn from our frontier. Some European allies withdrew them. We have (inaudible) of the Italians and Patriots of Spain, and we do not have any other air defense. And we need to meet this requirement as soon as possible. And when we talked to Russia, this was actually an agreement that we reached before the legislation in Congress was enacted. And the remaining part was about the details of loans, et cetera.

Of course, we talked about all of these, and we will take into consideration this – within this working group the commission, but all of us need to understand each other and respect each other. Thank you very much.

In Cavusoglu’s answer, he is pushing back hard on attempts to isolate Turkey. He’s being polite about it, but the very public message is clear: “You know, the Russians seem very interested in making a deal with us, and if you persist in trying to pressure us and don’t back us with the Kurds and cause problems in Syria and don’t return that coup-instigating terrorist you are harboring, the Russians seem pretty clearly ready to help us out where you will not.”

Which makes Tillerson’s earlier comment above sound like he got that message loud and clear. To repeat: “The relationship is too important, it’s too valuable to NATO and our NATO allies, it’s too valuable to the American people, it’s too valuable to the Turkish people for us to not do anything other than concentrate on how are we going forward.”

But there were also some private messages being sent here, too.

Let’s go back to that no-staff-allowed element of the meeting once more. In general, it is in the interests of both parties to a conversation like that to have interpreters and notetakers present, so that in the public discussions that follow (like the one above), everyone agrees on the basic facts of what was said and you don’t getting into a “but you said . . .” and “no I didn’t” back-and-forth. For the meeting to exclude such staffers means that there is something else that overrides this interest.

In this case, the Turks had to have demanded that Tillerson not bring anyone with him to this meeting. There’s no way he would have told his staff “I got this – you take a break while I talk with Erdogan” on his own. The question is why, and all the possible answers I can come up after reading the Turkish Foreign Minister’s reply to that last question involve Vladimir Putin wanting Erdogan to pass on some kind of message to Trump — a message that he did not wish to be delivered within earshot of interpreters and notetakers.

It reminds me very much of that May 2017 Oval Office meeting that Trump had with Russian Foreign Minister Sergey Lavrov and outgoing Ambassador to the US Sergey Kislyak. That was the meeting where we later learned that Trump revealed Israeli intelligence to the Russians about their source inside ISIS and told them that he just fired “that nut job” James Comey which took the pressure off of him because of Russia.

Oh, and the US press were kept out of that meeting as well, with the only reports of it coming after the Russians told us about it. As Politico’s Susan Glasser noted about that Oval Office meeting, it came at the specific request of Putin:

The chummy White House visit—photos of the president yukking it up with Lavrov and Russian Ambassador to the United States Sergey Kislyak were released by the Russian Foreign Ministry since no U.S. press was allowed to cover the visit—had been one of Putin’s asks in his recent phone call with Trump, and indeed the White House acknowledged this to me later Wednesday. “He chose to receive him because Putin asked him to,” a White House spokesman said of Trump’s Lavrov meeting. “Putin did specifically ask on the call when they last talked.”

Kind of makes me wonder if the reason Tillerson left the interpreter back at the embassy is because Putin asked him to in a phone call last Monday. From CNN:

Washington (CNN) President Donald Trump spoke Monday with his Russian counterpart Vladimir Putin to express condolences for a weekend plane crash outside Moscow, according to a US official.

The phone call came amid ongoing Washington-Moscow tensions over policy in the Middle East and Russia’s attempts to meddling in US elections.

Russian news agencies reported the phone call also included discussion of the situation in Israel. . . .

Again we’re hearing about this via Russian news agencies? I’m sensing a pattern here . . .

Nothing Happens in a Vacuum: Diplomatic Scuffles and Academic Speeches in Moscow

February 14, 2018/45 Comments/in Foreign Policy, Trump Administration /by Rayne

In front of a brick building one pre-dawn summer morning, a security guard tackled a man as he walked toward the entrance after exiting a cab. The security guard slammed the man onto the building’s concrete steps, choking him as he restrained the man. The man managed to open the door and gain partial egress into the foyer without use of his hands while the guard continued to choke him.

The guard was Russian.

The man was an American.

The building was the U.S. Embassy in Moscow.

The two-man scuffle happened June 6, 2016, exactly one month before Trump campaign foreign policy adviser Carter Page would view the EUFA Portugal vs. Wales semi-final match at a Morgan Stanley-hosted event in Moscow.

On June 26, WaPo’s Josh Rogin wrote about increasing harassment of U.S diplomats across Europe by Russia. Episodes included breaking into diplomats’ homes and stalking diplomats’ children. Norm Eisen, U.S. ambassador the Czech Republic from 2011 to 2014, called this harassment “gray war.”

On June 29, Rogin wrote about the June 6 scuffle; the American was not identified by name or by employment. He may have been a diplomat or a spy under diplomatic cover; different sources gave different possible explanations.

But the guard who beat up the American was an FSB employee. The American’s shoulder was broken; the severity of his injuries required a flight out of Russia for urgent medical care.

On June 30, Foreign Ministry Spokesperson Maria Zakharova issued a statement* and claimed WaPo, the U.S. State Department and ‘special services’ had spread false information about the June 6 event. The FSB guard acted when the American didn’t show his ID; further, the “police officer on duty was attacked” and can be seen in surveillance video.

On July 7, Josh Rogin wrote that Congress had begun to investigate the June 6 event, concerned the FSB guard’s actions violated the Vienna Convention on diplomatic relations. The Obama administration had refused comment though State Department’s John Kirby said the Russian’s statements were “inaccurate” while administration officials quietly briefed members of Congress about the episode.

This same day Carter Page gave a speech at the New Economic School in Moscow, the day after he attended the EUFA semifinals viewing party, meeting Rosneft’s Directer of Investor Relations Andrey Baranov, Gazprom Investproekt’s CEO Oleg Nagovitsyn, Russia’s Deputy Prime Minister Arkady Dvorkovich, and members of the Duma. A video of Page’s speech is uploaded that day to YouTube by a think tank.

On July 8, RT (Russia Today) publishes on YouTube a tightly edited excerpt from a surveillance camera videotape which captured the June 6 scuffle. The FSB guard clearly had the upper hand from the moment he slammed the unnamed diplomat to the concrete.

This same day Carter Page would give a commencement speech at the New Economic School; it, too, is captured on video and uploaded to YouTube, though not until months later.

How odd that it took a little over a month for RT to acquire the video and upload it to their YouTube channel.

How odd that RT never asked Carter Page, a foreign policy adviser, what he might recommend to Trump to prevent future “gray war” events like the June 6 scuffle.

How odd that the “gray war” episodes which concerned Republican members of Congress so much are now inert about the sanctions they placed on Russia, with little concern for the effect on NATO.

“The problem is there have been no consequences for Russia,” said Rep. Mike Turner (R-Ohio), who serves as president of the NATO Parliamentary Assembly. “The administration continues to pursue a false narrative that Russia can be our partner. They clearly don’t want to be our partner, they’ve identified us as an adversary, and we need to prepare for that type of relationship.”

What changed since June 2016 besides the presidency?

* Open with caution; link is to a Russian government site.

K. T. McFarland’s Big Fat Email [UPDATED]

December 2, 2017/51 Comments/in 2016 Presidential Election, Trump Administration /by Rayne

[NB: Update at the bottom of this post.]

I am posting this on the fly, haven’t yet fully digested what I just read. All I can really do right now is roll my eyes as I wave my hands in the air and scream about the stupid that burns.

You need to read this article, Emails Dispute White House Claims That Flynn Acted Independently on Russia; this bit in particular just boggles my mind although it’s not the only thing in this article which made me ululate.

Excerpt, The New York Times

And of course it’s Obama’s or the Democratic Party’s fault she was taken out of context here. Uh-huh. And Clinton should be impeached.

This bit is nearly as mind-blowingly whack:

Excerpt, The New York Times

“Political malpractice” is not the first thing that comes to mind here, Mr. Cobb.

UPDATE — 9:00 PM EST —

NYT’s Michael Schmidt has now provided K. T. McFarland’s full quote to clarify what was meant in the email.

We’re supposed to believe the context is about spin McFarland anticipated Obama (or the unspecified Democrats in the NYT’s article) would employ against Trump.

However lawyer Ty Cobb’s explainer-cum-apologia doesn’t sound like McFarland and others on the transition team were merely indulging in speculation.

Any time now I expect someone in the administration will not only say openly that Trump authorized the transition team to discuss dropping the sanctions, but that it isn’t illegal when the president does it.

Except in the U.S. we only have one president at a time.

Retired Generals of Flynn-Associated IP3: “United States Mideast Strategy Is Resourcing Conflict”

November 29, 2017/35 Comments/in Foreign Policy /by Jim White

Yesterday, I decided that I should take a deep dive into a couple of issues that are playing big roles in current political drama: the Middle East nuclear power plant plans that Michael Flynn “represented” in some travel but did not note in his security disclosures and the manufactured controversy over Uranium One. I’m still reading and hope to post regularly on these and other topics, but want to point out one passing reference that made my jaw drop.

In Monday’s Washington Post article on Flynn’s troubles, we have this passage:

Around June 2016, according to his financial disclosure, Flynn ended his association with ACU and began advising a company called IP3/IronBridge, co-founded by retired Rear Adm. Michael Hewitt, a former ACU adviser.

IP3 initially proposed partnering with China and other nations, rather than Russia, to build nuclear power plants, according to a company spokesman, who said the China component has since been dropped.

In August 2016, the company produced a PowerPoint presentation that included Flynn’s photo and former government title on a page titled “IP3/IronBridge: Formidable US Leadership.” The document was labeled as a “Presentation to His Majesty King Salman Bin Abdul Aziz” of Saudi Arabia and displayed the seals of Saudi Arabia and the United States. The presentation was obtained by Democrats on the House Oversight Committee, who made it public.

After reading this, I started digging a bit into IP3, to see what they have been up to. I found this fascinating piece in Medium, written by the all-star trio of Jack Keane, Keith Alexander and Bud McFarlane. The article dates from October 31 of this year, so it comes over a year after the PowerPoint referenced in the Post article. The Medium article opens with the basis for the US-Saudi relationship going back more than seven decades:

In 1945, President Roosevelt and King Abdul Aziz of Saudi Arabia forged a partnership under which the United States provided security for the Kingdom to assure the flow of oil to global markets. While the United States has never wavered from this commitment through 13 Presidents and 6 Saudi monarchs, the core themes of arms and oil alone no longer cover the full scope of our countries’ goals and mutual interests.

That’s pretty blunt language, but yes, the core theme of US-Saudi relations does indeed seem to be “arms and oil”. But a bit further down, we have this:

Any new U.S. strategy for the Middle East will fail unless we move beyond fighting terrorism or reacting to the influence of evolving regional encroachment from Russia and Iran. The United States must approach the Middle East in ways that promote diversified, strong economies. We need a strategy that doesn’t rely solely on resourcing conflict with weapons sales, arms agreements, or new deployments of U.S. military forces, but one of empowerment through the intellectual capital and industrial might of our nation’s private sector. We must better enable the stabilizing visions of our GCC partners, Egypt, Israel, and Jordan as part of a reimagined Middle East economy.

I have to admit that on my first reading of this paragraph, I chuckled. I was convinced that it contained a very revealing typo. I mean, surely these retired generals would never just come out and say that the US strategy in the Middle East is to “resource conflict”, would they? Didn’t they mean that the weapons sales, arms agreements and troop deployments are aimed at resolving conflicts even though they certainly provide the resources to prolong them? That’s how the US presents these moves, after all. Who even uses “resource” as a verb anyway?

I continued in my reading, and in this copy of a letter from the Democrats on the House Oversight Committee posted by Politico (always read the footnotes; the URL is in footnote 21) I hit paydirt with the URL for IP3 PowerPoint referenced in the Post article above. Here is the slide that the Post refers to on the IP3 team including Flynn:

That is slide number 3 in the presentation. Here is slide number 5:

And there we have it. The Medium article did not have a typo. Over a year earlier, the PowerPoint says the US should “shift toward resourcing stability” rather than resourcing conflict. I find that to be a remarkably candid statement, considering who is saying it.

For quite some time, my line on US strategy for any trouble spot in the world has been that the US asks “What group can we arm?”. Here we have a huge collection of retired generals saying very much the same thing in slightly different language. I follow my observation by saying our question should rather be “What can we do to address the concerns of those who are moved to violence in this trouble spot?” And again, this group is offering their alternative. I see this as a massive improvement in outlook and perhaps a bit of slowly dawning self-awareness on behalf of the generals for what their actions have wrought.

Of course, once we dive into the IP3 team’s vision for how we “resource stability” things go right back to the track history of these generals proposing policies that are almost the exact opposite of what should be done. But that is fodder for later posts.

Just a couple of closing notes seem in order. First, it is clear from the committee letter in which I got the PowerPoint URL that the file actually was sent to the committee by an employee of ACU, which is a competitor of IP3. Further, the cover slide contains the cryptic note “2016 MSH Proprietary and Confidential”. I haven’t found an explanation for “MSH”. I thought it might refer to Michael Hewitt, but his middle initial is W. It doesn’t seem to fit any of the companies involved or the ACU employee who sent the file.

Also, in all the articles I’ve read about Flynn’s involvement in this effort, it appears that he consistently and publicly advocated for the building of the power plants to avoid Russian involvement and to be undertaken as an approach to reducing Russia’s influence in the Middle East. That makes Flynn’s June 2015 trip sponsored by ACU very confusing, since ACU is the group advocating Russian involvement in the building and running of the power plants. It would, however, align with his move to IP3 once it was formed. Also, the stories now seem to suggest that within the White House, IP3’s approach was quashed based on Flynn’s conflicts of interest rather than any White House preference for Russian involvement in building the plants. Will that story change? After all, Russia eventually got the contract for Egypt.

Minority Report: An Alternative Look at NotPetya

June 29, 2017/6 Comments/in Cybersecurity /by Rayne

NB: Before reading:

1) Check the byline — this is NotMarcy;

2) Some of this content is speculative;

3) This is a minority report; I’m not on the same paragraph and perhaps not the same page with Marcy.

Tuesday’s ‘Petya/Petna/NotPetya’ malware attacks generated a lot of misleading information and rapid assumptions. Some of the fog can be rightfully blamed on the speed and breadth of infection. Some of it can also be blamed on the combined effect of information security professionals discussing in-flight attacks in full view of the public who make too many assumptions.

There’s also the possibility that some of the confusing information may have been deliberately generated to thwart too-early intervention. If this isn’t criminal hacking but cyber warfare, propaganda should be expected as in all other forms of warfare. Flawed assumptions, too, can be weaponized.

A key assumption worth re-examining is that Ukraine was NotPetya’s primary target rather than collateral damage.

After the malware completed its installation and rebooted an infected machine, a message indicated files had been encrypted and payment could be offered for decryption.

Thousands of dollars were paid $300 at a time in cryptocurrency but a decryption key wouldn’t be forthcoming. Users who tried to pay the ransom found the contact email address hosted by Posteo.net had been terminated. The email service company was unhelpful bordering on outright hostile in its refusal to assist users contacting the email account holder. It looked like a ransom scam gone very wrong.

As Marcy noted in her earlier post on NotPetyna, information security expert Matt Suiche posted that NotPetya was a wiper and not ransomware. The inability of affected users to obtain decryption code suddenly made perfect sense. ‘Encrypted’ files are never going to be opened again.

It’s important to think about the affected persons and organizations and how they likely responded to the infection. If they didn’t already have a policy in place for dealing with ransomware, they may have had impromptu meetings about their approach; they had to buy cryptocurrency, which may have required a crash DIY course in how to acquire it and how to make a payment — scrambling under the assumption they were dealing with ransomware.

It all began sometime after 10:30 UTC/GMT — 11:30 a.m. London (BDT), 1:30 p.m. Kyiv and Moscow local time, even later in points across Russia farther east.

(And 4:30 a.m. EDT — well ahead of the U.S. stock market, early enough for certain morning Twitter users to tweet about the attack before America’s work day began.)

The world’s largest shipping line, Maersk, and Russia’s largest taxpayer and oil producer Rosneft tweeted about the attack less than two hours after it began.

By the end of the normal work day in Ukraine time, staff would only have just begun to deal with the ugly truth that the ransom may have been handed off and no decryption key was coming.

As Marcy noted, June 28th is a public holiday in Ukraine — Constitution Day. I hope IT folks there didn’t have a full backup scheduled to run going into the holiday evening — one that might overwrite a previous full backup.

The infection’s spread rate suggested early on that email was not the only means of transmission, if it had been spread at all by spearfishing. But many information security folks advocated not opening any links in email. A false sense of security may have aided the malware’s dispersion; users may have thought, “I’m not clicking on anything, I can’t get it!” while their local area network was being compromised.

And then it hit them. While affected users sat at their machines reading fake messages displayed by the malware, scrambling to get cryptocurrency for the ransom, NotPetya continued to encrypt files under their noses and spread across business’s local area networks. Here’s where Microsoft’s postmortem is particularly interesting; it not only gives a tick-tock of the malware’s attack on a system, but it lists the file formats encrypted.

Virtually everything a business would use day to day was encrypted, from Office files to maps, website files to emails, zip archives and backups.

Oh, and Oracle files. Remember Oracle pushed a 299 vulnerability mega-patch on April 19, days after ShadowBrokers dumped some NSA tools? Convenient, that; these vulnerabilities were no longer a line of attack except through file encryption.

While information security experts have done a fine job tackling a many-headed hydra ravaging businesses, they made some rather broad assumptions about the reason for the attack. Kaspersky concluded the target was Ukraine since ~60% of infected devices were located there though 30% were located in Russia. But the malware’s aim may not have been the machines or even the businesses affected in Ukraine.

What did those businesses do? What they did required tax application software MEDoc. If the taxes to be calculated were based on business’s profits — (how much did they make) X (tax rate) — they hardly needed tax software. A simple spreadsheet would suffice, or the calculation would be built into accounting software.

No, the businesses affected by the malware pushed at 10:30 GMT via MEDoc update would be those which sold goods or services frequently, on which sales tax would have been required for each transaction.

What happens when a business’s sales can’t be documented? What happens when their purchases can’t be documented, either?

Which brings me to the affected Russian businesses, specifically Rosneft. There’s not much news published in English detailing the impact on Rosneft; we’ve only got Kaspersky’s word that 30% of infections affected Russian machines.

But if Rosneft is the largest public oil company in the world, Russia’s largest taxpayer as Rosneft says on their Twitter profile, it may not take very many infections to wreak considerable damage on the Russian economy. Consider the ratio of one machine invoicing the shipment of entire ocean tanker of oil versus many machines billing heating oil in household-sized quantities.

And if Rosneft oil was bought by Ukraine and resold to the EU, Ukraine’s infected machines would cause a delay of settlements to Russia especially when Rosneft must restore its own machines to make claims on Ukrainian customers.

The other interesting detail in this malware story is that the largest container line in the world, Maersk, was also affected. You may have seen shipping containers on trucks, trains, in shipyards and on ships marked in bold block letters, MAERSK. What you probably haven’t seen is Maersk’s energy transport business.

This includes shipping oil.

It’s not Ukraine’s oil Maersk ships; most of what Ukraine sells is through pipelines running from Russia in the east and mostly toward EU nations in the west.

It’s Russian oil, probably Rosneft’s, shipping overseas. If it’s not in Maersk container vessels, it may be moving through Maersk-run terminal facilities. And if Maersk has no idea what is shipping, where it’s located, when it will arrive, it will have a difficult time settling up with Rosneft.

Maersk also does oil drilling — it’s probably not Ukraine to whom Maersk may lease equipment or contract its services.

Give the potential damage to Russia’s financial interests, it seems odd that Ukraine is perceived as the primary target.

NotPetya’s attack didn’t happen in a vacuum, either.

A report in Germany’s Die Welt reported the assassination of Ukraine’s chief of intelligence by car bomb. The explosion happened about the same time that Ukraine’s central bank reported it had been affected by NotPetya — probably a couple hours after 10:30 a.m. GMT.

On Monday, privately-owned Russian conglomerate Sistema had a sizable chunk of assets “arrested” — not seized, but halted from sale or trading — due to a dispute with Rosneft over $2.8 billion dollars. Rosneft claims Sistema owes it money from the acquisition of oil producer Bashneft, owned by Sistema until 2014. Some of the assets seized included part of mobile communications company MTS. It’s likely this court case Rosneft referred to in its first tweet related to NotPetya.

The assassination’s timing makes the cyber attack look more like NotPetya was a Russian offensive, but why would Russia damage its largest sources of income and mess with its cash flow? The lawsuit against Sistema makes Rosneft appear itchy for income — Bashneft had been sold to the state in 2014, then Rosneft bought it from the state last year. Does Rosneft need this cash after the sale (or transfer) of a 19.5% stake worth $10.2 billion last year?

Worth noting here that Qatar’s sovereign wealth fund financed the bulk of the deal; commodities trader Glencore only financed 300 million euros of this transaction. How does the rift between other Middle Eastern oil states and Qatar affect the value of its sovereign wealth fund?

In her previous post, Marcy spitballed about digital sanctions — would they look like NotPetya? I think so. I can’t help recall this bit at the end of the Washington Post’s opus on Russian election interference published last week on June 23:

But Obama also signed the secret finding, officials said, authorizing a new covert program involving the NSA, CIA and U.S. Cyber Command.

[…]

The cyber operation is still in its early stages and involves deploying “implants” in Russian networks deemed “important to the adversary and that would cause them pain and discomfort if they were disrupted,” a former U.S. official said.

The implants were developed by the NSA and designed so that they could be triggered remotely as part of retaliatory cyber-strike in the face of Russian aggression, whether an attack on a power grid or interference in a future presidential race.

I’m sure it’s just a coincidence that NotPetya launched Tuesday this week. This bit reported in Fortune is surely a coincidence, too:

The timing and initial target of the attack, MeDoc, is sure to provoke speculation that an adversary of Ukraine might be to blame. The ransomware hid undetected for five days before being triggered a day before a public Ukrainian holiday that celebrates the nation’s ratification of a new constitution in 1996.

“Last night in Ukraine, the night before Constitution Day, someone pushed the detonate button,” said Craig Williams, head of Cisco’s (CSCO, +1.07%) Talos threat intelligence unit. “That makes this more of a political statement than just a piece of ransomware.” [boldface mine]

Indeed.

Two more things before this post wraps: did anybody notice there has been little discussion about attribution due to characters, keyboards, language construction in NotPetya’s code? Are hackers getting better at producing code without tell-tale hints?

Did the previous attacks based on tools released by the Shadow Brokers have secondary — possibly even primary — purposes apart from disruption and extortion? Were they intended to inoculate enterprise and individual users before a destructive weapon like NotPetya was released? Were there other purposes not obvious to information security professionals?