Tag: Espionage

Yeah, This is My Take Too

I’m with Matt Taibb when he says, “Something About This Russia Story Stinks,” and that this bears some very real similarities with the failure of US media before the invasion of Iraq:

In an extraordinary development Thursday, the Obama administration announced a series of sanctions against Russia. Thirty-five Russian nationals will be expelled from the country. President Obama issued a terse statement seeming to blame Russia for the hack of the Democratic National Committee emails.

“These data theft and disclosure activities could only have been directed by the highest levels of the Russian government,” he wrote.

Russia at first pledged, darkly, to retaliate, then backed off. The Russian press today is even reporting that Vladimir Putin is inviting “the children of American diplomats” to “visit the Christmas tree in the Kremlin,” as characteristically loathsome/menacing/sarcastic a Putin response as you’ll find.

This dramatic story puts the news media in a jackpot. Absent independent verification, reporters will have to rely upon the secret assessments of intelligence agencies to cover the story at all.

Many reporters I know are quietly freaking out about having to go through that again. We all remember the WMD fiasco.

“It’s déjà vu all over again” is how one friend put it.


But we don’t learn much at all about what led our government to determine a) that these hacks were directed by the Russian government, or b) they were undertaken with the aim of influencing the election, and in particular to help elect Donald Trump.

The problem with this story is that, like the Iraq-WMD mess, it takes place in the middle of a highly politicized environment during which the motives of all the relevant actors are suspect. Nothing quite adds up.

If the American security agencies had smoking-gun evidence that the Russians had an organized campaign to derail the U.S. presidential election and deliver the White House to Trump, then expelling a few dozen diplomats after the election seems like an oddly weak and ill-timed response. Voices in both parties are saying this now.


Now we have this sanctions story, which presents a new conundrum. It appears that a large segment of the press is biting hard on the core allegations of electoral interference emanating from the Obama administration.

Did the Russians do it? Very possibly, in which case it should be reported to the max. But the press right now is flying blind. Plowing ahead with credulous accounts is problematic because so many different feasible scenarios are in play.

On one end of the spectrum, America could have just been the victim of a virtual coup d’etat engineered by a combination of Donald Trump and Vladimir Putin, which would be among the most serious things to ever happen to our democracy.

But this could also just be a cynical ass-covering campaign, by a Democratic Party that has seemed keen to deflect attention from its own electoral failures.

The outgoing Democrats could just be using an over-interpreted intelligence “assessment” to delegitimize the incoming Trump administration and force Trump into an embarrassing political situation: Does he ease up on Russia and look like a patsy, or escalate even further with a nuclear-armed power?


We ought to have learned from the Judith Miller episode. Not only do governments lie, they won’t hesitate to burn news agencies. In a desperate moment, they’ll use any sucker they can find to get a point across.

(emphasis mine)

It’s not just me and Mr. Taibbi who sees the evidence presented as thing, both reporters on the technical side of the national security beat, and William Binney the creator of the NSA’s data dragnet is profoundly unimpressed with the report:

I expected to see the IP’s or other signatures of APT’s 28/29 [the entities which the U.S. claims hacked the Democratic emails] and where they were located and how/when the data got transferred to them from DNC/HRC [i.e. Hillary Rodham Clinton]/etc. They seem to have been following APT 28/29 since at least 2015, so, where are they?

Further, once we see the data being transferred to them, when and how did they transfer that data to Wikileaks? This would be evidence of trying to influence our election by getting the truth of our corrupt system out.

And, as Edward Snowden said, once they have the IP’s and/or other signatures of 28/29 and DNC/HRC/etc., NSA would use Xkeyscore to help trace data passing across the network and show where it went. [Background.]

In addition, since Wikileaks is (and has been) a cast iron target for NSA/GCHQ/etc for a number of years there
should be no excuse for them missing data going to any one associated with Wikileaks.


Too many words means they don’t have clear evidence of how the data got to Wikileaks.

The continuing (for lack of a better term) red baiting by elements of the Democratic Party who failed but want to keep their “Phony Baloney Jobs” is rather deafening.

Obama finally took actions, expelling a few diplomats and shutting down two Russian facilities used largely by vacationing embassy staffer’s children, and in a tit for tat, Putin responded by inviting diplomatic children to (Orthodox) Christmas and New Years parties at the Kremlin.

Wait, that’s not a tit-for-tat retaliation:

On a day when everyone expected him to go low, Russian President Vladimir Putin took the high road, bowing out of a growing diplomatic showdown with the administration of President Obama in a gambit to woo his successor, Donald Trump.

In a rare, and calculated, break from the diplomatic tradition of reciprocal punishment, Putin opted to do nothing after the United States said it would expel 35 Russian diplomats and close a pair of Russian-owned properties in retaliation for Moscow’s meddling in the 2016 presidential election.

Putin said he would wait to see how U.S.-Russian relations develop under the new Trump administration before planning “any further steps” on the issue.

Until Putin’s surprise decision Friday, all signs pointed toward the familiar, hard-nosed Kremlin response of years past. In 2012, when Russia was slapped with U.S. sanctions over the death of lawyer Sergei Magnitsky, Putin shot back by signing a ban on all foreign adoptions of Russian children, just days after Christmas, sparking outrage.

But this time, with the Kremlin bidding farewell to Obama and betting that a friendly Trump administration will bring fresh opportunities to escape sanctions and make a grab for greater power status, Putin waxed magnanimous.

“We will not create any problems for U.S. diplomats,” Putin said in a statement late Friday afternoon. “We will not expel anyone. We will not prevent their families and children from using their traditional leisure sites during the New Year’s holidays.”

Instead of sending the U.S. diplomats home, Putin invited their kids over for “the New Year and Christmas children’s parties in the Kremlin.”

Obama just got trolled something fierce.

Well, They Would Say That, Wouldn’t They?*

The Democratic National Committee has hired cyber experts to look into their security, and they say that it was the Russians:

As Donald Trump and his surrogates continue to engage in dangerous denial of Russia’s interference in our election and the intelligence community as a whole, one expert who knows of what he speaks made an appearance on Wolf Blitzer’s show yesterday to knock a huge hole in Trump’s arguments.

Trump has long dismissed the reports of Russian interference as ridiculous, going so far as to say it was maybe China or some 400-pound creepy guy in his mother’s basement. Anything he can do to distract from Russia’s interference, he’s done.

But Dmitri Alperovitch, employed by Crowdstrike, the security firm hired by the DNC and Clinton campaign to come in and deal with the hack, begs to differ, and he’s got the goods to prove it.

Right out of the gate, Alperovitch tells Wolf Blitzer that his firm “did catch the Russians in the act when the DNC hired us back in May.”

It’s remarkably convenient for Crowd Strike to echo the narratives of the people who are paying for them.

Also in declaring it the operation of a state actor, it excuses the ineptitude of the DNC, the Clinton Campaign, and (particularly) John “Nigerian Prince” Podesta.

Craig Murry calls this is 6 pounds of sh%$ in a 5 pound bag, because the report alleges that the Russians acted in a manner that appears to be deliberately calculated to point the accusing fingers at themselves:

I am about twenty four hours behind on debunking the “evidence” of Russian hacking of the DNC because I have only just stopped laughing. I was sent last night the “crowdstrike” report, paid for by the Democratic National Committee, which is supposed to convince us. The New York Times today made this “evidence” its front page story.

It appears from this document that, despite himself being a former extremely competent KGB chief, Vladimir Putin has put Inspector Clouseau in charge of Russian security and left him to get on with it. The Russian Bear has been the symbol of the country since the 16th century. So we have to believe that the Russian security services set up top secret hacking groups identifying themselves as “Cozy Bear” and “Fancy Bear”. Whereas no doubt the NSA fronts its hacking operations by a group brilliantly disguised as “The Flaming Bald Eagles”, GCHQ doubtless hides behind “Three Lions on a Keyboard” and the French use “Marianne Snoops”.

What is more, the Russian disguised hackers work Moscow hours and are directly traceable to Moscow IP addresses. This is plain and obvious nonsense. If crowdstrike were tracing me just now they would think I am in Denmark. Yesterday it was the Netherlands. I use Tunnel Bear, one of scores of easily available VPN’s and believe me, the Russian FSB have much better resources. We are also supposed to believe that Russia’s hidden hacking operation uses the name of the famous founder of the Communist Cheka, Felix Dzerzhinsky, as a marker and an identify of “Guccifer2” (get the references – Russian oligarchs and their Gucci bling and Lucifer) – to post pointless and vainglorious boasts about its hacking operations, and in doing so accidentally leave bits of Russian language script to be found.

Additionally, he has said that he picked up the emails from a contact in a Washington, DC park:

A Wikileaks envoy today claims he personally received Clinton campaign emails in Washington D.C. after they were leaked by ‘disgusted’ whisteblowers – and not hacked by Russia.

Craig Murray, former British ambassador to Uzbekistan and a close associate of Wikileaks founder Julian Assange, told Dailymail.com that he flew to Washington, D.C. for a clandestine hand-off with one of the email sources in September.

‘Neither of [the leaks] came from the Russians,’ said Murray in an interview with Dailymail.com on Tuesday. ‘The source had legal access to the information. The documents came from inside leaks, not hacks.’

His account contradicts directly the version of how thousands of Democratic emails were published before the election being advanced by U.S. intelligence.


‘Neither of [the leaks] came from the Russians,’ Murray said. ‘The source had legal access to the information. The documents came from inside leaks, not hacks.’

He said the leakers were motivated by ‘disgust at the corruption of the Clinton Foundation and the tilting of the primary election playing field against Bernie Sanders.’

Murray said he retrieved the package from a source during a clandestine meeting in a wooded area near American University, in northwest D.C. He said the individual he met with was not the original person who obtained the information, but an intermediary.

There are a number of things going on right now:

  • Numerous members of the Democratic Party establishment are flailing about trying to excuse their abject failure during the elections.
  • The “War with Russia” crowd have their casus belli.
  • It’s like catnip for journalists.
  • Despite never denying the veracity of the materials, the accusations serve to draw attention away from the actual contents of the emails.

We know that the Democratic campaign was incompetent, and we know that their IT security protocols were ignored by senior officials, particularly John Podesta, who was phished using techniques that a script kiddie would sneer at.

Was there Russian involvement?  I don’t know.

Certainly the Russians were monitoring the election, as were the French, the British, the Chinese, the Japanese, etc. because it’s a big deal to them too.

What I do know is that the CIA and the FBI disagree, and that the DNI has remained silent, so it’s not a “Slam Dunk”.

It’s also not an act of war, as some are eager to suggest.  It’s just a computer hack, or a leak.

The Cuban Missile Crisis this ain’t.

*Mandy Rice-Davies Applies (MRDA). The Profumo affair. Learn your history.

Quote of the Day

It strains credulity for the CIA to complain about a foreign intelligence operation undermining fair democratic elections; this has been their business around the world, from its early days helping throw elections in post-war Europe to Cold War campaigns in Central and South America. The CIA’s own history of electoral shenanigans makes them an untrustworthy character in this drama.

David Price

He is correct.

Just as the FBI is the misbegotten offspring of J. Edgar Hoover, the CIA is very much the child of Allen and John Foster Dulles.

OK, This Has Completely Blown Up

There has been poo flung all over the place over the past few days regarding allegations of efforts of the Russians to influence the US elections.

With the exception of Marcy Wheeler’s astute observation that the CIA is studiously avoiding the obvious, that this is blowback against US regime change efforts against Russia and its allies:

The most logical explanation for the parade of leaks since Friday about why Russia hacked the Democrats is that the CIA has been avoiding admitting — perhaps even considering — the conclusion that Russia hacked Hillary in retaliation for the covert actions the CIA itself has taken against Russian interests.

Based on WaPo’s big story Friday, I guessed that there was more disagreement about Russia’s hack than its sources — who seemed to be close to Senate Democrats — let on. I was right. Whereas on Friday WaPo reported that it was the consensus view that Russia hacked Hillary to get Trump elected, on Saturday the same journalists reported that CIA and FBI were giving dramatically different briefings to Intelligence Committees.


Remarkably, only secondary commenters (including me, in point 13 here) have suggested the most obvious explanation: The likelihood that Russia targeted the former Secretary of State for a series of covert actions, all impacting key Russian interests, that at least started while she was Secretary of State. Those are:

  • Misleadingly getting the UN to sanction the Libya intervention based off the claim that it was about protecting civilians as opposed to regime change
  • Generating protests targeting Putin in response to 2011 parliamentary elections
  • Sponsoring “moderate rebels” to defeat Bashar al-Assad
  • Removing Viktor Yanukovych to install a pro-NATO government

Importantly, the first three of these happened on Hillary’s watch, with her active involvement. And Putin blamed Hillary, personally, for the protests in 2011.

So, it’s pretty clear that IF Russia actively meddled in our election (and the operative word is if) it appears that their actions were fare less intrusive than what we did. in Libya, Syria, Russia, or the Ukraine, where we have supported jihadists and (not a term of art) fascists.

In determining the veracity of the CIA’s assertions there are a couple of articles to review.

First, an article from The Guardian that quotes Craig Murray, the former UK ambassador to Uzbekistan, and close associate of Assange:  (See also more extensive comments from Mr. Murray here.)

Craig Murray, the former UK ambassador to Uzbekistan, who is a close associate of Assange, called the CIA claims “bullsh%$”, adding: “They are absolutely making it up.”

“I know who leaked them,” Murray said. “I’ve met the person who leaked them, and they are certainly not Russian and it’s an insider. It’s a leak, not a hack; the two are different things.

“If what the CIA are saying is true, and the CIA’s statement refers to people who are known to be linked to the Russian state, they would have arrested someone if it was someone inside the United States.

“America has not been shy about arresting whistleblowers and it’s not been shy about extraditing hackers. They plainly have no knowledge whatsoever.”

(%$ mine)

Note that in ALL the articles, this is the only absolute claim that is made on the record.

Also note that FBI and CIA have given conflicting briefings to lawmakers: (Also see here.)

In a secure meeting room under the Capitol last week, lawmakers held in their hands a classified letter written by colleagues in the Senate summing up a secret, new CIA assessment of Russia’s role in the 2016 presidential election.

Sitting before the House Intelligence Committee was a senior FBI counterintelligence official. The question the Republicans and Democrats in attendance wanted answered was whether the bureau concurred with the conclusions the CIA had just shared with senators that Russia “quite” clearly intended to help Republican Donald Trump defeat Democrat Hillary Clinton and clinch the White House.

For the Democrats in the room, the FBI’s response was frustrating — even shocking.

During a similar Senate Intelligence Committee briefing held the previous week, the CIA’s statements, as reflected in the letter the lawmakers now held in their hands, were “direct and bald and unqualified” about Russia’s intentions to help Trump, according to one of the officials who attended the House briefing.

The FBI official’s remarks to the lawmakers on the House Intelligence Committee were, in comparison, “fuzzy” and “ambiguous,” suggesting to those in the room that the bureau and the agency weren’t on the same page, the official said.

I’m with what Glenn Greenwald wrote for The Intercept, “Anonymous Leaks to the WashPost About the CIA’s Russia Beliefs Are No Substitute for Evidence.”

Though I would include the caveat/cliché that absence of evidence is not evidence of absence.

I would also note the following paragraph buried in the original Washington Post story, which relied entirely on anonymous sources:

The CIA presentation to senators about Russia’s intentions fell short of a formal U.S. assessment produced by all 17 intelligence agencies. A senior U.S. official said there were minor disagreements among intelligence officials about the agency’s assessment, in part because some questions remain unanswered.

(emphasis mine)

So, the actual facts of the matter are not clear, though people of different political bents are doing their best impression of blind men and an elephant.

Certainly, Russia has an interest in undermining faith in the Democratic process in the United States.

Additionally, Hillary Clinton’s record with Russia as Secretary of State was implacably and reflexively hostile to Russian concerns, so I could see how Russia might find the proverbial inverted traffic cone as a preferable alternative.

This means that the assertions are plausible, but by no means persuasive, particularly since the CIA appears to be flying solo with these assertions.

Additionally, the anonymous sourcing might imply that someone well into the “No f%$#s left give” category **cough** retiring Senator Harry Reid **cough* might simply be throwing some shade Donald Trump’s way.

I’m not sure what to believe, but even if all the allegations against Putin are true, they are far less aggressive than what the Obama administration, and the Hillary Clinton State Department were doing with Russia.

In any case, this all falls firmly in the “Sauce for the Gander” category for me.

Wheels Within Wheels on the Russian Hack of the DNC

The Headers in Question

If you are following the hack of the DNC and various Clinton campaign staffers, you are aware that the hackers engaged in “Spearfishing“, a targeted email that is intended to trick the user out of their passwords.

The emails come from Yanex, the Russian equivalent of Google and GMail, which would seem to point to a Russian source, only the headers show that the origin is from Yanex.com, not Yanex.ru, using the RUNET proxy which means that they were sent from the English language portion of the site:

On March 22, 2016 William “Billy” Rhinehart, a regional field director at the Democratic National Committee, received an email from Google warning him that someone tried to access his account and that he should immediately change his password. He complied.

Unfortunately for Mr. Rhinehart, it wasn’t Google who sent him that email. He, along with many others, were a victim of Threat Group 4127 — the SecureWorks designation for Fancy Bear (CrowdStrike), APT28 (FireEye), and Sofacy (Kaspersky Lab). Secureworks assesses that TG 4127 “is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.

Thanks to a bizarre twist involving Guccifer 2.0’s solicitation of a journalist at The Smoking Gun (TSG) to write about the DCLeaks emails in exchange for giving TSG an early look at some of the stolen documents, TSG was able to obtain the original spear phishing email directly from Billy Rhinehart and shared it with ThreatConnect, who posted this screenshot of the email’s headers and identified the actual sender of the email: hi.mymail@yandex.com.


How Do I Get A Yandex.com Email Address on RUNET?

Now let’s say that you don’t want a @yandex.ru email. You want a @yandex.com email. So you type https://yandex.com into your browser and …, no joy. It resolves back to https://yandex.ru/

For some reason, RUNET is set up to send you to the .ru domain of whatever website you type into your address bar. Besides Yandex, I tried going to Google.com and was sent to Google.ru. I typed Intel.com and was sent to Intel.ru.

So how does our presumed Russian intelligence operative get his Yandex.com email address? He has to click on the Yandex.com link from the Yandex.ru homepage (highlighted below).


The point that I’m trying to make is that if anyone in Russia wanted to spear phish employees of the DNC, then creating a @yandex.com email address instead of a @yandex.ru email address is not only unnecessary extra effort but it makes absolutely no sense. You don’t gain anything operationally. You’ve used Yandex. You might as well paint a big red R on your forehead.

However, you know what does make sense?

That the person who opened the account DOESN’T SPEAK RUSSIAN!

He went with Yandex.com because all analysis stops with merely the name of a Russian company, a Russian IP address, or a Russian-made piece of malware. To even argue that a Russian intelligence officer let alone a paranoid Russian mercenary hacker would prefer a Yandex.com email to a Yandex.ru email is mind-numbingly batsh%$ insane.

(emphasis original, %$ mine)

This does not prove that the Russians, or that SOME Russians weren’t behind this, but it does imply that whoever did this might not have been a Russian speaker.

Or it could be an attempt to create the illusion that the sender of the emails was trying to frame the Russians, or maybe the Russians were employing some non-Russian speakers, or maybe ………

I’ll stop here. I’m getting a headache.

Two Words: Pringles Cantenna*

In what is clearly a response to US pressure Ecuador cut off Assange’s internet access:

The Ecuadorian government confirmed Tuesday that it cut off WikiLeaks founder Julian Assange’s internet connection because of his anti-secrecy platform’s publication of emails allegedly stolen from Hillary Clinton campaign manager John Podesta.

“The Government of Ecuador respects the principle of non-intervention in the internal affairs of other states. It does not interfere in external electoral processes, nor does it favor any particular candidate,” Ecuador said in a statement.

“Accordingly, Ecuador has exercised its sovereign right to temporarily restrict access to some of its private communications network within its Embassy in the United Kingdom.”


Despite Tuesday’s development, Ecuador will continue to provide asylum to Assange, according to the statement.

The Australian activist has been living in the embassy in London since 2012. He is avoiding a rape charge in Sweden that he claims is political and will lead to his extradition to the U.S. over previous leaks.

Assange’s internet was disconnected on Saturday, according to WikiLeaks. The organization has continued to publish daily batches of emails from Podesta’s account.

Ecuador has not confirmed that US pressure led to this, though Wikileaks has asserted that this is the case, and I’m inclined to agree.

The juxtaposition of ham-handedness, cluelessness, and incompetence is a classic hallmark of the US foreign policy and intelligence apparatus.

Assange was prepared for this, how could he NOT be prepared for this, and so the emails continue to come out, but someone in the US state security apparatus decided to lean on Ecuador, and generated more attention while influencing the flow of information not one whit.

*Using a Pringles can, you can make a directional Wi-Fi antenna with a much higher gain, getting a point to point range of over a mile.

Pardon Him Now

It appears that one of the effects of the Snowden disclosures was to make the US State Security Apparatus significantly less likely to abuse the provisions of the Patriot Act:

Edward Snowden’s disclosures were partially responsible for reversing a massive growth in the use of a controversial provision of the Patriot Act for acquiring email and other so-called “business records”, the US justice department’s internal watchdog has found.

The Patriot Act provision, known as Section 215, permits intelligence and law enforcement agencies to acquire from a service provider records of someone’s communications – such as phone calls or email records – that are relevant to a terrorism or espionage investigation.

In June 2013, the Guardian, based on Snowden’s leaks, revealed that the Bush and Obama administrations had secretly been using Section 215 to acquire Americans’ phone data in bulk. The revelation led Congress to significantly curtail domestic bulk phone records collection in 2015.

The new report from the justice department inspector general reveals that around 2009, the FBI began encountering resistance from email providers and others to a highly controversial nonjudicial subpoena for records, known as a National Security Letter. In the wake of this, the FBI began acquiring the information it sought through warrant requests to the Fisa court, a secret surveillance panel, using Section 215 of the Patriot Act, which the inspector general notes is a slower process.


But Snowden’s revelations, beginning in mid-2013, helped shift the FBI away from using Section 215 to acquire email and other metadata. The Fisa court approved warrants to collect non-bulk business records 179 times in 2013, a number falling to 142 times in 2015 – though this was still a vast increase on the 21 approved in 2009.

A senior national security official with the justice department told the inspector general that a “stigma” had been created around the Patriot Act provision, even outside of the bulk collection that privacy advocates rallied to stop.

Edward Snowden is an American hero and a patriot.