Is there a Russian mole inside the NSA? The CIA? Both?

Kevin Poulsen writes: A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed an NSA operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during their election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.” [Continue reading…]

Facebooktwittermail

An operation to sabotage North Korea’s missile program

The New York Times reports: When a North Korean missile test went awry on Sunday, blowing up seconds after liftoff, there were immediate suspicions that a United States program to sabotage the test flights had struck again. The odds seem highly likely: Eighty-eight percent of the launches of the North’s most threatening missiles have self-destructed since the covert American program was accelerated three years ago.

But even inside the United States Cyber Command and the National Security Agency, where the operation is centered, it is nearly impossible to tell if any individual launch is the victim of a new, innovative approach to foil North Korean missiles with cyber and electronic strikes.

Bad welding, bad parts, bad engineering and bad luck can all play a role in such failures — as it did in the United States’ own missile program, particularly in its early days. And it would require a near impossible degree of forensic investigation to figure out an exact cause, given that the failed North Korean missiles tend to explode, disintegrate in midair and plunge in fragments into faraway seas.

But this much is clear, experts say: The existence of the American program, and whatever it has contributed to North Korea’s remarkable string of troubles, appears to have shaken Pyongyang and led to an internal spyhunt as well as innovative ways to defeat a wide array of enemy cyberstrikes. [Continue reading…]

The same New York Times reporters covered this program in a report published on March 4. Then and now, it’s hard to tell whether these are reports about the sabotage program or elements of the program itself.

Following the March report, Markus Schiller and Peter Hayes wrote:

The New York Times article hearkens back to the movie “Independence Day”, where the world is saved from the Alien invasion by simply planting a computer virus into the mothership’s main computer by somehow just sending it over with a standard laptop. This might work in movies, but not in reality.

Perhaps the more interesting story is who leaked to the New York Times the claims of the efficacy of cyber attacks on North Korea’s missiles and why now? We wonder if it is part of a policy battle in the course of the Trump Administration’s North Korea policy review, possibly designed to get President Trump’s attention. It might also be an intentional effort to conduct psychological warfare against the DPRK by creating paranoia and purges within the DPRK missile program. It might also be a way to impress allies and third parties that the United States has been doing more behind the scenes than patiently waiting for the DPRK threat to resolve itself and imposing ineffectual sanctions. We don’t know.

Facebooktwittermail

Your government’s hacking tools are not safe

Motherboard reports: Recent data breaches have made it startlingly clear hacking tools used by governments really are at risk of being exposed. The actual value of the information included in each of these dumps varies, and some may not be all that helpful in and of themselves, but they still highlight a key point: hackers or other third parties can obtain powerful tools of cyber espionage that are supposedly secure. And in most cases, the government does not appear to clean up the fallout, leaving the exploits open to be re-used by scammers, criminals, or anyone else—for any purpose.

It’s as if someone posted a skeleton key online for breaking into an unimaginable number of locks.

“What we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they’ve been clearly lost, and that is plain irresponsible and unacceptable,” Claudio Guarnieri, a technologist from Amnesty International, told Motherboard in an online chat. [Continue reading…]

Facebooktwittermail

Hackers release files indicating NSA monitored global bank transfers

Reuters reports: Hackers released documents and files on Friday that cybersecurity experts said indicated the U.S. National Security Agency had accessed the SWIFT interbank messaging system, allowing it to monitor money flows among some Middle Eastern and Latin American banks.

The release included computer code that could be adapted by criminals to break into SWIFT servers and monitor messaging activity, said Shane Shook, a cyber security consultant who has helped banks investigate breaches of their SWIFT systems.

The documents and files were released by a group calling themselves The Shadow Brokers. Some of the records bear NSA seals, but Reuters could not confirm their authenticity.

The NSA could not immediately be reached for comment.

Also published were many programs for attacking various versions of the Windows operating system, at least some of which still work, researchers said.

In a statement to Reuters, Microsoft, maker of Windows, said it had not been warned by any part of the U.S. government that such files existed or had been stolen. [Continue reading…]

Facebooktwittermail

U.S. intelligence intercepted communications between Syrian military and chemical experts

CNN reports: The US military and intelligence community has intercepted communications featuring Syrian military and chemical experts talking about preparations for the sarin attack in Idlib last week, a senior US official tells CNN.

The intercepts were part of an immediate review of all intelligence in the hours after the attack to confirm responsibility for the use of chemical weapons in an attack in northwestern Syria, which killed at least 70 people. US officials have said that there is “no doubt” that Syrian President Bashar al-Assad is responsible for the attack.

The US did not know prior to the attack it was going to happen, the official emphasized. The US scoops up such a large volume of communications intercepts in areas like Syria and Iraq, the material often is not processed unless there is a particular event that requires analysts to go back and look for supporting intelligence material.

So far there are no intelligence intercepts that have been found directly confirming that Russian military or intelligence officials communicated about the attack. The official said the likelihood is the Russians are more careful in their communications to avoid being intercepted. [Continue reading…]

Facebooktwittermail

Classified docs contradict Nunes surveillance claims, GOP and Dem sources say

CNN reports: After a review of the same intelligence reports brought to light by House Intelligence Chairman Devin Nunes, both Republican and Democratic lawmakers and aides have so far found no evidence that Obama administration officials did anything unusual or illegal, multiple sources in both parties tell CNN.

Their private assessment contradicts President Donald Trump’s allegations that former Obama national security adviser Susan Rice broke the law by requesting the “unmasking” of US individuals’ identities. Trump had claimed the matter was a “massive story.”

However, over the last week, several members and staff of the House and Senate intelligence committees have reviewed intelligence reports related to those requests at NSA headquarters in Fort Meade, Maryland.

One congressional intelligence source described the requests made by Rice as “normal and appropriate” for officials who serve in that role to the president.

And another source said there’s “absolutely” no smoking gun in the reports, urging the White House to declassify them to make clear there was nothing alarming in the documents. [Continue reading…]

Facebooktwittermail

FBI and NSA grilling proves there is no ‘Deep State’

Michael Weiss writes: Not four months into 2017, and the director of America’s domestic intelligence agency let it be known that he is overseeing an investigation into whether the sitting U.S. president or his surrogates may have “coordinated” with the Russian government for the purpose of swaying an American election.

“As with any counterintelligence investigation, this will also include an assessment of whether any crimes were committed,” James Comey said, revealing that he is taking seriously the possibility that Donald Trump, his political advisers, or both have aided and abetted a hostile foreign power.

This doesn’t mean a brief encounter or 12 with Russian Ambassador Sergey Kislyak. It doesn’t mean a trip to Moscow to slam U.S. foreign policy and anti-Russia sanctions. And it doesn’t even mean working on behalf of pro-Putin political leaders in Europe. It means knowingly colluding with agents of the Russian government in order to spy on their behalf, to help them steal the correspondence of other Americans, or to feed them classified U.S. secrets. Former MI6 operative Christopher Steele suggested that all of the above were distinct possibilities in his dossier, which Comey believed was worth including in classified briefings of President Obama and then-President-elect Donald Trump.

We also learned that Comey began taking these allegations seriously in late July 2016. That was around the time WikiLeaks started publishing Democratic National Committee emails hacked by Russian cyberoperatives and Trump formally became the nominee of a Republican Party, which purposefully watered down its security commitments to Ukraine, almost certainly on orders from then-Trump campaign chairman Paul Manafort.

I’m old enough to remember when the GOP thought putting any faith in Vladimir Putin was the height of geopolitical naivete. Now the GOP seems to have decided to represent Putin pro bono, while expressing more frustration with The New York Times’ sourcing than with the single most successful Russian infiltration of the U.S. political system since before, during, or after the Cold War. [Continue reading…]

Facebooktwittermail

Intelligence chairman: Justice report shows no evidence for Trump’s claims of wiretapping during campaign

The Washington Post reports: The Republican chairman and ranking Democrat on the House Intelligence Committee said Sunday that new documents provided to Congress by the Justice Department provided no proof to support President Trump’s claim that his predecessor had ordered wiretaps of Trump Tower.

“Was there a physical wiretap of Trump Tower? No, but there never was, and the information we got on Friday continues to lead us in that direction,” Rep. Devin Nunes (R-Calif.), the chairman, said on “Fox News Sunday.”

He added, “There was no FISA warrant that I’m aware of to tap Trump Tower” — a reference to the Foreign Intelligence Surveillance Act, a federal law that governs the issuance of search warrants in U.S. intelligence gathering. [Continue reading…]

Reuters reports: Allegations from the United States that British spy agency GCHQ snooped on Donald Trump during his election campaign are “arrant nonsense”, the deputy head of the U.S. National Security Agency (NSA) said in an interview on Saturday.

President Trump has stood by unproven claims that the Obama administration tapped his phones during the 2016 White House race. On Thursday his spokesman cited a media report that Britain’s GCHQ was behind the surveillance.

Richard Ledgett, deputy director of the NSA, told BBC News the idea that Britain had a hand in spying on Trump was “just crazy”. [Continue reading…]

Facebooktwittermail

Trump’s foolish effort to blame GCHQ and Fox News for a diplomatic mess of his own making

Former NSA analyst and counterintelligence officer, John Schindler, writes: Napolitano has zero background in intelligence and has no idea what he’s talking about. His accusation against Britain’s Government Communications Headquarters, London’s NSA equivalent, was patently absurd, as well as malicious, demonstrating that neither Napolitano nor Fox News have the slightest notion how intelligence works in the real world.

Yet here the White House was publicly endorsing this crackpot theory—and blaming perhaps our closest ally for breaking American laws at the behest of Barack Obama. Our domestic crisis thereby became an international one, for no reason other than the administration has gone global in its efforts to deflect blame from its own stupidity and dishonesty.

This is no small matter. NSA and GCHQ enjoy the most special of special relationships, serving since the Second World War as the cornerstone of the Anglosphere Five Eyes signals intelligence alliance (the others are Canada, Australia, and New Zealand) which defeated Hitler and won the Cold War. This constitutes the most successful espionage alliance in history, and just how close NSA and GCHQ are would be difficult to overstate.

Affectionately calling each other “the cousins,” they interchange personnel and, in the event of disaster—for instance a crippling terrorist attack on agency headquarters—NSA would hand most of its functions over to GCHQ, so that Five Eyes would keep running. It’s long been a source of consternation at Langley that NSA appears to get along better with GCHQ than with CIA. I once witnessed this issue come up in a top-secret meeting with senior officials, in which a CIA boss took an NSA counterpart to task when it became apparent that a piece of highly sensitive intelligence had been shared with “the cousins” before Langley was informed. The NSA senior official’s terse reply silenced the room: “That’s because we trust them.”

Publicly attacking the NSA-GCHQ relationship was therefore a consummately bad idea, particularly by a White House that has already gone so far out of its way to anger and alienate our own spies, and the British reply was one for the record books. Late yesterday, GCHQ issued a remarkable statement:

Recent allegations made by media commentator judge Andrew Napolitano about GCHQ being asked to conduct ‘wiretapping’ against the then president-elect are nonsense. They are utterly ridiculous and should be ignored.

American spy services are famously tight-lipped in their public utterances, falling back on “we can neither confirm nor deny” with a regularity that frustrates journalists. And our spooks are positively loquacious compared to British partners, who seldom say anything on the record to the media. Calling out Fox News and the White House in this manner has no precedent, and indicates just how angry British officials are with the Trump administration. For Prime Minister Teresa May, whose efforts to build bridges with the new president have been deeply unpopular at home, this had to be galling. [Continue reading…]

Facebooktwittermail

House Intelligence panel does not reveal whether documents substantiate Trump’s wiretap claim

The Washington Post reports: The House Intelligence Committee did not reveal on Friday night the answer to the question of whether Justice Department documents substantiate President Trump’s claim that he was wiretapped by the Obama administration.

The committee had asked for copies of any warrants, applications or court orders relating to a wiretap of Trump or his surrogates and affiliates in advance of a Monday hearing at which the directors of the FBI and the National Security Agency are expected to testify about alleged connections between the Trump team and Russian authorities.

Chairman Devin Nunes (R-Calif.) avoided the big question by releasing a statement late Friday that said his panel is “satisfied” that Justice “has fully complied” with its request related to “possible surveillance” of Trump and his associates.

Nunes said the CIA and FBI had not yet provided information that was requested “that is necessary to determine whether information collected on U.S. persons was mishandled and leaked.”

He added that the NSA had “partially met our request” and pledged to fully meet it by the end of next week. [Continue reading…]

Facebooktwittermail

Russia considers returning Snowden to U.S. to ‘curry favor’ with Trump

NBC News reports: U.S. intelligence has collected information that Russia is considering turning over Edward Snowden as a “gift” to President Donald Trump — who has called the NSA leaker a “spy” and a “traitor” who deserves to be executed.

That’s according to a senior U.S. official who has analyzed a series of highly sensitive intelligence reports detailing Russian deliberations and who says a Snowden handover is one of various ploys to “curry favor” with Trump. A second source in the intelligence community confirms the intelligence about the Russian conversations and notes it has been gathered since the inauguration.

Snowden’s ACLU lawyer, Ben Wizner, told NBC News they are unaware of any plans that would send him back to the United States. [Continue reading…]

Facebooktwittermail

Michael Flynn’s ties to Russia under investigation

The Wall Street Journal reports: U.S. counterintelligence agents have investigated communications that President Donald Trump’s national security adviser had with Russian officials, according to people familiar with the matter.

Michael Flynn is the first person inside the White House under Mr. Trump whose communications are known to have faced scrutiny as part of investigations by the Federal Bureau of Investigation, Central Intelligence Agency, National Security Agency and Treasury Department to determine the extent of Russian government contacts with people close to Mr. Trump.

It isn’t clear when the counterintelligence inquiry began, whether it produced any incriminating evidence or if it is continuing. Mr. Flynn, a retired general who became national security adviser with Mr. Trump’s inauguration, plays a key role in setting U.S. policy toward Russia.

The counterintelligence inquiry aimed to determine the nature of Mr. Flynn’s contact with Russian officials and whether such contacts may have violated laws, people familiar with the matter said.

A key issue in the investigation is a series of telephone calls Mr. Flynn made to Sergey Kislyak, the Russian ambassador to the U.S., on Dec. 29. That day, the Obama administration announced sanctions and other measures against Russia in retaliation for its alleged use of cyberattacks to interfere with the 2016 U.S. election. U.S. intelligence officials have said Russian President Vladimir Putin ordered the hacks on Democratic Party officials to try to harm Hillary Clinton’s presidential bid.

Officials also have examined earlier conversations between Mr. Flynn and Russian figures, the people familiar with the matter said. Russia has previously denied involvement in election-related hacking.

In a statement Sunday night, White House spokeswoman Sarah Sanders said: “We have absolutely no knowledge of any investigation or even a basis for such an investigation.” [Continue reading…]

Facebooktwittermail

Intercepted Russian communications part of inquiry into Trump associates

The New York Times reports: American law enforcement and intelligence agencies are examining intercepted communications and financial transactions as part of a broad investigation into possible links between Russian officials and associates of President-elect Donald J. Trump, including his former campaign chairman Paul Manafort, current and former senior American officials said.

The continuing counterintelligence investigation means that Mr. Trump will take the oath of office on Friday with his associates under investigation and after the intelligence agencies concluded that the Russian government had worked to help elect him. As president, Mr. Trump will oversee those agencies and have the authority to redirect or stop at least some of these efforts.

It is not clear whether the intercepted communications had anything to do with Mr. Trump’s campaign, or Mr. Trump himself. It is also unclear whether the inquiry has anything to do with an investigation into the hacking of the Democratic National Committee’s computers and other attempts to disrupt the elections in November. The American government has concluded that the Russian government was responsible for a broad computer hacking campaign, including the operation against the D.N.C.

The counterintelligence investigation centers at least in part on the business dealings that some of the president-elect’s past and present advisers have had with Russia. Mr. Manafort has done business in Ukraine and Russia. Some of his contacts there were under surveillance by the National Security Agency for suspected links to Russia’s Federal Security Service, one of the officials said. [Continue reading…]

Facebooktwittermail

FBI, CIA, NSA, Justice, and Treasury departments probe possible covert Kremlin aid to Trump

McClatchy reports: The FBI and five other law enforcement and intelligence agencies have collaborated for months in an investigation into Russian attempts to influence the November election, including whether money from the Kremlin covertly aided President-elect Donald Trump, two people familiar with the matter said.

The agencies involved in the inquiry are the FBI, the CIA, the National Security Agency, the Justice Department, the Treasury Department’s Financial Crimes Enforcement Network and representatives of the director of national intelligence, the sources said.

Investigators are examining how money may have moved from the Kremlin to covertly help Trump win, the two sources said. One of the allegations involves whether a system for routinely paying thousands of Russian-American pensioners may have been used to pay some email hackers in the United States or to supply money to intermediaries who would then pay the hackers, the two sources said.

The informal, inter-agency working group began to explore possible Russian interference last spring, long before the FBI received information from a former British spy hired to develop politically damaging and unverified research about Trump, according to the sources, who spoke on the condition of anonymity because of the sensitive nature of the inquiry. [Continue reading…]

Facebooktwittermail

Edward Snowden’s asylum in Russia extended opening option of citizenship

The New York Times reports: A day after President Obama commuted the sentence of Chelsea Manning, the Russian government clarified on Wednesday the fate of Edward J. Snowden, the other main source of secrets about United States surveillance in recent years.

Mr. Snowden, a former National Security Agency contractor who was granted asylum in Russia in 2013, will be allowed to remain in the country for “a couple more years,” Maria Zakharova, a spokeswoman for the Foreign Ministry, said on Facebook.

He and his supporters have been campaigning for a pardon from Mr. Obama, but the chances of clemency appear to be vanishingly small given that his name did not appear on a list of pardons on Tuesday. [Continue reading…]

Facebooktwittermail

Obama opens NSA’s vast trove of warrantless data to entire Intelligence Community, just in time for Trump

The Intercept reports: With only days until Donald Trump takes office, the Obama administration on Thursday announced new rules that will let the NSA share vast amounts of private data gathered without warrant, court orders or congressional authorization with 16 other agencies, including the FBI, the Drug Enforcement Agency, and the Department of Homeland Security.

The new rules allow employees doing intelligence work for those agencies to sift through raw data collected under a broad, Reagan-era executive order that gives the NSA virtually unlimited authority to intercept communications abroad. Previously, NSA analysts would filter out information they deemed irrelevant and mask the names of innocent Americans before passing it along.

The change was in the works long before there was any expectation that someone like Trump might become president. The last-minute adoption of the procedures is one of many examples of the Obama administration making new executive powers established by the Bush administration permanent, on the assumption that the executive branch could be trusted to police itself. [Continue reading…]

Facebooktwittermail

U.S. intercepts capture senior Russian officials celebrating Trump win

The Washington Post reports: Senior officials in the Russian government celebrated Donald Trump’s victory over Hillary Clinton as a geopolitical win for Moscow, according to U.S. officials who said that American intelligence agencies intercepted communications in the aftermath of the election in which Russian officials congratulated themselves on the outcome.

The ebullient reaction among high-ranking Russian officials — including some who U.S. officials believe had knowledge of the country’s cyber campaign to interfere in the U.S. election — contributed to the U.S. intelligence community’s assessment that Moscow’s efforts were aimed at least in part at helping Trump win the White House.

Other key pieces of information gathered by U.S. spy agencies include the identification of “actors” involved in delivering stolen Democratic emails to the WikiLeaks website, and disparities in the levels of effort Russian intelligence entities devoted to penetrating and exploiting sensitive information stored on Democratic and Republican campaign networks.

Those and other data points are at the heart of an unprecedented intelligence report being circulated in Washington this week that details the evidence of Russian interference in the 2016 presidential campaign and catalogues other cyber operations by Moscow against U.S. election systems over the past nine years. [Continue reading…]

Facebooktwittermail