Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘NSA’ Category

An absolute must-read: What Exactly Does The Steele Dirty Russian Dossier On Trump Contain?

leave a comment »

John Sipher is

a Director of Customer Success at CrossLead, a software and consulting firm. He retired in 2014 after a 28-year career in the CIA’s National Clandestine Service. having served as a member of the CIA’s Senior Intelligence Service.

He writes in Newsweek:

This article first appeared on Just Security.

Recent revelations of Trump campaign connections to Russia have revived interest in the so-called Steele Dossier.

The dossier is composed of a batch of short reports produced between June and December 2016 by Orbis International, a London-based firm specializing in commercial intelligence for government and private-sector clients.

The collection of Orbis reports caused an uproar when it was published online by the US website BuzzFeed, just ten days before Donald Trump’s inauguration.

Taken together, the series of reports painted a picture of active collusion between the Kremlin and key Trump campaign officials based on years of Russian intelligence work against Trump and some of his associates. This seemed to complement general statements from US intelligence officials about Russia’s active efforts to undermine the US election.

The greatest attention was paid to the first report, which conveyed salacious claims about Trump consorting with prostitutes in Moscow in 2013. Trump himself publicly denied the story, while Trump associates denied reported details about their engagement with Russian officials.

A lot of ink and pixels were also spent on the question whether it was appropriate for the media to publish the dossier. The furor quickly passed, the next news cycle came, and the American media has been largely reluctant to revisit the report over the months since.

Almost immediately after the dossier was leaked, media outlets and commentators pointed out that the material was unproven. News editors affixed the terms “unverified” and “unsubstantiated” to all discussion of the issue in the responsible media.

Political supporters of President Trump simply tagged it as “fake news.” Riding that wave, even legendary Washington Post reported Bob Woodward characterized the report as “garbage.”

For professional investigators, however, the dossier is by no means a useless document. Although the reports were produced episodically, almost erratically, over a five-month period, they present a coherent narrative of collusion between the Kremlin and the Trump campaign.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics. Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

Many of my former CIA colleagues have taken the Orbis reports seriously since they were first published. This is not because they are not fond of Trump (and many admittedly are not), but because they understand the potential plausibility of the reports’ overall narrative based on their experienced understanding of both Russian methods, and the nature of raw intelligence reporting.

Immediately following the BuzzFeed leak, one of my closest former CIA colleagues told me that he recognized the reports as the obvious product of a former Secret Intelligence Service (SIS) officer, since the format, structure, and language mirrored what he had seen over a career of reading SIS reports provided to CIA in liaison channels.

He and others withheld judgment about the veracity of the reports, but for the reasons I outline further below they did not reject them out of hand. In fact, they were more inclined for professional reasons to put them in the “trust but verify” category.

So how should we unpack the so-called Steele dossier from an intelligence perspective?

I spent almost thirty years producing what CIA calls “raw reporting” from human agents. At heart, this is what Orbis did.

They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions. The difference is crucial, for it is the one that American journalists routinely fail to understand.

When disseminating a raw intelligence report, an intelligence agency is not vouching for the accuracy of the information provided by the report’s sources and/or sub-sources. Rather it is claiming that it has made strenuous efforts to validate that it is reporting accurately what the sources/sub-sources claim has happened.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

In the case of the dossier, Orbis was not saying that everything that it reported was accurate, but that it had made a good-faith effort to pass along faithfully what its identified insiders said was accurate. This is routine in the intelligence business. And this form of reporting is often a critical product in putting together more final intelligence assessments.

In this sense, the so-called Steele dossier is not a dossier at all. A dossier suggests a summary or case history. Mr. Steele’s product is not a report delivered with a bow at the end of an investigation. Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Among the unnamed sources are “a senior Russian foreign ministry official,” “a former top-level intelligence officer still active inside the Kremlin,” and “a close associate of Republican U.S. presidential candidate Donald Trump.”

Thus, the reports are not an attempt to connect the dots, but instead an effort to uncover new and potentially relevant dots in the first place.

What’s most relevant in the Orbis reports?

Let me illustrate what the reports contain by unpacking the first and most notorious of the seventeen Orbis reports, and then move to some of the other ones.

The first 2½ page report was dated June 20, 2006 and entitled “Company Intelligence Report 2016/080.” It starts with several summary bullets, and continues with additional detail attributed to sources A-E and G (there may be a source F but part of the report is blacked out).

The report makes a number of explosive claims, all of which at the time of the report were unknown to the public.

Among other assertions, three sources in the Orbis report describe a multi-year effort by Russian authorities to cultivate, support and assist Donald Trump.

According to the account, the Kremlin provided Trump with intelligence on his political primary opponents and access to potential business deals in Russia.

Perhaps more importantly, Russia had offered to provide potentially compromising material on Hillary Clinton, consisting of bugged conversations during her travels to Russia, and evidence of her viewpoints that contradicted her public positions on various issues.

The report also alleged that the internal Russian intelligence service (FSB) had developed potentially compromising material on Trump, to include details of “perverted sexual acts” which were arranged and monitored by the FSB.

Specifically, the compromising material, according to this entry in the report, included an occasion when Trump hired the presidential suite at a top Moscow hotel which had hosted President and Mrs. Obama, and employed prostitutes to defile the bed where the President had slept.

Four separate sources also described “unorthodox” and embarrassing behavior by Trump over the years that the FSB believed could be used to blackmail the then presidential candidate.

The report stated that Russian President Putin was supportive of the effort to cultivate Trump, and the primary aim was to sow discord and disunity within the U.S. and the West. The dossier of FSB-collected information on Hillary Clinton was managed by Kremlin chief spokesman Dimitry Peskov.

Subsequent reports provide additional detail about the conspiracy, which includes information about cyber-attacks against the U.S. They allege that Paul Manafort managed the conspiracy to exploit political information on Hillary Clinton in return for information on Russian oligarchs outside Russia, and an agreement to “sideline” Ukraine as a campaign issue.

Trump campaign operative Carter Page is also said to have played a role in shuttling information to Moscow, while Trump’s personal lawyer, Michael Cohen, reportedly took over efforts after Manafort left the campaign, personally providing cash payments for Russian hackers.

In one account, Putin and his aides expressed concern over kick-backs of cash to Manafort from former Ukrainian President Viktor Yanukovych, which they feared might be discoverable by U.S. authorities. The Kremlin also feared that the U.S. might stumble onto the conspiracy through the actions of a Russian diplomat in Washington, Mikhail Kalugin, and therefore had him withdrawn, according to the reports.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations.

According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

Assessing the Orbis reports

What should be made of these leaked reports with unnamed sources on issues that were deliberately concealed by the participants?

Honest media outlets have reported on subsequent events that appear to be connected to the reports, but do not go too far with their analysis, concluding still that the dossier is unverified.

Almost no outlets have reported on the salacious sexual allegations, leaving the public with very little sense as to whether the dossier is true, false, important or unimportant in that respect.

While the reluctance of the media to speculate as to the value of the report is understandable, professional intelligence analysts and investigators do not have the luxury of simply dismissing the information.

They instead need to do all they can to put it into context, determine what appears credible, and openly acknowledge the gaps in understanding so that collectors can seek additional information that might help make sense of the charges.

Step One: Source Validation

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.” In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

Intelligence methodology presumes that perfect information is never available, and that the vetting process involves cross-checking both the source of the information as well as the information itself. There is a saying among spy handlers, “vet the source first before attempting to vet the source’s information.”

Information from human sources (the spies themselves) is dependent on their distinct access to information, and every source has a particular lens. Professional collectors and debriefing experts do not elicit information from a source outside of the source’s area of specific access. They also understand that inaccuracies are inevitable, even if the source is not trying to mislead.

The intelligence process is built upon a feedback cycle that corroborates what it can, and then goes back to gather additional information to help build confidence in the assessment. The process is dispassionate, unemotional, professional and never ending.

Faced with the raw reports in the Orbis document, how might an intelligence professional approach the jumble of information?

The first thing to examine is Christopher Steele, the author of the reports, and his organization Orbis International. Are they credible?

Steele was the President of the Cambridge Union at university, and was a career British intelligence officer with service in Moscow, Paris and Afghanistan prior to work as the head of the Russia desk at British intelligence HQS.

While in London he worked as the personal handler of Russian defector Alexander Litvinenko. He was a respected professional who had success in some of the most difficult intelligence environments.

He retired from SIS in 2009 and started Orbis Business Intelligence along with a former colleague. Prior to his work on the Russian dossier for Orbis, he was best known for his investigation of the world soccer association (FIFA), which provided direct support to the FBI’s successful corruption case.

Steele and Orbis were also known for assisting various European countries in understanding Russian efforts to meddle in their affairs.

Like any private firm, Orbis’s ability to remain in business relies on its track record of credibility. Success for Steele and his colleagues depends on his integrity, reliability, and the firm’s reputation for serious work. In this regard, Steele is putting his reputation and his company’s continued existence on the line with each report.

Yes, as with anyone operating in the murky world of intelligence, he could be duped. Nonetheless, his reputation for handling sensitive Russian espionage operations over the years suggests that he is security conscious and aware of Russian counterintelligence and disinformation efforts.

His willingness to share his work with professional investigative agencies such as the FBI and the British Security Service also suggest that he is comfortable opening his work to scrutiny, and is seen as a serious partner by the best in the business.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.

In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources. Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.

We believe it is critical to validate the source before we can validate the reliability of the source’s information.

How does the source know about what he/she is reporting? How did the source get the information? Who are his/her sub-sources? What do we know about the sub-sources? Why is the source sharing the information? Is the source a serious person who has taken appropriate measures to protect their efforts?

One clue as to the credibility of the sources in these reports is that Steele shared them with the FBI. The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.

At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information. As one recently retired senior intelligence officer with deep experience in espionage investigations quipped,

I assign more credence to the Steele report knowing that the FBI paid him for his research. From my experience, there is nobody more miserly than the FBI. If they were willing to pay Mr. Steele, they must have seen something of real value.

Step Two: Assessing the Substantive Content . . .

Continue reading. There’s a lot more, very precisely and thoroughly done.

Written by LeisureGuy

28 October 2017 at 2:13 pm

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

leave a comment »

Nicole Pearlroth and Scott Shane report in the NY Times:

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

The National Security Agency and the White House declined to comment for this article. The Israeli Embassy declined to comment, and the Russian Embassy did not respond to requests for comment.

The Wall Street Journal reported last week that Russian hackers had stolen classified N.S.A. materials from a contractor using the Kaspersky software on his home computer. But the role of Israeli intelligence in uncovering that breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed.

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”

The Kaspersky-related breach is only the latest bad news for the security of American intelligence secrets. It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online. Nor is it evidently connected to a parallel leak of hacking data from the C.I.A. to WikiLeaks, which has posted classified C.I.A. documents regularly under the name Vault7.

For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. . .

Continue reading.

Written by LeisureGuy

10 October 2017 at 7:31 pm

The Real ‘Unmasking’ Scandal Could Be Yet to Come

leave a comment »

Ned Price has an interesting post at Lawfare:

Ned Price is a lecturer at The George Washington University. He previously served as a Special Assistant to President Obama on the National Security Council staff, where he also was the Spokesperson and Senior Director for Strategic Communications. Before that, Ned was an Assistant Press Secretary and Director for Strategic Communications on the National Security Council staff. Prior to serving at the White House, Ned was at the Central Intelligence Agency (CIA), where he was a spokesperson and—prior to that—a PDB briefer and senior analyst covering a range of strategic and tactical issues. He publicly resigned from the Agency in February 2017 after more than a decade of service, citing the Trump Administration’s disregard for intelligence analysis. Prior to joining the CIA, Ned was an Associate at The Cohen Group, working under former Secretary of Defense William S. Cohen on a variety of public policy, non-profit, and business initiatives. He has also worked on several political campaigns.

He writes:

Within the pantheon of Trump administration scandals, the manufactured uproar over “unmasking” came and went quicker than most. It was last spring that White House officials, working in tandem with House intelligence committee Chairman Devin Nunes, laundered intelligence information in an effort to train Americans’ sights on a practice that is routine—if highly regulated—within our national security establishment.

The effort blew up in their faces. The House Ethics Committee opened an investigation into Nunes,  who partially recused himself from the Russia investigation. The White House staffer who oversaw the secret political operation has since been fired. Even prominent Republicans, including Richard Burr, the chairman of the Senate intelligence committee, have publicly distanced themselves from the affair.

All’s well that ends well, right?

Unfortunately, the episode’s most pernicious blowback may be yet to come. It now threatens to inflict collateral damage on one of the intelligence community’s most important tools, Section 702 of the FISA Amendments Act (FAA), which is up for congressional renewal this year. In its effort to distract from the Russia investigation while also tarnishing Obama administration officials, the current White House’s tactics may end up depriving our national security professionals of a tool they need to keep Americans safe.

First, some background on the legislation up for renewal. The intelligence community regards Section 702 as one of the most important tools in its arsenal because of what it enables: targeted surveillance of foreigners outside the United States. Identified U.S. citizens cannot be targeted under this authority. But without this law, national security professionals would need court authorization to, for example, read emails between two Syria-based terrorists communicating through U.S.-based platforms, such as Gmail or Yahoo. Among its many successes, intelligence officials say, this tool helped identify a terrorist constructing a suicide vest in Europe, disrupted a proliferation ring and thwarted a plot against U.S. forces in Afghanistan. That’s why the national security establishment has noted that a clean renewal of the FAA, with Section 702 fully intact, is its top legislative priority.

How exactly does Section 702 factor into the uproar surrounding alleged U.S. surveillance and unmasking of Trump campaign officials? The short answer is . . .

Continue reading.

Written by LeisureGuy

9 October 2017 at 12:39 pm

RT, Sputnik and Russia’s New Theory of War

leave a comment »

Also read “Will America finally wise up to the Russian media war on our democracy?“, by Sarah Posner in the Washington Post.

Jim Rutenberg writes in the NY Times:

Martin Steltner showed up at his office in the state courthouse building in western Berlin. Steltner, who has served for more than a dozen years as the spokesman for the Berlin state prosecutor, resembles a detective out of classic crime fiction: crisp suit, wavy gray hair and a gallows humor that comes with having seen it all. There was the 2009 case of the therapist who mistakenly killed two patients in an Ecstasy-infused session gone wrong. The Great Poker Heist of 2010, in which masked men stormed a celebrity-studded poker tournament with machetes and made off with a quarter-million dollars. The 2012 episode involving the Canadian porn star who killed and ate his boyfriend and then sent the leftovers home in the mail. Steltner embraced the oddball aspect of his job; he kept a picture of Elvis Presley on the wall of his office.

But even Steltner found the phone calls he received that morning confounding. They came from police officers from towns far outside Berlin, who reported that protests were erupting, seemingly out of nowhere, on their streets. “They are demonstrating — ‘Save our children,’ ‘No attacks from immigrants on our children’ and some things like that,” Steltner told me when I met him in Berlin recently.

The police were calling Steltner because this was ostensibly his office’s fault. The protesters were angry over the Berlin prosecutor’s supposed refusal to indict three Arab migrants who, they said, raped a 13-year-old girl from Berlin’s tight-knit Russian-German community.

Steltner, who would certainly have been informed if such a case had come up for prosecution, had heard nothing of it. He called the Berlin Police Department, which informed him that a 13-year-old Russian-German girl had indeed gone missing a week before. When she resurfaced a day later, she told her parents that three “Southern-looking men” — by which she meant Arab migrants — had yanked her off the street and taken her to a rundown apartment, where they beat and raped her.

But when the police interviewed the girl, whose name was Lisa, she changed her story. She had left home, it turned out, because she had gotten in trouble at school. Afraid of how her parents would react, she went to stay with a 19-year-old male friend. The kidnapping and gang rape, she admitted, never happened.

By then, however, the girl’s initial story was taking on a life of its own within the Russian-German community through word of mouth and Facebook — enough so that the police felt compelled to put out a statement debunking it. Then, over the weekend, Channel One, a Russian state-controlled news station with a large following among Russian-Germans, who watch it on YouTube and its website, ran a report presenting Lisa’s story as an example of the unchecked dangers Middle Eastern refugees posed to German citizens. Angela Merkel, it strongly implied, was refusing to address these threats, even as she opened German borders to hundreds of thousands of migrants. “According to Lisa’s parents,” the Channel One reporter said, “the police simply refuse to look for criminals.”

The following day in Berlin, Germany’s far-right National Democratic Party held a protest at a plaza in Marzahn, a heavily Russian neighborhood. The featured speaker was an adult cousin of Lisa’s, who repeated the original allegations while standing in front of signs reading “Stop Foreign Infiltration!” and “Secure Borders!” The crowd was tiny, not much more than a dozen people. But it was big enough to attract the attention of RT, Russia’s state-financed international cable network, which presents local-language newscasts in numerous countries, including Germany and the United States. A crew from the network’s video service, Ruptly, arrived with a camera. The footage was on YouTube that afternoon.

That same day, Sputnik, a brash Russian-government-run news and commentary site that models itself on BuzzFeed, ran a story raising allegations of a police cover-up. Lisa’s case was not isolated, Sputnik argued; other refugee rapists, it warned, might be running free. By the start of the following week, protests were breaking out in neighborhoods with large Russian-German populations, which is why the local police were calling Steltner. In multiple interviews, including with RT and Sputnik, Steltner reiterated that the girl had recanted the original story about the kidnapping and the gang rape. In one interview with the German media, he said that in the course of the investigation, authorities had found evidence that the girl had sex with a 23-year-old man months earlier, which would later lead to a sexual-abuse conviction for the man, whose sentence was suspended. But the original, unrelated and debunked story continued circulating, drawing the interest of the German mainstream media, which pointed out inconsistencies in the Russian reports. None of that stopped the protests, which culminated in a demonstration the following Saturday, Jan. 23, by 700 people outside the Chancellery, Merkel’s office. Ruptly covered that, too.

An official in the Merkel government told me that the administration was completely perplexed, at first. Then, a few days later, Russia’s foreign minister, Sergey Lavrov, held a news conference in Moscow. Bringing up Lisa’s story, he cast doubt on the official version of events. There was no way, he argued, that Lisa left home voluntarily. Germany, he suggested, was “covering up reality in a politically correct manner for the sake of domestic politics.” Two days later, RT ran a segment reporting that despite all the official denials, the case was “not so simple.” The Russian Embassy called Steltner and asked to meet, he told me. The German foreign ministry informed him that this was now a diplomatic issue.

The whole affair suddenly appeared a lot less mystifying. A realization took hold in the foreign ministry, the intelligence services and the Chancellery: Germany had been hit.

Officials in Germany and at NATO headquarters in Brussels view the Lisa case, as it is now known, as an early strike in a new information war Russia is waging against the West. In the months that followed, politicians perceived by the Russian government as hostile to its interests would find themselves caught up in media storms that, in their broad contours, resembled the one that gathered around Merkel. They often involved conspiracy theories and outright falsehoods — sometimes with a tenuous connection to fact, as in the Lisa case, sometimes with no connection at all — amplified until they broke through into domestic politics. In other cases, they simply helped promote nationalist, far-left or far-right views that put pressure on the political center. What the efforts had in common was their agents: a loose network of Russian-government-run or -financed media outlets and apparently coordinated social-media accounts.

After RT and Sputnik gave platforms to politicians behind the British vote to leave the European Union, like Nigel Farage, a committee of the British Parliament released a report warning that foreign governments may have tried to interfere with the referendum. Russia and China, the report argued, had an “understanding of mass psychology and of how to exploit individuals” and practiced a kind of cyberwarfare “reaching beyond the digital to influence public opinion.” When President Vladimir V. Putin of Russia visited the new French president, Emmanuel Macron, at the palace of Versailles in May, Macron spoke out about such influence campaigns at a news conference. Having prevailed weeks earlier in the election over Marine Le Pen — a far-right politician who had backed Putin’s annexation of Crimea and met with him in the Kremlin a month before the election — Macron complainedthat “Russia Today and Sputnik were agents of influence which on several occasions spread fake news about me personally and my campaign.” . . .

Continue reading.

I will point out that protecting us from such things is exactly the job of the government, and specifically the Executive Branch of the Federal government (now under President Donald Trump), and more specifically yet it’s the job of the FBI and the US military. Can they do their jobs? Apparently not, at least no so far, and of course the President is not going to push them to take on Russia—quite the contrary, as we have seen. So the Russians are getting an enormous payoff from their modest investment in tinkering with our election through propaganda. Of course, as the article observes, they’ve invested heavily in that area over several years and now are reaping the benefits of that experience and investment.

Written by LeisureGuy

13 September 2017 at 2:35 pm

Holy moly! UAE hacked Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials

leave a comment »

Karen DeYoung and Ellen Nakashima report in the Washington Post:

The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Officials became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation. The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done. The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.

The hacks and posting took place on May 24, shortly after President Trump completed a lengthy counterterrorism meeting with Persian Gulf leaders in neighboring Saudi Arabia and declared them unified.

Citing the emir’s reported comments, the Saudis, the UAE, Bahrain and Egypt immediately banned all Qatari media. They then broke relations with Qatar and declared a trade and diplomatic boycott, sending the region into a political and diplomatic tailspin that Secretary of State Rex Tillerson has warned could undermine U.S. counterterrorism efforts against the Islamic State. . .

Continue reading.

Tump took it all, hook, line, and sinker. Boy, is he easy to play! Mainly because he lacks most of a State Department and pays no attention to the one he has, plus being totally ignorant of history and foreign policy, and a moron to boot.

Written by LeisureGuy

16 July 2017 at 4:01 pm

It’s worse than we thought: A Cyberattack ‘the World Isn’t Ready For’

leave a comment »

Nicole Perlroth has a frightening report in the NY Times:

There have been times over the last two months when Golan Ben-Oni has felt like a voice in the wilderness.

On April 29, someone hit his employer, IDT Corporation, with two cyberweapons that had been stolen from the National Security Agency. Mr. Ben-Oni, the global chief information officer at IDT, was able to fend them off, but the attack left him distraught.

In 22 years of dealing with hackers of every sort, he had never seen anything like it. Who was behind it? How did they evade all of his defenses? How many others had been attacked but did not know it?

Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone who will listen at the White House, the Federal Bureau of Investigation, the New Jersey attorney general’s office and the top cybersecurity companies in the country to warn them about an attack that may still be invisibly striking victims undetected around the world.

(p>And he is determined to track down whoever did it.

“I don’t pursue every attacker, just the ones that piss me off,” Mr. Ben-Oni told me recently over lentils in his office, which was strewn with empty Red Bull cans. “This pissed me off and, more importantly, it pissed my wife off, which is the real litmus test.”

Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged computers at hospitals in England, universities in China, rail systems in Germany, even auto plants in Japan. No doubt it was destructive. But what Mr. Ben-Oni had witnessed was much worse, and with all eyes on the WannaCry destruction, few seemed to be paying attention to the attack on IDT’s systems — and most likely others around the world.

The strike on IDT, a conglomerate with headquarters in a nondescript gray building here with views of the Manhattan skyline 15 miles away, was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.

But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines.

Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack.

Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities.

An attack on those systems, they warn, could put lives at risk. And Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats of Deadmau5, the Canadian record producer, said he would not stop until the attacks had been shut down and those responsible were behind bars.

“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

And, he added, “The world isn’t ready for this.”

Targeting the Nerve Center . . .

Continue reading.

It gets worse. Later:

. . , No one he has spoken to knows whether they have been hit, but just this month, restaurants across the United States reported being hit with similar attacks that were undetected by antivirus systems. There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button.

Worse still, Mr. Ben-Oni said, “No one is running point on this.” . . .

Later:

. . . Last month, he personally briefed the F.B.I. analyst in charge of investigating the WannaCry attack. He was told that the agency had been specifically tasked with WannaCry, and that even though the attack on his company was more invasive and sophisticated, it was still technically something else, and therefore the F.B.I. could not take on his case.

The F.B.I. did not respond to requests for comment. . .

The US will be destroyed because of bureaucratic turf issues.

Written by LeisureGuy

22 June 2017 at 8:37 pm

Why are millennials more apt to leak government secrets?

leave a comment »

A very interesting column in the Washington Post by Malcolm Harris:

When the news broke of the latest national security leaker, it was obvious she was a millennial. Reality Winner is a 25-year-old veteran, a (now former) analyst for the defense contractor Pluribus International and a part-time yoga instructor. She is currently in federal custody, accused of sending a classified document about Russian hacks against a voting-software company to the Intercept, an online magazine. Three of the highest-profile leakers in recent years — Chelsea Manning, Edward Snowden and now Winner — were born between 1983 and 1993. Given that access to classified material is thought to belong to those who have proved their trustworthiness through their service, why do these leakers skew so young?

Without intending to, employers and policymakers have engineered a cohort of workers that is bound to yield leakers. An important part of our training for the 21st-century labor market has been an emphasis on taking initiative, hustling, finding ways to be useful, not waiting around for someone in charge to tell us what to do. In a Pew survey of young workers, a majority said they wanted to be the boss someday or already were. And if we can’t boss anyone else, we can at least boss ourselves. The gig-economy service Fiverr, for instance, recruits “doers” who “eat a coffee for lunch.” We are each of us a start-up of one, encouraged to develop and chase our values even if we don’t make much money. That’s usually a good situation for companies, which get ambitious employees (if we’re privileged enough to have that title) at basement rates as long as they’re able to make a thin claim or two about charity or sustainability. However, depending on an army of righteous, initiative-taking mercenaries does have its downsides when it comes to national security.

Niccolo Machiavelli’s counsel in “The Prince” that leaders would do well to avoid mercenaries is among the most respected nuggets of military wisdom, but for a crucial part of the millennial life cycle, the government actually sold us on the individualistic slogan “An Army of One .” Although the Army ditched the phrase in 2006, the military’s pitch to young people has continued to be that they can build job skills first and serve their country second. Winner seems to have listened well; according to her mother, she joined the Air Force after high school and trained as a linguist. When she was discharged last year, she left with an uncommon set of languages for a Texan: Pashto, Farsi and Dari. With a security clearance from her military job as a cryptologic language analyst, Winner was able to get a position at Pluribus International, where analysts make about $70,000 a year — about twice the U.S. average for workers without college degrees. Winner is a millennial success story, and she’d be a hell of a poster woman for national service if she weren’t in a cement cage somewhere.

One of the reasons Machiavelli advised against using mercenaries is that it’s a no-win situation: Either they’re not competent, or if they are, they’ll substitute their own judgment and goals for their leader’s. Snowden was so efficient at his cybersecurity job that his bosses at Booz Allen Hamilton’s Hawaii office were content to give him the run of the place, and since the government trusted his bosses, the National Security Agency was, in a very real way, relying on him. It’s the kind of mistake that will keep happening because it’s unavoidable. What kind of boss can resist a brilliant young worker who doesn’t need instruction? At a cybersecurity conference, Snowden’s former supervisor Steven Bay explained that the recruit blew away his interview, and with the paucity of technical talent in Hawaii, Booz Allen felt lucky to have him.

Employee loyalty is a two-way street, and for millennials, traffic has slowed to a crawl. Companies are investing less in workers. “Among the reasons cited for this,” according to the Wharton business school: “the recession, during which companies laid off huge swaths of their employees with little regard for loyalty or length of service; a whittling away of benefits, training and promotions for those who remain; and a generation of young millennials (ages 15 to 30) who have a different set of expectations about their careers, including the need to ‘be their own brand.’ ” In a nomadic world, one of the casualties is a decreasing sense of commitment to the organization.

Wharton management professor Adam Cobb says that over the past 30 years, the trend in business has been to have more risks shouldered by workers instead of companies. That means firms would rather hire an applicant like Snowden or Winner who already has high-value skills that someone else paid to develop. For employers, it’s a bargain, but it comes at a price: “If I’m an employee,” Cobb says, “that’s a signal to me that I’m not going to let firms control my career.” It would be uncharacteristic of millennials to sit loyally until our bosses don’t need us anymore; we’re proactive.

Since we can’t get too attached to particular employers, millennials are encouraged by baby-boomer-run institutions to find internal motivation, to live out our values through our frequent employment choices, and we’ve heard them loud and clear. A study of college-educated millennials from Bentley University’s Center for Women and Business found that they were unwilling to “tolerate unpleasant workplaces that do not allow them to be their authentic selves in expressing their personal and family values” and that “they will seek other options, such as starting their own companies, if they cannot find workplaces that accommodate their personal values.”

Lots of firms try to look like they’re doing good in the world, in line with millennial values. Facebook isn’t an ad company; it connects the world! Uber isn’t a cab company; it liberates moms to make money in their off hours! But when firms act contrary to their rosy recruiting copy, workers who weren’t disposed to be loyal in the first place might find another way to live out their values. In February 2016, Yelp employee Talia Jane wrote a long Medium post about how the company was paying insufficient wages to its customer service representatives. She was fired — and pilloried in the media as just another entitled millennial who wanted things handed to her. But a couple of months later, Yelp raised wages by $1.75 an hour and gave Jane’s former co-workers an annual 26 paid days off. Many large labor actions have achieved less.

Leaks have higher stakes, but when it comes to influencing American politics, what are defense contractors supposed to do — wait a couple of years to vote again? A 2016 poll by the Economic Innovation Group found that 72 percent of millennials had low confidence in the federal government. . . .

Continue reading.

Companies are finding that abandoning loyalty to their employees is a two-edged sword.

Written by LeisureGuy

11 June 2017 at 7:24 am

%d bloggers like this: