‘Dear God, keep him away from Twitter,’ says senior official shortly before Trump’s latest tweet

The Daily Beast reports: It’s exactly the circumstance Donald Trump tried to avoid. But Trump’s own actions have made an FBI investigation into the president himself a reality.

Firing James Comey, the FBI director, was, by Trump’s explanation, a way to stop a “witch hunt” against his team’s alleged ties to Russia. It led, within weeks, to the appointment of a special prosecutor, Comey’s FBI predecessor, Robert Mueller. And now Mueller is investigating Trump himself for possible obstruction of justice—by firing Comey, who had led the FBI inquiry.

With the crisis engulfing Trump’s young presidency intensifying, senators, Trump aides, former prosecutors, and FBI veterans are sending the White House an urgent warning: Whatever you do, don’t. Fire. Mueller.

News of the obstruction investigation, which was first reported by The Washington Post on Wednesday, comes just days after Trump himself began floating the possibility of firing the new head of the investigation: Robert Mueller, the Justice Department special counsel appointed in the wake of Comey’s firing.

The obstruction investigation has raised the stakes for Mueller’s potential ouster. Firing him now, which would require that Trump personally direct DOJ leadership to do so, would create a political firestorm.

“Firing Robert Mueller right now would be a direct attack on the rule of law by Donald Trump,” Ron Wyden, an Oregon Democrat on the Senate Intelligence Committee, told The Daily Beast. Wyden declined to directly address the Post report.

Trump reportedly floated the possibility of firing Mueller as a way to prod him toward exonerating the president and other Trump associates party to the investigation. The New York Times reported on Tuesday that aides dissuaded him from doing so.

For Ali Soufan, a retired FBI counterterrorism agent, word that Trump is now a target of Mueller’s inquiry explains the trial balloon.

“No wonder President Trump and his surrogates are getting nervous. This explains their sudden attacks on Mueller and the threats to fire him,” Soufan told The Daily Beast.

White House officials are still insisting to the president that he should leave Mueller in his post. “We are all advising him not to [get rid of] Mueller. That has not changed,” one Trump aide told The Daily Beast. “It would be an absolute nuclear explosion if he did.”

Firing Mueller would also put the president in greater legal jeopardy than he already may be in, said former United States attorney Barbara McQuade.

“If Trump were to fire Mueller and it could be shown that his purpose was to impede the investigation, it could be additional evidence of obstruction of justice,” McQuade, who was appointed by President Obama, told The Daily Beast.

But some privately concede that Trump is so unpredictable—and so frustrated with the persistence of the investigation and its cost in political capital—that they’re not ruling it out. Another White House official conceded that it would be “suicide” if Trump sacked Mueller at this point, but “I’d be insincere if I said it wasn’t a concern that the president would try to do it anyway.”

For now, officials are simply concerned with limiting fallout from what is sure to be a thunderous reaction from the president to news that he is personally the target of the FBI’s probe.

Asked what the internal game plan should be, one senior Trump administration official replied, “Keep him away from Twitter, dear God, keep him away from Twitter.”

“The president did this to himself,” the official added. [Continue reading…]

Facebooktwittermail

Special counsel is investigating Trump for possible obstruction of justice, officials say

The Washington Post reports: The special counsel overseeing the investigation into Russia’s role in the 2016 election is interviewing senior intelligence officials as part of a widening probe that now includes an examination of whether President Trump attempted to obstruct justice, officials said.

The move by special counsel Robert S. Mueller III to investigate Trump’s conduct marks a major turning point in the nearly year-old FBI investigation, which until recently focused on Russian meddling during the presidential campaign and on whether there was any coordination between the Trump campaign and the Kremlin. Investigators have also been looking for any evidence of possible financial crimes among Trump associates, officials said.

Trump had received private assurances from then-FBI Director James B. Comey starting in January that he was not personally under investigation. Officials say that changed shortly after Comey’s firing.

Five people briefed on the requests, speaking on the condition of anonymity because they were not authorized to discuss the matter publicly, said Daniel Coats, the current director of national intelligence, Mike Rogers, head of the National Security Agency, and Rogers’s recently departed deputy, Richard Ledgett, agreed to be interviewed by Mueller’s investigators as early as this week. The investigation has been cloaked in secrecy, and it is unclear how many others have been questioned by the FBI. [Continue reading…]

Facebooktwittermail

Russian breach of 39 states threatens future U.S. elections

Bloomberg reports: Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.

In Illinois, investigators found evidence that cyber intruders tried to delete or alter voter data. The hackers accessed software designed to be used by poll workers on Election Day, and in at least one state accessed a campaign finance database. Details of the wave of attacks, in the summer and fall of 2016, were provided by three people with direct knowledge of the U.S. investigation into the matter. In all, the Russian hackers hit systems in a total of 39 states, one of them said.

The scope and sophistication so concerned Obama administration officials that they took an unprecedented step — complaining directly to Moscow over a modern-day “red phone.” In October, two of the people said, the White House contacted the Kremlin on the back channel to offer detailed documents of what it said was Russia’s role in election meddling and to warn that the attacks risked setting off a broader conflict.

The new details, buttressed by a classified National Security Agency document recently disclosed by the Intercept, show the scope of alleged hacking that federal investigators are scrutinizing as they look into whether Trump campaign officials may have colluded in the efforts. But they also paint a worrisome picture for future elections: The newest portrayal of potentially deep vulnerabilities in the U.S.’s patchwork of voting technologies comes less than a week after former FBI Director James Comey warned Congress that Moscow isn’t done meddling.

“They’re coming after America,” Comey told the Senate Intelligence Committee investigating Russian interference in the election. “They will be back.” [Continue reading…]

Facebooktwittermail

Reality Winner, accused NSA leaker, to enter not guilty plea

NPR reports: Reality Winner, the government contractor accused of leaking a secret NSA report to the media, plans to enter a plea of not guilty, her lawyer Titus Nichols tells NPR.

She hopes to be released on bond Thursday.

Winner, 25, works for a private contractor, Pluribus International Corp., in Augusta, Ga., and is an Air Force veteran who speaks three languages. She was arrested Saturday.

The federal government has charged her with “removing classified material from a government facility and mailing it to a news outlet.” That material, presumably because of the timing of Winner’s arrest, is an NSA report about efforts by Russian military intelligence to execute a cyberattack on an American election software company, as well as sending “spear-phishing” emails to local election officials, just before the presidential election. That leaked report was the basis of an article published Monday by The Intercept. [Continue reading…]

Facebooktwittermail

The Intercept follows White House protocol — no further comment during an ongoing investigation

Following its publication of a top-secret document apparently sent by Reality Leigh Winner who was arrested on Saturday, The Intercept doesn’t want to respond to allegations that its handling of that document led to Winner’s arrest.

The Intercept issued a statement — though apparently doesn’t want to encourage readers of the original report to read that statement since there are no links connecting the two pages.

The Intercept warns that the FBI’s allegations against Winner “contain unproven assertions and speculation designed to serve the government’s agenda and as such warrant skepticism.” Which sounds like Glenn Greenwald whispering, “Deep State, Deep State….”

But the claims that The Intercept mishandled this document aren’t coming from the government — they’re coming from security analysts such as Rob Graham who explains exactly how the document could be traced back to Winner once The Intercept had provided authorities with a copy.

Maybe when The Intercept says, “because of the continued investigation, we will make no further comment on it at this time,” its promised silence will be in Winner’s best legal interests, but they are certainly creating the appearance that their primary interest at this juncture is in ducking for cover.

Facebooktwittermail

How The Intercept inadvertently gave the FBI evidence leading to an NSA-leaker’s swift arrest

A post shared by Reezle Winner (@reezlie) on


It’s unusual for a major intelligence leak to be reported at almost the same time as the leaker gets arrested — but that’s what happened to NSA contractor Reality Leigh Winner after she leaked a top-secret document to The Intercept.

Whenever a whistleblower gets arrested, this is bound to have a chilling effect on the prospects for future leaks.

In its handling of this NSA document, reporters for The Intercept might have naively thought they were not putting their source in jeopardy because they didn’t know their source’s identity. What they apparently didn’t realize was that by sharing the document in the form in which they had received it, they were revealing information that helped investigators quickly identify and arrest Winner.

Anyone who decides to leak classified information needs to fully understand the risks they are taking and it is the individual who is ultimately responsible for protecting their own security.

At the same time, journalists who handle leaked information need to have adequate knowledge about data security — knowledge that the staff at The Intercept appear to be lacking.

The Washington Post reports: Winner was arrested Saturday. When FBI agents questioned her at her home, she admitted “removing the classified intelligence reporting from her office space, retaining it, and mailing it from Augusta, Georgia, to the news outlet,” court documents read. She remains in jail pending a detention hearing. Her lawyer declined to comment on the charges.

After the charges were announced Monday, some cybersecurity experts remarked on the apparent ease with which investigators were able to trace the leak back to Winner. Some went so far as to say the Intercept had “outed” her by posting copies of the document online. The Intercept said the materials were submitted anonymously.

According to Rob Graham, who writes for the blog Errata Security, the Intercept’s scanned images of the intelligence report contained tracking dots — small, barely visible yellow dots that show “exactly when and where documents, any document, is printed.” Nearly all modern color printers feature such tracking markers, which are used to identify a printer’s serial number and the date and time a page was printed. [Continue reading…]

So far, The Intercept has not acknowledged its role in Winner’s arrest.

Just to be clear, since Winner was arrested before The Intercept published the document, the lead the FBI used came as a result of the document being shared beforehand. “It started on May 30, when the news outlet showed authorities the printed materials and asked them to comment, according to the affidavit,” the Washington Post reported.

Given Winner’s field of expertise, it’s not surprising she didn’t understand well enough how to cover her tracks.

CNN reports: — Winner was a linguist in the US Air Force in Maryland who speaks Pashto, Farsi and Dari, her mother, Billie Winner said.

— She was raised in Kingsville, Texas, and served in the Air Force in Columbia, Maryland. Her mother confirmed she was a federal contractor in Augusta but did not know the nature of her work, or if she had contracted for the NSA.

— Winner is an athlete who loves animals, her mother said, through tears.

— She also said her daughter wasn’t especially political and hadn’t ever praised past leakers like Edward Snowden to her.

— “She’s never ever given me any kind of indication that she was in favor of that at all,” her mother said. “I don’t know how to explain it.”

— Winner spent six years in the military, said Titus Nichols, her court-appointed attorney. [Continue reading…]

Hopefully a jury will recognize that at this time there are many ways in which Americans believe they are called to serve their country — there seems little doubt that this is exactly what Winner felt she was doing.

The Intercept can’t correct the mistakes they already made, but at the very least I think Pierre Omidyar should establish and generously contribute towards a legal defense fund for Winner.

Facebooktwittermail

Top secret NSA report details Russian hacking effort days before 2016 election

The Intercept reports: Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.

The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The report indicates that Russian hacking may have penetrated further into U.S. voting systems than was previously understood. It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document:

Russian General Staff Main Intelligence Directorate actors … executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. … The actors likely used data obtained from that operation to … launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations.

This NSA summary judgment is sharply at odds with Russian President Vladimir Putin’s denial last week that Russia had interfered in foreign elections: “We never engaged in that on a state level, and have no intention of doing so.” Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with “patriotic leanings” may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU. [Continue reading…]

Facebooktwittermail

Russians discussed potentially ‘derogatory’ information about Trump and associates during campaign

CNN reports: Russian government officials discussed having potentially “derogatory” information about then-presidential candidate Donald Trump and some of his top aides in conversations intercepted by US intelligence during the 2016 election, according to two former intelligence officials and a congressional source.

One source described the information as financial in nature and said the discussion centered on whether the Russians had leverage over Trump’s inner circle. The source said the intercepted communications suggested to US intelligence that Russians believed “they had the ability to influence the administration through the derogatory information.”

But the sources, privy to the descriptions of the communications written by US intelligence, cautioned the Russian claims to one another “could have been exaggerated or even made up” as part of a disinformation campaign that the Russians did during the election.

The details of the communication shed new light on information US intelligence received about Russian claims of influence. The contents of the conversations made clear to US officials that Russia was considering ways to influence the election — even if their claims turned out to be false. [Continue reading…]

Facebooktwittermail

Trump asked intelligence chiefs to push back against FBI collusion probe after Comey revealed its existence

The Washington Post reports: President Trump asked two of the nation’s top intelligence officials in March to help him push back against an FBI investigation into possible coordination between his campaign and the Russian government, according to current and former officials.

Trump made separate appeals to the director of national intelligence, Daniel Coats, and to Adm. Michael S. Rogers, the director of the National Security Agency, urging them to publicly deny the existence of any evidence of collusion during the 2016 election.

Coats and Rogers refused to comply with the requests, which they both deemed to be inappropriate, according to two current and two former officials, who spoke on the condition of anonymity to discuss private communications with the president. [Continue reading…]

Facebooktwittermail

NSA officials worried about the day its potent hacking tool would get loose. Then it did

The Washington Post reports: When the National Security Agency began using a new hacking tool called EternalBlue, those entrusted with deploying it marveled at both its uncommon power and the widespread havoc it could wreak if it ever got loose.

Some officials even discussed whether the flaw was so dangerous they should reveal it to Microsoft, the company whose software the government was exploiting, according to former NSA employees who spoke on the condition of anonymity given the sensitivity of the issue.

But for more than five years, the NSA kept using it — through a time period that has seen several serious security breaches — and now the officials’ worst fears have been realized. The malicious code at the heart of the WannaCry virus that hit computer systems globally late last week was apparently stolen from the NSA, repackaged by cybercriminals and unleashed on the world for a cyberattack that now ranks as among the most disruptive in history. [Continue reading…]

Facebooktwittermail

Trump violates intel partnership by revealing highly classified information to Russian foreign minister and ambassador

The Washington Post reports: President Trump revealed highly classified information to the Russian foreign minister and ambassador in a White House meeting last week, according to current and former U.S. officials, who said Trump’s disclosures jeopardized a critical source of intelligence on the Islamic State.

The information the president relayed had been provided by a U.S. partner through an intelligence-sharing arrangement considered so sensitive that details have been withheld from allies and tightly restricted even within the U.S. government, officials said.

The partner had not given the United States permission to share the material with Russia, and officials said Trump’s decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump’s meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency.

“This is code-word information,” said a U.S. official familiar with the matter, using terminology that refers to one of the highest classification levels used by American spy agencies. Trump “revealed more information to the Russian ambassador than we have shared with our own allies.” [Continue reading…]

Facebooktwittermail

How NSA secrets helped cybercriminals mount a worldwide attack

The Washington Post reports: Computers around the world are suffering an attack from malicious software. The compromised computers have been hit by “ransomware” — software that encrypts the computer’s hard drive so that all the information on it is unavailable, and refuses to release it until a ransom is paid in Bitcoin, an online currency that is difficult to trace. Among the victims are FedEx, Britain’s National Health Service and computers belonging to Russia’s Ministry for the Interior.

Ransomware attacks have happened before. What is unusual is how quickly this attack is compromising large numbers of critical computers. It has been so successful because it has made use of a so-called “zero-day exploit” — a previously unknown flaw in Windows software that makes it easy to take control of vulnerable systems. This zero day exploit became publicly known last month, when it was released as part of a treasure trove of NSA data by the “Shadow Brokers,” a shadowy group of hackers who many believe are associated with Russian intelligence. Criminal hackers appear to have combined this exploit with ransomware tools to mount a worldwide campaign. Here’s what you need to know to understand what happened. [Continue reading…]

The Guardian reports: An “accidental hero” has halted the global spread of the WannaCry ransomware, reportedly by spending a few dollars on registering a domain name hidden in the malware.

The ransomware has wreaked havoc on organizations including FedEx and Telefonica, as well as the UK’s National Health Service (NHS), where operations were cancelled, x-rays, test results and patient records became unavailable and phones did not work.

However, a UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and activated a “kill switch” in the malicious software.

The switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading.

“I saw it wasn’t registered and thought, ‘I think I’ll have that’,” he is reported as saying. The purchase cost him $10.69. Immediately, the domain name was registering thousands of connections every second.

“They get the accidental hero award of the day,” said Proofpoint’s Ryan Kalember. “They didn’t realize how much it probably slowed down the spread of this ransomware.”

The time that @malwaretechblog registered the domain was too late to help Europe and Asia, where many organizations were affected. But it gave people in the US more time to develop immunity to the attack by patching their systems before they were infected, said Kalember. [Continue reading…]

Facebooktwittermail

Fight brews over push to shield Americans in warrantless surveillance

The New York Times reports: Obscured by the furor over surveillance set off by the investigations into possible Trump campaign coordination with Russia during the election, a major debate over electronic spying that defies the usual partisan factions is quietly taking shape in Congress.

The debate centers on the National Security Agency’s incidental eavesdropping on Americans via its warrantless surveillance program, which spies on foreigners abroad whose communications pass through American phone and internet services. Its legal basis, the FISA Amendments Act, is set to expire at the end of 2017.

A bipartisan coalition of privacy-minded lawmakers has started to circulate draft legislation that would impose new limits on the government’s ability to use incidentally gathered information about Americans who are in contact with foreign targets.

Many of those lawmakers are veterans of a fight two years ago over the U.S.A. Freedom Act, a law that ended an N.S.A. program that gathered Americans’ calling logs in bulk. They won that fight against security hawks because the statute on which the program was based, part of the Patriot Act, was expiring and they were unwilling to extend it without ending the bulk collection.

The privacy advocates in Congress are using that same lesson this time around, hoping to leverage their colleagues’ concerns that the program will lapse if they fail to extend the law.

But the intelligence and law enforcement communities and their allies in Congress appear determined to extend the warrantless surveillance program law, Section 702 of the FISA Amendments Act, without changes. They are framing the debate as being about a program that is too important to be held hostage to any push for changes, lest gridlock kill it. [Continue reading…]

Facebooktwittermail

NSA halts collection of Americans’ emails about foreign targets

The New York Times reports: The National Security Agency said Friday that it had halted one of the most disputed practices of its warrantless surveillance program, ending a once-secret form of wiretapping that dates to the Bush administration’s post-Sept. 11 expansion of national security powers.

The agency is no longer collecting Americans’ emails and texts exchanged with people overseas that simply mention identifying terms — like email addresses — for foreigners whom the agency is spying on, but are neither to nor from those targets.

The decision is a major development in American surveillance policy. Privacy advocates have argued that the practice skirted or overstepped the Fourth Amendment.

The change is unrelated to the surveillance imbroglio over the investigations into Russia and the Trump campaign, according to officials familiar with the matter. Rather, it stemmed from a discovery that N.S.A. analysts had violated rules imposed by the Foreign Intelligence Surveillance Court barring any searching for Americans’ information in certain messages captured through such wiretapping. [Continue reading…]

Facebooktwittermail

Is there a Russian mole inside the NSA? The CIA? Both?

Kevin Poulsen writes: A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed an NSA operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during their election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.” [Continue reading…]

Facebooktwittermail

An operation to sabotage North Korea’s missile program

The New York Times reports: When a North Korean missile test went awry on Sunday, blowing up seconds after liftoff, there were immediate suspicions that a United States program to sabotage the test flights had struck again. The odds seem highly likely: Eighty-eight percent of the launches of the North’s most threatening missiles have self-destructed since the covert American program was accelerated three years ago.

But even inside the United States Cyber Command and the National Security Agency, where the operation is centered, it is nearly impossible to tell if any individual launch is the victim of a new, innovative approach to foil North Korean missiles with cyber and electronic strikes.

Bad welding, bad parts, bad engineering and bad luck can all play a role in such failures — as it did in the United States’ own missile program, particularly in its early days. And it would require a near impossible degree of forensic investigation to figure out an exact cause, given that the failed North Korean missiles tend to explode, disintegrate in midair and plunge in fragments into faraway seas.

But this much is clear, experts say: The existence of the American program, and whatever it has contributed to North Korea’s remarkable string of troubles, appears to have shaken Pyongyang and led to an internal spyhunt as well as innovative ways to defeat a wide array of enemy cyberstrikes. [Continue reading…]

The same New York Times reporters covered this program in a report published on March 4. Then and now, it’s hard to tell whether these are reports about the sabotage program or elements of the program itself.

Following the March report, Markus Schiller and Peter Hayes wrote:

The New York Times article hearkens back to the movie “Independence Day”, where the world is saved from the Alien invasion by simply planting a computer virus into the mothership’s main computer by somehow just sending it over with a standard laptop. This might work in movies, but not in reality.

Perhaps the more interesting story is who leaked to the New York Times the claims of the efficacy of cyber attacks on North Korea’s missiles and why now? We wonder if it is part of a policy battle in the course of the Trump Administration’s North Korea policy review, possibly designed to get President Trump’s attention. It might also be an intentional effort to conduct psychological warfare against the DPRK by creating paranoia and purges within the DPRK missile program. It might also be a way to impress allies and third parties that the United States has been doing more behind the scenes than patiently waiting for the DPRK threat to resolve itself and imposing ineffectual sanctions. We don’t know.

Facebooktwittermail