How Russia pulled off the biggest election hack in U.S. history


Thomas Rid writes: On an April afternoon earlier this year, Russian president Vladimir Putin headlined a gathering of some four hundred journalists, bloggers, and media executives in St. Petersburg. Dressed in a sleek navy suit, Putin looked relaxed, even comfortable, as he took questions. About an hour into the forum, a young blogger in a navy zip sweater took the microphone and asked Putin what he thought of the “so-called Panama Papers.”

The blogger was referring to a cache of more than eleven million computer files that had been stolen from Mossack Fonseca, a Panamanian law firm. The leak was the largest in history, involving 2.6 terabytes of data, enough to fill more than five hundred DVDs. On April 3, four days before the St. Petersburg forum, a group of international news outlets published the first in a series of stories based on the leak, which had taken them more than a year to investigate. The series revealed corruption on a massive scale: Mossack Fonseca’s legal maneuverings had been used to hide billions of dollars. A central theme of the group’s reporting was the matryoshka doll of secret shell companies and proxies, worth a reported $2 billion, that belonged to Putin’s inner circle and were presumed to shelter some of the Russian president’s vast personal wealth.

When Putin heard the blogger’s question, his face lit up with a familiar smirk. He nodded slowly and confidently before reciting a litany of humiliations that the United States had inflicted on Russia. Putin reminded his audience about the sidelining of Russia during the 1998 war in Kosovo and what he saw as American meddling in Ukraine more recently. Returning to the Panama Papers, Putin cited WikiLeaks to insist that “officials and state agencies in the United States are behind all this.” The Americans’ aim, he said, was to weaken Russia from within: “to spread distrust for the ruling authorities and the bodies of power within society.”

Though a narrow interpretation of Putin’s accusation was defensible—as WikiLeaks had pointed out, one of the members of the Panama Papers consortium had received financial support from USAID, a federal agency—his swaggering assurance about America’s activities has a more plausible explanation: Putin’s own government had been preparing a vast, covert, and unprecedented campaign of political sabotage against the United States and its allies for more than a year.

The Russian campaign burst into public view only this past June, when The Washington Post reported that “Russian government hackers” had penetrated the servers of the Democratic National Committee. The hackers, hiding behind ominous aliases like Guccifer 2.0 and DC Leaks, claimed their first victim in July, in the person of Debbie Wasserman Schultz, the DNC chair, whose private emails were published by WikiLeaks in the days leading up to the Democratic convention. By August, the hackers had learned to use the language of Americans frustrated with Washington to create doubt about the integrity of the electoral system: “As you see the U. S. presidential elections are becoming a farce,” they wrote from Russia.

The attacks against political organizations and individuals absorbed much of the media’s attention this year. But in many ways, the DNC hack was merely a prelude to what many security researchers see as a still more audacious feat: the hacking of America’s most secretive intelligence agency, the NSA.

Russian spies did not, of course, wait until the summer of 2015 to start hacking the United States. This past fall, in fact, marked the twentieth anniversary of the world’s first major campaign of state-on-state digital espionage. In 1996, five years after the end of the USSR, the Pentagon began to detect high-volume network breaches from Russia. The campaign was an intelligence-gathering operation: Whenever the intruders from Moscow found their way into a U. S. government computer, they binged, stealing copies of every file they could.

By 1998, when the FBI code-named the hacking campaign Moonlight Maze, the Russians were commandeering foreign computers and using them as staging hubs. At a time when a 56 kbps dial-up connection was more than sufficient to get the best of and AltaVista, Russian operators extracted several gigabytes of data from a U. S. Navy computer in a single session. With the unwitting help of proxy machines—including a Navy supercomputer in Virginia Beach, a server at a London nonprofit, and a computer lab at a public library in Colorado—that accomplishment was repeated hundreds of times over. Eventually, the Russians stole the equivalent, as an Air Intelligence Agency estimate later had it, of “a stack of printed copier paper three times the height of the Washington Monument.” [Continue reading…]


Government alleges former NSA contractor stole ‘astonishing quantity’ of classified data over 20 years

The Washington Post reports: Federal prosecutors in Baltimore on Thursday said they will charge a former National Security Agency contractor with violating the Espionage Act, alleging that he made off with “an astonishing quantity” of classified digital and other data over 20 years in what is thought to be the largest theft of classified government material ever.

In a 12-page memo, U.S. Attorney Rod Rosenstein and two other prosecutors laid out a much more far-reaching case against Harold T. Martin III than was previously outlined. They say he took at least 50 terabytes of data and “six full banker’s boxes worth of documents,” with many lying open in his home office or kept on his car’s back seat and in the trunk. Other material was stored in a shed on his property.

One terabyte is the equivalent of 500 hours’ worth of movies.

Martin, who will appear at a detention hearing in U.S. District Court in Baltimore on Friday, also took personal information about government employees as well as dozens of computers, thumb drives and other digital storage devices, the government memo said.

The government has not alleged that Martin passed any material to a foreign government, but contends that if he is released on bail he could do so. [Continue reading…]


Yahoo secretly scanned customer emails for U.S. intelligence

Reuters reports: Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.

It is not known what information intelligence officials were looking for, only that they wanted Yahoo to search for a set of characters. That could mean a phrase in an email or an attachment, said the sources, who did not want to be identified.

Reuters was unable to determine what data Yahoo may have handed over, if any, and if intelligence officials had approached other email providers besides Yahoo with this kind of request.

According to two of the former employees, Yahoo Chief Executive Marissa Mayer’s decision to obey the directive roiled some senior executives and led to the June 2015 departure of Chief Information Security Officer Alex Stamos, who now holds the top security job at Facebook Inc. [Continue reading…]

The Wall Street Journal reports: Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system. [Continue reading…]


Snowden as Superman: The man behind the myth


Ken Silverstein used to write for The Intercept and has had a long career as an investigative journalist — he’s not an apologist for the security state. He started CounterPunch, but like anyone with a sincere interest in what’s true, has no political loyalties. He writes: Let’s pretend for a moment that the official story as told by Snowden and his admirers — with Glenn Greenwald, who’s been chasing a movie deal of his own for ages that depends on Snowden being the perfect hero, being his No. 1 cheerleader — is 100 percent true. Snowden was a loyal, patriotic American when he worked for the CIA and the NSA through private contractors but was outraged by what he discovered and felt compelled to expose U.S. government abuses to the world.

OK, there are still a few questions:

First, a lot of what Snowden released was damaging to U.S. foreign policy and NATO — and that’s in principle fine by me — but why didn’t he steal and reveal anything embarrassing to Russia and China, for example? There’s no way he didn’t have access to damaging information about those countries — both who have plenty of dirty secrets as well — so why, if he was just out to save the world, didn’t he think to expose that as well?

It’s reminiscent of Julian Assange of Wikileaks, which gave Snowden huge support, and raises questions about him as well. Whatever his relationship to Russia, Putin must be thrilled with his recent activities. And Assange and Wikileaks get all sorts of leaked and hacked information, but they don’t seem especially eager to expose much damaging to Russia.

Second, Snowden has recently made a few comments critical of Russia, but I’m pretty sure he’s not going to make it a habit. Nor is he in any position to do so. Some believe Snowden was played by Russian intelligence — and that is certainly a plausible theory though one his fawning fans refuse to even entertain — but there is no question that at the moment he effectively answers to Vladimir Putin. “I don’t know if Snowden understood the rules when he got there, but I’m sure he understands them now,” one former CIA case officer told me. “It’s pretty simple. Whether he was told directly or not, Putin let him know the deal: ‘You can live here and help us out or we can send you home. Do you have any questions’.”

And for Russia, Snowden is the gift that just keeps on giving. As noted above, he’s a global celebrity and a regular of the digital speaking network. He’s beloved by the left and civil liberties advocates and every time he makes an appearance he scores points for Russia. He may not be a witting propaganda tool of the Kremlin but he may as well be. Putin clearly wants Snowden in Moscow, otherwise it would be a simple matter for him to put him on a private plane and send him off to Cuba or any other country that will take him. He’s keeping him there because it serves Putin’s interests, not because the former KGB officer is a champion of free speech and civil liberties.

By the way, Yahoo has reported that Snowden has made about $200,000 in speaking fees and apparently pocketed most of it, even though he has claimed he gives much of it to the Freedom of the Press Foundation, where he, Greenwald and Poitras are board members. [Continue reading…]


As Russia reasserts itself, U.S. intelligence agencies focus anew on the Kremlin

The Washington Post reports: U.S. intelligence agencies are expanding spying operations against Russia on a greater scale than at any time since the end of the Cold War, U.S. officials said.

The mobilization involves clandestine CIA operatives, National Security Agency cyberespionage capabilities, satellite systems and other intelligence assets, officials said, describing a shift in resources across spy services that had previously diverted attention from Russia to focus on terrorist threats and U.S. war zones.

U.S. officials said the moves are part of an effort to rebuild U.S. intelligence capabilities that had continued to atrophy even as Russia sought to reassert itself as a global power. Over the past two years, officials said, the United States was caught flat-footed by Moscow’s aggression, including its annexation of Crimea, its intervention in the war in Syria and its suspected role in hacking operations against the United States and Europe.

U.S. spy agencies “are playing catch-up big time” with Russia, a senior U.S. intelligence official said. Terrorism remains the top concern for American intelligence services, the official said, but recent directives from the White House and the Office of the Director of National Intelligence (ODNI) have moved Russia up the list of intelligence priorities for the first time since the Soviet Union’s collapse. [Continue reading…]


It’s time to pardon Edward Snowden

Kenneth Roth and Salil Shetty write: Edward J. Snowden, the American who has probably left the biggest mark on public policy debates during the Obama years, is today an outlaw. Mr. Snowden, a former National Security Agency contractor who disclosed to journalists secret documents detailing the United States’ mass surveillance programs, faces potential espionage charges, even though the president has acknowledged the important public debate his revelations provoked.

Mr. Snowden’s whistle-blowing prompted reactions across the government. Courts found the government wrong to use Section 215 of the Patriot Act to justify mass phone data collection. Congress replaced that law with the USA Freedom Act, improving transparency about government surveillance and limiting government power to collect certain records. The president appointed an independent review board, which produced important reform recommendations.

That’s just in the American government. Newspapers that published Mr. Snowden’s revelations won the Pulitzer Prize. The United Nations issued resolutions on protecting digital privacy and created a mandate to promote the right to privacy. Many technology companies, facing outrage at their apparent complicity in mass surveillance, began providing end-to-end encryption by default. Three years on, the news media still refer to Mr. Snowden and his revelations every day. His actions have brought about a dramatic increase in our awareness of the risks to our privacy in the digital age — and to the many rights that depend on privacy.

Yet President Obama and the candidates to succeed him have emphasized not Mr. Snowden’s public service but the importance of prosecuting him. Hillary Clinton has said Mr. Snowden shouldn’t be brought home “without facing the music.” Donald J. Trump has said, “I think he’s a total traitor and I would deal with him harshly.”

Eric H. Holder Jr. struck a more measured tone in May, upon leaving office as Mr. Obama’s attorney general. He recognized that while Mr. Snowden broke the law, “he actually performed a public service” by raising the national debate on surveillance practices. [Continue reading…]


U.S. investigating potential covert Russian plan to disrupt November elections

The Washington Post reports: U.S. intelligence and law enforcement agencies are investigating what they see as a broad covert Russian operation in the United States to sow public distrust in the upcoming presidential election and in U.S. political institutions, intelligence and congressional officials said.

The aim is to understand the scope and intent of the Russian campaign, which incorporates cyber-tools to hack systems used in the political process, enhancing Russia’s ability to spread disinformation.

The effort to better understand Russia’s covert influence operations is being coordinated by James R. Clapper Jr., the director of national intelligence. “This is something of concern for the DNI,” said Charles Allen, a former longtime CIA officer who has been briefed on some of these issues. “It is being addressed.”

A Russian influence operation in the United States “is something we’re looking very closely at,” said one senior intelligence official who, like others interviewed, spoke on the condition of anonymity to discuss a sensitive matter. Officials also are examining potential disruptions to the election process, and the FBI has alerted state and local officials to potential cyberthreats.

The official cautioned that the intelligence community is not saying it has “definitive proof” of such tampering, or any Russian plans to do so. “But even the hint of something impacting the security of our election system would be of significant concern,” the official said. “It’s the key to our democracy, that people have confidence in the election system.”

The Kremlin’s intent may not be to sway the election in one direction or another, officials said, but to cause chaos and provide propaganda fodder to attack U.S. democracy-building policies around the world, particularly in the countries of the former Soviet Union. [Continue reading…]


Edward Snowden’s long, strange journey to Hollywood

Irina Aleksander writes: The summer light was fading to gold near Red Square as Oliver Stone maneuvered through the lobby bar of a five-star Moscow hotel last year. He walked past the marble staircase and the grand piano to a table in the back. A group of businessmen in suits lingered nearby. Stone grimaced.

“I think we should move,” he said. His producer, Moritz Borman, led the way to another corner. “How’s this?” Borman asked.

Stone didn’t answer. He eyed an older couple slurping soup and kept moving. A moment later, Stone finally settled in by a window, comfortably beyond earshot of the other patrons.

Such security precautions had become routine. Ever since Stone decided to make a biopic about Edward Snowden, the American whistle-­blower currently holed up in Moscow somewhere, the director — who became a Buddhist while making “Heaven & Earth” and sampled a buffet of psychedelic drugs for “The Doors” — had gone all method again. On “Snowden,” he and Borman became so preoccupied with American government surveillance that they had their Los Angeles offices swept for bugs more than once.

The director hadn’t been sleeping well. Principal photography wrapped a month earlier, and now Stone had come to Moscow to film Snowden for the movie’s grand finale. He ordered a decaf coffee and began to lay out the events that led him and Borman to be hanging out in Russian hotels, on the lookout for potential spies. “Last January, Moritz calls me,” Stone said. “He says: ‘You got a call from this fella who represents Mr. Snowden. You’re invited to Moscow.’ ”

The call had come from Anatoly Kucherena, Snowden’s Russian lawyer. In the course of his career, Kucherena has represented Russian oligarchs, film directors, a few pop singers and a state minister. In 2012, he campaigned for Vladimir V. Putin, and soon after Snowden landed in Moscow, Kucherena showed up at Sheremetyevo Airport and offered his services. Then Kucherena wrote a novel about his new client. Titled “Time of the Octopus,” it follows a National Security Agency leaker named Joshua Cold who is marooned in the airport and the Russian advocate who liberates him. In January 2014, months before the book was published, Kucherena called Borman to see if Stone might like to make it into a Hollywood movie.

“And I know you from working on, what, three films?” Stone said at the bar.

“Five,” Borman said.

At the time, Stone and Borman were barely speaking after a falling-­out during the making of “Savages,” a beachy Blake Lively thriller. “We’ve had our fights,” Stone said. “You know, he’s German; I’m American.” He didn’t elaborate.

“He calls, and I go: ‘Oh, [expletive]. Not again,’ ” Stone continued. It wasn’t just about Borman. Stone wanted nothing to do with another political docudrama. He spent two decades trying to get a biopic about the Rev. Dr. Martin Luther King Jr. off the ground, only to see “Selma” get made to critical acclaim. Then there was the My Lai massacre film. Merrill Lynch put up cash, Bruce Willis was set to star and Stone built an entire village in Thailand. As the economy collapsed in 2008, the financing evaporated. “You get these scars, and they don’t go away,” Stone said.

So Stone was skeptical. But this was Snowden, who single-­handedly exposed the colossal scale on which the United States had been surveilling its citizens. Plus, the director needed a hit. After early successes like “Platoon” and “Wall Street,” his more recent films didn’t receive the attention he hoped. The Snowden story had all the ingredients of an epic Stone picture: politics, government conspiracy and, at the center of it all, an American patriot who had lost faith. If it panned out, it could be Stone’s millennial follow-­up to “Born on the Fourth of July,” the Ron Kovic biopic that won him an Oscar in 1990.

But first Stone and Borman had to make sure Kucherena was for real. Borman asked the lawyer to send the book and two first-class tickets to Moscow. Both arrived the next day. In case they still had doubts, Kucherena’s office gave Borman a number to call. On the other end was an employee of the Russian consulate in San Francisco, who turned out to be a big fan of “The Life of David Gale,” a film Borman produced. They were issued visas that same week. (Kucherena denies buying first-class tickets for Stone and Borman or helping expedite their visas.)

“When that happened,” Borman said, “I thought, O.K., I guess Kucherena can pull the strings.” [Continue reading…]


Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]


Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]


Karen Greenberg on the making of the modern security state

Brian O’Neill writes: For people not intimately involved in national security debates, and who haven’t closely followed how we arrived at the modern security state, the decade-and-a-half following the surreal terror of September 11 have felt like an unmoored drift, a country floating aimlessly, if recklessly, down a river of indecision. The internet’s rising ubiquity, followed by the dominance of social media, allowed many of us to unwittingly shrug off privacy concerns, while simultaneously ignoring others’ indefinite detention, the torture of strangers, and sky-borne assassination overseas, until we looked around and the sky was speckled with revelations. It’s easy to feel like the new relationship we have with our government “only just happened.”

In Rogue Justice, Karen Greenberg, the director of the Center on National Security at Fordham University School of Law, puts that feeling of aimless drift mostly to rest. This detailed and meticulously researched book shows how the willingness to make every citizen a suspect, and to give the executive branch immense powers to surveil, detain, torture, and murder were not just a product of collective fear and indifference, but the deliberate actions of a surprisingly small group of people. I say “mostly” because the decisions were made by officials within the Bush and (to a lesser extent) Obama administrations, but they were also enabled by the assumed (and granted) complicity of many others.

This complicity came from careerists worried about rocking the boat, politicians in both parties worried about being painted as weak on terror (with notable and noble exceptions), and to an uncomfortable extent, the general public. The terrorist attacks in 2001 made everyone realize that anyone could be a target, but we didn’t see — or didn’t want to see — that in a very real way, we also became a target of the government. Many of the policies enacted in the wake of 9/11 made everyone a suspect as much as a target. Through official secrecy aided by general indifference, we allowed ourselves to be passively dragooned into being on both sides of a war. [Continue reading…]


The U.S. could have destroyed Iran’s entire infrastructure without dropping a single bomb

Tech Insider reports: The United States had a top-secret operation that gave it the ability to shut down much of Iran’s infrastructure ahead of a full-scale war, without a single bomb being dropped.

The incredible insight into a highly-classified cyber operation called Nitro Zeus was first exposed in the film “Zero Days” and later corroborated by The New York Times, which interviewed intelligence and military officials who were involved.

The film, directed by Alex Gibney, premieres on Friday.

“We spent hundreds of millions, maybe billions on it,” an anonymous National Security Agency source says in the film. “We were inside, waiting, watching. Ready to disrupt, degrade, and destroy those systems with cyber attacks. In comparison, Stuxnet was a back alley operation. [Nitro Zeus] was the plan for a full scale cyber war with no attribution.”

The source, whose face and voice are concealed throughout the film, is later revealed to be an actor reciting lines from testimony offered to Director Alex Gibney by CIA and NSA employees.

The focus of the “Zero Days” film is on Stuxnet — the world’s first cyber weapon — that was used against Iran’s nuclear facilities. But in researching for the film, Gibney found that malicious software was just one small piece of a much larger puzzle. [Continue reading…]