The problem with Jared Kushner

An editorial in the New York Times says: What are we supposed to make of the news that Jared Kushner, President Trump’s son-in-law and senior White House adviser, met with the Russian ambassador in December to discuss establishing a back channel between the incoming Trump administration and the Kremlin, using Russian diplomatic facilities?

Start with the reactions from America’s intelligence community, whose job it is to monitor foreign actors’ attempts to steal the nation’s most closely guarded secrets.

Michael Hayden, the former C.I.A. director, said this: “What manner of ignorance, chaos, hubris, suspicion, contempt would you have to have to think that doing this with the Russian ambassador was a good or an appropriate idea?” Another former top intelligence official called it “extremely naïve or absolutely crazy.”

Mr. Kushner is now under scrutiny by F.B.I. investigators looking into whether the Trump campaign colluded with Russian officials to influence the outcome of the 2016 presidential election.

Stupidity, paranoia, malevolence — it’s hard to distinguish among competing explanations for the behavior of people in this administration. In the case of Mr. Kushner’s meeting with Sergey Kislyak, the ambassador, and his meeting that month with Sergey Gorkov, a Russian banker with close ties to the Kremlin and Russian intelligence, even the most benign of the various working theories suggests that Mr. Kushner, who had no experience in politics or diplomacy before Mr. Trump’s campaign, is in way over his head. [Continue reading…]

Facebooktwittermail

Trump administration moves to conceal report on CIA torture by permanently placing it in Senate vaults

The New York Times reports: The Trump administration has begun returning copies of a voluminous 2014 Senate report about the Central Intelligence Agency’s detention and interrogation program to Congress, complying with the demand of a top Republican senator who has criticized the report for being shoddy and excessively critical of the C.I.A.

The Trump administration’s move, described by multiple congressional officials, raises the possibility that copies of the 6,700-page report could be locked in Senate vaults for good — exempt from laws requiring that government records eventually become public. The C.I.A., the office of the Director of National Intelligence and the C.I.A.’s inspector general have returned their copies of the report, the officials said.

The report is the result of a yearslong investigation into the C.I.A. program by Democrats on the Senate Intelligence Committee, telling the story of how — in the years after the Sept. 11, 2001, terrorist attacks — the C.I.A. began capturing terrorism suspects and interrogating them in secret prisons beyond the reach of the American judicial and military legal systems. The central conclusion of the report is that the spy agency’s interrogation methods — including waterboarding, sleep deprivation and other kinds of torture — were far more brutal and less effective than the C.I.A. described to policy makers, Congress and the public.

It is the most comprehensive accounting of the Bush-era program that exists, and a declassified executive summary of the report was made public in December 2014 — with the support of some Republicans on the committee.

The committee, which was then run by Democrats, also sent copies of the entire classified report to at least eight federal agencies, asking that they incorporate the report into their records — a move that would have made it subject to requests under the Freedom of Information Act. That law, which allows citizens, the media and other groups to request access to information held by the federal government, does not apply to congressional records. [Continue reading…]

Facebooktwittermail

CIA names new Iran chief in a sign of Trump’s hard line

The New York Times reports: He is known as the Dark Prince or Ayatollah Mike, nicknames he earned as the Central Intelligence Agency officer who oversaw the hunt for Osama bin Laden and the American drone strike campaign that killed thousands of Islamist militants and hundreds of civilians.

Now the official, Michael D’Andrea, has a new job. He is running the C.I.A.’s Iran operations, according to current and former intelligence officials, an appointment that is the first major sign that the Trump administration is invoking the hard line the president took against Iran during his campaign.

Mr. D’Andrea’s new role is one of a number of moves inside the spy agency that signal a more muscular approach to espionage and covert operations under the leadership of Mike Pompeo, the conservative Republican and former congressman, the officials said. The agency also recently named a new chief of counterterrorism, who has begun pushing for greater latitude to strike militants.

Iran has been one of the hardest targets for the C.I.A. The agency has extremely limited access to the country — no American embassy is open to provide diplomatic cover — and Iran’s intelligence services have spent nearly four decades trying to counter American espionage and covert operations.

The challenge to start carrying out President Trump’s views falls to Mr. D’Andrea, a chain-smoking convert to Islam, who comes with an outsize reputation and the track record to back it up: Perhaps no single C.I.A. official is more responsible for weakening Al Qaeda.

“He can run a very aggressive program, but very smartly,” said Robert Eatinger, a former C.I.A. lawyer who was deeply involved in the agency’s drone program.

The C.I.A. declined to comment on Mr. D’Andrea’s role, saying it does not discuss the identities or work of clandestine officials. The officials spoke only on the condition of anonymity because Mr. D’Andrea remains undercover, as do many senior officials based at the agency’s headquarters in Langley, Va. Mr. Eatinger did not use his name. The New York Times is naming Mr. D’Andrea because his identity was previously published in news reports, and he is leading an important new administration initiative against Iran. [Continue reading…]

Facebooktwittermail

Why should we care about Russian interference in our elections?

The New York Times reports: [John] Brennan, the former C.I.A. director, said Tuesday that he became concerned last year that the Russian government was trying to influence members of the Trump campaign to act — wittingly or unwittingly — on Moscow’s behalf.

“I encountered and am aware of information and intelligence that revealed contacts and interactions between Russian officials and U.S. persons involved in the Trump campaign that I was concerned about because of known Russian efforts to suborn such individuals,” Mr. Brennan told lawmakers on the House Intelligence Committee.

“It raised questions in my mind about whether Russia was able to gain the cooperation of those individuals,” he said, adding that he did not know whether the Russian efforts were successful.

He added, “I don’t know whether such collusion existed.”

It was the first time he publicly acknowledged that he was concerned about possible ties between Russia and the Trump campaign.

He said he left office in January with many unanswered questions about the Russian influence operation. Intelligence officials have said that Russia tried to tip the election toward Mr. Trump.

Mr. Brennan became so concerned last summer about signs of Russian election meddling that he held urgent, classified briefings for eight senior members of Congress, speaking with some of them over secure phone lines while they were on recess. In those conversations, he told lawmakers there was evidence that Russia was specifically working to elect Mr. Trump as president. [Continue reading…]

Facebooktwittermail

Killing CIA informants, China crippled U.S. spying operations

The New York Times reports: The Chinese government systematically dismantled C.I.A. spying operations in the country starting in 2010, killing or imprisoning more than a dozen sources over two years and crippling intelligence gathering there for years afterward.

Current and former American officials described the intelligence breach as one of the worst in decades. It set off a scramble in Washington’s intelligence and law enforcement agencies to contain the fallout, but investigators were bitterly divided over the cause. Some were convinced that a mole within the C.I.A. had betrayed the United States. Others believed that the Chinese had hacked the covert system the C.I.A. used to communicate with its foreign sources. Years later, that debate remains unresolved.

But there was no disagreement about the damage. From the final weeks of 2010 through the end of 2012, according to former American officials, the Chinese killed at least a dozen of the C.I.A.’s sources. According to three of the officials, one was shot in front of his colleagues in the courtyard of a government building — a message to others who might have been working for the C.I.A.

Still others were put in jail. All told, the Chinese killed or imprisoned 18 to 20 of the C.I.A.’s sources in China, according to two former senior American officials, effectively unraveling a network that had taken years to build. [Continue reading…]

Facebooktwittermail

Trump violates intel partnership by revealing highly classified information to Russian foreign minister and ambassador

The Washington Post reports: President Trump revealed highly classified information to the Russian foreign minister and ambassador in a White House meeting last week, according to current and former U.S. officials, who said Trump’s disclosures jeopardized a critical source of intelligence on the Islamic State.

The information the president relayed had been provided by a U.S. partner through an intelligence-sharing arrangement considered so sensitive that details have been withheld from allies and tightly restricted even within the U.S. government, officials said.

The partner had not given the United States permission to share the material with Russia, and officials said Trump’s decision to do so endangers cooperation from an ally that has access to the inner workings of the Islamic State. After Trump’s meeting, senior White House officials took steps to contain the damage, placing calls to the CIA and the National Security Agency.

“This is code-word information,” said a U.S. official familiar with the matter, using terminology that refers to one of the highest classification levels used by American spy agencies. Trump “revealed more information to the Russian ambassador than we have shared with our own allies.” [Continue reading…]

Facebooktwittermail

Flynn was warned by Trump transition officials about contacts with Russian ambassador

The Washington Post reports: Former national security adviser Michael Flynn was warned by senior members of President Trump’s transition team about the risks of his contacts with the Russian ambassador weeks before the December call that led to Flynn’s forced resignation, current and former U.S. officials said.

Flynn was told during a late November meeting that Russian Ambassador Sergey Kislyak’s conversations were almost certainly being monitored by U.S. intelligence agencies, officials said, a caution that came a month before Flynn was recorded discussing U.S. sanctions against Russia with Kislyak, suggesting that the Trump administration would reevaluate the issue.

Officials were so concerned that Flynn did not fully understand the motives of the Russian ambassador that the head of Trump’s national security council transition team asked Obama administration officials for a classified CIA profile of Kislyak, officials said. The document was delivered within days, officials said, but it is not clear that Flynn ever read it.

The previously undisclosed sequence reveals the extent to which even some Trump insiders were troubled by the still-forming administration’s entanglements with Russia and its enthusiasm for a friendly relationship with the Kremlin. [Continue reading…]

Facebooktwittermail

Is there a Russian mole inside the NSA? The CIA? Both?

Kevin Poulsen writes: A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed an NSA operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during their election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.” [Continue reading…]

Facebooktwittermail

CIA chief Pompeo: Wikileaks ‘hostile intelligence service’

BBC News reports: The head of the CIA Mike Pompeo has described anti-secrecy organisation WikiLeaks as a “non-state hostile intelligence service” that is often abetted by states such as Russia.

Russian military intelligence used Wikileaks to distribute hacked material during the US election, he added.

Earlier this month Wikileaks published details of what it said were CIA hacking tools.

The FBI and CIA have launched a criminal investigation into the leak.

“WikiLeaks walks like a hostile intelligence service and talks like a hostile intelligence service,” Mr Pompeo said, speaking at a Washington think tank.

“It overwhelmingly focuses on the US, while seeking support from anti-democratic countries and organisations,” he added. [Continue reading…]

Facebooktwittermail

CIA had evidence of Russian effort to help Trump earlier than believed

The New York Times reports: The C.I.A. told senior lawmakers in classified briefings last summer that it had information indicating that Russia was working to help elect Donald J. Trump president, a finding that did not emerge publicly until after Mr. Trump’s victory months later, former government officials say.

The briefings indicate that intelligence officials had evidence of Russia’s intentions to help Mr. Trump much earlier in the presidential campaign than previously thought. The briefings also reveal a critical split last summer between the C.I.A. and counterparts at the F.B.I., where a number of senior officials continued to believe through last fall that Russia’s cyberattacks were aimed only at disrupting America’s political system, and not at getting Mr. Trump elected, according to interviews.

The former officials said that in late August — 10 weeks before the election — John O. Brennan, then the C.I.A. director, was so concerned about increasing evidence of Russia’s election meddling that he began a series of urgent, individual briefings for eight top members of Congress, some of them on secure phone lines while they were on their summer break. [Continue reading…]

Facebooktwittermail

What Cold War intrigue can tell us about the Trump-Russia inquiry

The New York Times reports: It began with evidence of a breach of the Democratic National Committee’s computers and has now evolved into a sprawling counterintelligence investigation to determine whether there was any coordination between members of Donald J. Trump’s presidential campaign staff and the Russian government, perhaps even influencing the 2016 election.

When James B. Comey, the F.B.I. director, went before Congress on March 20 and confirmed the existence of the Trump-Russia investigation, it echoed of the Cold War investigations in which the bureau and the C.I.A. searched for agents hidden in the government who had spied for Moscow.

A look back at those Cold War cases may reveal lessons for today’s investigators. Above all, those past cases show it could take years before the new investigation uncovers any answers.

Spy hunts usually begin with an unexplained incident. In the Trump-Russia case, there was the hacking of the D.N.C.’s computers. In 1985, there was an arrest on the streets of Moscow.

In June 1985, Burton Gerber, the chief of the Soviet-East European division of the Central Intelligence Agency, was about to sit down to dinner at his home in Washington when he received devastating news. Paul Stombaugh, a C.I.A. case officer, had just been arrested by the K.G.B. in Moscow. Mr. Stombaugh had been caught while he was on a clandestine mission to meet the C.I.A.’s most important Russian spy, Adolf Tolkachev, a scientist at a secret military design facility who had been providing the Americans with top-secret information about Soviet weapons systems. Mr. Gerber knew that Mr. Stombaugh’s arrest meant that Mr. Tolkachev, an agent the C.I.A. had code-named GTVANQUISH, had certainly been arrested as well.

The arrest and subsequent execution of Mr. Tolkachev was the most damaging of a series of mysterious spy losses suffered by the C.I.A. in 1985. In fact, there was so much espionage activity between the C.I.A. and the K.G.B. that burst into public view in 1985 that it became known as the Year of the Spy.

But why?

Debate swirled inside the cloistered world of American counterintelligence. Could all the spy losses be blamed on C.I.A. incompetence? Or had they resulted from something more sinister, like a Russian mole inside the agency?

That 1985 debate has in some ways been mirrored in the public debate about the hacking of the D.N.C. during the 2016 presidential campaign. Did some hacker simply take advantage of the committee’s cyber-incompetence, or was an American political party the specific and premeditated target of Russian intelligence? [Continue reading…]

Facebooktwittermail

Authorities question CIA contractors in connection with WikiLeaks dump

The Wall Street Journal reports: Investigators probing who may have provided WikiLeaks with classified information about the Central Intelligence Agency’s purported computer-hacking techniques are zeroing in on a small number of contractors who have worked for the agency and may have been disgruntled over recent job losses, according to people familiar with the investigation.

Authorities on Thursday questioned a handful of contractors working in at least two locations in the Virginia suburbs of Washington, D.C., these people said. Law-enforcement officials said no arrests had been made, but one person familiar with the investigation said it was “rapidly unfolding.”

This person added that a digital trail has pointed authorities, at least initially, to a team of software developers working with the CIA’s Engineering Development Group. The group designs tools that, according to the documents released this week by WikiLeaks, the CIA uses to break into smartphones, personal computers and televisions connected to the internet. The more than 8,000 pages of documents that WikiLeaks disclosed appear to have been taken last December from a server that the Engineering Development Group uses, this person said, and that “only a few contractors would have access to.”

More than a dozen companies work for the CIA on hacking projects, the bulk of them at a facility near Chantilly, Va. It wasn’t clear which companies the people who were questioned worked for. In recent months, there has been talk of “bad blood” in the small world of CIA contractors who are vital to the agency’s hacking projects, the people familiar with the probe said. One group of contractors recently had been working for the CIA overseas and expected to be given new jobs with the agency in the U.S., but their positions were later eliminated, one person said. [Continue reading…]

Facebooktwittermail

The truth about the WikiLeaks CIA cache

Zeynep Tufekci writes: On Tuesday morning, WikiLeaks released an enormous cache of documents that it claimed detailed “C.I.A. hacking tools.” Immediately afterward, it posted two startling tweets asserting that “C.I.A. hacker malware” posed a threat to journalists and others who require secure communication by infecting iPhone and Android devices and “bypassing” encrypted message apps such as Signal and WhatsApp.

This appeared to be a bombshell. Signal is considered the gold standard for secure communication. WhatsApp has a billion users. The C.I.A., it seemed, had the capacity to conduct sweeping surveillance on what we had previously assumed were our safest and most private digital conversations.

In their haste to post articles about the release, almost all the leading news organizations took the WikiLeaks tweets at face value. Their initial accounts mentioned Signal, WhatsApp and other encrypted apps by name, and described them as “bypassed” or otherwise compromised by the C.I.A.’s cyberspying tools.

Yet on closer inspection, this turned out to be misleading. Neither Signal nor WhatsApp, for example, appears by name in any of the alleged C.I.A. files in the cache. (Using automated tools to search the whole database, as security researchers subsequently did, turned up no hits.) More important, the hacking methods described in the documents do not, in fact, include the ability to bypass such encrypted apps — at least not in the sense of “bypass” that had seemed so alarming. Indeed, if anything, the C.I.A. documents in the cache confirm the strength of encryption technologies. [Continue reading…]

Facebooktwittermail

How the CIA’s hacking hoard makes everyone less secure

Andy Greenberg writes: When Wikileaks yesterday released a trove of documents purporting to show how the CIA hacks everything from smartphones to PCs to smart televisions, the agency’s already shadowy reputation gained a new dimension. But if you’re an average American, rather than Edward Snowden or an ISIS jihadi, the real danger clarified by that leak wasn’t that someone in Langley is watching you through your hotel room’s TV. It’s the rest of the hacker world that the CIA has inadvertently empowered.

As security researchers and policy analysts dig through the latest WikiLeaks documents, the sheer number of hacking tools the CIA has apparently hoarded for exploiting zero-day vulnerabilities—secret inroads that tech firms haven’t patched—stands out most. If the US intelligence community knows about them, that leaves open the possibility that criminal and foreign state hackers do as well.

Its broad zero-day stash, then, strongly suggests that the CIA—along with other intelligence agencies—has long allowed Americans to remain vulnerable to those same attacks. Now that those hacking secrets are public, potentially along with enough details to replicate them, the danger of the feds leaving major security flaws unfixed only escalates.

“If the CIA can use it, so can the Russians, or the Chinese or organized crime,” says Kevin Bankston, the director of the New America Foundation’s Open Technology Institute. “The lesson here, first off, is that stockpiling a bunch of vulnerabilities is bad for cybersecurity. And two, it means they’re likely going to get leaked by someone.”

It’s no surprise, of course, that one of America’s most well-resourced spy agencies can hack its foreign adversaries. The shock, says Johns Hopkins cryptographer Matt Green, comes instead from the sudden spill of those hacking tools onto the web. “In the same way the military would probably have one technique for killing every single tank in an enemy’s arsenal, you would expect the CIA to collect the same thing,” says Green. “What’s different is that we’re seeing them out in public.”

In fact, WikiLeaks wrote in a note accompanying its Tuesday release that “the archive appears to have been circulated among former US government hackers and contractors in an unauthorized manner.” That raises the possibility the full document set, along with actual exploit details or code, may have fallen into the hands of hackers long before it was published in part by WikiLeaks. [Continue reading…]

Facebooktwittermail

Wikileaks files show the CIA repurposing hacking code to save time, not to frame Russia

The Intercept reports: Attributing hacking attacks to the correct perpetrators is notoriously difficult. Even the U.S. government, for all its technical resources and expertise, took warranted criticism for trying to pin a high-profile 2014 cyberattack on North Korea, and more recently faced skepticism when it blamed Russia for hacks against top Democrats during the 2016 election.

In those cases, government officials said they based their attribution in part on software tools the hackers employed, which had been used in other cyberattacks linked to North Korea and Russia. But that sort of evidence is not conclusive; hackers have been known to intentionally use or leave behind software and other distinctive material linked to other groups as part of so-called false flag operations intended to falsely implicate other parties. Researchers at Russian digital security firm Kaspersky Lab have documented such cases.

On Tuesday, Wikileaks published a large cache of CIA documents that it said showed the agency had equipped itself to run its own false-flag hacking operations. The documents describe an internal CIA group called UMBRAGE that Wikileaks said was stealing the techniques of other nation-state hackers to trick forensic investigators into falsely attributing CIA attacks to those actors. According to Wikileaks, among those from whom the CIA has stolen techniques is the Russian Federation, suggesting the CIA is conducting attacks to intentionally mislead investigators into attributing them to Vladimir Putin.

“With UMBRAGE and related projects, the CIA can not only increase its total number of attack types, but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” Wikileaks writes in a summary of its CIA document dump

It’s a claim that seems intended to shed doubt on the U.S. government’s attribution of Russia in the DNC hack; the Russian Federation was the only nation specifically named by Wikileaks as a potential victim of misdirected attribution. It’s also a claim that some media outlets have accepted and repeated without question.

“WikiLeaks said there’s an entire department within the CIA whose job it is to ‘misdirect attribution by leaving behind the fingerprints’ of others, such as hackers in Russia,” CNN reported without caveats.

It would be possible to leave such fingerprints if the CIA were re-using unique source code written by other actors to intentionally implicate them in CIA hacks, but the published CIA documents don’t say this. Instead they indicate the UMBRAGE group is doing something much less nefarious.

They say UMBRAGE is borrowing hacking “techniques” developed or used by other actors to use in CIA hacking projects. This is intended to save the CIA time and energy by copying methods already proven successful. If the CIA were actually re-using source code unique to a specific hacking group this could lead forensic investigators to mis-attribute CIA attacks to the original creators of the code. But the documents appear to say the UMBRAGE group is writing snippets of code that mimic the functionality of other hacking tools and placing it in a library for CIA developers to draw on when designing custom CIA tools. [Continue reading…]

Facebooktwittermail

Russia turns Wikileaks CIA dump into disinformation

Kevin Poulsen reports: For the second time in a matter of months, U.S. intelligence agencies have suffered a devastating breach of their hacking secrets.

But unlike the last breach in August, an American Central Intelligence Agency worker, not Russian hackers, is the most likely source of a new tranche of documents detailing the methods and tools used by the CIA to steal secrets from foreign governments and terror groups — though some experts have seen signs that Russia is working overtime to take advantage of the disclosure.

Tuesday’s document dump, titled “Vault 7, Year Zero” by WikiLeaks, details the capabilities and culture within the CIA’s secretive Center for Cyber Intelligence in Langley, Virginia. The leak portrays a robust, if not unique, computer-intrusion capability inside the CIA, accented by a few James Bond novelties, like special snooping software intended to be carried into an adversary’s lair on a thumb drive, where a CIA asset plugs it into a USB port. Another program, code-named Weeping Angel, turns a Samsung smart TV into a covert listening device.

The leak follows an incident last August when a mysterious group or individual called the Shadow Brokers began publishing hacking tools stockpiled by the NSA’s elite Tailored Access Operations group, including dozens of backdoor programs and 10 exploits. Experts suspected the Shadow Brokers were a shot across the bow by Russia’s intelligence services.

But the CIA leak could be worse for U.S. intelligence, because it includes code from the agency’s malware development frameworks. Using that code, security experts and counterintelligence agents could sniff out a variety of CIA malware. “For the CIA this is huge loss,” said Jake Williams, founder of Rendition Infosec. “For incident responders like me, this is a treasure trove.” [Continue reading…]

Facebooktwittermail