Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘NSA’ Category

Holy moly! UAE hacked Qatari government sites, sparking regional upheaval, according to U.S. intelligence officials

leave a comment »

Karen DeYoung and Ellen Nakashima report in the Washington Post:

The United Arab Emirates orchestrated the hacking of Qatari government news and social media sites in order to post incendiary false quotes attributed to Qatar’s emir, Sheikh Tamim Bin Hamad al-Thani, in late May that sparked the ongoing upheaval between Qatar and its neighbors, according to U.S. intelligence officials.

Officials became aware last week that newly analyzed information gathered by U.S. intelligence agencies confirmed that on May 23, senior members of the UAE government discussed the plan and its implementation. The officials said it remains unclear whether the UAE carried out the hacks itself or contracted to have them done. The false reports said that the emir, among other things, had called Iran an “Islamic power” and praised Hamas.

The hacks and posting took place on May 24, shortly after President Trump completed a lengthy counterterrorism meeting with Persian Gulf leaders in neighboring Saudi Arabia and declared them unified.

Citing the emir’s reported comments, the Saudis, the UAE, Bahrain and Egypt immediately banned all Qatari media. They then broke relations with Qatar and declared a trade and diplomatic boycott, sending the region into a political and diplomatic tailspin that Secretary of State Rex Tillerson has warned could undermine U.S. counterterrorism efforts against the Islamic State. . .

Continue reading.

Tump took it all, hook, line, and sinker. Boy, is he easy to play! Mainly because he lacks most of a State Department and pays no attention to the one he has, plus being totally ignorant of history and foreign policy, and a moron to boot.

Written by LeisureGuy

16 July 2017 at 4:01 pm

It’s worse than we thought: A Cyberattack ‘the World Isn’t Ready For’

leave a comment »

Nicole Perlroth has a frightening report in the NY Times:

There have been times over the last two months when Golan Ben-Oni has felt like a voice in the wilderness.

On April 29, someone hit his employer, IDT Corporation, with two cyberweapons that had been stolen from the National Security Agency. Mr. Ben-Oni, the global chief information officer at IDT, was able to fend them off, but the attack left him distraught.

In 22 years of dealing with hackers of every sort, he had never seen anything like it. Who was behind it? How did they evade all of his defenses? How many others had been attacked but did not know it?

Since then, Mr. Ben-Oni has been sounding alarm bells, calling anyone who will listen at the White House, the Federal Bureau of Investigation, the New Jersey attorney general’s office and the top cybersecurity companies in the country to warn them about an attack that may still be invisibly striking victims undetected around the world.

(p>And he is determined to track down whoever did it.

“I don’t pursue every attacker, just the ones that piss me off,” Mr. Ben-Oni told me recently over lentils in his office, which was strewn with empty Red Bull cans. “This pissed me off and, more importantly, it pissed my wife off, which is the real litmus test.”

Two weeks after IDT was hit, the cyberattack known as WannaCry ravaged computers at hospitals in England, universities in China, rail systems in Germany, even auto plants in Japan. No doubt it was destructive. But what Mr. Ben-Oni had witnessed was much worse, and with all eyes on the WannaCry destruction, few seemed to be paying attention to the attack on IDT’s systems — and most likely others around the world.

The strike on IDT, a conglomerate with headquarters in a nondescript gray building here with views of the Manhattan skyline 15 miles away, was similar to WannaCry in one way: Hackers locked up IDT data and demanded a ransom to unlock it.

But the ransom demand was just a smoke screen for a far more invasive attack that stole employee credentials. With those credentials in hand, hackers could have run free through the company’s computer network, taking confidential information or destroying machines.

Worse, the assault, which has never been reported before, was not spotted by some of the nation’s leading cybersecurity products, the top security engineers at its biggest tech companies, government intelligence analysts or the F.B.I., which remains consumed with the WannaCry attack.

Were it not for a digital black box that recorded everything on IDT’s network, along with Mr. Ben-Oni’s tenacity, the attack might have gone unnoticed.

Scans for the two hacking tools used against IDT indicate that the company is not alone. In fact, tens of thousands of computer systems all over the world have been “backdoored” by the same N.S.A. weapons. Mr. Ben-Oni and other security researchers worry that many of those other infected computers are connected to transportation networks, hospitals, water treatment plants and other utilities.

An attack on those systems, they warn, could put lives at risk. And Mr. Ben-Oni, fortified with adrenaline, Red Bull and the house beats of Deadmau5, the Canadian record producer, said he would not stop until the attacks had been shut down and those responsible were behind bars.

“The world is burning about WannaCry, but this is a nuclear bomb compared to WannaCry,” Mr. Ben-Oni said. “This is different. It’s a lot worse. It steals credentials. You can’t catch it, and it’s happening right under our noses.”

And, he added, “The world isn’t ready for this.”

Targeting the Nerve Center . . .

Continue reading.

It gets worse. Later:

. . , No one he has spoken to knows whether they have been hit, but just this month, restaurants across the United States reported being hit with similar attacks that were undetected by antivirus systems. There are now YouTube videos showing criminals how to attack systems using the very same N.S.A. tools used against IDT, and Metasploit, an automated hacking tool, now allows anyone to carry out these attacks with the click of a button.

Worse still, Mr. Ben-Oni said, “No one is running point on this.” . . .

Later:

. . . Last month, he personally briefed the F.B.I. analyst in charge of investigating the WannaCry attack. He was told that the agency had been specifically tasked with WannaCry, and that even though the attack on his company was more invasive and sophisticated, it was still technically something else, and therefore the F.B.I. could not take on his case.

The F.B.I. did not respond to requests for comment. . .

The US will be destroyed because of bureaucratic turf issues.

Written by LeisureGuy

22 June 2017 at 8:37 pm

Why are millennials more apt to leak government secrets?

leave a comment »

A very interesting column in the Washington Post by Malcolm Harris:

When the news broke of the latest national security leaker, it was obvious she was a millennial. Reality Winner is a 25-year-old veteran, a (now former) analyst for the defense contractor Pluribus International and a part-time yoga instructor. She is currently in federal custody, accused of sending a classified document about Russian hacks against a voting-software company to the Intercept, an online magazine. Three of the highest-profile leakers in recent years — Chelsea Manning, Edward Snowden and now Winner — were born between 1983 and 1993. Given that access to classified material is thought to belong to those who have proved their trustworthiness through their service, why do these leakers skew so young?

Without intending to, employers and policymakers have engineered a cohort of workers that is bound to yield leakers. An important part of our training for the 21st-century labor market has been an emphasis on taking initiative, hustling, finding ways to be useful, not waiting around for someone in charge to tell us what to do. In a Pew survey of young workers, a majority said they wanted to be the boss someday or already were. And if we can’t boss anyone else, we can at least boss ourselves. The gig-economy service Fiverr, for instance, recruits “doers” who “eat a coffee for lunch.” We are each of us a start-up of one, encouraged to develop and chase our values even if we don’t make much money. That’s usually a good situation for companies, which get ambitious employees (if we’re privileged enough to have that title) at basement rates as long as they’re able to make a thin claim or two about charity or sustainability. However, depending on an army of righteous, initiative-taking mercenaries does have its downsides when it comes to national security.

Niccolo Machiavelli’s counsel in “The Prince” that leaders would do well to avoid mercenaries is among the most respected nuggets of military wisdom, but for a crucial part of the millennial life cycle, the government actually sold us on the individualistic slogan “An Army of One .” Although the Army ditched the phrase in 2006, the military’s pitch to young people has continued to be that they can build job skills first and serve their country second. Winner seems to have listened well; according to her mother, she joined the Air Force after high school and trained as a linguist. When she was discharged last year, she left with an uncommon set of languages for a Texan: Pashto, Farsi and Dari. With a security clearance from her military job as a cryptologic language analyst, Winner was able to get a position at Pluribus International, where analysts make about $70,000 a year — about twice the U.S. average for workers without college degrees. Winner is a millennial success story, and she’d be a hell of a poster woman for national service if she weren’t in a cement cage somewhere.

One of the reasons Machiavelli advised against using mercenaries is that it’s a no-win situation: Either they’re not competent, or if they are, they’ll substitute their own judgment and goals for their leader’s. Snowden was so efficient at his cybersecurity job that his bosses at Booz Allen Hamilton’s Hawaii office were content to give him the run of the place, and since the government trusted his bosses, the National Security Agency was, in a very real way, relying on him. It’s the kind of mistake that will keep happening because it’s unavoidable. What kind of boss can resist a brilliant young worker who doesn’t need instruction? At a cybersecurity conference, Snowden’s former supervisor Steven Bay explained that the recruit blew away his interview, and with the paucity of technical talent in Hawaii, Booz Allen felt lucky to have him.

Employee loyalty is a two-way street, and for millennials, traffic has slowed to a crawl. Companies are investing less in workers. “Among the reasons cited for this,” according to the Wharton business school: “the recession, during which companies laid off huge swaths of their employees with little regard for loyalty or length of service; a whittling away of benefits, training and promotions for those who remain; and a generation of young millennials (ages 15 to 30) who have a different set of expectations about their careers, including the need to ‘be their own brand.’ ” In a nomadic world, one of the casualties is a decreasing sense of commitment to the organization.

Wharton management professor Adam Cobb says that over the past 30 years, the trend in business has been to have more risks shouldered by workers instead of companies. That means firms would rather hire an applicant like Snowden or Winner who already has high-value skills that someone else paid to develop. For employers, it’s a bargain, but it comes at a price: “If I’m an employee,” Cobb says, “that’s a signal to me that I’m not going to let firms control my career.” It would be uncharacteristic of millennials to sit loyally until our bosses don’t need us anymore; we’re proactive.

Since we can’t get too attached to particular employers, millennials are encouraged by baby-boomer-run institutions to find internal motivation, to live out our values through our frequent employment choices, and we’ve heard them loud and clear. A study of college-educated millennials from Bentley University’s Center for Women and Business found that they were unwilling to “tolerate unpleasant workplaces that do not allow them to be their authentic selves in expressing their personal and family values” and that “they will seek other options, such as starting their own companies, if they cannot find workplaces that accommodate their personal values.”

Lots of firms try to look like they’re doing good in the world, in line with millennial values. Facebook isn’t an ad company; it connects the world! Uber isn’t a cab company; it liberates moms to make money in their off hours! But when firms act contrary to their rosy recruiting copy, workers who weren’t disposed to be loyal in the first place might find another way to live out their values. In February 2016, Yelp employee Talia Jane wrote a long Medium post about how the company was paying insufficient wages to its customer service representatives. She was fired — and pilloried in the media as just another entitled millennial who wanted things handed to her. But a couple of months later, Yelp raised wages by $1.75 an hour and gave Jane’s former co-workers an annual 26 paid days off. Many large labor actions have achieved less.

Leaks have higher stakes, but when it comes to influencing American politics, what are defense contractors supposed to do — wait a couple of years to vote again? A 2016 poll by the Economic Innovation Group found that 72 percent of millennials had low confidence in the federal government. . . .

Continue reading.

Companies are finding that abandoning loyalty to their employees is a two-edged sword.

Written by LeisureGuy

11 June 2017 at 7:24 am

In Secret Court Hearing, Lawyer Objected to FBI Sifting Through NSA Data Like It Was Google

leave a comment »

Secret courts making secret decisions regarding secret laws is in my mind strongly associated with totalitarian regimes, which do not want the public to know what the government is up to. But that’s what we have in the FISA court. Alex Emmons reports in The Intercept:

In her first appearance representing the American public before the top-secret Foreign Intelligence Surveillance Court in 2015, Amy Jeffress argued that the FBI is violating the Fourth Amendment by giving agents “virtually unrestricted” access to data from one of the NSA’s largest surveillance programs, which includes an untold amount of communications involving innocent Americans.

The NSA harvests data from major Internet companies like Facebook, Google and Apple without a warrant, because it is ostensibly “targeting” only foreigners. But the surveillance program sweeps up a large number of Americans’ communications as well. Then vast amounts of data from the program, including the Americans’ communications, are entered into a master database that a Justice Department lawyer at the 2015 hearing described as the “FBI’s ‘Google’ of its lawfully acquired information.”

The FBI routinely searches this database during ordinary criminal investigations — which gives them access to Americans’ communications without a warrant.

Jeffress, a former federal prosecutor now serving as an independent “friend of the court,” expressed frustration over the casualness with which the FBI is allowed to look through the data. “There need be no connection to foreign intelligence or national security, and that is the purpose of the collection,” she told Thomas Hogan, then the chief judge of the court. “So they’re overstepping, really, the purpose for which the information is collected.”

The ACLU obtained the hearing transcript and other legal documents related to the secret court proceedings under the Freedom of Information Act, and released them to the public on Friday.

The FISA Court has been widely criticized for its secrecy, its extreme tendency to defer to the government, and the fact that until recently it only heard the government’s side of the case. In 2015, Congress passed a law establishing the position of “amicus curiae” to represent the interests of the public and civil liberties, and Jeffress is one of five amici now serving.

Jeffress, who is now a partner at the law firm Arnold and Porter, declined an interview request, citing the sensitivity of the FISA Court’s proceedings.

The NSA program in question, called PRISM, operates under Section 702 of the Foreign Intelligence Surveillance Act, which is scheduled to sunset in December unless it is reauthorized by Congress. What critics call the FBI’s “backdoor search loophole” is likely to be a major topic of debate in the coming months. Section 702 also authorizes a program called “Upstream,” which grabs massive amounts of data off major Internet backbones inside the U.S. without a warrant — again, because it is ostensibly “targeting” foreign communications.

The FBI’s backdoor searches are so controversial that the Republican-controlled House of Representatives passed measures in 2014 and 2015 requiring agents to get a warrant before conducting them, although the Senate refused to take up either proposal.

“Section 702 backdoor searches of Americans’ private communications are plainly unconstitutional, and the FBI’s warrantless searches are especially troubling,” said Ashley Gorski, a staff attorney with the ACLU.

The CIA and even the NSA itself have imposed a requirement that each query they run on 702 data involving a U.S. person be supported by a statement of facts that explains why the information being sought is relevant to foreign intelligence – as the independent Privacy and Civil Liberties Oversight Board recommended in 2014.

But when Hogan asked if the FBI were willing to do the same thing, the lawyer representing the Department of Justice at the hearing – whose name the government redacted in the transcript – brushed him off.

The lawyer said that searches of the FBI’s “lawfully acquired data” are so common that requiring agents to document them would be impractical, and even dangerous.

“If we require our agents to write a full justification every time — think about if you wrote a full justification every time you used Google. Among other things, you would use Google a lot less,” the Justice Department attorney said. “We want the FBI to look and connect the dots in its lawfully acquired information.” . . .

Continue reading.

Written by LeisureGuy

22 April 2017 at 10:25 am

The “Grand Bargain” at Risk: What’s at Stake When the President Alleges Politics in Intelligence

leave a comment »

Jack Goldsmith and Benjamin Wittes write in Lawfare:

The U.S. intelligence community is on the verge of a crisis of confidence and legitimacy it has not experienced since the 1970s. Back then, the crisis was one of the community’s own behavior. In the 1950s, 1960s, and 1970s the intelligence community used its secret powers of surveillance and other forms of government coercion—often but not always at the behest of its political superiors—to spy on and engage in operations against Americans for political ends. At that time, politicians really did use executive branch intelligence tools to seek to monitor and harm political enemies, and exposure of that reality nearly destroyed the intelligence community. The problem was Hoover’s illegal wiretaps, bugs, and break-ins, and his attempts to annihilate Martin Luther King and others; it was NSA’s and CIA’s domestic espionage and propaganda operations; it was Richard Nixon’s many dirty tricks.

The community survived because it entered a “grand bargain” with Congress and the American people in the 1970s. And it is that very grand bargain that today’s crisis now threatens.

Today’s crisis is sparked by allegations, both by President Trump and by some House Republicans, of political misuse of the intelligence community by the Obama administration. Whether the allegations are entirely false or turn out to have elements of truth, they put the intelligence community in the cross-hairs, since some of the institutions that are supposed to be key legitimators are now functioning as delegitimators. After all, entirely appropriate investigations of counterintelligence can easily look like inappropriate political meddling, and if the President the House Intelligence Committee chairman are not merely not defending the intelligence community but are actively raising questions about its integrity, the bargain itself risks unraveling.

The central elements of the grand bargain were these: the president and his intelligence bureaucracy were allowed to maintain robust surveillance and espionage capacities, including domestically. But in exchange, Congress subjected them significant legal restrictions on how they collected, analyzed, and disseminated intelligence information; a bevy of lawyers throughout the intelligence community and, over time, in the Justice Department monitored and enforced those restrictions; domestic surveillance required a court order, including a court order from a new court, the Foreign Intelligence Surveillance Court, for foreign intelligence investigations; and two new committees, the Senate and House Intelligence committees, were to be kept “fully and currently informed” of all significant intelligence activities, and would have robust oversight authorities. The idea was that the use of these powers would be documented and watched by institutions that could be trusted to keep secrets but would act as credible surrogates for public oversight mechanisms.

These reforms proved vital. Intelligence collection, including in the homeland, is essential to our security. But it is also among the most dangerous of government powers because it is so consequential, so secret, and so easy and tempting to abuse. Its legitimacy is inherently fraught. So it is crucial not merely that the entire process be above board politically but that it be seen to be above board. If enough people believe that the intelligence community is a political instrument of those in power to be used against opponents, it actually doesn’t matter if it’s untrue. So the key function of the grand bargain was not merely keeping the intelligence community actually within the law but also validating it to a public conditioned by Watergate and COINTELPRO to believe the worst that the intelligence community was functioning within the law.

This system did not always work perfectly, and it has every so often required strengthening. Sometimes, as in Iran-Contra, it was because of real abuse. Sometimes, it was because of perceived abuses. Sometimes, it was the result of changed technology. Sometimes, it was the result of changed threat perception.

But on the whole, the system of overlapping internal and external checks, combined with massive changes in intelligence community culture, worked well. It gave the intelligence community legitimate operating space in the midst of a political culture obsessed with movies about intelligence community plots and rogue operations. Even as Hollywood made Minority Report and Enemy of the State, the intelligence community could carry on its business. That was a huge accomplishment.

Another achievement of the grand bargain was the actual elimination of the great evil of governmental use of its vast intelligence apparatus for politically-motivated surveillance. And while it did not eliminate the perception in the mass culture that this was going on, it did give the community a powerful response to suggestions of politically motivated misconduct. The response went like this: here are the rules; here are the bodies we report to on our operations; we did not violate the rules; and our many oversight bodies, who in the round are credible actors, were kept fully informed.

This basic system survived even the Snowden revelations. Many people found Snowden’s disclosures of vast intelligence collection shocking. But though Snowden disclosed many technical legal problems with this surveillance, as well as some controversial legal judgments signed off on by the executive oversight apparatus, it also showed that the the problem of politically motivated surveillance simply didn’t exist. None of the thousands of pages of NSA revelations pointed to anything like the venal activities of the 1970s and before.

Yet events of the last year have put the domestic political use of surveillance tools front and center once again. And ironically, today it’s the President of the United States and the Chairman of the House Intelligence Committee who are alleging precisely that which the Snowden revelations did not show. . .

Continue reading. And do read the whole thing. Trump is really doing serious damage to our government, and seriously weakening it. And the whole world sees it, including those who are hostile to our country.

Written by LeisureGuy

4 April 2017 at 6:39 pm

Lawfare note on investigating the alleged Obama wiretapping order

leave a comment »

Paul Rosenzweig has an interesting note in Lawfare:

esterday, I wrote about the strategy and tactics for investigating the Trump/Russia connection.  As you may imagine, I got a number of responses which are unpublishable in these pages.  To my surprise, however, at least two lawyers whom I respect asked a question of the form “what about investigating the Obama wiretap order” and suggesting, implicitly, that my failure to include an investigative plan for that allegation was evidence of incompleteness, if not bias.  Because they were serious questions (unlike some of the other inquiries I got!) I thought I would treat the suggestion with respect and answer more fully.  I would not include the Obama/Wiretap allegation in a Russia/Trump investigative plan for at least three independent reasons:

1) The investigations are not really connected.  As discussed yesterday, there is a plausible (albeit unproven and perhaps unprovable) overarching thesis of investigation to the Russia/Trump allegations—namely that the allegations of influence, contacts, and cover-up are directly derived from allegations of counter-intelligence influence.  This may or may not be true—but as a thesis for investigation it has coherence.  The Obama/Wiretap allegations don’t fit into the thesis—rather they are completely disconnected from it and therefore not well-suited to inclusion in the investigative plan.  NOTE:  This is not to say that the two are factually completely disconnected—indeed the alleged wiretap was (if it happened) probably in service of one of the Russia/Trump investigations identified and likely was targeted at the Russian end of the conversation (as seems to be the case with General Flynn’s ill-fated calls to the Ambassador).  Rather, this is to say that the motivations are unrelated, if not completely opposed to one another and thus don’t fit into the same strategic investigation, even if we credit the allegations.

2) Unlike the Russia/Trump allegations, the Obama/Wiretap allegation is simply not credible.  As noted, there is significant doubt that such a wiretap order was even entered.  Its origins appear to lie in a conspiracy theory without any factual basis.  For me (and here I speak personally) the allegation is of a piece with the suggestion that there were 3-5 million illegal votes; that Ted Cruz’s family was involved in the JFK murder; and that President Obama was not born in Hawaii.

Still, to honor the request, if this were, in fact, my investigation, the thesis for this investigation would NOT be “the government got a wiretap order, that authorized an interception which may have involved someone at Trump Tower.”  For if that were the allegation it would have no legs—after all the lawful issuance of a warrant authorizing interception is … well … legal authorization.  The thesis would, instead, have to be either: a) that in securing the warrant the warrant applicant knowingly lied to the court; or b) that no warrant was applied for or received but interception nonetheless occurred.  And to give credence to President Trump’s suggestion there would have to be a subsidiary thesis that these occurred because President Obama directly or indirectly ordered them to happen.  Had any of this actually happened it would be a plausible criminal case.

The investigative plan would be simple — get copies of any and all FISA and Title III applications and orders relating to Russia and or President Trump issued in the last 2 years.  Review same.  Interview FBI agents assigned to any cases relating to such orders.  Interview IT service providers for Trump Tower.  All of the evidence that relates to these allegations is presumably within the United States and readily available.  All of which brings me to the third factor:

3) Since the allegation is of misconduct by the former President, the current President and/or the Congress are well-situated to investigate.  There is no formal conflict of interest and thus no need for an independent investigation.  . .

Continue reading.

Written by LeisureGuy

6 March 2017 at 1:32 pm

Benjamin Wittes has 10 questions for President Trump re: the “wiretapping”

leave a comment »

Bejamin Wittes writes at Lawfare:

This morning, the country awoke to a bizarre tweetstorm from the President of the United States, about which I have ten questions.

First off, here’s what Trump tweeted.

Here are my questions, about all of which I am, I want to stress, entirely serious:

  1. Are you making the allegation that President Obama conducted electronic surveillance of Trump Tower in your capacity as President of the United States based on intelligence or law enforcement information available to you in that capacity?
  2. If so—that is, if you have executive branch information validating that either a FISA wiretap or a Title III wiretap took place—have you reviewed the applications for the surveillance and have you or your lawyers concluded that they lack merit?
  3. If you know that a FISA wiretap took place, are you or were you at the time of the application, an agent of a foreign power within the meaning of FISA?
  4. Was anyone else working in Trump Tower an agent of a foreign power within the meaning of FISA?
  5. If you know that a Title III wiretap took place, are you or were you at the time of the application engaged in criminal activity that would support a Title III wiretap or might you have previously engaged in criminal activity that might legitimately be the subject of a Title III wiretap?
  6. Was anyone else working in Trump Tower engaged in criminal activity that would support a Title III wiretap or might another person have previously engaged in criminal activity that might legitimately be the subject of a Title III wiretap?
  7. If you were tweeting not based on knowledge received as chief executive of the United States, were you tweeting in your capacity as a reader of Breitbart or a listener of Mark Levin’s radio show?
  8. If so, on what basis are you confident the stories and allegations in these august outlets are true and accurate vis a vis the activity of the government you, in fact, now head?
  9. If you l

Continue reading.

Written by LeisureGuy

4 March 2017 at 1:42 pm

%d bloggers like this: