Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘NSA’ Category

Most lawyers don’t understand cryptography. So why do they dominate tech policy debates?

leave a comment »

Henry Farrell writes in the Washington Post:

On Wednesday, the Trump administration appointed the renowned computer science professor Ed Felten to the Privacy and Civil Liberties Oversight Board (PCLOB). This is the first time that a nonlawyer has been appointed to the board, even though it has oversight responsibilities for a variety of complex technological issues.
The bias toward lawyers reflects a more general problem in the U.S. government. Lawyers dominate debates over privacy and technology policy, and people who have a deep understanding of the technological questions surrounding complex questions, such as cryptography, are often shut out of the argument.
Some days ago, I interviewed Timothy Edgar, who served as the intelligence community’s first officer on civil liberties and is the author of the book “Beyond Snowden: Privacy, Mass Surveillance, and the Struggle to Reform the NSA,” about the reasons government policymaking isn’t as open to technological expertise as it ought to be.
The U.S. policy debate over surveillance mostly overlooks the ways in which cryptography could assure the privacy of data collected by the NSA and other entities. What broad benefits does cryptography offer?
When people think about cryptography, they mostly think about encrypting data and communications, like emails or instant messages, but modern cryptography offers many more capabilities. Today’s debate over surveillance ignores some of the ways these capabilities might allow the public to have the best of both worlds: robust intelligence collection with ironclad, mathematically rigorous privacy guarantees.
The problem is that many of these capabilities are counterintuitive. They seem like magic to those who are not aware of how cryptography has advanced over the past two decades. Because policymakers may not be aware of these advances, they view intelligence collection and privacy as a zero-sum game: more of one necessarily requires less of the other — but that’s a false trade-off.
Which specific techniques have cryptographers developed that could be applied to collected data?
Probably the most promising technology for ensuring the privacy of data that intelligence agencies are collecting is called encrypted search, something that my colleague at Brown, Prof. Seny Kamara, has helped pioneer. Imagine a large database that an intelligence agency like the NSA would like to query. The vast, vast majority of the data is irrelevant: It belongs to people that intelligence analysts should not be able to monitor. Of course, the agency could formulate queries and submit them to whoever owns the database, perhaps a telecommunications company or a digital services provider. But what if the agency is worried that its queries will reveal too much about its sensitive operations, and is not willing to take the chance that this information will leak?
Without encrypted search, the scenario I just outlined is a classic trade-off. Of course, the intelligence agency could simply forgo its queries, but if the stakes are too high — maybe the agency is trying to prevent a devastating terrorist attack — it could decide instead to engage in a highly intrusive intelligence practice called bulk collection. Bulk collection means the agency collects the entire database, including all the irrelevant information, hopefully with legal or policy safeguards to prevent abuse. Following the Snowden revelations in 2013, bulk collection of domestic data was reformed, but it remains an option when the NSA collects data outside the United States, even if that data includes communications with Americans.
Encrypted search allows us to do much better than this. The entire database is encrypted in a way that allows the intelligence agency to pose specific queries, which are also encrypted. Policymakers can decide what kinds of queries are appropriate. There are mathematically rigorous guarantees that ensure 1) the intelligence agency may only pose permissible queries, 2) the agency only receives the answers to those queries and does not receive any other data, and 3) the company will not learn what queries the agency has posed, offering the agency security for its operations.
Why is it that lawyers, rather than technologists, seem to dominate U.S. policy debates over technically complex subjects like surveillance and cryptography?
Lawyers have been dominating debates in the United States since at least the days when the French writer Alexis de Tocqueville wrote “Democracy in America” in 1831. De Tocqueville describes lawyers as occupying a place in American society similar to the aristocracies of Europe. If we examine just how many members of Congress, senior government officials and even business leaders are drawn from the legal profession today, it appears that little has changed in this regard in the subsequent two centuries. Lawyers tend to be verbal and overconfident [and thus are vulnerable to the Dunning-Kruger effect – LG]. Computer scientists are more prone to be reserved and even introverted.
The failure of lawyers and technologists to communicate well led the NSA to make some serious mistakes in the domestic bulk collection programs it was running until 2015, when they were reformed in the aftermath of the Snowden revelations. It has also, unfortunately, impeded the deployment of technologically based alternatives to intrusive intelligence programs.
Is this changing, and if it is changing, is it changing for the better or the worse? . . .

Continue reading.

Written by LeisureGuy

16 March 2018 at 1:25 pm

Trump’s refusal to protect our election system suggests corrupt motives

leave a comment »

Jennifer Rubin writes in the Washington Post:

The Post reports:

For months, it’s been acknowledged — often quietly — that the Trump administration isn’t doing much to deter further Russian interference in U.S. elections. The Washington Post reported extensively in December about how President Trump doesn’t even like to talk about Russian interference — much less act to prevent it — and White House press secretary Sarah Huckabee Sanders struggled last week to name concrete steps he had taken.

But we may have just seen our most high-profile admission yet that the U.S. government is asleep at the wheel — from the government itself.

Adm. Michael S. Rogers, the head of the National Security Agency and U.S. Cyber Command, made some pretty blunt statements Tuesday to the Senate Armed Services Committee. Rogers acknowledged that Russian President Vladimir Putin probably believes he’s paid “little price” for the interference and thus hasn’t stopped. He also said flatly that Trump has not granted him any new authorities to strike at Russian cyber-operations.

This was not new information, but it was delivered with extraordinary bluntness and a smidgen of frustration with Trump’s lack of urgency. (“When combined with his saying ‘we’re probably not doing enough’ and that Putin hasn’t paid enough of a price to change his behavior, it’s clear that Rogers sees something missing from the effort to prevent a repeat: willpower.”)

On the Senate floor today, Sen. Charles E. Schumer (D-N.Y.), the minority leader, blasted the president: “According to several reports, Kremlin-linked bots continue to stoke political divisions in the U.S. via misinformation on social media. . . . [Rogers] is absolutely right. It is extraordinary, confounding, and dangerous, how little the Trump Administration is doing about Putin’s campaign to undermine our grand democracy,” he said.

The Democratic leader continued:

“President Trump refused to punish Putin after he took office, despite the consensus view of 17 American Intelligence Agencies that Putin interfered in our elections. President Trump has still refused to fully implement the package of sanctions that passed by this Congress with only five dissenting votes combined between both House and Senate. . . .

A hostile foreign power interfered in our elections, continues to interfere with our democracy, and is planning to interfere in our next elections — and the president of the United States is hardly lifting a finger. It’s as if they were preparing for war and tanks were lining up or planes and we decided to do nothing. Cyberattacks, manipulation of news media is another way that hostile powers attack us.”

He concluded with this statement: “People have to wonder why President Trump is so soft on Russia, so unwilling to criticize President Putin, and so slow to stand up for America and protect our democracy.”

Actually, we need not wonder. Trump should provide an explanation. Congress — the four leaders in the House and Senate — can write a joint letter. They can, in the course of oversight, ask senior intelligence officials whether they have requested additional authority, and whether they can explain the president’s inactivity. And finally, the Senate can refuse to confirm additional nominees for national-security posts unless and until the president presents a complete plan to defend our election process and to root out Russian manipulation of social media.

Trump might have any number of reasons for refusing to proceed. First, he really, really doesn’t want to acknowledge just how much effort the Russians — on his behalf — have put in their plan to destabilize our democracy.

Second, he might fear Putin’s wrath, maybe a revelation of embarrassing information, if he acts to intensify sanctions or to address election interference. This would be consistent with the theory that there was either an explicit or implicit quid pro quo arrangement between Russia and the Trump team. Just to be clear, this has not yet be proven. However, sometimes the best evidence is the proverbial dog that does not bark.

Finally, it may be that Trump, fearing huge losses for the Republicans, shares Putin’s aim to cast doubt on the credibility of our elections. Perhaps he wants to sow doubt about the legitimacy of the Democratic victories he anticipates, thereby undermining the legitimacy of any Democrat-led impeachment proceeding. This would be a horrible repudiation of his oath of office, and a sign that he is sabotaging a core tenet of our democracy — free and fair elections — for personal gain. But let’s not forget he did precisely this during the run-up to the 2016 election, suggesting that if he lost he might not accept the results.

Maybe there are more benign explanations for Trump’s actions, but the onus is on him to explain why he’s neglecting his duties. And if there is  . . .

Continue reading.

Written by LeisureGuy

28 February 2018 at 4:56 pm

New Report Says Dutch Have Absolute Proof Russia Was Behind 2016 Election Hacking

leave a comment »

Kevin Drum writes in Mother Jones:

The Dutch newspaper de Volkskrant (“The People’s Paper”) has quite the intriguing story today. Apparently AIVD, the Dutch equivalent of the CIA, broke into the computer systems of a nondescript building in Moscow a few years ago. They had no idea what was there, but eventually they figured it out. It was the workplace of Cozy Bear, Russia’s most infamous hacking group:

That’s how the AIVD becomes witness to the Russian hackers harassing and penetrating the leaders of the Democratic Party, transferring thousands of emails and documents. It won’t be the last time they alert their American counterparts. And yet, it will be months before the United States realize what this warning means: that with these hacks the Russians have interfered with the American elections. And the AIVD hackers have seen it happening before their very eyes.

….The Cozy Bear hackers are in a space in a university building near the Red Square. The group’s composition varies, usually about ten people are active. The entrance is in a curved hallway. A security camera records who enters and who exits the room. The AIVD hackers manage to gain access to that camera. Not only can the intelligence service now see what the Russians are doing, they can also see who’s doing it. Pictures are taken of every visitor. In Zoetermeer, these pictures are analyzed and compared to known Russian spies.

….Access to Cozy Bear turns out to be a goldmine for the Dutch hackers. For years, it supplies them with valuable intelligence about targets, methods and the interests of the highest ranking officials of the Russian security service [which they share with the United States]….In return, the Dutch are given knowledge, technology and intelligence. According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack.

de Volkskrant says the Dutch are pretty pissed off that our intelligence services, in an effort to prove that Russia really did interfere with the US election, have repeatedly bragged about the remarkable efforts of a “Western ally.” However, the details in this story come from both American and Dutch sources, so apparently there are at least a few folks in the Netherlands who figure they might as well brag about it themselves now that the operation is over.

If all this is true, the primary sources for . . .

Continue reading.

Written by LeisureGuy

26 January 2018 at 10:21 am

Google’s true origin partly lies in CIA and NSA research grants for mass surveillance

leave a comment »

Jeff Nesbit, former director of legislative and public affairs, National Science Foundation, writes in Quartz:

Two decades ago, the US intelligence community worked closely with Silicon Valley in an effort to track citizens in cyberspace. And Google is at the heart of that origin story. Some of the research that led to Google’s ambitious creation was funded and coordinated by a research group established by the intelligence community to find ways to track individuals and groups online.

The intelligence community hoped that the nation’s leading computer scientists could take non-classified information and user data, combine it with what would become known as the internet, and begin to create for-profit, commercial enterprises to suit the needs of both the intelligence community and the public. They hoped to direct the supercomputing revolution from the start in order to make sense of what millions of human beings did inside this digital information network. That collaboration has made a comprehensive public-private mass surveillance state possible today.

The story of the deliberate creation of the modern mass-surveillance state includes elements of Google’s surprising, and largely unknown, origin. It is a somewhat different creation story than the one the public has heard, and explains what Google cofounders Sergey Brin and Larry Page set out to build, and why.

But this isn’t just the origin story of Google: It’s the origin story of the mass-surveillance state, and the government money that funded it.

Backstory: The intelligence community and Silicon Valley

In the mid 1990s, the intelligence community in America began to realize that they had an opportunity. The supercomputing community was just beginning to migrate from university settings into the private sector, led by investments from a place that would come to be known as Silicon Valley.

A digital revolution was underway: one that would transform the world of data gathering and how we make sense of massive amounts of information. The intelligence community wanted to shape Silicon Valley’s supercomputing efforts at their inception so they would be useful for both military and homeland security purposes. Could this supercomputing network, which would become capable of storing terabytes of information, make intelligent sense of the digital trail that human beings leave behind?

Answering this question was of great interest to the intelligence community.

Intelligence-gathering may have been their world, but the Central Intelligence Agency (CIA) and the National Security Agency (NSA) had come to realize that their future was likely to be profoundly shaped outside the government. It was at a time when military and intelligence budgets within the Clinton administration were in jeopardy, and the private sector had vast resources at their disposal. If the intelligence community wanted to conduct mass surveillance for national security purposes, it would require cooperation between the government and the emerging supercomputing companies.

To do this, they began reaching out to the scientists at American universities who were creating this supercomputing revolution. These scientists were developing ways to do what no single group of human beings sitting at work stations in the NSA and the CIA could ever hope to do: gather huge amounts of data and make intelligent sense of it.

A rich history of the governments science funding

There was already a long history of collaboration between America’s best scientists and the intelligence community, from the creation of the atomic bomb and satellite technology to efforts to put a man on the moon.

In fact, the internet itself was created because of an intelligence effort: In the 1970s, the agency responsible for developing emerging technologies for military, intelligence, and national security purposes—the Defense Advanced Research Projects Agency (DARPA)—linked four supercomputers to handle massive data transfers. It handed the operations off to the National Science Foundation (NSF) a decade or so later, which proliferated the network across thousands of universities and, eventually, the public, thus creating the architecture and scaffolding of the World Wide Web.

Silicon Valley was no different. By the mid 1990s, the intelligence community was seeding funding to the most promising supercomputing efforts across academia, guiding the creation of efforts to make massive amounts of information useful for both the private sector as well as the intelligence community.

They funded these computer scientists through an unclassified, highly compartmentalized program that was managed for the CIA and the NSA by large military and intelligence contractors. It was called the Massive Digital Data Systems (MDDS) project. . .

Continue reading. There’s a lot more, and it is both interesting and disturbing.

Written by LeisureGuy

15 December 2017 at 10:17 am

NSA Secretly Helped Convict Defendants In U.S. Courts, Classified Documents Reveal

leave a comment »

Trevor Aaronson reports in The Intercept:

Fazliddin Kurbanov is a barrel-chested man from Uzbekistan who came to the United States in 2009, when he was in his late 20s. A Christian who had converted from Islam, Kurbanov arrived as a refugee and spoke little English. Resettled in Boise, Idaho, he rented an apartment, worked odd jobs, and was studying to be a truck driver.

But about three years after entering the U.S., around the time he converted back to Islam, Kurbanov was placed under FBI surveillance. According to emails and internet chat logs obtained by the government, Kurbanov was disgusted by having seen Americans burn the Quran and by reports that an American soldier had tried to rape a Muslim girl. “My entire life, everything, changed,” Kurbanov wrote in a July 31, 2012 email.

After the FBI assigned one informant to live with him and another informant to attend his truck-driving school, Kurbanov was arrested in May 2013. Prosecutors accused him of providing material support to the Islamic Movement of Uzbekistan and possessing bomb-making materials.

During Kurbanov’s trial, the government notified him that his conversations with an alleged Islamic Movement of Uzbekistan associate based in Pakistan had been intercepted. The spying, federal prosecutors said, had been authorized under the Foreign Intelligence Surveillance Act of 1978, which regulates the monitoring of agents of foreign governments and terrorist organizations. Kurbanov was convicted at trial and sentenced to 25 years in prison, after which he’ll be deported to Uzbekistan. He is an apparent success story for U.S. counterterrorism officials. If there was any doubt about Kurbanov’s propensity for violence, he eliminated it by stabbing a prison warden in California, an act for which he is now facing additional charges.

But Justice Department lawyers gained their conviction against Kurbanov after failing to disclose a legally significant fact: Kurbanov’s conversations with his alleged terrorist associate had been captured through PRISM, a National Security Agency mass surveillance program whose existence was revealed in documents provided by whistleblower Edward Snowden. Under PRISM, the government obtains communications directly from at least eight large technology companies without the need for warrants, a type of practice authorized in 2008, when Congress provided new surveillance powers under FISA.

While traditional FISA authority permits spying on a particular person or group through warrants issued by the secret Foreign Intelligence Surveillance Court, under the new powers, codified in FISA Section 702, monitoring is approved in bulk by the court through what is essentially a recipe for mass surveillance. Once approved, such a recipe can be used against thousands of targets. Under Section 702 authority, the NSA is currently monitoring digital communications of more than 100,000 people; it swept up an estimated 250 million internet communications each year as of a 2011 Foreign Intelligence Surveillance Court opinion. The FBI frequently searches Section 702 databases when it opens national security and domestic criminal “assessments,” precursors to full investigations.

According to a slide in an NSA presentation, provided by Snowden and published for the first time today by The Intercept, the interception of Kurbanov’s conversations was a “Reporting Highlight” for PRISM. The document indicates that the NSA captured Kurbanov’s Skype conversations from October 2012 through April 2013, roughly the same period the FBI was investigating him with undercover informants. It further details how an NSA unit in April 2013 issued a report describing “how Kurbanov believed he was under surveillance (which he is by the FBI) but was cautiously continuing his work, which was not specified — could be raising money for the IMU or explosive testing.” The alleged terrorist associate with whom Kurbanov was communicating “wanted Kurbanov to set this work in motion, probably related to sending money back to the IMU,” the document added.

The government is obligated to disclose to criminal defendants when information against them originates from Section 702 reporting, but federal prosecutors did not do so in Kurbanov’s case. In fact, when Kurbanov’s lawyers demanded disclosure of FISA-related evidence and the suppression of that evidence, Attorney General Eric Holder asserted national security privilege, claiming in a declaration that disclosure of FISA information would “harm the national security of the United States.” Kurbanov’s lawyer, Chuck Peterson, declined to comment about the government’s use of Section 702 surveillance against his client.

Kurbanov does not appear to be the only defendant kept in the dark about how warrantless surveillance was used against him. A nationwide review of federal court records by The Intercept found that of 75 terrorism defendants notified of some type of FISA spying since Section 702 became law, just 10 received notice of Section 702 surveillance. And yet Section 702 was credited with “well over 100 arrests on terrorism-related offenses” in a July 2014 report from the Privacy and Civil Liberties Oversight Board, the federal entity created to oversee intelligence authorities granted in the wake of the 9/11 attacks. Additional documents from Snowden, previously unpublished and dated before the Kurbanov case, provide further examples of how NSA intelligence repeatedly played an undisclosed role in bringing accused terrorists to trial in U.S. courts over the past decade and a half. They also reveal an instance in which the NSA incorrectly identified a U.S. citizen as a foreign target of a FISA warrant.

Civil liberties advocates have long suspected that the Justice Department is underreporting Section 702 cases in order to limit court challenges to the controversial law. . .

Continue reading.

This article is the seventh in a series that The Intercept has been publishing. The full list to date:

Part 1: More Than 400 People Convicted of Terrorism in the U.S. Have Been Released Since 9/11

Part 2: Terrorism Defendants With Concrete Ties to Violent Extremists Leverage Their Connections to Avoid Prison

Part 3: FBI Stings Zero In on ISIS Sympathizers. Few Have Terrorist Links.

Part 4: The Government’s Own Data Shows Country of Origin Is a Poor Predictor of Terrorist Threat

Part 5: The U.S. Has Released 417 Alleged Terrorists Since 9/11. The Latest Owned an Islamic Bookstore.

Part 6: The FBI Pressured a Lonely Young Man Into a Bomb Plot. He Tried to Back Out. Now He’s Serving Life in Prison.

Part 7: NSA Secretly Helped Convict Defendants in U.S. Courts, Classified Documents Reveal

Written by LeisureGuy

2 December 2017 at 11:05 am

An absolute must-read: What Exactly Does The Steele Dirty Russian Dossier On Trump Contain?

leave a comment »

John Sipher is

a Director of Customer Success at CrossLead, a software and consulting firm. He retired in 2014 after a 28-year career in the CIA’s National Clandestine Service. having served as a member of the CIA’s Senior Intelligence Service.

He writes in Newsweek:

This article first appeared on Just Security.

Recent revelations of Trump campaign connections to Russia have revived interest in the so-called Steele Dossier.

The dossier is composed of a batch of short reports produced between June and December 2016 by Orbis International, a London-based firm specializing in commercial intelligence for government and private-sector clients.

The collection of Orbis reports caused an uproar when it was published online by the US website BuzzFeed, just ten days before Donald Trump’s inauguration.

Taken together, the series of reports painted a picture of active collusion between the Kremlin and key Trump campaign officials based on years of Russian intelligence work against Trump and some of his associates. This seemed to complement general statements from US intelligence officials about Russia’s active efforts to undermine the US election.

The greatest attention was paid to the first report, which conveyed salacious claims about Trump consorting with prostitutes in Moscow in 2013. Trump himself publicly denied the story, while Trump associates denied reported details about their engagement with Russian officials.

A lot of ink and pixels were also spent on the question whether it was appropriate for the media to publish the dossier. The furor quickly passed, the next news cycle came, and the American media has been largely reluctant to revisit the report over the months since.

Almost immediately after the dossier was leaked, media outlets and commentators pointed out that the material was unproven. News editors affixed the terms “unverified” and “unsubstantiated” to all discussion of the issue in the responsible media.

Political supporters of President Trump simply tagged it as “fake news.” Riding that wave, even legendary Washington Post reported Bob Woodward characterized the report as “garbage.”

For professional investigators, however, the dossier is by no means a useless document. Although the reports were produced episodically, almost erratically, over a five-month period, they present a coherent narrative of collusion between the Kremlin and the Trump campaign.

As a result, they offer an overarching framework for what might have happened based on individuals on the Russian side who claimed to have insight into Moscow’s goals and operational tactics. Until we have another more credible narrative, we should do all we can to examine closely and confirm or dispute the reports.

Many of my former CIA colleagues have taken the Orbis reports seriously since they were first published. This is not because they are not fond of Trump (and many admittedly are not), but because they understand the potential plausibility of the reports’ overall narrative based on their experienced understanding of both Russian methods, and the nature of raw intelligence reporting.

Immediately following the BuzzFeed leak, one of my closest former CIA colleagues told me that he recognized the reports as the obvious product of a former Secret Intelligence Service (SIS) officer, since the format, structure, and language mirrored what he had seen over a career of reading SIS reports provided to CIA in liaison channels.

He and others withheld judgment about the veracity of the reports, but for the reasons I outline further below they did not reject them out of hand. In fact, they were more inclined for professional reasons to put them in the “trust but verify” category.

So how should we unpack the so-called Steele dossier from an intelligence perspective?

I spent almost thirty years producing what CIA calls “raw reporting” from human agents. At heart, this is what Orbis did.

They were not producing finished analysis, but were passing on to a client distilled reporting that they had obtained in response to specific questions. The difference is crucial, for it is the one that American journalists routinely fail to understand.

When disseminating a raw intelligence report, an intelligence agency is not vouching for the accuracy of the information provided by the report’s sources and/or sub-sources. Rather it is claiming that it has made strenuous efforts to validate that it is reporting accurately what the sources/sub-sources claim has happened.

The onus for sorting out the veracity and for putting the reporting in context against other reporting – which may confirm or deny the new report – rests with the intelligence community’s professional analytic cadre.

In the case of the dossier, Orbis was not saying that everything that it reported was accurate, but that it had made a good-faith effort to pass along faithfully what its identified insiders said was accurate. This is routine in the intelligence business. And this form of reporting is often a critical product in putting together more final intelligence assessments.

In this sense, the so-called Steele dossier is not a dossier at all. A dossier suggests a summary or case history. Mr. Steele’s product is not a report delivered with a bow at the end of an investigation. Instead, it is a series of contemporaneous raw reports that do not have the benefit of hindsight.

Among the unnamed sources are “a senior Russian foreign ministry official,” “a former top-level intelligence officer still active inside the Kremlin,” and “a close associate of Republican U.S. presidential candidate Donald Trump.”

Thus, the reports are not an attempt to connect the dots, but instead an effort to uncover new and potentially relevant dots in the first place.

What’s most relevant in the Orbis reports?

Let me illustrate what the reports contain by unpacking the first and most notorious of the seventeen Orbis reports, and then move to some of the other ones.

The first 2½ page report was dated June 20, 2006 and entitled “Company Intelligence Report 2016/080.” It starts with several summary bullets, and continues with additional detail attributed to sources A-E and G (there may be a source F but part of the report is blacked out).

The report makes a number of explosive claims, all of which at the time of the report were unknown to the public.

Among other assertions, three sources in the Orbis report describe a multi-year effort by Russian authorities to cultivate, support and assist Donald Trump.

According to the account, the Kremlin provided Trump with intelligence on his political primary opponents and access to potential business deals in Russia.

Perhaps more importantly, Russia had offered to provide potentially compromising material on Hillary Clinton, consisting of bugged conversations during her travels to Russia, and evidence of her viewpoints that contradicted her public positions on various issues.

The report also alleged that the internal Russian intelligence service (FSB) had developed potentially compromising material on Trump, to include details of “perverted sexual acts” which were arranged and monitored by the FSB.

Specifically, the compromising material, according to this entry in the report, included an occasion when Trump hired the presidential suite at a top Moscow hotel which had hosted President and Mrs. Obama, and employed prostitutes to defile the bed where the President had slept.

Four separate sources also described “unorthodox” and embarrassing behavior by Trump over the years that the FSB believed could be used to blackmail the then presidential candidate.

The report stated that Russian President Putin was supportive of the effort to cultivate Trump, and the primary aim was to sow discord and disunity within the U.S. and the West. The dossier of FSB-collected information on Hillary Clinton was managed by Kremlin chief spokesman Dimitry Peskov.

Subsequent reports provide additional detail about the conspiracy, which includes information about cyber-attacks against the U.S. They allege that Paul Manafort managed the conspiracy to exploit political information on Hillary Clinton in return for information on Russian oligarchs outside Russia, and an agreement to “sideline” Ukraine as a campaign issue.

Trump campaign operative Carter Page is also said to have played a role in shuttling information to Moscow, while Trump’s personal lawyer, Michael Cohen, reportedly took over efforts after Manafort left the campaign, personally providing cash payments for Russian hackers.

In one account, Putin and his aides expressed concern over kick-backs of cash to Manafort from former Ukrainian President Viktor Yanukovych, which they feared might be discoverable by U.S. authorities. The Kremlin also feared that the U.S. might stumble onto the conspiracy through the actions of a Russian diplomat in Washington, Mikhail Kalugin, and therefore had him withdrawn, according to the reports.

By late fall 2016, the Orbis team reported that a Russian-supported company had been “using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Hackers recruited by the FSB under duress were involved in the operations.

According to the report, Carter Page insisted that payments be made quickly and discreetly, and that cyber operators should go to ground and cover their tracks.

Assessing the Orbis reports

What should be made of these leaked reports with unnamed sources on issues that were deliberately concealed by the participants?

Honest media outlets have reported on subsequent events that appear to be connected to the reports, but do not go too far with their analysis, concluding still that the dossier is unverified.

Almost no outlets have reported on the salacious sexual allegations, leaving the public with very little sense as to whether the dossier is true, false, important or unimportant in that respect.

While the reluctance of the media to speculate as to the value of the report is understandable, professional intelligence analysts and investigators do not have the luxury of simply dismissing the information.

They instead need to do all they can to put it into context, determine what appears credible, and openly acknowledge the gaps in understanding so that collectors can seek additional information that might help make sense of the charges.

Step One: Source Validation

In the intelligence world, we always begin with source validation, focusing on what intelligence professionals call “the chain of acquisition.” In this case we would look for detailed information on (in this order) Orbis, Steele, his means of collection (e.g., who was working for him in collecting information), his sources, their sub-sources (witting or unwitting), and the actual people, organizations and issues being reported on.

Intelligence methodology presumes that perfect information is never available, and that the vetting process involves cross-checking both the source of the information as well as the information itself. There is a saying among spy handlers, “vet the source first before attempting to vet the source’s information.”

Information from human sources (the spies themselves) is dependent on their distinct access to information, and every source has a particular lens. Professional collectors and debriefing experts do not elicit information from a source outside of the source’s area of specific access. They also understand that inaccuracies are inevitable, even if the source is not trying to mislead.

The intelligence process is built upon a feedback cycle that corroborates what it can, and then goes back to gather additional information to help build confidence in the assessment. The process is dispassionate, unemotional, professional and never ending.

Faced with the raw reports in the Orbis document, how might an intelligence professional approach the jumble of information?

The first thing to examine is Christopher Steele, the author of the reports, and his organization Orbis International. Are they credible?

Steele was the President of the Cambridge Union at university, and was a career British intelligence officer with service in Moscow, Paris and Afghanistan prior to work as the head of the Russia desk at British intelligence HQS.

While in London he worked as the personal handler of Russian defector Alexander Litvinenko. He was a respected professional who had success in some of the most difficult intelligence environments.

He retired from SIS in 2009 and started Orbis Business Intelligence along with a former colleague. Prior to his work on the Russian dossier for Orbis, he was best known for his investigation of the world soccer association (FIFA), which provided direct support to the FBI’s successful corruption case.

Steele and Orbis were also known for assisting various European countries in understanding Russian efforts to meddle in their affairs.

Like any private firm, Orbis’s ability to remain in business relies on its track record of credibility. Success for Steele and his colleagues depends on his integrity, reliability, and the firm’s reputation for serious work. In this regard, Steele is putting his reputation and his company’s continued existence on the line with each report.

Yes, as with anyone operating in the murky world of intelligence, he could be duped. Nonetheless, his reputation for handling sensitive Russian espionage operations over the years suggests that he is security conscious and aware of Russian counterintelligence and disinformation efforts.

His willingness to share his work with professional investigative agencies such as the FBI and the British Security Service also suggest that he is comfortable opening his work to scrutiny, and is seen as a serious partner by the best in the business.

The biggest problem with confirming the details of the Steele “dossier” is obvious: we do not know his sources, other than via the short descriptions in the reports.

In CIA’s clandestine service, we spent by far the bulk of our work finding, recruiting and validating sources. Before we would ever consider disseminating an intelligence report, we would move heaven and earth to understand the access, reliability, trustworthiness, motivation and dependability of our source.

We believe it is critical to validate the source before we can validate the reliability of the source’s information.

How does the source know about what he/she is reporting? How did the source get the information? Who are his/her sub-sources? What do we know about the sub-sources? Why is the source sharing the information? Is the source a serious person who has taken appropriate measures to protect their efforts?

One clue as to the credibility of the sources in these reports is that Steele shared them with the FBI. The fact that the FBI reportedly sought to work with him and to pay him to develop additional information on the sources suggest that at least some of them were worth taking seriously.

At the very least, the FBI will be able to validate the credibility of the sources, and therefore better judge the information. As one recently retired senior intelligence officer with deep experience in espionage investigations quipped,

I assign more credence to the Steele report knowing that the FBI paid him for his research. From my experience, there is nobody more miserly than the FBI. If they were willing to pay Mr. Steele, they must have seen something of real value.

Step Two: Assessing the Substantive Content . . .

Continue reading. There’s a lot more, very precisely and thoroughly done.

Written by LeisureGuy

28 October 2017 at 2:13 pm

How Israel Caught Russian Hackers Scouring the World for U.S. Secrets

leave a comment »

Nicole Pearlroth and Scott Shane report in the NY Times:

It was a case of spies watching spies watching spies: Israeli intelligence officers looked on in real time as Russian government hackers searched computers around the world for the code names of American intelligence programs.

What gave the Russian hacking, detected more than two years ago, such global reach was its improvised search tool — antivirus software made by a Russian company, Kaspersky Lab, that is used by 400 million people worldwide, including by officials at some two dozen American government agencies.

The Israeli officials who had hacked into Kaspersky’s own network alerted the United States to the broad Russian intrusion, which has not been previously reported, leading to a decision just last month to order Kaspersky software removed from government computers.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules.

Like most security software, Kaspersky Lab’s products require access to everything stored on a computer in order to scour it for viruses or other dangers. Its popular antivirus software scans for signatures of malicious software, or malware, then removes or neuters it before sending a report back to Kaspersky. That procedure, routine for such software, provided a perfect tool for Russian intelligence to exploit to survey the contents of computers and retrieve whatever they found of interest.

The National Security Agency and the White House declined to comment for this article. The Israeli Embassy declined to comment, and the Russian Embassy did not respond to requests for comment.

The Wall Street Journal reported last week that Russian hackers had stolen classified N.S.A. materials from a contractor using the Kaspersky software on his home computer. But the role of Israeli intelligence in uncovering that breach and the Russian hackers’ use of Kaspersky software in the broader search for American secrets have not previously been disclosed.

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”

The Kaspersky-related breach is only the latest bad news for the security of American intelligence secrets. It does not appear to be related to a devastating leak of N.S.A. hacking tools last year to a group, still unidentified, calling itself the Shadow Brokers, which has placed many of them online. Nor is it evidently connected to a parallel leak of hacking data from the C.I.A. to WikiLeaks, which has posted classified C.I.A. documents regularly under the name Vault7.

For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. . .

Continue reading.

Written by LeisureGuy

10 October 2017 at 7:31 pm

%d bloggers like this: