More on the CIA Document Leak

If I had to guess right now, I’d say the documents came from an outsider and not an insider. My reasoning: One, there is absolutely nothing illegal in the contents of any of this stuff. It’s exactly what you’d expect the CIA to be doing in cyberspace. That makes the whistleblower motive less likely. And two, the documents are a few years old, making this more like the Shadow Brokers than Edward Snowden. An internal leaker would leak quickly. A foreign intelligence agency—like the Russians—would use the documents while they were fresh and valuable, and only expose them when the embarrassment value was greater.

James Lewis agrees:

But James Lewis, an expert on cybersecurity at the Center for Strategic and International Studies in Washington, raised another possibility: that a foreign state, most likely Russia, stole the documents by hacking or other means and delivered them to WikiLeaks, which may not know how they were obtained. Mr. Lewis noted that, according to American intelligence agencies, Russia hacked Democratic targets during the presidential campaign and gave thousands of emails to WikiLeaks for publication.

To be sure, neither of us has any idea. We’re all guessing.

To the documents themselves, I really liked these best practice coding guidelines for malware, and these crypto requirements.

I am mentioned in the latter document:

Cryptographic jargon is utilized throughout this document. This jargon has precise and subtle meaning and should not be interpreted without careful understanding of the subject matter. Suggested reading includes Practical Cryptography by Schneier and Ferguson, RFCs 4251 and 4253, RFCs 5246 and 5430, and Handbook of Applied Cryptography by Menezes, van Oorschot, and Vanstone.

EDITED TO ADD: Herbert Lin comments.

The most damning thing I’ve seen so far is yet more evidence that—despite assurances to the contrary—the US intelligence community hoards vulnerabilities in common Internet products and uses them for offensive purposes.

EDITED TO ADD (3/9): The New York Times is reporting that the CIA suspects an insider:

Investigators say that the leak was the work not of a hostile foreign power like Russia but of a disaffected insider, as WikiLeaks suggested when it released the documents Tuesday. The F.B.I. was preparing to interview anyone who had access to the information, a group likely to include at least a few hundred people, and possibly more than a thousand.

An intelligence official said the information, much of which appeared to be technical documents, may have come from a server outside the C.I.A. managed by a contractor. But neither he nor a former senior intelligence official ruled out the possibility that the leaker was a C.I.A. employee.

EDITED TO ADD (3/9): WikiLeaks said that they have published less than 1% of what they have, and that they are giving affected companies an early warning of the vulnerabilities and tools that they’re publishing.

Commentary from The Intercept.

Tags: , , , , ,

Posted on March 8, 2017 at 9:08 AM157 Comments

Comments

milkshaken March 8, 2017 9:39 AM

This could be a polite message from Kremlin, to the US Intelligence Community, to please stop pushing the Trump-Russia connection for the impeachment purposes. (Not that they care much for Trump in Kremlin but this anti-Russian media hysteria is getting on their nerves). So this looks very much like a follow up act on the TAO toolbox release. And the funny thing is, it was probably Obama administration sending them the “unwanted Snowden present” that gave them this idea.

T0 March 8, 2017 9:39 AM

Here he goes again: “There is absolutely nothing illegal about any of this stuff.” Because if Bruce says it enough that makes it true. If he says it enough, it makes the supreme law of the land go away, Poof!

With his magical incantation Bruce can go back in time and terminate Moynihan before he can say the ICCPR is binding, and then he can go and wipe out Congress before they can ratify it. Then he can go and shoot the HRC before they can write General Comment 16 defining the US commitment to necessary and proportional privacy derogations. Also he can wipe out the whole Sixth Committee before they draft state responsibility doctrine as codified customary international law.

The average North Korean takes his civic religion less seriously.

D-503 March 8, 2017 9:47 AM

It’s great that the CIA is writing software manuals. It should do more of that, instead of overthrowing democratically-elected governments and launching drone strikes against wedding parties.
One thing that stood out for me is hacking of modern cars. Wikileaks speculates that this could be used for assassinations that are indistinguishable from accidents. Scary. I remember a couple of years ago a journalist in Los Angeles died in a fiery car crash. Earlier that day, he claimed to be on a hot story about the US intelligence community. At the time, some people speculated that the car had been hacked to jam the accelerator or disable the brakes. No evidence one way or the other.
A lot less “messy” (from the CIA’s perspective) than the old-fashioned methods:
https://en.wikipedia.org/wiki/Assassination_of_Orlando_Letelier

It’s worth keeping in mind that the CIA is a big agency, and there are some people there who have few qualms about legality or illegality. Legality aside, many there are too focused on their specific mission to even think about the wider ethical dimensions of what they’re doing.

My Info March 8, 2017 9:47 AM

Meanwhile I’m in Albuquerque, NM, and some Asian lady at a coffee shop I had ordered a cup of coffee from suddenly ordered me to leave or she would call the cops. On my way out a window-washer almost “accidentally” dropped a heavy bucket on my head from ten stories up.

Later today they are supposed to have some kind of Socialist/Liberation Front “International Women’s Day” march for equal rights, LGBTQIAA rights, etc., etc.

https://www.liberationnews.org/

What they really want is “husbands” with steady factory jobs and access to a mafia don with control over their husbands’ schedules for those “special” circumstances, like, come on, you know what I mean….

https://www.theatlantic.com/business/archive/2017/03/manufacturing-marriage-family/518280/?google_editors_picks=true

They’re as bad as those Swedish girls Assange got in trouble with. I mean they do pot and crack, they’re not interested in a real job. The only right they are advocating for on behalf of themselves is the right to sell sex for money, and have the cops cart away unwanted boyfriends. This goes right along with the labor unions’ non-negotiable demands for access to sex on demand for their male members.

I am a transwoman, and these women make a point of insulting me, calling me “Sir” or “Mister,” and so on and so forth. Hence the claims of LGBT “support” are patently false, and it’s just another hate march like they had at Trump’s inauguration.

It’s the Russians, the Mafiaa, the goodfellas, the dons, all those “International Brotherhood” labor unions, communists, all of them. And the thing about this CIA leak, is that the joke’s on them: now that it’s in the media, there will be a little more impetus to improve security and start limiting the mob’s access to our computers.

b March 8, 2017 10:02 AM

There are several legal issues with the CIA stuff.

Breaking other people’s code and copyright are just lower ones. To sign off that all this is legal is way premature with only a tiny part of the package published. How much damage has the CIA caused to Google, Apple, Samsung with these (now public) measures? Is it legal to cause such damage?

The assertion “everything is legal” also is only within the frame of domestic U.S. law. There are several international agreements and hundreds of local laws of other countries broken by the revealed CIA methods. Wikileaks is not a U.S. centric organization. Neither must the motive of the leakers be restricted by a U.S. centric view. They maybe considered the damage the CIA is causing internationally? By supporting al-Qaeda and ISIS in Syria maybe?

Schneier asserts that “the documents are a few years old”. Well, they are from 2013 to 2016. What did you expect? February 2017 releases? This is relative fresh stuff.

There is (again) zero evidence or even factual hints that this leak is related to Russia. Would Russia or Wikileaks redact CIA names if that were the case? The explanation Wikileaks gave sounds reasonable. To trot out completely unfounded #Putindidit claims is a rather lame excuse to divert attention from the content of the leaks.

Yep March 8, 2017 10:19 AM

I see why you enjoyed the crypto requirements doc. 😉

2. (U//FOUO) Cryptographic jargon is utilized throughout this document. This jargon has precise and subtle meaning and should not be interpreted without careful understanding of the subject matter. Suggested reading includes Practical Cryptography by Schneier and Ferguson […]

Cynic In Chief March 8, 2017 10:20 AM

So we’re going with the Russians again? With UMBRAGE, they may have had nothing to do with all the hacking that has been going on. And it might not have even been the CIA, apparently these tools have been floating around
for a little while.

vas pup March 8, 2017 10:22 AM

@D-503 • March 8, 2017 9:47 AM and @Bruce:

Does CIA currently have jurisdiction to conduct any operation on US soil against US citizens?
Are those CIA tools for foreign operations only (outside US)?

I was thinking that within US FBI and other LEAs only could conduct hacking operations utilizing tools above with court authorization, not CIA.

Any legal clarification is highly appreciated.

Phill Hallam-Baker March 8, 2017 10:36 AM

So here is a question I just put to Bruce that he suggested I raise here. And it is a question that I would like folk to help with if they can.

In their comments on the documents, Wikileaks asserted that the CIA has a division whose purpose is to disguise US cyber attacks to make them look like they come from Russia.:

http://money.cnn.com/2017/03/07/technology/wikileaks-cia-hacking/index.html

“WikiLeaks said there’s an entire department within the CIA whose job it is to “misdirect attribution by leaving behind the ‘fingerprints'” of others, such as hackers in Russia.”

Yet again we find an editorial comment by a Wikileaks spokesperson (probably Assange or Murray) that has absolutely no basis in the material being leaked. The spin is obviously deliberate and intentional. Assange is claiming that the US is running false flag operations disguising its attacks as coming from Russia.

I see absolutely no basis for that claim in the documents. What the documents actually say is to do the exact opposite, to remove all traces of origin from the attacks. And this is entirely consistent with what I would expect from US intel doctrine. Passing off information as being from a different source is really really hard to do well. It is the type of capability that I would absolutely expect the CIA to develop in case of need. But I would expect any use of that capability to be vanishingly rare.

During WWII, the allies could have used the decoding capability to introduce fake messages such as commands to Rommel to stand down. They never did because the chance of success was small, the probability of being caught very large and the consequences being severe.

The documents obviously come from a very well funded, expert cyber intrusion team. That is not absolute proof they are CIA, they could be internal comms from a private firm that have been massaged. But the most likely interpretation is they are CIA. That does not mean that the claims Wikileaks is using the documents to make are true. The trick we see Assange play time and again is to dump a group of documents and then use that event as platform to pass his own unsupported and spurious claims off as commentary.

So if people looking through the docs could flag any evidence of false flagging as purported by Assange, I would appreciate it.

Dilbert March 8, 2017 10:38 AM

I have never thought of @Bruce to be particularly prone to lazy assumptions, but Russia?
I struggle to make that fit, certainly large catalogues like this have been circulating endlessly in various communities (how else do all those forum avatars mutually justify their egos?).
So regardless of their bias im not sure wikileaks are making up their source here, although I fully expect a big pack of IC ‘evidence’ to appear any moment to convince all otherwise. I certainly wouldn’t go publicising an alternative theory without any evidence beyond the Hollywood version of the Russian mindset oozing out of my sub-concious.

Bruce Schneier March 8, 2017 11:16 AM

“There is (again) zero evidence or even factual hints that this leak is related to Russia. Would Russia or Wikileaks redact CIA names if that were the case? The explanation Wikileaks gave sounds reasonable. To trot out completely unfounded #Putindidit claims is a rather lame excuse to divert attention from the content of the leaks.”

How does speculating on the documents’ origins divert attention from the content? The content is the most interesting thing to me, and I am able to also speculate on the content.

WikiLeaks is redacting CIA names because they’re trying to be responsible. That has nothing to do with the origins of the documents. My guess is that WikiLeaks has no idea where the documents came from — similar to the DNC documents — only what their source tells them.

But, yes, you are right. There is zero evidence that the leak is related to Russia. It is speculation on my part. Apologies if that was unclear.

Joe Stalin March 8, 2017 11:16 AM

Another paid mouthpiece, Herbert Lin, joins Bruce’s parade of blame the messenger (Wikileaks) and its gotta be the Rooskies. Take care Herb, next week it’ll be China’s fault and Herbert Lin will be fingered by Bruce as another Wen Ho Lee as the worm turns.

Yeah, the CIA Trump fake news leaks are all Bruce boosted patriots, but these real stories by real journalists are bad. Bad Wikileaks, bad. Hillary and Trump can meet with Israel before the election but not Russia. Senator McCain can meet with Mr. Al Qaeda and Fred Daesh and actual Nazis from Keiv but that’s OK. Rooskies bad, Wikileaks bad. And all the mealy mouth paid off fake journalists that never break a real story like Bruce, good ol’ Herb Lin and Nicky Weaver get top play.

The CIA uses this stuff to target US citizens for drone strikes remember? This is actual news. Extra judicial killing of US citizens is A-OK cuz Obama-Trump say so. Torture OK cuz Bush-Obama-Trump say so. Past slaughters of Indonesia, Korea, Vietnam, Chile, Iraq, Afghanistan with various versions of Operation Phoenix continue on today, this is what the CIA is. This is news.

Inquiring minds want to know how this is done at the CIA, but Bruce,Herb Lin and Nick Weaver say this is bad to know and Wikileaks has a bias. Maybe it’s cuz Hillary as Sec. of State commented that Assange/Wikileaks should be killed, that tends to give a journalist the gimlet eye and a bias that Bruce does not have.

But I for one believe our CIA overlords and fully support them in their patriotic slaughtering for my own good, don’t you?

Bruce Schneier March 8, 2017 11:17 AM

“Here he goes again: ‘There is absolutely nothing illegal about any of this stuff.’ Because if Bruce says it enough that makes it true. If he says it enough, it makes the supreme law of the land go away, Poof!”

I certainly hope not.

I like Herb Lin’s comment: “First, I echo Nick’s observation that it’s hardly a surprise that the CIA has a bunch of its own hacking tools. Indeed, if they didn’t, I’d say someone ought to be fired.”

Bruce Schneier March 8, 2017 11:20 AM

“Schneier asserts that ‘the documents are a few years old’. Well, they are from 2013 to 2016. What did you expect? February 2017 releases? This is relative fresh stuff.”

What have you found from 2016? What month? I’ve been trying to date this trove. From what I’ve seen, most of it is a few years old.

And if it were an insider who is whistleblowing, I would expect things from February 2017. Think about Snowden or Manning. Internal leakers don’t sit on documents for a year or two.

mark March 8, 2017 11:22 AM

One thing that annoys me a lot I don’t see any sign that anyone covering the story, or the editors, have actually asked anyone who covers computer security about the contents of the leaks.

I mean, it’s been many months, IIRC, that “smart TV'” could spy on you was on slashdot… so a lot of the capability was already commonly known… among anyone who cared to look.

mark

Bruce Schneier March 8, 2017 11:23 AM

“Another paid mouthpiece, Herbert Lin, joins Bruce’s parade of blame the messenger (Wikileaks) and its gotta be the Rooskies.”

Herb Lin makes no claims as to the documents’ origins. And I don’t see where he blames WikiLeaks in any way. Actually, I don’t see where I do either. I, for one, am pleased that WikiLeaks released these documents. If I have any complaints, its that they’ve redacted many of the details of the exploits and attack tools.

vas pup March 8, 2017 11:23 AM

http://www.dw.com/en/frankfurt-used-as-remote-hacking-base-for-the-cia-wikileaks/a-37841830

Frankfurt base

WikiLeaks reported that the group developed trojans and other malicious software in the American Consulate General Office, the largest US consulate in the world. The programs focused on targets in Europe, the Middle East and Africa.
The documents revealed that CIA experts worked in the building under cover and included advice for life in Germany.
The Frankfurt hackers, part of the Center for Cyber Intelligence Europe, were said to be given diplomatic passports and a State Department identity. It instructed employees how to safely enter Germany. A WikiLeaks tweet published a section of the Frankfurt information.

Bruce Schneier March 8, 2017 11:24 AM

“One thing that annoys me a lot I don’t see any sign that anyone covering the story, or the editors, have actually asked anyone who covers computer security about the contents of the leaks.”

I’ve been asked. The problem is that it takes time to read through and understand all of this. So we don’t have a lot of intelligent commentary yet.

Bruce Schneier March 8, 2017 11:26 AM

“Does CIA currently have jurisdiction to conduct any operation on US soil against US citizens?”

As far as we know, they do not.

“Are those CIA tools for foreign operations only (outside US)?”

They’re tools. We can’t tell what they’re for — only what they do.

Bruce Schneier March 8, 2017 11:27 AM

“I have never thought of @Bruce to be particularly prone to lazy assumptions, but Russia?”

You might be right. I said it was just a guess, and I reserve the right to change my guess at any time.

D-503 March 8, 2017 11:29 AM

@vas pup
“Does CIA currently have jurisdiction to conduct any operation on US soil against US citizens?”
Short answer: Technically yes, but US territory really is supposed to be the FBI’s turf. The only accountability is when the news media or the FBI kick up a fuss, which is rare. All the same, the CIA has embarrassed itself too many times on US soil, and has become more cautious about that sort of thing.

Long answer: In 2014 there was a minor scandal when the CIA was caught red-handed spying on the US Senate Intelligence Committee. As far as I’m aware, no one at the CIA was prosecuted for this targeted electronic surveillance against US Senators.
There’s a long history of CIA covert operations against US citizens on US soil.
https://en.wikipedia.org/wiki/Operation_CHAOS
https://en.wikipedia.org/wiki/Project_MKUltra
http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB222/index.htm

I’m certain that the CIA have a crack legal team that’s brilliant and highly creative at finding loopholes. The really dirty CIA “jobs” tend to be outsourced, anyway.
Also, they’re masters of compartmentalization and psychological denial. I’m not sure anyone at the CIA knows what the rest of the CIA is up to.
But in general, no, the CIA isn’t supposed to carry out otherwise illegal operations against Americans in the US.

Disclaimer: I’m not a lawyer.

“Are those CIA tools for foreign operations only (outside US)?”
Do zero-days have any borders?

Couldn'tPossiblyComment March 8, 2017 11:34 AM

While I’m confused, genuinely, as to why many US actors such as James Lewis are continuing this ‘The Russians Are Coming’ theme (because why not China, or just any other group that wishes to inconvenience the CIA, and why need it be from outside the US?), I’m more intrigued by the bold statement that these actions aren’t illegal. Perhaps the word ‘unsanctioned’ might have been more appropriate?

I’m pretty sure that in the hands of average Joe, these exploits’ use is illegal. If we believe that these are CIA documents of exploits, then their deployment by the CIA is still illegal, just considered sanctioned by the US as part of the mission of spying, along with all sorts of other illegal actions. Take an average PC sat in the UK: whether it’s a CIA officer or an organised crime group that uses an exploit against that PC, they’ve still contravened the Computer Misuse Act and committed a crime as far as the UK is concerned.

I don’t feel it’s particularly pedantic of me to point this out. It is perfectly possible that a given whistleblower feels that the techniques and hoarding of vulnerabilities are too easily abused & that some straw broke the camel’s back – perhaps someone fed up & wishing to make a point at how easy it is. The timing does lend more credence to a political move, granted, but I don’t think alternatives should be discounted so readily.

Bruce Schneier March 8, 2017 12:10 PM

“I don’t feel it’s particularly pedantic of me to point this out. It is perfectly possible that a given whistleblower feels that the techniques and hoarding of vulnerabilities are too easily abused & that some straw broke the camel’s back – perhaps someone fed up & wishing to make a point at how easy it is. The timing does lend more credence to a political move, granted, but I don’t think alternatives should be discounted so readily.”

Agreed. And I have not heard anyone discount them.

tommy March 8, 2017 12:26 PM

On the outsider/insider question it’s important to keep in mind that we do not know if CIA hacking is the extent of CIA intel being released.

Wikileaks said today this is less than 1% of the total Vault 7 release. It’s unclear if this simply refers to code or other info.

Wikileaks has been hinting they have Vault 7 info related to election monitoring and possibly interference by CIA in recent tweets. This has been in reference to the last French election. It could very well be a disgruntled insider.

Winter March 8, 2017 12:34 PM

“why many US actors such as James Lewis are continuing this ‘The Russians Are Coming’ theme ”

Maybe the facts that Russia has funded anti-EU populist parties in Europe and the most important campaign manager of Trump (who worked pro-deo for Trump) has worked for years for Putin trying to align Ukrain with Putin’s interests plays a role?

Also, the campaign team of Trump has discussed policies and even met with represenatives of the Kremlin during the campaigns.
http://nltimes.nl/2017/03/02/netherlands-warned-us-contacts-russia

All in all good reasons to keep a special eye on the Kremlin.

James Reardon March 8, 2017 12:39 PM

The most troubling item I saw was that the agencies can falsify the attack finger print.

It could very well have been the CIA that “attacked” the election, as IMO Hillary was continuity and Trump was not.
Tie in the DHS IP involved on election attacks in Georgia and other states and what do you have?

Bruce Schneier March 8, 2017 12:43 PM

“The most troubling item I saw was that the agencies can falsify the attack finger print.”

Troubling, yes, but not surprising. False-flagging isn’t new. I routinely say on stage that the NSA probably routes its attacks through China and Russia — because everyone knows attacks come from China and Russia.

Anura March 8, 2017 12:44 PM

@tommy

I wouldn’t put too much weight into anything Wikileaks hints at. They are playing games to boost the hype, which is exactly what they did by pointing out the CIA spies on political parties – of course they do! It’s only shocking if there is actual interference. Now, I wouldn’t be shocked if the CIA “shared” that information with French intelligence, where it saw its way into the hands of politicians, but no evidence released suggests that.

Honestly, the slow drip of cherry picked leaks during the election was enough for me to lose any respect I had for Assange; he claims to want an open and transparent society, but will not hesitate to control information for his own benefit. No different than any other propagandist or politician, really.

Bruce Schneier March 8, 2017 12:44 PM

“Wikileaks said today this is less than 1% of the total Vault 7 release. It’s unclear if this simply refers to code or other info.”

Interesting.

If this larger cache is floating around — as WikiLeaks said — then it’ll become public sooner or later.

Chuck March 8, 2017 12:53 PM

I read that the release of data yesterday was about 1% of what Wikileaks has. Subsequent releases may change our interpretation of what the leak means and why it was released.

Sean March 8, 2017 12:58 PM

Since Snowden, we’ve only got concrete information concerning windows endpoints so far. As if Linux were never concerned. A great work having been done by Kasperky Lab about the Windows exploits and malwares, I still miss how they succeed getting into Linux devices, or even better, into *BSD devices.

Once again, with these documents, we start talking about Linux vulnerabilities exploited in the wild, yet I still can’t find something accurate and thorough enough to get analysed.

Ross Snider March 8, 2017 1:01 PM

@Bruce

The argument that it is an internal (contractor, etc) leaker would be that they leaked in 2016 and Wikileaks took some time to work through the material and determine its veracity, publishing it in Feb 2017. That’s not unlike the timeline for publishing the Manning documents and others. It takes a few months to vet the information and prepare the disclosure. Imagine all the work Wikileaks had to do to redact the CIA’s names and replace them with monikers that hyperlink between pages.

Now I don’t see anything in these documents to blow the whistle on that’s particularly egregious (compared to the Snowden documents and Manning documents, for instance). If this is a whistleblower my guess is that they have a bit of a hero or copy-cat syndrome.

So the big conspiracy theory questions:

Was it the Russians? Seems to be everyone’s default speculation nowadays. I think that’s because of heightened and renewed great power tensions. Did the Russians intervene in the election? Yup. Does America do the same overseas? Yup. Is there a quid pro quo between Trump and Putin? Nope. Did Trump run 4/5 times as a presidential candidate as a Russian pawn? Nope. Did Russia know or even guess that Trump would win even the primaries? Nope.

The truth is pretty obviously somewhere between Manchurian candidate and zero Russian connection. It’s the following: Russia attempts to achieve its security objectives through many means with many foreign leaders including having their ambassadors meet those leaders and their representatives. Russia has been doing this with Trump and will continue doing this with Donald Trump.

Trump’s own long-standing personal opinions lead him to want to make peace with the Russians. There are not strange in America: for instance I also want to make peace with the Russians.

Maaaybe this Wikileaks report is the Russians. I so seriously doubt it. There are simpler explanations. But if it is the Russians I applaud them. I hope the CIA leaks FSB capabilities to Wikileaks for publication. I would applaud that too.

My Info March 8, 2017 1:10 PM

Lol I just need to get the cops and whores out of my computer. It would be funny, except that they’re out for blood.

Dan H March 8, 2017 1:11 PM

I read this morning that some of the documents were redacted of sensitive information and names had unique IDs. To me, that doesn’t seem like they were hacked.

Hal Lockhart March 8, 2017 1:17 PM

@Phill Hallam-Baker

Hi Phil.

You wrote: “WikiLeaks said there’s an entire department within the CIA whose job it is to “misdirect attribution by leaving behind the ‘fingerprints'” of others, such as hackers in Russia.”

Yet again we find an editorial comment by a Wikileaks spokesperson (probably Assange or Murray) that has absolutely no basis in the material being leaked. The spin is obviously deliberate and intentional. Assange is claiming that the US is running false flag operations disguising its attacks as coming from Russia.

That’s what CNN said.

What Wikileaks actually wrote was:

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot [sic] only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.

I believe this is based on the text here:

https://wikileaks.org/ciav7p1/cms/page_2621753.html

which says in part:

The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware. The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions. Rather than building feature-rich tools, which are often costly and can have significant CI value, this effort focuses on developing smaller and more targeted solutions built to operational specifications.

It is clear the CIA recommends their users use these bits of malware into their code rather than writing it from scratch. They suggest the motive is efficiency, but it doesn’t seem like much of a stretch to say that the CIA can misdirect attribution.

I agree there is some hype here, but I don’t think they have gone out on a limb.

Ergo Sum March 8, 2017 1:25 PM

@Bruce Schneier…

You might be right. I said it was just a guess, and I reserve the right to change my guess at any time.

There’s nothing really wrong with guessing that Russia is behind the current leak. At least on the surface…

What’s actually wrong is that anytime there’s a leak most people, like yourself, automatically make an assumption that Russia did it. And that’s what I am getting tired of, people’s very first comments suggesting the country that did it and/or have the interest doing so. With the short attention span of people, MSM blindly making the same assumption and blindly propagating to everywhere, it’ll become a fact even if it is wrong.

Karl Gruber March 8, 2017 1:31 PM

“(U//FOUO) Cryptographic jargon is utilized throughout this document. This jargon has precise and subtle meaning and should not be interpreted without careful understanding of the subject matter. Suggested reading includes Practical Cryptography by Schneier and Ferguson.

Bruce is one of them – this blog is a ruse!

Anura March 8, 2017 1:34 PM

@Hal Lockhart

The keyword in there is “techniques”. There is nothing leaked so far that would lead to suspicion that the intent is to use as a false flag. For example:

The Trojan Upclicker (as reported by eEye) uses the SetWindowsHookExA API with the WH_MOUSE_LL parameter to wait until the user lets up the left mouse button (WM_LBUTTONUP) before performing any malicious functionality (then it injects into Explorer.exe).

A sandbox environment that does not mimic mouse actions (probably most of them) will never execute the malicious behavior. This is probably effective against Kaspersky and others.

Follow the links, look at the stuff there. It’s pretty “meh” unless you are interested in the subject.

Anura March 8, 2017 1:53 PM

In fact, thinking about it a bit more, this repository of techniques does the opposite of faking attribution: it encourages their entire team of malware developers to use the same techniques, making attribution to the CIA easier.

Jimmy March 8, 2017 2:02 PM

Why does the CIA have its own programs of electronic surveillance, instead of cooperating with the real experts at the NSA?

It is equally remarkable that the British MI5 was involved in some of these programs. GCHQ has a far better reputation than MI5 for intelligence (in both senses of the word).

AlexT March 8, 2017 2:19 PM

@Jimy I asked the exact same question in the previous thread. I really wonder who is coordinating all these efforts (my guess: no-one)? I can very well imagine a biding war between the CIA and GQHQ for an iOS zero day… Heck this is maybe a line Of business I should consider.

Giftküche March 8, 2017 2:56 PM

http://www.blacklistednews.com/AFTER_%E2%80%9CPOLITICALLY_ASSASSINATING%E2%80%9D_FLYNN_IC_FEARS_%E2%80%9CFRIDAY_NIGHT_MASSACRE%E2%80%9D_BY_HEDGE_FUND_MANAGER_IN_DEEP_STATE_WAR/56900/0/38/38/Y/M.html

With Trump blaming Obama for what CIA did, and hows and whys drip-dripping out (Vault7, Hannigan getting canned for end-running FISC) we’re all teed up for another Friday Night Massacre at CIA. Like the Woolsey and Turner purges but drastic, with extra scorched earth. The pretext can be ‘politicized’ covert ops but lots of criminals will get flushed out: CIA’s torturers, murderers, drug and child traffickers. The euphemism for the CIA criminals is ‘operational people who aren’t doing operations” – because they can’t, if they set foot outside the US it’s open season on them. Any foreign court can lock them up. Everybody knows who they are. Forbearance is their only protection. Once the henchmen are dispersed, the world can go after the real enemies of all mankind like Brennan and Gates.

Mindcrime March 8, 2017 4:01 PM

The fact that in many places in the document: NOD Cryptographic Requirements v1.1 TOP SECRET (1).pdf it is emphasised that re-keying should be avoided makes me suspect that it offers an attack surface at an algorithmic level e.g. related to random seed not being as random and keys generated with the same source might weaken the encryption. Not sure if that makes any sense.

<

blockquote>
xiii (S//NF) The exact nature of which algorithms are weak at this stage is highly classified. In the absence
of those facts this guidance is still relevant; the utility inherent in re-keying derives from minimizing key
exposure when performing bulk encryption of large amounts of data. Even the most data-intensive NOD
operations involve several fewer orders of magnitude of data per session key. Consequently, re-keying
introduces unnecessary complexity (and therefore opportunities for bugs or other unexpected behavior)
without delivering value in return.
<\blockquote>

Ross Snider March 8, 2017 4:15 PM

@Mindcrime

I had the same thought. Keying and session binding between keys is a sensitive operation and generating many keys could also drain the entropy pool or be related in some way (see all of the associated literature on related key attacks).

Another interesting tidbit from the NOC is that AES GCM tag lengths need to 128 bits or more. Given recent analysis of these tag lengths it seems plausible that the NIST standards on tag length were compromised.

Anura March 8, 2017 4:29 PM

@Ross Snider

GCM has always had a problem in that it’s a linear code, so it’s inherently less secure than, for example, CCM mode. Plus, the minimum as per the NIST specs is 96-bits, which is only 4-bytes less information – there are very few situations where you can justify the need for a four byte savings, and in most of the rest the security margin outweighs the savings.

That said, I’d personally stay away from GCM if you can avoid it, partly because of the weaknesses in the tag, and partly because of weak keys.

Dirk Praet March 8, 2017 5:03 PM

@ Ergo Sum

With the short attention span of people, MSM blindly making the same assumption and blindly propagating to everywhere, it’ll become a fact even if it is wrong.

Exactly. Even if next month some guy pops up with irrefutable proof that he was behind it, most people will still think it was the Russians – or the leaker a Russian agent – because that’s what they read and heard everywhere. The long-term effect of which is that the public opinion is slowly but steadily turned against another nation, and without any shred of conclusive evidence. And which I consider a particularly slippery slope, especially with the current gang of volatile characters in charge of the White House.

The current US mindset very much reminds me of the build-up to the 2nd Iraq war, when everybody was screaming bloody murder about WMD’s and those not buying into to the hysteria openly being called traitors. We all know how that went, so can we please not repeat the same mistakes? Especially not with another nuclear power.

@ Ross Snider

Another interesting tidbit from the NOC is that AES GCM tag lengths need to 128 bits or more. Given recent analysis of these tag lengths it seems plausible that the NIST standards on tag length were compromised.

That’s the first thought that crossed my mind too.

r March 8, 2017 5:10 PM

@All, CC: Phillip Hallam Baker

Don’t forget that from what we know about the freebsd-update documents there’s some sort of cache out there already. We know very little about ShadowBrokers cache at this point I believe and the same goes for this one.

On the topic of attribution, if you’re able to soap off all the dirt in your libraries and includes and debug and language information including any link time time includes library markers then one would still need to defeat his/her coded fingerprints and have a very very very parallel source tree to your intended victims well before even dropping a hint of a ruse into your end product.

It could be done, but it would require an extreme amount of foreknowledge and forensics background including direct knowledge (potentially internals) to any compiler/linker systems being utilized.

Stuxnet had environmentally bound and locked modules, if you want to be able to frame somebody you have to build an exact (or near) duplicate of their environment.

r March 8, 2017 5:12 PM

Compilers linkers and build systems are largely at this point in time not_deterministic.

Keep that en mind when we think about misattribution of binaries and refutation.

Sancho_P March 8, 2017 5:48 PM

@Ergo Sum (@Bruce)

”There’s nothing really wrong with guessing that Russia is behind the current leak.”/i>

Well, not. [I’m ESL, so it may only sound strange to me?]

It’s wrong from the beginning.
Russians are evil, Germans are Nazis, Americans are stupid.
Yes, if you like, and when we stick to that language, the Pony is our man (pun intended).
However, I’d prefer to be fair:
Not all Americans are stupid, not all Germans are Nazis, not all Russians are evil.
Not all support Trump, as not all support Putin.

It’s not about politeness or political correctness, it’s about common sense:
Focussing the “speculation” instead of blaming a whole nation we could focus on plausible motives, e.g. of the Kremlin, to do such a leak.

Or we leave it Trump – style.
– Oh wait, he called the man personally, is everything upside down now?

The “who leaked it” is not important, the content is.

tommy March 8, 2017 6:38 PM

On a related note, here is an interesting argument that Guccifer 2.0 was neither a Romanian or Russian hacker but instead a DNC leaker claiming to be the former and signaling as the latter:

http://g-2.space/rev1.html

D-503 March 8, 2017 6:46 PM

@vas pup
“Does CIA currently have jurisdiction to conduct any operation on US soil against US citizens?”
Here’s a more substantial answer:
https://www.archives.gov/federal-register/codification/executive-order/12333.html
Executive Order 12333, 1.8(a)(c) The CIA is to co-ordinate its domestic operations with the FBI.
Executive Order 12333, 2.4(a)(b)(c)(d) The CIA isn’t authorized to do any surveillance of US territory (except on its own employees to enforce secrecy). Surveillance of US citizens abroad is only allowed if absolutely necessary for foreign intelligence.
but then there’s:
Executive Order 12333, 2.11 An absolute ban on assassinations anywhere in the world.
Which fell to the wayside twenty years ago, without ever being repealed. The CIA currently runs a large-scale assassination-by-drone operation.

Of course there’s also the Fourth Amendment and the rest of the Bill of Rights, but that’s too abstract for most people in the IC.

Ross Snider March 8, 2017 6:51 PM

@D-503

EO 12333, 1.8 (a) Collect, produce and disseminate foreign intelligence and counterintelligence, including information not otherwise obtainable. The collection of foreign intelligence or counterintelligence within the United States shall be coordinated with the FBI as required by procedures agreed upon by the Director of Central Intelligence and the Attorney General;

EO 12333, 1.8 (c) Conduct counterintelligence activities outside the United States and, without assuming or performing any internal security functions, conduct counterintelligence activities within the United States in coordination with the FBI as required by procedures agreed upon by the Director of Central Intelligence and the Attorney General;

Can anyone point to the procedures agreed upon by the Director of Central Intelligence and the Attorney General? Is that public?

D-503 March 8, 2017 7:06 PM

“One, there is absolutely nothing illegal in the contents of any of this stuff.”
If an ordinary citizen were to use these tools for their intended purpose, the US courts would lock that person up and throw away the key.
Anyway, the legality or lack thereof is less interesting than the ethics of stockpiling and using these tools.
One concern is that security holes in widely-used software and hardware aren’t being fixed in a timely fashion. That’s why I think the Vault 7 release could be the work of an internal whistleblower, even if the documents aren’t up-to-date.
The bigger concern is that the CIA may be using these tools to spy on foreign journalists, human rights workers, aid workers, pro-democracy activists, environmentalists, etc., and passing the information on to foreign governments that ave no qualms about misusing that info.
Americans ought to be concerned about this too. The world is a very interconnected place. The CIA has helped to create a lot of big messes abroad, and those messes have come back to bite the US. Multiple times.

tommy March 8, 2017 7:40 PM

If this larger cache is floating around — as WikiLeaks said — then it’ll become public sooner or later.

Careful. Wikileaks didn’t say this. They merely quoted a CIA assessment of the agency’s loss of hacking tools which included speculation that Wikileaks had gained a chunk of the hacking material because ex-employees and contractors were freely passing code around. Wikileaks seemed more interested in pointing out CIA incompetence in managing their malware than in corroborating the CIA’s speculation about their source of the hacking tools. If other parts of Vault 7 don’t concern this aspect of CIA operations, this does not imply the whole batch of info was freely circulating in a similar fashion.

We don’t know what Vault 7 is in its totality at this point. Wikileaks seems to have been setting the stage for this for months with references to things like Mideast politics such as CIA meddling in Iran and the unfortunate rise of Khomeini, for example. The title of the Vault 7 release was “Year Zero.” They used this term previously a couple months ago in reference to 1979. It may simply be the case they’ve organized a bunch of CIA material topically. It may also be that the sum of all Vault 7 material comes from multiple sources or, perhaps, one high-ranking insider. We’ll have to wait and see. This first drop may well end up being their tamest Vault 7 release.

Gray Area March 8, 2017 8:01 PM

@D-503,

Except it’s not ‘assassination’ when it’s “enemy combatants” is it?

al March 8, 2017 9:31 PM

nytimes (m rosenberg, s shane, a goldman) reports work was of a disaffected insider not of a hostile foreign power.

Tom Le March 8, 2017 10:23 PM

Wikileaks said today that only 1% of the CIA documents that they received were released in Vault7. So it is possible that the remaining 99% might have more recent documents which might fit the whistleblower profile that Bruce discusses.

Clive Robinson March 8, 2017 11:58 PM

@ Bruce,

If I have any complaints, its that they’ve redacted many of the details of the exploits and attack tools.

I hope that they have done that for damage limitation reasons. They might be “responsibly disclosing” to the effected product manufacturers, in which case we will get to know more within a few months at most by patches that get released.

The real fly in the ointment though is how few people patch phone software, even if the usual “responsible disclosure” rules are followed, the chances are releasing more info on the tools themselves will be quite harmfull. It’s the quandary of “Yes I want to know, but no I don’t want others who might harm people to know”.

ab praeceptis March 9, 2017 12:41 AM

Bruce Schneier

Independent of the matter at hand I want to expressly thank you. I’m enchanted to see a high level of Bruce Schneier presence in the comments. Maybe I’m mistaken but I take this as an indicator that you seriously want to bring this blogs comment section back on track after quite some unpleasant things in the last two months or so.

I always liked and valued highly this blog and I saw with sadness what happened in the past 2 or 3 months. In the end it reached a point where I only occasionally peeked in.

With all due respect for your personal political position I find it very pleasant that we seem to agree in (at least) one important point: Whoever happens to be president, we will all need much better security (and safety in IT), no matter the president or political party at the helm.

Unfortunately there aren’t many whose body of work strongly suggest that they are trustworthy and so it weighs even more heavily that you are “back” and quite present here.

Thanks for your work both in crypto and in thinking and “evangelizing”. I was really to glad to see so many yellow boxes today and even expressed emphasis on (IT) security.

What little I can contribute I will certainly do.

TM March 9, 2017 3:53 AM

I read the linked articles by Weaver and Lin and found both to be rather vacuous. Nothing useful there, not even interesting speculation. I hope there is better commentary out there?

But this from Weaver is rather cute:
“For example, Wikileaks touted its “introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.” The shocking revelation that the CIA … does its job generated less of a splash than they seemed to be anticipating.”

I’m not so sure many people who don’t hang out in US “security” circles will agree with that assessment. Right now Europeans are concerned about Russian meddling but that doesn’t mean they like US meddling that much better.

Clive Robinson March 9, 2017 4:52 AM

@ Jimmy, AlexT,

It is equally remarkable that the British MI5 was involved in some of these programs. GCHQ has a far better reputation than MI5 for intelligence (in both senses of the word).

If you want to know why the CIA and MI5 were doing their own thing then I suggest you read the first half of Peter Wright’s “Spy Catcher”,

https://en.m.wikipedia.org/wiki/Spycatcher

If you have a look on the Internet you will find a number of PDFs.

tommy March 9, 2017 5:51 AM

But this from Weaver is rather cute:
“For example, Wikileaks touted its “introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.” The shocking revelation that the CIA … does its job generated less of a splash than they seemed to be anticipating.”

They miss the point and then jump the gun. Wikileaks indicated this info was released in anticipation of the CIA Vault 7 series. In other words, it’s a hint and there’s going to be more on this subject. What is the subject of this hint though? That’s the million dollar question. Is Wikileaks indicating it has more detailed info on CIA monitoring of that last French election? Foreign elections in general? Is it an indication of actual CIA interference in that French election? Interference in French or other foreign elections more broadly? Could it even be alluding to illicit CIA meddling in domestic politics? I would imagine the CIA in our era is almost too tame for that but I could be wrong. Langley has done plenty of sinister things in the past and its agents have faced minimal personal consequences for them, after all.

This is what those of us who follow Wikileaks regularly are eager to find out.

r March 9, 2017 5:52 AM

@Clive,

The only patches for habit’s I’ve seen are nicotine, not smarttv’s or cellphones as of yet.

But these comments, this line plays against an unlinked argument wielded against the CIA since the leak.

Headaches March 9, 2017 6:57 AM

The documents note that evading F-Secure’s detection mechanisms is possible, but that the software has a pretty good heuristics engine that can pick up Trojan software. The agency has devised two ways around this using RAR file string tables or cloning a RAR file manifest file.

Avira has similarly good heuristics, the files note, but two similar attacks appear to work. Avira is a high-value target, since the documentation notes that it is popular among counter-terrorism targets.

Bitdefender’s heuristic engine has also caused the CIA some problems when it comes to detecting the agency’s malware. However, one file notes: “cleartext resources or simple RXOR-ed resources don’t seem to cause Bitdefender to trip.”

From:
http://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/?page=2

(Page 2)

Skeptical March 9, 2017 8:10 AM

The article from Wikileaks, which presumably is based upon what their source told them, contains a few odd aspects:

  1. The claim that CIA lost control of “a majority” of its “hacking arsenal” expands almost immediately into the claim that this mysterious archive endows its possessor with “the full hacking capacity” of the CIA.

Perhaps this is just bad writing, but it gives the impression of someone telling a story as it is invented.

It’s also a claim at odds with the very documents, which reference not infrequent requests for operation-specific tools, sometimes developed very quickly. I say not infrequent as they seem to be one of the acronyms which one of the Wiki pages explains a newcomer will hear spoken a lot.

If that is true, then Wikileaks is receiving a current stream of information about such development from the CIA. That seems dubious.

The exaggeration seems both deliberate and clumsy. This may be more indicative of the authors’ perception of the target audience, however, than the authors themselves.

  1. The bizarre detour into the classified status of much of the material, with a rather implausible story about how the CIA needed to keep the source code unclassified in order to use it without falling afoul of US regulations concerning the communication of classified information outside of certain channels.

Then, as though self-conscious as to how such a claim might seem to those reading it, in an effort to persuade the authors add an analogy to firing explosive ordnance. But unfortunately that analogy only makes things worse.

Why dwell so much on whether the code is classified, and the reason for its status?

Perhaps to increase exposure of the story to those with security clearances, and to entice more of that population to visit the site and read the pages? Or is this an artifact of a current or former employee/contractor/intern struggling to rationalize their actions?

  1. The remarkable boasting about the amount of material to be forthcoming.

The Wikileaks article and files do not provide sufficient reason for ruling out either a disaffected current/former employee/contractor/intern or a Russian information operation.

However, from my uninformed vantage, I think the Russian information operation is currently a better explanation (though a tenuous and unconfirmed one).

There are a few reasons. Most telling is the lack of anything in the nature of the information disclosed, or in Wikileaks’ article, that would strongly confirm the motivations of a disaffected leaker. There’s nothing illegal or shocking. In fact the bizarre “why this isn’t classified” section is indicative of a fixation on following regulations to the letter. There’s no focused aspect of the story on something about the CIA that led the leaker to the decision to do this. Never mind the presence of illegal or immoral actions; the article and leaks don’t even seem focused on anything that an employee/contractor/intern for the CIA would find unpleasant.

If this were a Russian information operation (let’s call it a RIO), one would expect the value of the disclosed information in other operations to be less than the value of the disclosed information in a RIO. So far the information disclosed seems to be of fairly low value, and likely to have been accessible to a wide number of people. If the US knew the information had been compromised, that would further lower its value outside an information operation. One would also expect a RIO to magnify the extent and importance of the information possessed in order to magnify the effects of the operation. And that is certainly being done here.

And one can see multiple purposes being served by a RIO like this.

First, if one were concerned about the extent of US intelligence penetration of one’s own government, then this is a way to discourage potential CIA recruits within one’s government from becoming actual CIA recruits: “don’t become an asset for the CIA, because we’ll find out by spying on them.”

Second, if one were concerned about the potential for retaliation for certain recent campaigns, this could be a way of discouraging or reducing that retaliation; “be careful about the risks of escalation United States, for we know a lot – maybe everything – about what you have, and if we have accomplished that much, then we are the stronger party in this kind of fight.”

Third, it attacks the CIA’s competence while simultaneously implying that they are competent enough to execute spectacular false flag operations; “hey, you can’t believe anything the CIA tells you about who did what, and, anyway, it was probably the CIA who did it.” This could be intended to further undermine President Trump’s relationship with the CIA, or intended to muddle the effect of intelligence findings in which the CIA participated, or intended as part of a long-term strategy of undermining the credibility of democratic institutions and governments while further insulating Russia from the effects of official attribution – or all of those things.

One can’t help but wonder whether Trump’s tweets about “being wiretapped” furnished what seemed to be an opportunity to deploy – perhaps in a hurry, given the writing of the article – the operation. It would be even better, if unlikely, were some of the products with security holes revealed to also be products owned and used by Trump.

Remember, President Trump championed what could kindly be called a conspiracy theory for some time. Someone targeting an information operation might find something very salient, psychologically, about that.

All that said – there’s a large risk that a RIO would have precisely the opposite effect (I expect it to, if in fact it is), in which case one might expect the Russian Government to be more cautious. Though they’ve been very tolerant of risk it seems, the US also sent some fairly strong signals in the fall of 2016. If this is a RIO, and Russia continues to misread or discount US warnings, there could be some problems in the near future.

b March 9, 2017 8:14 AM

@Bruce Scheiner Mar 8 11:20

“What have you found from 2016? What month? I’ve been trying to date this trove. From what I’ve seen, most of it is a few years old.”

Wikileaks itself says “2013 to 2016” material

Actual project/file dates are, as Wikileaks explained, not yet available for some technical reason.

But I have seen several “comments” in the CIA discussions in Vault7 that have 2016 tags,

Just one example: This page has a comment with the date/time tag “2016-02-10 10:04 [User #524297]:”
https://wikileaks.org/ciav7p1/cms/page_36405256.html

Most of the currently published material seems to have 2015 time tags but last touch is at least February 2016 if not later.

It is certainly NOT “a few years old” and any conclusion based on that claim is obviously nonsense.

Hey Bruce, can you shun the monocolor election campaign glasses and the anti-Russian slander and come back to some realistic, non-biased judgement based on facts and not just lame assertions?

Your current writing is becoming way too much partisan and nationalistic hackery to be taken seriously. What changed?

My Info March 9, 2017 8:47 AM

@Skeptical

1. The claim that CIA lost control of “a majority” of its “hacking arsenal” expands almost immediately into the claim that this mysterious archive endows its possessor with “the full hacking capacity” of the CIA.

Perhaps this is just bad writing, but it gives the impression of someone telling a story as it is invented.

This is just an odd way to put it into words.

2. The bizarre detour into the classified status of much of the material, with a rather implausible story about how the CIA needed to keep the source code unclassified in order to use it without falling afoul of US regulations concerning the communication of classified information outside of certain channels.

This is not at all implausible. U.S. regulations do quite strictly prohibit the communication of classified information on unclassified computer networks. Thus the CIA is limited to using unclassified code and methods to hack into unclassified networks. It is not surprising that they would avail themselves of such methods, but I am quite certain that none of the methods that were disclosed have not also been in use all along by the Italian Mafia, Russian thieves in law, the Sinaloa cartel, the Chicago mob, and so on and so forth.

… the extent of US intelligence penetration of one’s own government …

This is an odd concern to state in this way. I am more concerned about other governments’ and criminal cartels’ penetration of US intelligence.

tommy March 9, 2017 8:50 AM

about how the CIA needed to keep the source code unclassified in order to use it without falling afoul of US regulations concerning the communication of classified information outside of certain channels.

I don’t believe this is correct though I’ll have to check again. I think Wikileaks is arguing that such code would violate classified info standards. That’s their argument, not the fed’s.

One can’t help but wonder whether Trump’s tweets about “being wiretapped” furnished what seemed to be an opportunity to deploy – perhaps in a hurry, given the writing of the article – the operation.

Doubtful. Wikileaks has always vetted it’s information thoroughly and has indicated they are aware of CIA efforts to discredit them by feeding them debunkable information. They do release information based on newsworthiness but references to Vault 7 predate recent Trump tweets.

Remember, President Trump championed what could kindly be called a conspiracy theory for some time.

Trump has said little in recent tweets that the New York Times hadn’t said back in January. The reversal of numerous media publications (without retractions) in the wake of Trump making essentially the same allegations they previously made themselves is stunning. They reported surveillance efforts based on unnamed intel sources–the NYT went so far as to allege wiretapped Trump Tower info had been shared with the White House–and now they dismiss these exact same claims as conspiratorial because Trump himself uttered them.

Third, it attacks the CIA’s competence while simultaneously implying that they are competent enough to execute spectacular false flag operations;

There is no contradiction here. You’re reaching hard.

My Info March 9, 2017 9:14 AM

And now James Comey is “investigating” the leak.

http://www.cbsnews.com/news/intel-sources-examining-wikileaks-cia-data-to-determine-authenticity/

He’s way out of his league.

The FBI director has no plans to leave the post before the end of his 10-year term.

“You’re stuck with me for about 6 1/2 years,” James Comey said at a cyber conference in Boston on Wednesday, urging conference organizers to invite him to speak again.

http://www.npr.org/2017/03/08/519235979/youre-stuck-with-me-fbi-director-says-citing-no-plans-to-leave-job

The way this guy talks is straight out of Chicago; this goodfella is one of Obama’s Mob picks. No wonder organized crime grew out of control during his administration.

Anura March 9, 2017 9:38 AM

@My Info

Comey is a Republican from New York, who served as Deputy Attorney General under Bush.

Dirk Praet March 9, 2017 9:47 AM

@ Skeptical

Third, it attacks the CIA’s competence while simultaneously implying that they are competent enough to execute spectacular false flag operations

It’s not like those are mutually exclusive. Offensive and defensive capabilities are two different things, and it’s perfectly possible to be really good at one and totally lousy at the other. And in which the US IC doesn’t seem to be any different than a hacker group like LulzSec.

However, from my uninformed vantage, I think the Russian information operation is currently a better explanation (though a tenuous and unconfirmed one).

The simple fact of the matter is that we currently have zilch on either origin or motive, and that everybody is just speculating to his/her heart’s content. My best guess is that Wikileaks is being deliberately vague (or even deceptive) because either they don’t know themselves where these documents come from or the party that delivered them has no interest whatsoever in being identified. Which equally applies to [insert favorite nation state bogeyman here], a disgruntled insider, former contractor, independent hacker or whoever else is not too keen on receiving the same treatment Manning, Snowden, Assange and previous leakers got to experience.

From my own uninformed vantage, it makes little sense for the Russians to stir up the heat even further with the entire US already up in arms about their alleged election meddling, unless they are orders of magnitude better at defense than the US IC are and just about as dumb (or arrogant) in thinking they will never get caught. Which I both kinda doubt.

For now, the only thing we can say for sure is that it is another deliberate attempt to further expose and undermine the US IC and that whoever is behind it is using a deeply frustrated guy holed up in a foreign embassy seeking to exact revenge on the people who put him there. While Putin may not be the CIA’s biggest fan, I think there’s plenty of other nations and entities that have a serious axe to grind with them too. And not even necessarily foreign.

@ My Info

And now James Comey is “investigating” the leak.

Isn’t that exactly the kind of thing the FBI is being paid for?

My Info March 9, 2017 9:58 AM

@Dirk Praet

And now James Comey is “investigating” the leak.

Isn’t that exactly the kind of thing the FBI is being paid for?

Their jurisdiction is more in domestic criminal matters. Aside from that, too much talk and too little action. I don’t want to hear that James Comey is investigating something. I want to hear what the results of that investigation are, and how he respected and defended the U.S. Constitution during that investigation.

Bruce Schneier March 9, 2017 10:19 AM

@Ergo Sum:

“What’s actually wrong is that anytime there’s a leak most people, like yourself, automatically make an assumption that Russia did it.”

Sorry. You have me confused with others. I don’t automatically make any assumptions. I’m not even making one here.

Anura March 9, 2017 10:21 AM

@My Info

And if six months passed without mentioning that there was an ongoing investigation people would be complaining about how they aren’t even looking into it.

Clive Robibson March 9, 2017 10:22 AM

@ MyInfo, Dirk Praet,

And now James Comey is “investigating” the leak

From what I’ve read of James Comey he is not someone you would trust to do anything impartially. He is not “Poacher turned Gamekeeper” material. If you thibk back he thoroughly embarrassed Obama when he paid a visit to Silicon Valley. Comey was not invited for good reason, but preasurised his way in, then he p1553d on the banquet befor cr4pp1ng on the dance floor, causing many present to feel unwell at best. Comey and the psycopaths in the FBI/DoJ want absolute authority and compliance, and are prepared to bend to braking point every piece of legislation they can. Obama unfortunatly did not do what he should have done which was shovel Comey and his psychopath associates out with the contents of the “cat / litter tray” preferably as others do in air tight black plastic bags.

Bruce Schneier March 9, 2017 10:22 AM

@ Tommy:

“‘If this larger cache is floating around — as WikiLeaks said — then it’ll become public sooner or later.’ Careful. Wikileaks didn’t say this.”

They did. It’s on the front page. I quoted the relevant paragraph in my previous blog post: “Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.”

They say “…portions of the archive.” That implies that there’s more.

Bruce Schneier March 9, 2017 10:24 AM

@ TM:

“I read the linked articles by Weaver and Lin and found both to be rather vacuous. Nothing useful there, not even interesting speculation. I hope there is better commentary out there?”

Not yet. It’s all still new.

This is the fundamental problem with news. They want commentary now, even though it will take days or weeks before any real insightful comments.

Bruce Schneier March 9, 2017 10:26 AM

@ b:

“Your current writing is becoming way too much partisan and nationalistic hackery to be taken seriously. What changed?”

Serious answer to a possibly trolling question: I believe that I have not changed at all, but that the political landscape has changed around me.

Dirk Praet March 9, 2017 10:56 AM

@ My Info

Their jurisdiction is more in domestic criminal matters.

Since these documents technically are property of the USG and most likely stolen/copied from a server on US soil, that’s exactly what it is.

tommy March 9, 2017 11:12 AM

They did. It’s on the front page. I quoted the relevant paragraph in my previous blog post

Sorry. You’re correct. I may have also misinterpreted what you were saying when you indicated “more.” You were saying there are more hacking tools than Wikileaks possesses. That’s likely.

I thought you were indicating any fuether Wikileaks material on the CIA that may be released and that wasn’t related to hacking–like possible human intelligence–was being freely circulated among ex-employees along with the hacking tools. That seemed unlikely.

Karma March 9, 2017 12:03 PM

Who cares who leaked the information?

The only pertinent facts are the US agencies: are having their asses handed to them, duplicate their functions across multiple agencies, stockpile vulnerabilities contrary to White House promises, probably routinely assassinate high level targets via infiltration of vehicular systems, and are undermining their own IT industries with their spy games.

Their activities highlight that any criminal worth their salt shouldn’t use any electronic device for critical functions, nor talk in the presence of any IOT device.

Securing their script kiddie tools on steroids is impossible i.e. they make everyone less safe, erode the rule of law, and encourage criminality.

JFK was right, they should be smashed & scattered to the wind (probably why he copped a third eye). But the US gov loves their mafia running drugs, fomenting unrest, arming militants, overthrowing governments etc. This is just another s**t sandwich to add to the laundry list of crimes conducted over decades.

vas pup March 9, 2017 12:07 PM

@D-503 • March 8, 2017 6:46 PM and other posts related. Thank you! They are very informative including links to legal basis.

@all: James Comey was against waterboarding as Deputy AG. That is good fact to be taking into consideration.

NystagmusE March 9, 2017 12:40 PM

People need to stop overgeneralising and making false statements here and elsewhere.
There’s still not definitive proof that malevolent state-sponsored Russian hackers affected the US Election.

On this very site, ( https://schneier.com ), there was some decent discussion in the early days of the alleged hacking BEFORE the story was carried and exaggerated and polluted by mainstream media in America and elsewhere (such as BBC).

On this site, some smart people explained and linked to some other sites where technicians and specialists who DO have computer science background explained that the alleged hackers were NOT likely to have been state sponsored Russians for some very technical yet logical reasons.

I can’t find the exact links and pages, but if anybody here was involved with those links and discussions, please respond here again and relink the articles, sites, and republish the information. It’s still very relevant and needed now more than ever.

Amongst some of the info was an explanation of how typical Russian intelligence structure is known to exist and not exist and why that matters as pertains to digital intelligence procedures and projects and personnel.

Also described was the “signature” or lack of signature of the alleged hackers.
I vaguely remember a document saying that the alleged signature, when properly translated, was not likely to be authentic from a forensic standpoint because it translated into a phrase or name of a person or organizatino who wouldn’t likely be involved and even if they were, they wouldn’t use their own actual name!

And then there’s the very obvious issue of that hackers, especially the skilled ones, disguise their true identities and access points via nested proxies and zombie systems and proxies. The nested connections can be so heavily complex that identification can be impossible. Nested proxy diguises can be allocated in various places all over the world anywhere computers exist. So claiming that it’s Russians isn’t just naive and mentally irresponsible, it’s geopolitically dangerous and destabilizing.

Also, there was some mentioning of how Nancy Pelosi claimed that “she just knew” it was Russian hackers, even though she provided no proof, no citation of sources, and was pretty much just admitting her own bias.

It’s worth noting what this article says too: http://www.csmonitor.com/World/Passcode/Passcode-Voices/2017/0308/Opinion-It-s-time-for-us-geeks-to-stand-up-and-be-heard

Essentially the advisors on the committee have no formal computer science education.

As I understood this issue in the early days,
The breach of the DNC (democratic national committe) computers seemed to have been done to search for any information damaging to Donald Trump (before Election Day). The interlopers were browsing for info or perhaps pre-existing dossiers on Donald Trump, probably to find out how dangerous or corrupt he (and his cabinet) could be (and typically is according to modern issues already occurred).

This is not surprising.
The rest of the world has been affected by the strange US Election events. The rest of the world has a right to know who is involved in one of the biggest events of geopolitcal destabilization and American destabilization in several decades.

The information was not stolen, it was serreptitiously accessed and read, and perhaps duplicated. Digital data when cloned is not stolen. To steal the data would be to enter the premises in person and steal the computer hard drives, flash drives, backup drives, and printed materials. That’s actual theft, which did not occur. The DNC was not deprived of it’s own info. Theft did NOT occur. The access might have been unexpected and not invited and even discouraged and unauthorized, but no, it was not theft.

And while yes, Donald Trump and his administration have proven themselves to be dangerous and suspicious, hence all of the lawsuits, condemnations, petitions, protests and investigations… false claims against the Russian people, Russian intelligence, and Russian government are not fact-based or logical.

It is possible that Trump was involved with Russian criminality before the election due to his business practices, and yes that might be bad also, yet that is a separate issue.

Russia did NOT hack the USA 2017 Presidential Election.
America has only American corruption to blame. Typically that’s in the form of hacked and hackable election gear (DieBold, etc) as well as attempts to subvert the abilities of regular citizens to vote, typically done by Republicans against Democrats, the poor, and third party candidates and organizations.

If you know specific technical details about why the official claims of Russians allegedly hacking the election are false, please come forward and share what you know, and also send that information anonymously (or not) to the US Federal Bureau of Investigation. They are conducting an investigation already which is independent of the Congressional Investigation. The FBI has jurisdiction as well as resources and forensic expertise and the ability to acquire better results due to better connections, facilities, training, and purpose.

There’s a lot of chaffing and smokescreening going on.
Don’t be suckered. Truth supercedes propaganda.
There are those of us who WILL NOT TOLERATE attempts to subvert the USA into a kleptocracy.
Furthermore, this IS A GEOPOLITICAL ISSUE.

Demonizing Russia, China, and any other nation when it’s not proven to be any of them is especially dangerous to the entire planet during these times of Nuclear military war praxis manouevers which result and have resulted in ACTUAL MILITARY TENSIONS AND RISKS HIGH AND RISING.

People are innocent until proven guilty in a court of law via objective evidence at best.
This traditional respected forensic standard needs to be applied as much as possible to international issues such as these current event claims as well. This is ESPECIALLY THE CASE so that WE DO NOT GO INTO WAR either by ACCIDENT or by COERSION or by PROPAGANDA.

This is why EVERY law-abiding citizen of EARTH has the right to demand that the military riskers STAND DOWN NOW and stop jeopardizing all life on the planet with your Nuclear and Biological toxic weaponry and aggressive posturing.

This is why EVERY law-abiding citizen of EARTH has the right to intervene when the politicians and other propagandists set all us up for failure and suffering due to their unsubstantiated claims.

And it needs to be acknowledged that there are plenty of hackers and interlopers of all types who reside right here within the USA. Some of them are corporate hackers, some of them aren’t. Americans have more access to digital tools and internet gadgets than almost anybody else in the world. It’s not foolish to consider that most of the world’s malevolent hacks might actually come from here in one form or another and are merely spoofed via nested proxies and other digital obfuscations. Of course intelligence communities anywhere and everywhere on the planet have this capability as well, both governmental, military, and so-called independent or free-lance.

It’s time to wake up and smell the reality.
And if you’re already awake, wake up the rest of your neighborhood.
There’s no time to be risking international stability over gossip.

Logic and reasoning still stand for something.
Opinion and fears or phobias are not facts.

I stand by my word: STAND DOWN, AND STAND DOWN NOW!
YES, PERMISSION GRANTED TO STAND DOWN.
Quote that, creative commons, copyleft permission granted.
You got the Blind Spot, use it for good and for goodness sake.

John Goodwin March 9, 2017 12:41 PM

One topic I do not find adequately discussed in ‘the press’ is the extent to which this leak is really just a paraphrase of something WikiLeaks might have seen, not an actual leak.

If this were the Bible, what we have is not (1) an original manuscript (2) a copy in some chain of an original manuscript (3) a translated version of a manuscript.

It is a paraphrase, highly scrubbed for a couple of purposes (likely in vain or perhaps with intent to disclose personnel by , with some concordance apparatus added

Look at the source code with view-script — the ‘seam’ where the WL code ends and something called the uniquer adds some info — this ‘uniquer’ is also in say the Podesta emails.

Then there is a lot of HTML that is suddenly flush left — written by a python script? the uniquer?

The provenance and processing done is completely unsdiscused.

There are three kinds of pages — ‘pages’, ‘spaces’, and ‘users’. It is unclear whether the numbering of users is part of the underlying system or some attempt by WikiLeaks to track people. The page numbers come in ‘runs’ or ‘batches’ — is this an artifact of processing or part of a wikileaks system. There are about 50 million serial numbers, and we’ve seen 8000. If it is a serial number from a WL ‘uniquifier’ then we’ve seen the extent of WL’s processing. If not, we’ve learned about how the pages were extracted from the CIA. It is important! May we assume that the serial numbers are monotonic in date, and probably approximately a timestamp? We don’t know.

The ‘tagging’ as secret and so forth appears to be entirely added by WikiLeaks — was it part of the underlying system? If not, how did they arrive at these alleged ‘classification markings’ on the pages they generated?

Not to rag on WL, but they really should be held accountable by the technical press for describing what exactly the format they had was, and what processing they’ve applied to it.

Otherwise this isn’t a leak — it’s HUMINT. What WikiLeaks wants us to know, about something they have allegedly scene. It’s evidence there was a Bible, not the Bible itself.

D-503 March 9, 2017 1:08 PM

Press conference today: Julian Assange says Wikileaks is in touch with major tech companies and will give them exclusive access to technical details so that they can fix security holes as quickly as possible.

Clive Robinson March 9, 2017 1:48 PM

@ vas pup,

James Comey was against waterboarding as Deputy AG.

Probably because he knew it was at best unreliable. The question would then arise as to what experience he had to come to such a conclusion.

I doubt it was from a potential criminal/bad publicity stance, after all he is quite happy to let FBI operatives and their “contractors” to push/bully/extort people into supposed terrorist acts, by supplying them with money etc and then in effect forcing them to have contact with dummy weapons etc. If that fails then use blackmail etc to make them into contractors with the aim of getting others into the trap…

Bruce Schneier March 9, 2017 2:30 PM

@ D-503:

“Press conference today: Julian Assange says Wikileaks is in touch with major tech companies and will give them exclusive access to technical details so that they can fix security holes as quickly as possible.”

I know of two companies — both smaller companies — that have a policy of not speaking with WikiLeaks, and are refusing to talk to them about these leaks. That seems like a dumb decision to me.

I know nothing about what the larger companies are doing.

Slime Mold with Mustard March 9, 2017 2:32 PM

Re: Dating Deception (Who Hasn’t?)

I would not put very much weight on the most recent document being the last date the leaker or hacker had access. I’ve seen this used before to try to obscure origin.

An employee of ours was stealing client information. He knew that fresh data would point at only two people, and the people he was feeding it to would act in ways that would tip off our client. So he stole stuff that was a month old from our archives using stolen credentials. One of the few cases I got a criminal prosecution on.

Were I leaking, I would make sure the latest document corresponds to the end of a contract or a major personnel shift.

Is anyone else wondering if the story of wide circulation is just so much smoke? On the other hand, since Snowden, I’ve often wondered how many of these people retire at age 32 to a villa on the Cote Azur.

John Goodwin March 9, 2017 2:46 PM

If the User obscuration is done by WikiLeaks ‘uniquifier’ then it has a bug. Most of the usernames are replaced with a run of serial numbers in the 71000s, but there are a few glitches:

User? occurs twice and
524297
20251227
1179751

stand out.

Does anyone know Atlassian products well enough to know if these numbers are plausibly related to the original software these data are taken from?

John Goodwin March 9, 2017 2:50 PM

User20251227 https://twitter.com/20251227

Perhaps some people like usernames that are numbers, and the WikiLeaks obscuration software doesn’t change them. It is an odd number to randomly have a twitter user associated with it.

Clive Robinson March 9, 2017 3:22 PM

@ Bruce,

I know of two companies — both smaller companies — that have a policy of not speaking with WikiLeaks, and are refusing to talk to them about these leaks. That seems like a dumb decision to me.

It is dumb very dumb, and I feel sorry for the users of their products, who potentially are being left to be attacked by third parties now or at a later date.

Realistically if your customers are going to be put in danger, does it matter who gives you the “heads up”, personaly I think not. Looking at it another way it’s a PR disaster heading their way, and they only have themselves to blaim because there is no moral high ground for them to occupy. Worse if a customer got hurt because of the companies quite deliberate negligence then they could be on the receiving end of a law suit that their EULA etc would not protect them against.

As you say “dumb”.

@ Anyone from wikileaks reading,

I suspect that there are rather more than two companies with such policies. Perhaps it would be best for such companies customers to do a 90day reasonable disclosure on any offending company. Then after 90days disclose sufficient to show they have been deliberatly negligent and let their users decide if they wish to carry on paying the companies who make them insecure and vulnerable to attack…

Ergo Sum March 9, 2017 3:33 PM

@Bruce Schneier…

Sorry. You have me confused with others. I don’t automatically make any assumptions. I’m not even making one here.

I apologize for contributing my previous quote to you…

infosec_community_and_wikileaks March 9, 2017 4:38 PM

I have a great amount of question about the info sec community and about their attitude towards Wikileaks and Julian Assange. I will try to be concise as much as possible.

I think these latest leaks from them shows the descrepency and derangeness of some of these leaders as they all attempt to dismiss these leaks as something the CIA should be doing and i should accept this? Do they have any idea what a democracy is? I am quite confident that their previlledge and status does not help them understand that the CIA which is an extension of the executive branch is not compatible with a democracy because they exist for the sole purpose of probably deniability. They are designed so that they can not be held accountable. These leaks just goes to show you that the CIA is an organization that should not exist. Their corruption is only outmatched by the most fascist element in the United States which are corporations. How Matt Blaze can chuck this up to an axe analogy is just astounding? The CIA spied on the senate committee that was preparing a report on their conduct on torture and Blaze, Weaver, Cox motherboard, thegrugq, Valorie, Krebs and et all seem to think that they are not in some way or form spying on the US citizen is just shocking. If they can just accept it as CIA just doing its job and accept it. But are mad at the Russians are controlling wikileaks and used them to disrupt the US election( i am still waiting on evidence on this because it is a serious claim).

Their behavior just astounds me that they take cheaps shots at wikileaks whenever and however possible. Are they so blind to see that it is everyday Americans that is affected by this? Is their hate for Julian Assange so much that they just dump it in another pile of not important? Just go on their twitter feeds and read what they are saying. Or am i reading this wrong and should not take their twitter feed serious.

I have a lot more to say but someone here please try and help me understand their attitude. All this has blowback on the states. The even bigger danger in the room is corporation and i am supposed to trust Apple with my security. A company that is involved in gross violation of human rights in China? I mean who makes all our electronic equipment and the raw components are coming from the Congo which is just shredded by violence. I just do not understand. When Jacob Appelbaum they all showed these forms of psychotic behaviour they are showing now and accused him of having these behavior. Just someone help me understand how i can chuck this up to CIA being CIA and in the same length supposed to speak of democracy, privacy and that other bullshit they speak of?

Thank you
I am not trying to rant but i have noticed their behavior towards wikileaks for sometime and their are many well known people in the community that share their position.

Thank you again

NystagmusE March 9, 2017 4:43 PM

For those seeking more information depicting more effectively exactly why and how Russia was NOT INVOLVED with the USA Election or alleged hacking…

Here’s some decent material to start with.
Other sites and articles by other authors exist.
Probably more is forthcoming despite the de-facto media blackout on this topic.

http://www.counterpunch.org/2017/01/13/did-the-russians-really-hack-the-dnc/

And if you need any good honorable motivation for doing the correct things ethically, look here:

https://www.wagingpeace.org/resources/sunflower/
https://www.wagingpeace.org/issues/peace/
https://www.wagingpeace.org/issues/nuclear-weapons/
http://www.wagingpeace.org/issues/nuclear-weapons/nuclear-weapon-treaties/

Now is NOT the time to get sloppy about this stuff despite the quasi-controlled-chaos of the status quo.

You have a human right and a need to know.
Please be part of the solution and not part of the problem.
No, I don’t work for the Nuclear Age PEACE foundation. I do not hav that privilege.
And yet every human has a right and need to survive peacefully.

Mutually-assured survival is yes, always preferred.
And, as we say, May Peace Prevail Within All Realms of Existence. (Past, Preset, and Future; I would add; and eventually for a maximum number of species).

Even if you for some strange reason are OK and complacent with the recent further attempts to establish a kleptocracy out of the ruins of America, you should be warned that the rest of the World is destabilized as well. There is a context for everything. And we are all interdependent and interrelated.

Cooperation is an evolutionary adaptive characteristic.
Sociopaths are an extreme minority statistically. Let’s not be haunted by their temporary powergrabs.

When a sociopath or psychopath or clinical narcissist delivers on his or her promises, that is definately not a good thing. That is a preface for abuse by the definition of what sociopathological behavior actually is.

We live in a world of more than just one sociopath/psychopath/clinical narcissist. And yet they routinely attempt to insert themselves into roles of power and influence. It’s quite literally part of their psychological and socilogical disease and pathhology. They are NOT our messiahs.

And besides all of that, most Americans did NOT vote for Trump.
Don’t let the editorializing of actual history sway you. He did NOT win.
Blame the Electoral College, for starters. It really should be abolished. And here’s the mathematical statistical reasons why:

https://www.youtube.com/watch?v=G3wLQz-LgrM
https://www.youtube.com/watch?v=zcZTTB10_Vo

Despite population density graphics, most Americans did NOT vote for Trump.
Yeah it’s a cultural civil war. Research population demographics and you’ll find other insights into just exactly where the troubling powergrabs and skirmishes exist. Tyranny of the majority by the minority already exists. And it’s not by Black People nor Asians nor Native Americans nor Immigrants, etc.

And so-called “bipartisan support” is also ridiculous since there are more than two parties and certainly more than two viewpoints on any given political or cultural issue. Even our digital systems are beyond binary thinking, and yet our politcal system is stuck in binary thinking yet still can’t even count correctly.

My Info March 9, 2017 4:45 PM

@Anura

And if six months passed without mentioning that there was an ongoing investigation people would be complaining about how they aren’t even looking into it.

And rightly so. If there is no news of a federal indictment, this means that either the prosecutor doesn’t have enough evidence to justify assembling a grand jury, or worse yet, the grand jury doesn’t consider the evidence sufficient to go to trial on the particulars of the matter. The people are right in complaining that they either aren’t looking into the matter or they are barking up the wrong tree.

It’s a process. It’s laid out in the Constitution, called the due process of law. We’re not in kindergarten. When we screw it up, guilty people go free, and the victims of their crimes are denied the equal protection of the laws to which they are entitled under the 14th Amendment. It’s getting really difficult to maintain the claim that we are making an honest effort at getting it right….

Dirk Praet March 9, 2017 4:49 PM

@ Clive

Perhaps it would be best for such companies customers to do a 90day reasonable disclosure on any offending company.

The customer can do better by including some additional liability clauses in tenders, RFQs and RFIs, such as: “Vendor will provide software updates or temporary fixes for known vulnerabilities no longer than 90 days after public disclosure of such vulnerabilities, and irrespective of the nature or source of this disclosure. Failure to do so or to provide customer with acceptable grounds for non-compliance will be considered severe lack of due diligence which may result in substantial damage claims and/or termination of contract.”

As to those two companies @Bruce was mentioning: irresponsible dumbasses nobody should be doing business with.

r March 9, 2017 5:21 PM

@Skeptical,

The last couple paragraphs of your reasoning is what I’m wondering, if maybe one of the ‘co-operatives’ they just shot down had access to this stuff. Likely not, but I was wondering about GCHQ too. I agree that it doesn’t seem to be political enough to involve disaffection imb – if you signed up for the CIA this stuff (so far) is beyond a given.

And folks, please remember that the CIA is: The Central Intelligence Agency; that means whole heartedly that they are NOT the ‘NSA’, e.g. the “National Security” Agency.

Stop crying, if they got doxxed you should especially have expected it. And the developments shown thus far? Please, it’s not like we just found out Intel Chips have 244mghz side channel for their AES yanno?

@All (D-503)
Try to keep up computer science ‘majors’, analyze that. COFF

Anura March 9, 2017 5:23 PM

@My Info

So six months is enough to complete an investigation? What about three? Please provide guidelines as to how long it should take between any incident and charges being filed.

r March 9, 2017 5:27 PM

@My Info,

If organized crime grew out of Obama’s seed it’s because of mandatory billable and monetizable insurance and the increase in welfare/social security dollars being handed out hand over fist.

But, let’s make the argument I do to people who always question why I give a man asking for a dollar for food money…

If someone asks you for a dollar to buy a hamburger, and they go buy a beer or crack with it… that’s between them and god. You as a citizen did the right thing by trying to help them and it is their bad for lying and or misappropriation.

Morally, to dismiss them as crackheads or drunks or some (and this one will hit you hard) some homeless schitzophrenic or autist is dismissive and dehumanizing.

I repeat, what they do with you putting your best foot forward is between THEM and GOD.

GregW March 9, 2017 5:50 PM

People have now hashed through the technical aspects of this moderately thoroughly.

What I haven’t seen discussed is the Assange-vs-CIA dynamics / game theory of this leak.

The “good news” for US/UK intelligence is that they were, since the Podesta leaks and US election outcome, making progress in squeezing Assange out of that Ecuadorian embassy. The current Ecuadorian president has tired of him and in any case there is a new Ecuadorian presidential election April 2nd. There are two presidential candidates, Lasso, who wants Assange out in 30 days, and Moreno who would seem to want him out but hasn’t promised a timeline. (Source: https://www.washingtonpost.com/news/worldviews/wp/2017/02/10/ecuadors-upcoming-election-could-hand-an-eviction-notice-to-julian-assange/?utm_term=.7961611f7e9f ).

I guess the interesting question to me is: was the timing of this leak affected at all by the Ecuadorian election process and/or Assange’s status? And does it have any impact on US/UK efforts to get Assange out of that embassy?

  • Is Assange trying to get the material out “while he can” since he might not have much time left?
  • And/or is Assange trying to get leverage on the CIA (“I’ve released some stuff… but I have a lot of worse stuff in the wings”)?
  • And/or is the leverage an attempt to dissuade the CIA from pushing too hard for Lasso in the imminent election or any other backgroom deals with Lasso/Moreno?
  • And/or does this worsen Assange’s ability to retain sanctuary since the CIA will redouble their efforts? Or not? How hard can/would they push when he is holding unknown information over their head?

Seems like a potentially delicate situation.

I presume any explicit attempt to use leverage by Assange would be leaked by the CIA and backfire on Assange’s attempt to maintain the moral high ground so I doubt there’s any explicit communication/strategy on this. But the timing and release do affect some of the game theory behind US/UK efforts to get Assange out of the embassy and while I am not quite sure in which ways it nets out, it’s interesting to think about.

On an only mildly related note, I do sense Wikileaks/Assange trying harder than uaual to be a “responsible leaker” more so than the past with the redaction of CIA employee/contractor JIRA names/IDs and source code redaction and disclosure-first-to-vendors. I guess they’ve had a “harm minimization” process before but I was more struck by it this go-around and I wonder whether Wikileaks is trying harder or its just a shift in my perception?

r March 9, 2017 5:54 PM

@GregW,

Maybe CIA analysts are insulated from each other, maybe user names are identifying watermarks. Scrubbing things like that (if a username is an actual delta from your own username) would seem paramound. Maybe they had the foresight to really deburrr the cache… But I also agree that it’s odd this isn’t a full-disclosure this time around.

What all the trip-toeing ?

Phx$ March 9, 2017 6:06 PM

Aside from pro Putin/GRU

Louise Mensch‏Verified account @LouiseMensch 3h3 hours ago
Louise Mensch Retweeted Adenoid Hynkel
In my view, Ecuador is violating diplomacy by using diplomatic premises for non-sanctioned spying. @theresa_may should in my view revoke

Louise Mensch Retweeted
Louise Mensch‏Verified account @LouiseMensch 4h4 hours ago
Louise Mensch Retweeted David Frum
See on twitter this is a joke, but if @Nigel_Farage said it under oath in the UK if deposed, it would be perjury. He can remember. @GCHQ

Just to be clear: Guccifer 2.0 is GRU (Russian military intel service). And Stone wFinal: as soon as @PressSec admitted @realDonaldTrump got his info from @TheJusticeDept, he admitted crime for which Nixon impeached as reportedly in contact w/them.

The Lead CNN‏Verified account @TheLeadCNN
Gen. Michael Hayden: I believe “WikiLeaks is acting as an arm, as an agent, of the Russian federation”

Former National Security Adviser Michael Flynn, who was fired in February after lying about his contacts with the Russian government, has formally registered with the Justice Department as a “foreign agent” and admitted that he had lobbied on behalf of the Turkish government as recently as November 2016.

https://warontherocks.com/2016/11/trolling-for-trump-how-russia-is-trying-to-destroy-our-democracy/

one could consider rsa kingslayer

Milo M. March 9, 2017 6:28 PM

https://medium.com/@RonWyden/americans-are-still-in-the-dark-about-government-surveillance-e6b1dd3f573f

“Ron Wyden, U.S. Senator from Oregon, Mar 3

What about issues that I expect to be the subject of legislation? First among them is the need for Congress to carefully examine law enforcement agencies’ use of hacking and malware, which, I hope, will ultimately lead to the passage of a legal framework that strictly regulates this powerful surveillance capability. . . . If law enforcement agencies are going to use malware — in other words to hack into the computers, phones, webcams and microphones of Americans, such hacking needs to be pursuant to a narrow warrant, to strict judicial oversight, and law enforcement agencies must take steps both to limit collateral harm — to innocent Americans and to U.S. technology companies whose products the government is hacking — and be ready to clean up the mess when they do in fact hack innocent people or when their hacking tools fall into the wrong hands.”

Anura March 9, 2017 6:31 PM

@Phx$

Looks like Twitter is leaking again; can someone please get some epoxy and patch it properly this time?

Anura March 9, 2017 7:04 PM

On the topic of Russian conspiracy theories – it seems to me that the only reason wikileaks would talk about the faking attribution, when that was obviously not the case, would be to deliberately mislead the public into thinking there is evidence that the DNC leaks were a false flag by the CIA (which doesn’t make sense on multiple levels).

Rat Overboard March 9, 2017 7:13 PM

In interpreting wikileaks disclosures people are apt to focus on Assange and forget about people like Jen Robinson or Baltasar Garzón.

Vault7 is one small piece of the universal-jurisdiction noose that’s digging into CIA’s neck. Like the Snowden documents, Vault7 supports the ICC Afghanistan investigation by documenting one case of the war crime of ‘declaring abolished, suspended or inadmissible in a court of law the rights and actions of the nationals of the hostile party.’ Its global war on terror scope readily generalizes to a crimes against humanity prosecution.

CIA’s coercive foreign privacy interference becomes a subsidiary crime when the open-and-shut case against CIA torture is formalized as a universal-jurisdiction bill of indictment. The crime against humanity of systematic and widespread CIA torture points to US aggression in Afghanistan and Iraq. NSA is implicated in the derivative war crime of ‘passing of sentences and the carrying out of executions without previous judgement pronounced by a regularly constituted court, affording all judicial guarantees which are generally recognized as indispensable.’ With the USG charged under the Nuremberg Principles, CIA and NSA are their Gestapo.

The international community won’t let US courts forget that they tried judges at Nuremberg. So the US judiciary, traditionally staffed by CIA’s bought-and-blackmailed bitches, grew a little spine.

http://www.miamiherald.com/news/nation-world/world/americas/guantanamo/article137032948.html

This is the classic late-stage feeding frenzy that you see in crimes-against-humanity proceedings in third-world pismires like Rwanda, Sierra Leone, Guatemala, or Brazil. When it comes down to it, CIA’s torture cowards are on their own. Without impunity at home, CIA criminals are cooked. Their only hope is to implicate somebody else. This is how the world is going to decapitate the CIA regime that rules the third-world US pismire.

r March 9, 2017 7:56 PM

@Rat Overboard,

Yeah sure, excepting one thing.

While I haven’t signed some bullshit treaty with your mother en law over my manufacturing of VX in her porc tub let me point out that in my doing so, or at least in my saying I now have everybody wondering if when and where it holds true (or not).

Now, while on the topic of VX… Or maybe Sarin… I’m almost certain that I have a right to study and educate myself in the most worldly of endeavors like say… simple organic chemistry.

But what recourse does that leave you with when I start smearing it in the face of the public?

Let you stop me there, or not?

Stakeholders Timeline Puzzle March 9, 2017 8:04 PM

Within days of Trump winning the election NSA Admiral Mike Rogers visited Trump on Thursday. Rogers, without notifying superiors, traveled to New York to meet with Trump on Thursday at Trump Tower. That caused consternation at senior levels of the administration, according to the officials, who spoke on the condition of anonymity to discuss internal personnel matters.

That Saturday November 19th Reuters reported on the WaPo Story and additional pressure by Defense Secretary Ash Carter and DNI James Clapper to FIRE Mike Rogers. There is no proof they didn’t backdated their request by one month.

It’s important to note that NSA Director Admiral Mike Rogers would be keenly aware of both the FISA June request – Denied, and the October FISA Trump Tower server request – Granted.

Rogers must have had a compelling message for Trump. He still heads the NSA today while everyone else is gone.

Also related the Justice Department refuses to discuss FBI director Comey request too to deny any eavesdropping. Since then he chillingly states NO ONE has a right to absolute privacy in the USA. Let the Almighty move over!

All this lying and cheating drives ethical people nuts. Hence the massive CIA leak to counteract the leaks that hurt Trump. Putin must be very upset at the Russian hysteria.
It’s all insane over-the-top politics.
What I like is the media finally discussing just how unsecure smart devices are.
I request through the Freedom of Hackers Act (FOHA), the bombshell 55 year old JFK assassination documents be released next.
http://www.reuters.com/article/us-usa-security-intelligence-idUSKBN13E0SF

John Goodwin March 9, 2017 9:01 PM

I figured out why User had name 20251227. 12/27/2025 is the date of the NASA Asteroid Redirect mission. WikiLeak’s scrubbing software failed to scrub it.

Mike March 9, 2017 9:25 PM

The WL documents referenced here have a lot of typographic errors and I wasn’t even searching particularly hard. Fakes? Lazy CIA RIP staffers? Simple compartmentalization in case of leaks? Bureaucracy so burdensome that correcting the spelling of, for instance, Galois is just too darned hard (and after using “GCM” many times previously, then incorrectly spell out the term in the middle of the document, in contravention of the CIA style document (yes, such a creature really exists))? Really? Yeah, OK, maybe they hired H1B workers to save some cost.

Bob March 9, 2017 11:44 PM

@ ab praeceptis,

Interesting…

I suspect Bruce found reasons to satisfy his own curiosity.

TM March 10, 2017 3:46 AM

Zeynep Tufekci in the NYT:

“Yet on closer inspection, this turned out to be misleading. Neither Signal nor WhatsApp, for example, appears by name in any of the alleged C.I.A. files in the cache… If anything in the WikiLeaks revelations is a bombshell, it is just how strong these encrypted apps appear to be. Since it doesn’t have a means of easy mass surveillance of such apps, the C.I.A. seems to have had to turn its attention to the harder and often high-risk task of breaking into individual devices one by one. …

WikiLeaks seems to have a playbook for its disinformation campaigns. The first step is to dump many documents at once — rather than allowing journalists to scrutinize them and absorb their significance before publication. The second step is to sensationalize the material with misleading news releases and tweets. The third step is to sit back and watch as the news media unwittingly promotes the WikiLeaks agenda under the auspices of independent reporting.

The media, to its credit, eventually sorts things out — as it has belatedly started to do with the supposed C.I.A. cache. But by then, the initial burst of misinformation has spread. On social media in particular, the spin and distortion continues unabated.”

From what I know so far, I’d have to agree.

https://www.nytimes.com/2017/03/09/opinion/the-truth-about-the-wikileaks-cia-cache.html

Dirk Praet March 10, 2017 5:57 AM

@ GregW

Is Assange trying to get the material out “while he can” since he might not have much time left?

While he undoubtedly must be aware that he’s not gonna be able to stay there for ever, I hardly see how this new leak is giving him any leverage whatsoever. The man is just doing what he’s been doing all along: leaking government secrets.

@ Phx$

In my view, Ecuador is violating diplomacy by using diplomatic premises for non-sanctioned spying.

Under which reasoning pretty much every diplomatic mission around the world has to be closed. Not to mention the fact that the UK is violating international law in the first place by not allowing Assange to leave.

Just to be clear: Guccifer 2.0 is GRU

There is zero conclusive evidence for that allegation.

Gen. Michael Hayden: I believe “WikiLeaks is acting as an arm, as an agent, of the Russian federation”

It would appear that Hayden still doesn’t understand what Wikileaks is about. Such an accusation doesn’t fly unless they would actually refuse to accept or publish Russian and Chinese documents if such material would come their way. It’s hardly their fault that those governments seem to be better at keeping secrets than the USG.

@ Anura

it seems to me that the only reason wikileaks would talk about the faking attribution … would be to deliberately mislead the public into thinking there is evidence that the DNC leaks were a false flag by the CIA

It’s called adding to confusion. I also don’t think Wikileaks is explicitly accusing the CIA but merely pointing out that skillful actors have the capabilities to mask their activities as someone else. And it makes little sense to me either that they would have been behind the DNC breach. Clinton was the establishment candidate, and the CIA had exactly nothing to gain from a Trump presidency.

From where I’m sitting, all the speculation about who was behind what and for what reason is nothing but a deliberate distraction from what is actually revealed by these leaks. While the total Swiss cheese that apparently was the DNC infrastructure made it a prime (and legitimate) target for any actor ranging from script kiddies to foreign agencies, the presence of APT28 and APT29 in itself is not conclusive evidence that the Kremlin indeed was behind the heist itself or the publication thereof. Until such a time that I see positive proof for whatever theory, the simplest explanation to date remains that it was a disgruntled Sanders supporter within the DNC itself. But which unfortunately is a scenario that doesn’t fit any political narrative and was quickly abandoned the moment Crowdstrike & co. saw Russians inside.

@ TM

WikiLeaks seems to have a playbook for its disinformation campaigns.

As much as the common Wikileaks marketing campaign can be called into question, it does not change the objective content or value of the published documents. If as a result of this publication the revealed vulnerabilities are closed by the affected vendors, than that’s a good thing for everyone. And if they give a better insight into the CIA’s activities, capabilities and methods, that’s equally a good thing for everyone that has a problem with out-of-control US spying agencies. Which in practice means most of the world, including US allies. But I guess from a US vantage it kinda does make sense to focus on vilification of the messenger instead of on the message itself.

r March 10, 2017 6:11 AM

@Dirk,

Hayden may know something about WL approaching veterans and personnel.

But I think Phx$ may be a placeholder for getting our phacts straight. 😉

Who knows? Maybe amid all this cloud we have more leaks we’re not recognizing that ARE sanctioned for the effort of steering or re-adjustment.

Believe what we will.

TM March 10, 2017 6:40 AM

“it does not change the objective content or value of the published documents”

And I still haven’t seen a convincing case that these documents do contain valuable revelations. But maybe somebody here will change that?

tommy March 10, 2017 7:21 AM

The neo-McCarthyism is getting out of hand. There’s next to zero evidence of Russian interference in the last election unless wishful thinking is now considered evidence.

Trump, on the other hand, is kooky for thinking he was wiretapped in spite of the following facts:

  1. News outlets alleged exactly as much months ago
  2. Obama suspiciously made last minute changes to intelligence sharing rules
  3. Obama’s DoJ pushed hard for that fruitless FISA on the Philadelphia server; rejected the first time around by a court system that rejects almost nothing
  4. Podesta emails show Clinton campaign had long been aiming to portray Trump as soft on Putin

  5. We have a mysterious meeting between Trump and Rogers behind Clapper’s back that led to Rogers getting canned

  6. Washington Post all but admitted their source for the Russian “fake news” claims, PropOrNot, was an untrustworthy Ukrainian front; was it Ukrainian intel or was it a Clinton Foundation oligarch? We still know nothing about the organization.

  7. We have the Obama admin setting up the meeting between a Russian ambassador and Sessions

  8. In the wake of Guccifer 2.0, the DNC proved so anxious to catch the Russian culprit that they refused to allow the FBI to examine its servers

  9. Clapper is a serial perjurer and Brenner heads up a CIA that went so far as to hack a senator: trustworthy guys who always play by the rules!

Gee, it could almost look like a desperate smear/gotcha campaign by elements of the DNC and intel community but then Trump is obviously paranoid.

Dirk Praet March 10, 2017 7:38 AM

@ r

Believe what we will.

Which is the inevitable outcome when we are being drowned in information to the point that for a normal person it has become virtually impossible to differentiate between facts, opinions and propaganda. However much the internet and social media have contributed to spreading knowledge and information, we are now well beyond the point that we’re choking on it. I regularly find myself longing for times when a TV set with just a few channels, a radio, a couple of newspapers and the neighbourhood library were all we had to try and make sense of it all. The world was a much simpler place back then.

@ TM

And I still haven’t seen a convincing case that these documents do contain valuable revelations.

The comments from most security researchers I have read so far is that the overall contents are pretty lame and contain nothing particularly shocking at all. But in my capacity as a EU citizen whose digital communications are fair game to US (and other) spy agencies, I can only be very pleased if even one of these tools/exploits by the affected vendor is rendered useless as a result of this publication, and irrespective of whether or not I am a target for them. Spy agencies, their overlords and corporate accomplices are totally out of control and I can only applaud folks like Snowden and Assange for exposing their activities and making their lives miserable.

Skeptical March 10, 2017 8:52 AM

@Dirk: it makes little sense for the Russians to stir up the heat even further with the entire US already up in arms about their alleged election meddling, unless they are orders of magnitude better at defense than the US IC are and just about as dumb (or arrogant) in thinking they will never get caught. Which I both kinda doubt.

But it makes a lot of sense within a certain framework. If you are already expecting retaliation, and if you are increasingly concerned about the compromise of your own services, then this type of information operation could be judged to have value.

It’s also a type of operation that doesn’t indicate any escalation with the United States. For instance, it’s not another attempt to influence political elections in the United States.

While avoiding escalation, it may also be aimed at keeping the US Intelligence Community off-balance, confused, or more uncertain about Russian knowledge – all of which may be helpful in blunting retaliation or, for that matter, in blunting intelligence collection.

There are, after all, multiple elections in the not distant future that Russia would have an interest in influencing. Reducing US intelligence collection and analytical focus, pushing the US towards the defensive, may provide Russian operations directed at those elections with a greater chance of success.

So, if in fact this is part of information operation by Russia, then I don’t view this as a crazy action. Indeed, it’s much less aggressive than their treatment of US diplomats, or the audacity of their information operations during the US election; to say nothing of their actions in Ukraine.

Dirk Praet March 10, 2017 10:23 AM

@ Skeptical

Indeed, it’s much less aggressive than their treatment of US diplomats, or the audacity of their information operations during the US election

You’re really pretty far out an a limb here when even the FBI so far seems to suspect an insider rather than a nation state. As to the treatment of US diplomats, I seem to recall that it was the US that threw out a bunch of Russian diplomats without any retaliation by Putin. The recent deaths of about five Russian top diplomats also kinda raise eyebrows with me, beit without accusing anyone.

Regarding the meddling in US elections – and without revisiting that discussion – I still haven’t seen any conclusive evidence that indeed the Kremlin was behind it, and even if they were the entire operation pales into insignificance compared to what the US historically has done in the same field and most probably still is doing. Which is not an excuse, but merely putting things into context.

infosec_community_and_wikileaks March 10, 2017 11:19 AM

@Dirk Praet
I mentioned this earlier in my post. How most people can just dump this as uninteresting, not jaw dropping tells me that even if they are journalist they are all wrapped up in American exceptionalism. Why does an instituion like the CIA exist in a democracy? How they can not see that they will probably be using these capabilities on foreign nationals and i am just supposed to accept that as spies being spies? Those Wikileaks sensationalize hell yes but still read the content. Its just astounding how people in the info sec community just dismiss the implication of this. This does shows you can be a badass comp sci and not understand a damn thing about your own countries history. I am just confused by their behavior of these people fighting for human rights lol.

Instead of the Democracts to admit that the failed neolibral policies are behind the rise of Trump and they would literally be slaves to their corporate masters than help the public is beyond me.

vas pup March 10, 2017 12:19 PM

@Clive Robinson • March 9, 2017 1:48 PM
Clive, I think the role behavior is the answer.
What kind of ‘hat’ you have currently on, defines your behavior substantially.
You know Zimbardo prison experiment?
Looks like my memory misinform all respected bloggers. I am really sorry. He was against phone surveillance without court order(as best of my memory), that is why had to resign under Bush Junior.

GregW March 10, 2017 2:48 PM

@Dirk
I tend to agree it’s just more of the same from Assange.

@Hal
The claim at that link that “The CIA paid or inveigled or coerced tech firms to put gaping security holes in their hardware/software” is not supported by any of the Vault 7 evidence I’m aware of. I skimmed through a large subset of them and have read moderately the coverage of the leaks. Instead, the holes seem to have been found by partner intelligence agencies (NSA, GHCQ), from watching other malware (UMBRAGE) and/or bought and paid for, presumably from the existing known third parties who sell zero days on the open market (or not-so-open defense contractor/IC market).

gordo March 10, 2017 3:19 PM

WikiLeaks Will Help Tech Companies Fix Security Flaws, Assange Says
By Scott Shane, David E. Sanger and Vindu Goel | New York Times | March 9, 2017

The companies reacted cautiously to the WikiLeaks offer, saying there could be legal complications in accepting classified information stolen from the government. Sean Spicer, the White House press secretary, advised the companies to seek legal advice before accepting the leaked code.

“I do think that I would check with the Department of Justice in particular about if a program or a piece of information is classified,” he said at a press briefing. “It remains classified regardless of whether or not it is released into the public venue or not.”

Microsoft suggested in a statement that it did not want to be seen as collaborating with WikiLeaks, declaring dryly that its “preferred method for anyone with knowledge of security issues, including the C.I.A. or WikiLeaks, is to submit details to us at secure@microsoft.com.”

https://www.nytimes.com/2017/03/09/us/wikileaks-julian-assange-cia-hacking.html

Thoth March 10, 2017 6:52 PM

@gordo

It seems like the USG doesn’t want the flaws in softwares to be fixed to increase the lifespan of the flaws.

Clive Robinson March 11, 2017 9:05 AM

@ TM,

With regards your quote from,

Zeynep Tufekci in the NYT

What Zeynep is asking for is what happened with the Ed Snowden revelations. Which you may remember there was lots of argument about.

What Zeynep is hoping for is a way to argue the content into irrelevance in a way that will cause the public to rapidly lose any interest in the story as various US MSM journalists have tried to do with the Snowden trove.

At the very least Zeynep’s argument is vacuous and can easily be seen as a politically motivated attempt to kill bad news by attacking the messenger not the message.

For instance the comment about Signal and similar, actually sit down and analyze what is actually been said… You will quickly realise that Zeynep is setting up a false premise then using that premise to say something is worthless. Which is usually a sign of a person trying to hide things for ulterior –often political– motives.

If you consider the different motives for the CIA and NSA it’s easy to see why the CIA would be target focused not population focused as the NSA is. But it is known that the NSA are also target focused as in what they have been found to do with European leaders –political and business– as well as researchers.

Thus not only is Zenyep’s argument presented falsely it is also ignorant or hiding what is publicaly know.

Thus Zenyep’s artical, is as used to be said “Fit Only For Perforation” implying it was only of use for wiping your bottom in the smallest room.

Clive Robinson March 11, 2017 9:13 AM

@ Dirk Praet,

The man is just doing what he’s been doing all along: leaking government secrets.

Whilst that is technically true it has an unfortunate implication.

What Wikileaks has released in the main are shall we say things that are being kept secret to cover at the very least that which is “embarrassing” and more seriously that which is “illegal” or downright “evil” carried out in the US and other Jurisdictions by the US Government.

Thus arguably are “secrets” that are actively harming US citizens and other parts ofvthe US government.

Clive Robinson March 11, 2017 9:50 AM

CIA False Flags and the DNC

I see quite a few comments about the CIA and the DNC hack, basically arguing from effect backwards to cause, and thus concluding it was not the CIA…

Try instead looking at it the other way…

Whilst Hillary might have been “the CIA’s man” as it were, there is the joke about the rider on the CIA motto to consider. Of “In God we trust, ‘but all others we check and get the dirt on'”. That is much of what the CIA does is to find “leverage” to ensure “Compliance or Destruction”. They do this even to their own people, in case it becomes expedient to sell them out, so I would assume Hillary to have been watched like a hawk and every opportunity to “get some goods” taken (Which is why I believe there is almost certainly some truth in Trump being under surveillance).

Now assuming Hillary was being treated to the “We keep ore enemies close but our friends closer” treatment by the CIA the question of “blowback”, “deniability” and “cover” come into consideration. As Bruce has noted everybody knows China and Russia hack, thus they are prime candidates for being emmulated for a false flag opperation and provide both deniability and cover thus preventing blowback. For example if they needed to apply leverage against Hillary than to say at some future point they found XXX on a Russian computer that belonged to a high ranking FSB operative. Any investigation would find those Russian fingerprints in the DNC computers thus as we saw “Case Proven” “hook line and sinker” and full cover for who ever was running a false flag op achieved case closed.

This is exactly the behaviour you would expect from a smart criminal upwards, and to decide it was not the case is to likwise swallow the “Hook Line and Sinker”…

As I point out –as somebody said ad nauseam– correct attribution is not just very very hard it can be impossible and I’ve explained why over the years. To assume that the various IC’s were not doing this even for the sake of “turf war advantage” is the hight of folly.

In fact with “sneaky-beaky” organisations, the fact that you can not see an obvious reason or connection, is more likely to be evidence that they are up to their necks in it and have taken both the time and effort to have good cover and deniability so as to avoid even the remote chance of blowback…

You have to be more than quite clever to commit the “perfect crime”, it’s easier and way more effective to commit the imperfect crime and frame another at the same time, thus they get the spot light not you, and they that have to defend themselves not you, and they have the very difficult task of getting out of it whilst you just quietly walk off stage sight unseen with the time to cover any lose threads that might have worked free.

Clive Robinson March 11, 2017 10:25 AM

@ TM

And I still haven’t seen a convincing case that these documents do contain valuable revelations.

That rather depends on your definition of “valuable revelations”.

For instance the same sort of argument was made for the Ed Snowden Revelations by those with a technical bias. As a person with a strong technical background there was nothing in the Ed Snowden revelations at the time that I and others had not previously worked out how to do. Likewise with the TAO catalogue, I’d not only worjed out way back in the previous century how to do such things, I’d also improved back then on what the TAO group were doing in this current decade.

Which whilst not a technical revelation was an ability revelation. That is the “bread and butter” tools they were pushing were old, very old in that they were a third of a century out of date compared to what could be worked out independently from a high school level of knowledge of physics and science, a decent book on EMC and a couple of books published back in the late 1970’s early 1980’s.

Thus the question as to why… Well the TAO catalogue could have been a phoney, or it could have been about techniques that would only work against non state level targets.

Which if you think about it a little id actually a quite outstanding revelation in it’s own right…

Clive Robinson March 11, 2017 10:42 AM

@ vas pup,

Looks like my memory misinform all respected bloggers. I am really sorry.

Don’t be sorry, the problem is as I have just indicated to Dirk above, you can make a quite factual statment that gives others an incorrect perspective.

Comey’s behaviour as a bureaucratic rodent was one of “self protection” rather than a “moral stand”. He could see the potential for serious blowback that would have lost him the war, so he retreated from a battle he was unlikely to win, so that he could fight again at a later date. It also worked in that it also gave a false impression to Obama, who as I said later got a very rude awakening as did Sillicon Valley.

Clive Robinson March 11, 2017 11:04 AM

@ gordo,

The statment you quote of,

Sean Spicer, the White House press secretary, advised the companies to seek legal advice before accepting the leaked code.

That is what an antipadian fried of mine would call a “Pile of dingo’s…” as it’s actually very bad advice.

There is a very simple solution which I’m supprised @ Nick P has not mentioned.

The wikileaks information is only “secret” in the US and public domain information in most other jurisdictions. Thus you could use a simple “clean room” technique to extract the fault, and produce new exploit code from it then have that effectively “published” or submitted to an appropriate security organisation.

Then “legally” the companies have little choice. The information is not secret any more than the laws of physics are, and importantly “Public Domain” thus to protect “Shareholder value” the companies have little choice other than to take note of it and use it.

If the US government was so stupid as to try and make “public domain” knowledge in the rest of the world secret then they would not only make a compleate laughing stock of themselves they would also be guilty of the quite serious crime of criticaly daminging the US critical infrestructure and economy which as “National Security” would normally be treated as a treasonable offence…

Thus there is little room for the US Government to do anything.

om a historical perspective the last political leader to try such nonsense was UK PM Margret Thatcher back in the 1980’s and to show just how mad she was she tried it repeatedly getting steadily more and more humiliated. It may have been one of the reasons her party elders turned on her and sacked her.

My Info March 11, 2017 11:49 AM

@Clive Robinson

If the US government was so stupid as to try and make “public domain” knowledge in the rest of the world secret then they would not only make a compleate laughing stock of themselves …

You are hilarious! The U.S. government absolutely is stupid enough to try to make “public domain” knowledge secret and yes they absolutely do make a complete laughingstock of themselves in doing so!

Ergo…

… they would also be guilty of the quite serious crime of criticaly daminging the US critical infrestructure and economy which as “National Security” would normally be treated as a treasonable offence…

Not only would but are. Why do you think they fired 46 U.S. attorneys? We need to keep on this to make sure they turn in their guns and stay fired, and that they and their MAFIAA associates don’t work their way back into the court system with all those red-light district “intellectual property” trolls and nauseating “national security letters” and all the garbage that goes along with that.

Nick P March 11, 2017 12:35 PM

@ Clive Robinson

It’s the hacker’s version of parallel construction. Far as I know, it started as a technique to make money off insecure companies. They’d go in to hack the company, finding many flaws. They’d do a sales call on the company about how they can prevent or respond to hacks. The company naturally ignores it because security problems don’t happen to them. The hackers cause enough damage to scare the company. They call the hackers asking about security consultations. The hackers find the problems… they already found… in exchange for some money.

The problem here is the problem there: it will be pretty obvious that the prior events are the source for what the hackers publish later. In this case, though, it might not matter given a vulnerability report is a vulnerability report. The use of third parties that aren’t Wikileaks also allows the companies to distance themselves from that organization.

Washington, DC's red-light district March 11, 2017 1:02 PM

Stupid is as stupid does.

Intruder breaches White House grounds, arrested near residence entrance.

“A man carrying a backpack was arrested Friday night after breaching security at the White House complex …”

http://www.cnn.com/2017/03/11/politics/man-breeches-white-house/

Note spelling in URL: “breeches.”

“A man …”

Probably some homeless, harmless man who lacks the money, the resources, and the connections to pose a credible threat to the White House or its occupants. At most a misdemeanor, were this not such a red-light district.

I am equally concerned about the women breaching White House security, but we have not read about them in the news lately. Does anyone remember Monica Lewinsky?

The feds are not charging women with crimes as they do men, nor are the national media publishing their “breeches.” Hence they are dealing with the women in other ways, because to formally charge a woman with a crime violates the code of omertà which has overtaken the federal government and demands respect for women.

To add further context, I have been near the White House myself, and the entire area is constantly thronged and mobbed by foreign tourists. The general atmosphere is almost one of hostile foreign occupation. I somewhat understand the fear and paranoia of the President and other employees of the federal government, but nevertheless I stand firm in my opinion that the ways of a red-light district are not the ways to effectuate true national security.

Anura March 11, 2017 2:17 PM

@My Info

Are you deliberately engaging in libel, or do you actually have evidence that the person in question is involved in a mob boss?

My guess is that you have never heard their name before today, and don’t know a single thing about them.

gordo March 11, 2017 2:37 PM

@ Thoth, Clive Robinson,

The statement from Sean Spicer brought to mind early reactions/warnings regarding the usage/viewing of the United States diplomatic cables leak, for example:
http://www.computerworld.com/article/2469898/internet/a-university-s-troubling-warning-about-wikileaks.html
https://www.theguardian.com/media/2010/dec/05/columbia-students-wikileaks-cables

In that regard, Spicer’s statement seems like obligatory boiler plate, but I suppose that we’ll see, soon enough, what WikiLeaks, Tech and Gov have in mind with/if-any more document releases, etc.

gordo March 11, 2017 3:18 PM

@ Clive Robinson,

Re: “False-Flags”

One would think that any false-flag operation worthy of the name would be, by definition, “off the books”.

I imagine that one could take/seek umbrage with such definitions.

My Info March 11, 2017 4:18 PM

@Anura

Are you deliberately engaging in libel, or do you actually have evidence that the person in question is involved in a mob boss?

Hello? Is anyone there?

“No, we just got a call from the boiler room. We were told not to hire you.”

Look, fellas. The New York City Mob machine doesn’t run without the complicity of those at the top. This guy’s totally at the top of the machine. He’s running the show. And he has the nerve to complain that he learned of his firing from the news media.

Hello? It’s called “service by publication” and it’s perfectly legal. The government can’t even locate the guy to “serve” him personally with his notice of termination.

My Info March 11, 2017 5:12 PM

@_Jim

Please note that Pres. Bill Clinton also ‘fired’ all US Attorneys upon taking office; This is a matter of fact, not conjecture.

Correct. The enforcement of federal laws is subject to highly politicized and twisted executive interpretation, especially when it comes to gun laws and the sacred ability to arbitrarily deny individual U.S. citizens the right to bear arms for political reasons.

The left has arbitrarily slandered my name with legal allegations of mental illness, and denied me not only the right to bear arms but also the right to work. What did I tell you about that call from the Democratic boiler room? My only question is this:

Are the Republicans calling the same shots from the same boiler room?

April_9th March 13, 2017 10:11 AM

I don’t get the current reporting from MSM and from security blogs like yours. Either people are turning partisan or something else is in the works like CIA psyops. I’ve seen articles questioning Wikileaks motives, Assange motives, and how this somehow invalidates them as source. What does it matter what wikileaks or Assanges motives are? At this point the only question MSM should answer is if the data dump is genuine or not. By the way Wikileaks has a 100% record as a source.

From security blogs like yours I would have expected detailed analysis on the exploits, what makes them tick and how we go about fixing them but that has also been absent.

This media push to discredit Wikileaks is backfiring big time. Credibilty is being lost and it isn’t Wikileaks or Assange who is losing it.

Clive Robinson March 13, 2017 10:45 AM

@ April 9th,

From security blogs like yours I would have expected detailed analysis on the exploits, what makes them tick and how we go about fixing them but that has also been absent.

You are not keeping up with things are you?

Two reasons why what you want has not yet happened but will do,

1, Wikileaks has not released them.
2, They take time to analyze.

If you’d been keeping up you would know that wikileaks are holding back the technical stuff from all but the security teams of the organisations whose products have been affected untill they have had the opportunity to fix them. This is for the protection of people who do not or can not keep up with zero day info, it’s called “Responsible Disclosure”.

Then there is the analysis issue, if I drop a thousand lines of code on you how long is it going to take you to work out exactly what it is upto when you don’t have the coresponding application or OS code?

gordo March 16, 2017 10:10 AM

WikiLeaks help fixing CIA exploits illegal, but unlikely to be prosecuted
BY Joe Uchill | The Hill | 03/15/17

“Companies and people with clearances have been instructed to treat anything labeled as or suspected to be classified material as still classified,” Stewart Baker, a partner at the firm Steptoe and Johnson and former assistant secretary for policy at the Department of Homeland Security, said via email.

“So viewing WikiLeaks’ material at least poses a risk to government contractors.”

[…]

“[Classification] poses a problem for those government contractors with clearances who want to review the material for defensive purposes, whether they do so with WikiLeaks’ cooperation or not,” said Baker, who added that “this is a really bad Obama-era policy that this administration should revisit.”

Attackers won’t wait for documents to be declassified.

[…]

But even if tech companies break the law, it’s not certain they’ll be prosecuted.

“Who is going to stop them? It would be a nightmare PR stunt,” said Bradley Moss, deputy executive director at the James Madison Project and a national security attorney at the Law Offices of Mark Zaid.

“Could the feds prosecute? Sure. But they probably won’t, for the same reasons the feds don’t prosecute people who read leaks in the New York Times.”

https://origin-nyi.thehill.com/policy/cybersecurity/324171-wikileaks-alerting-manufacturers-to-cia-security-vulnerabilities

Clive Robinson March 16, 2017 5:25 PM

@ Gordo,

I would treat anythin “Stewart Baker” says as at best highly biased if not down right suspicious.

His history is shall I say not one to envy he is very much a GOP man and “authoritarian facilitator”. If you were a spook looking for a way to commit seriously questionable activities “he’s your goto man” for a useful legal viewpoint to support your activities.

He was doing his thing at the NSA during the First Crypto Wars against the clipper chip. It’s also been said he has whitwashed internal activities that involved personnel with legality concerns about activities.

gordo March 16, 2017 7:18 PM

@ Clive Robinson,

Circumspect at best. It will be interesting, nonetheless, to see how the variety of disclosures roll out, i.e., how they are treated, at least publicly, by the various actors.

Clive Robinson March 17, 2017 7:46 AM

@ Gordo,

It will be interesting, nonetheless, to see how the variety of disclosures roll out, i.e., how they are treated, at least publicly, by the various actors.

It’s why I suggested the “clean room”, and international approach –where US secrecy does not apply– above.

If for arguments sake Fred Sun in the far east read the wikileaks disclosures there quite leagaly, and then used the information to make his own demonstration or attack code. How could you connect that to a wikileaks document you had taken legal advise not to touch let alone read?

Thus the USG has two choices, publish the information themselves in a way that you would be able to tell Fred’s attack was “secret”whic would effectively publish the attack, which makes the attack pointless or find some way to secretly prosecute US companies. Either way the rest of the world can mitigate the problem with work arounds etc, and ask embarrassing questions of the US companies thus damaging the US companies reputation and profitability (giving them standing in court).

Thus the USG would knowingly leave it’s citizens open to a known attack method. In the day and age of the Internet that would be difficult to keep from becoming sufficiently well known that the MSM would be hard pushed to ignore it.

Which brings the “National Security” point to light. In the UK it’s a defence in court and in Parliament to say things in the public domain for “National Security” reasons. Thus unlike “free speach” all defimation, slander etc is defendable by invoking “National Security”…

gordo March 17, 2017 4:49 PM

@ Clive Robinson,

What’s one to say, but ‘plausible deniability or bust’.

As Friday’s are good movie nights, maybe Roy said it best.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.