Tainted Leaks

Last year, I wrote about the potential for doxers to alter documents before they leaked them. It was a theoretical threat when I wrote it, but now Citizen Lab has documented this technique in the wild:

This report describes an extensive Russia-linked phishing and disinformation campaign. It provides evidence of how documents stolen from a prominent journalist and critic of Russia was tampered with and then "leaked" to achieve specific propaganda aims. We name this technique "tainted leaks." The report illustrates how the twin strategies of phishing and tainted leaks are sometimes used in combination to infiltrate civil society targets, and to seed mistrust and disinformation. It also illustrates how domestic considerations, specifically concerns about regime security, can motivate espionage operations, particularly those targeting civil society.

Posted on May 29, 2017 at 10:22 AM • 58 Comments

Comments

david in torontoMay 29, 2017 10:30 AM

Classic Soviet style disinformation campaign, brought forward into this century.

Harald KorneliussenMay 29, 2017 11:13 AM

This is far from the first time a tainted leak was documented. The Britam leak was also tainted, as was the hack of intelligence officer's Anthony Jamie MacDonald's private mail.

It was just that no one official-sounding bothered to give it a write-up - probably to avoid giving attention to transparently false allegations. I would have thought Bruce Schneier would have known about it, though.

Glass HouseMay 29, 2017 11:31 AM

That leak by Citizen Lab about leaks has be tainted if you know what I mean, and I'm sure do.

Robert DanielsMay 29, 2017 11:42 AM

There was also the case of global warming alarmist Peter Gleick who tricked the Heartland Institute into sending him genuine private documents, then released the genuine documents along with a scandalous document that Heartland later denied was genuine. Gleick initially lied and claimed he got all the documents from Heartland, but then admitted he didn't get the scandalous document from Heartland, but changed his story and claimed it was mailed to him by an anonymous source. Ironically after a short suspension, he was reinstated to a leadership position at the Pacific Institute. Apparently they have very low standards at the Pacific Institute if you can lie about the source of slanderous documents and still maintain a leadership position there.

uhmmmMay 29, 2017 12:03 PM

This document appears to claim that Assange has released inaccurate information sourced from Russia. Am I missing something?

> Stealing digital information for intelligence purposes is a well-known and commonly practiced tactic used by states. However, a unique aspect of Russian cyber espionage distinguishing it from other governments is the public release of exfiltrated data intended to embarrass or discredit adversaries. Known as “kompromat”, this type of activity is common in Russia, and was previously used by the Soviet Union, and is evident in the publication of emails on Wikileaks related to United States officials involved in the 2016 U.S. presidential election campaign.

Soft SellMay 29, 2017 12:08 PM

Tainted Leaks

Sometimes my brain has got a
zero day I've got to
Hack away
at the lies that you drive into the heart of me
The data that you share
you pulled from your derriere
Now I've lost my light
For I toss and turn I can't sleep at night

Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us
Took my tears and that's not nearly all
Ooooooh tainted leaks
Tainted leaks

Now I know I got to
Hack back I've got to
Honey pot
You must really want all the data I've got
To make things right
I'll get Assange to hold it tight
So you'll know love is to prey
Now its my turn to launch the zero day!

Once I trusted you
Now I'll run from you
These tainted leaks you've given
Were all the FUD that Putin could give us

Ooooh tainted leaks
Tainted leaks

MailmanMay 29, 2017 12:08 PM

Ironically, tainted leaks also have the potential to become a self-destructing practice. Once the authenticity of leaks will be doubted by default, each leak will become less damaging.
The sustainable strategy for tainting leaks would be to alter one document in a trove of authentic documents, so as to keep the overal trustworthiness of the leak.

This also brings up an interesting concept: could whistleblowers and leakers of classified info protect themselves against prosecution by tainting leaks in a way that they are technically not leaking classified information but still signaling that there is something to talk about?

SignEverythingMay 29, 2017 1:09 PM

Sign all your emails and hope they don't steal your private key?

VictoreamMay 29, 2017 1:22 PM

@uhmmm: I interpret that part as saying that that was an example of kompromat, not that the DNC and/or Podesta troves contained tainted leaks.

The next paragraph seems to confirm this interpretation when it describes the tainting as a "second feature" of the Satter leaks (in addition to being kompromat).

uhmmmMay 29, 2017 1:47 PM

@Victorream I think you have the right of it. So the English translation of "kompromat" would be ~ "leaking at scale."

Clive RobinsonMay 29, 2017 1:58 PM

@ SignEverything,

Sign all your emails and hope they don't steal your private key?

It is not wise to sign anything unless a document specifically requires it for legal reasons, and very very few ever do.

Likewise suggestions of BlockChains is also not good advice.

People confuse the two types of verification and signitures and why you should keep them seperate.

A signiture ties a document to you, which may not be a good idea for a whole heap of reasons. Recipient and originator verification is about the integrity of the document. The former assures that the document contents have not been changed prior to the recipient receiving them. The latter is for the originator to show evidence that a document contents have been changed after it left them. For various reasons you need all three to be as independent of each other as possible.

HermanMay 29, 2017 2:18 PM

This illustrates my own concerns with IT security. If someone can hack into your computer then he can plant misinformation and then get you arrested and tossed in the slammer.

Douglas KnightMay 29, 2017 2:26 PM

In fact, gmail does sign emails, so one can detect forgeries. It is a pity that this write-up trusts the victim, rather than actually verifying the claims.

James SutherlandMay 29, 2017 2:49 PM

@SignEverything:
"Sign all your emails and hope they don't steal your private key?"

Fortunately, a lot of providers now do almost exactly that for us as a spam/phishing precaution - DKIM/DomainKeys guards against tampering of the headers, at least, though it would still be possible to tamper with the email body, making it much harder. (So someone could publish, say, a thousand emails from Bruce, with a little bit of tampering to a few - but to put one in there to someone at the NSA about his secret backdoor in Twofish, they'd have to leave the timestamp, subject and recipient intact, making it very limited in application.)

@Herman: Yes, someone can plant evidence that way - conversely, shared access can get you acquitted. I advised in a case two years ago where *someone* had been downloading illegal images with an iPod Touch over WiFi ... the police had all sorts of details about how many images there were, which site they came from, the search terms used - but *who* downloaded them? The first prosecution witness took the stand, and mentioned that she'd used the device too ... as did the second witness ... at which point, they had to drop the charges. Ironically, if it had been a properly secured device with a password, the accused might have been convicted!

jerMay 29, 2017 2:52 PM

@Clive Robinson

I'm sure the suggestions about blockchain and signed e-mails were advice to the writers of the original documents that were leaked, to both ensure their secrecy and (if keys were leaked as well) their validity. After the unencrypted contents are leaked, only an auxiliary leak or formal confirmation by the original sources could protect their validity.

Clive RobinsonMay 29, 2017 3:02 PM

@ SignEverything,

Sign all your emails and hope they don't steal your private key?

It is not wise to sign anything unless a document specifically requires it for legal reasons, and very very few ever do.

Likewise suggestions of BlockChains is also not good advice.

People confuse the two types of verification and signitures and why you should keep them seperate.

A signiture ties a document to you, which may not be a good idea for a whole heap of reasons. Recipient and originator verification is about the integrity of the document. The former assures that the document contents have not been changed prior to the recipient receiving them. The latter is for the originator to show evidence that a document contents have been changed after it left them. For various reasons you need all three to be as independent of each other as possible.

SignEverythingMay 29, 2017 3:34 PM

Yes, I was talking about verification and tamper-proofing. I consider this a hard problem because once someone else has obtained your private key, by whatever means (legal or otherwise), it's game over. Your identity has effectively been stolen.

I agree with Clive regarding anonymity and documents, but anonymity and email don't usually mix well. Maybe if you want to sign everything, multiple idenities could help? Perhaps as many as one per document? Then you might have the option of allowing third parties to verify individual documents on demand without revealing or linking identities. That would still require witholding your private keys from third parties because once you've revealed that you use crypto, third parties can look for and/or demand access to your keys.

So I don't recommend doing any of this in the 21st century. Nor do I recommend *not* doing it. Dispite whatever impression my name here may give. :-)

@James Sutherland: I have no expectations of protecting my emails from tampering by NSA and their friends.

Larry SandersonMay 29, 2017 4:34 PM

I have read one article claiming that Comey addressed Congress over the Clinton emails based on a fake intercepted email. If so, that fake evidence probably threw the election.

heart shaped boxMay 29, 2017 4:48 PM

Great work by Citizen Lab, no doubt.

But the "Tainted Leaks" technique seems to me to be just a contemporary version of time honored propaganda/confidence scam favorites (i.e., nation-state Psyops 101).

For example, here's the same basic technique being used "in the wild" in the 1920's:

Zinoviev letter
https://en.wikipedia.org/wiki/Zinoviev_Letter

Mary Mapes MopesMay 29, 2017 4:56 PM

What is this? Has CIA started stuffing Citizen Labs with moles, like they did with Human Rights Watch?

First of all, the author has no idea what kompromat is. Second, In which Wikileaks emails, exactly, is 'kompromat' evident? Does the author refer to emails other than the ones Wikileaks digitally authenticated? Citizen Labs is talking out their ass here.

And any discussion of tainted leaks has to start with the canonical example: the perfectly accurate, but retyped, Texas Air National Guard document CIA fabricated to immunize spy brat GW Bush from his ANG screwups. Remember? Bush was a cokehead deserter whose aeronautic ineptitude makes McCain look like Baron Von Richthofen but KERNING! KERNING!! KERNING!!! But tainted leaks is a Russian trick. Yeah right.

MartinMay 29, 2017 5:44 PM

Tainted leaks have always been there. However, in the past truly professional news organizations would do a good job of filtering (stopping) those stories from publication. However, it now appears to me that as the professionalism in news organization has diminished so has the ability to detect, let alone filter out, these types of nonsensical (fake) stories. The U.S.A.'s press is still free, but it is becoming less and less professional each day. (Less = dumber, less = unprofessional, less = valuable) I sincerely doubt there is a news organization functioning today that would earn the respect of Walter Cronkite. Ask yourself if Mr. Cronkite would work in the current CNN or MSNBC organizations...if not, why?

For those that may know know: https://en.wikipedia.org/wiki/Walter_Cronkite

moopsMay 29, 2017 6:10 PM

Tainting leaked documents is an old technique. Some good cases in WWI. Almost standard practice by WWII.

The latest rounds were pretty well called out in Newsweek last November

http://www.newsweek.com/donald-trump-vladimir-putin-russia-hillary-clinton-united-states-europe-516895

In one instance, a manipulated document was put out onto the internet anonymously by propagandists working with Russia; within hours, Trump was reciting that false information at a campaign rally.

The Rand Corporation did a study of the current techniques of Russian propaganda. http://www.rand.org/content/dam/rand/pubs/perspectives/PE100/PE198/RAND_PE198.pdf

Most of the tainted documents can be spotted by professionals, but we have fewer professionals in our journalism and political trades. I fear this administration is particularly vulnerable to this kind of maskirovka. They remain very understaffed and seem to not value merit as much as loyalty.

Pwin TeaksMay 29, 2017 6:38 PM

Russia would never do such a thing!
They're the good guys who are on our side.

moopsMay 29, 2017 6:40 PM

The Tiny URL shortcode hacking was pretty nice. I doubt the phishing scammers would have expected that kind of backtrack.

The rest of the tainted document discovery is old-fashioned comparing against the original and divining the propaganda's intent. I had forgotten the much more specific Russian word dezinformatsiya. Huzzah.

So a lot of the material in this tainting activity are completed documents and not email in an email editor. So, sniffing this kind of attack out is not as hard. You have specific file formats written with specific editing programs. Can those programs provide a level of document integrity that makes this kind of surgical editing prohibitively expensive to forge?

JSMay 29, 2017 7:51 PM

Signing is one thing, but it won't be understood by the average user on receiving end unless email clients and webmail display the identity of the sender loudly and clearly.

In an ideal system, I would like to see gmail (for example) display the sender's name, photo and address with each email. To do so, in an ideal world, the email certificate would have my photo and address as well (can you guess how many Jason Smiths exist in the world?). Since this would require a lot of work for a cert provider like Comodo, in an ideal world I'd like to see the DMV issue certificates to people after verification of their identity.

This is probably where things will go towards in the long run, but not without everyone dragging their feet from email providers to individuals to governments.

moopsMay 29, 2017 8:51 PM

There are some comments here that Digital Signature is the wrong technology for this kind of protection, but digital signature is a broadly used moniker. It practice it has has three parts to it: Authentication, Integrity, and Non-repudiation. To protect against selective tainting would there be a usage mode that allows inexpensive integrity? I think our host is well-versed in these details.

A journalist or activist or politician might be served by having a known public key that others can use to verify the integrity of a leaked document. It is short of using encryption for their correspondence. Naturally this all gets corrupted if the victim is compromised by a targeted phishing scam that grants control over their computer, and thus allows the hacker the ability to Trojan their text editing software, or access their private key. Let us assume the attacker is gaining access to a victim's email, like in this case in the article. They have a public and private key and post their public key for other agencies and journalists, and use their private key for signing version of their Word or PDF documents.

couldn't popular word processing programs provide an easy-to-use mechanism for users? shouldn't government agencies mandate these techniques be used? Partly to prevent disinformation campaigns against their agency, partly out of sunshine policies that prevent officials or reporting corporations from manipulating the records. That starts to drift into non-repudiation, so perhaps officials would resist such measures, but the downside is quite startling (tainted documents that LOOK like they are from you).

Sure, someone getting your private key leaves to open to forgeries, but I don't think I've seen one scandal yet that turned on non-repudiation or authentication. So while that is possible in theory, I haven't seen it occur in practice.


AndrewMay 29, 2017 9:19 PM

Mixing truth with lies is a disinformation method as old as the world. Now it has a name. So far was named still a lie.

heart shaped boxMay 29, 2017 9:41 PM

@Martin

I think much of the race-to-the-vapid-bottom that we're witnessing in the corporate press probably has less to do with a lack of professionalism and much more to do with a very unhealthy consolidation of ownership of the industry. Fewer owners = Fewer points of view openly expressed. Not to mention, there has been historically, plenty of "fake news" being propagated by our own domestic plutocrats via that same corporate press (which is not at all surprising as they do own it after all). The only difference here being that rival foreign plutocrats were (as the story goes, anyway) able to inject their own "fake news".

Additionally, in the spirit of this site, there's also this to factor in...

NSA 'Chilling' Effect Feared By Writers
http://www.huffingtonpost.com/2013/11/13/nsa-writers_n_4267716.html

"We have long known that aggressive surveillance regimes in places like the Soviet Bloc, China, Iran, and elsewhere have cramped discourse and narrowed the flow of information and ideas," Suzanne Nossel, executive director of PEN American Center, said in a statement. "Recently disclosed U.S. surveillance practices are having a tangible and chilling effect on writers here at home."

And that's the way it is. ;)

heart shaped boxMay 29, 2017 11:12 PM

@James Sutherland

"Yes, someone can plant evidence that way - conversely, shared access can get you acquitted. [...] Ironically, if it had been a properly secured device with a password, the accused might have been convicted!"

Your example serves well to confirm @Herman's concern. If the ample evidence of exploits - that require neither physical access nor an unsecured device - does not already *intuitively* weigh heavily on the courts decision making process (not to mention, your own), then you should both recuse yourselves from offering opinions based (in any material way) on the evaluation of digital evidence.

@Herman

I share your concern. The issues with the legitimacy/proper evaluation of digital evidence - given our current/systemic/built-in/snake-oiled-over lack of digital security - couldn't be a bigger elephant in the room.

ab praeceptisMay 29, 2017 11:44 PM

I'm surprised to see someone of Bruce Schneiers calibre fall for such utter nonsense.

There is plenty of evidence showing that the whole citizen lab story is but another - and poor - attempt of western intelligence services to somehow paint Russia and in particular president Putin as evil.
Example: Putins ex bodyguard owning an appartment worth more than half a billion dollars. Problem: What's the worth of trumps 2 floor appartment? Some ten million; and that's downtown new york. Now, Moscow real estate is very expensive, too, but you simply won't find an appartment worth 500+ mio $.

But let's get to the more technical investigative side. That whole intelligence operation hangs on sattlers hacked email account being allegedly hacked by Cyber-Berkut.

The story is to poor to deserve our attention. Some idiot *twice* clicking on "change password" in an email and having "temporarily disabled 2 factor authentication" is just too poor a script.

The other major evidence they provide is an "original vs. Cyber-Berkut" game - well noted, with the "original" being under the full control of western intelligence.

But then citizen lab is a *political* operation and not a technical one. Or should we replace "political" by cia? After all, there is plenty of well known to be cia-connected or direct cia operations like open something initiative, radio liberty, etc.

I guess after Wikileaks unmasking cia's "do dirty things and pin it on others" programs the us americans (and their canadian vassals) felt an urgent need to put the spotlight back on Russia.

No surprise, no tangible and credible evidence. Move on, nothing to see here.

TMMay 30, 2017 8:30 AM

abp: For Pete's sake, it's half a billion *Rubels*, not dollars.

It seems to me that the focus of many commenters on provability is beside the point. Disinformation works even after extensive refutation, as we have seen in 2016. I'm afraid the whole game of leaks and counterleaks, whether tainted or not, will mainly have the effect of sowing confusion, distrust and cynicism. Facts don't matter any more in public discourse.

ab praeceptisMay 30, 2017 8:49 AM

TM

Even half a billion rubels is much much more than anything realistic. For a start, if Putins ex-driver had such an apartement not only the anti-Kreml russian media would be full of it but wapo, nyc etc. too. And btw. even in expensive Moscow there aren't many apartments in that price range.

Moreover, when seeing "open ... foundation" or "liberty radio" and other well known cia outlets as sources or providing evidence a reasonable human would simply stop reading. Those who don't probably also take mc donalds marketing material as nutrition advice.

TMMay 30, 2017 10:07 AM

I don't know what luxury apartments in Russia cost but I sure won't give more credence to your anonymous comment than an extensively sourced research article. If you can identify inaccuracies, please do so, otherwise it would be wiser to keep quiet.

RachelMay 30, 2017 11:47 AM

Ab Praeceptis

Moreover, when seeing "open ... foundation" or "liberty radio" and other well known cia outlets as sources or providing evidence a reasonable human would simply stop reading


Double Speak, right. And in the above instance, the word citizen is a clue in this regard. It is legalese. Citizen means a vassel-slave of the state- corporation. It does not mean human, or man, or woman or anything remotely implying sovreignty

ReasonableMay 30, 2017 12:41 PM

Another good example is the tainted "dossier" on President Trump with accusations and indictments mixed up with reports.

Actually, tainting information or selectively releasing material isn't new at all...

Ross SniderMay 30, 2017 12:53 PM

Very neat report!

I've seen Wikipedia articles edited by DoD IP addresses and a number of other editorial manipulations, but no details about this kind of modification before from any state actor.

A very cool and sophisticated approach, especially including "proof of knowledge" - advanced notice about future publications.

My guess is that the altered document actually includes mostly true information, but that the Russian intelligence services could not burn their sources on CIA and State Department activity funding opposition journalism in Russia.

Been warning about the rising propaganda war for YEARS. And now finally that people have caught on they're in another Red Scare instead of thinking effectively about the security and strategic situation.

phred14May 30, 2017 1:32 PM

@Martin - When you say/imply Walter Cronkite would likely not work for CNN or MSNBC, you identified news sources that self-identify as near-centrist and liberal, respectively. Did you leave Fox News out of that as being obvious that Cronkite would not work there, or are you implying that he would?

moopsMay 30, 2017 2:20 PM

Ab Praeceptis

Your whole style of denigrating the host of this blog is... tacky.

Citizen Lab is a CIA propaganda front? Operating out of the University of Toronto?


Financial support for the Citizen Lab’s research has come from the The Canada Centre for Global Security Studies, Donner Canadian Foundation, Ford Foundation, HIVOS, International Development Research Centre (IDRC), John D. and Catherine T. MacArthur Foundation, Oak Foundation, Open Society Foundation, Psiphon Inc., The Sigrid Rausing Trust, Social Sciences and Humanities Research Council of Canada, and the Walter and Duncan Gordon Foundation. The Citizen Lab received generous donations of software and services from Hyas, Palantir Technologies, and Oculus Info Inc.

Sure, there are likely CIA plants in some of those foundations. Palantir Technologies for example has shown up in other less savory lists. But the primary board members here are from reputable philanthropic and NGO organizations. Their charter is the intersection of politics and technology. So yes, it is political. It is ALSO technical.



But let's get to the more technical investigative side. That whole intelligence operation hangs on sattlers hacked email account being allegedly hacked by Cyber-Berkut.

nope. That was an awfully short "get to the more technical investigative side"

...and ultimately collected 223 malicious links representing 218 unique targets. We have been able to identify the real identity of approximately 85% of the targets. Of the set we identified, we found targets from at least 39 countries.

The Sattler email hack was the opening. Not nearly the whole story.

Comments? You say that you have respect for someone of Bruce Schneier's caliber. You don't drop a rant without backing it up better than that. Particularly on a topic about Russian (or CIA?) disinformation campaigns when we have documented web brigades.

ab praeceptisMay 30, 2017 3:01 PM

moops

I don't have the slightest idea why you would think that I'm denigrating our host.

I don't think that he is publishing his thoughts, impressions, and feelings here only for us to say "yes! hurray!". I stated what I think about that story, and politely so, and that's about it.

RachelMay 30, 2017 3:04 PM

Moops
'Your whole style of denigrating the host of this blog is... tacky.'

TM
'I don't know what luxury apartments in Russia cost but I sure won't give more credence to your anonymous comment than an extensively sourced research article. If you can identify inaccuracies, please do so, otherwise it would be wiser to keep quiet.'

Moops and TM, as it happens I was just perusing the -exceedingly brief- list of Heroes in the Schneier Hall of Fame. And I couldn't find your names anywhere!
Funnily enough, you'll never guess whom I did find listed there. Did I mention it was an exceedingly short list?

Operation MockingchumpMay 30, 2017 3:19 PM

@moops Of course CIA suborns foreign organizations. That is one of their most important means of lending credibility to CIA propaganda that won't fly in the Mockingbird media. Of course they will do it in their Canadian satellite state. Your unspecified list of reputable organizations - does that include the MacArthur Foundation, which has a history of accepting CIA “pass-through” funding and collaborating with them on cold war projects (read Frances Stoner Saunders Who Paid the Piper?: the CIA and the Cultural Cold War.) Your reputable Ford Foundation is famous for that. CIA does their best to corrupt everybody. Question is, did they buy Citizen Labs?

Citizen Labs has done shocking exposes of privatized illegal surveillance and, just in time for CIA's big propaganda push, Russian illegal surveillance. Have they ever given a thought to CIA's own illegal surveillance, foreign or domestic, the most lawless 'net brigade' on earth? No. Clearly they know which side their bread is buttered on, huh? Suckups.

And nice try with the manipulative appeal-to-authority FAIL, demanding respect for somebody else.

moopsMay 30, 2017 3:40 PM

Moops and TM, as it happens I was just perusing the -exceedingly brief- list of Heroes in the Schneier Hall of Fame. And I couldn't find your names anywhere! Funnily enough, you'll never guess whom I did find listed there. Did I mention it was an exceedingly short list?

Argumentum ad ?

I just called it like I saw it:


I'm surprised to see someone of Bruce Schneiers calibre fall for such utter nonsense.

I post infrequently here and do no rank as a Hero. I'm content to just read, but I had time on a long weekend to type some thoughts.

The analysis in the article might have flaws, but the criticism that he has "fallen for nonsense" is a bit over the top. What I saw was a highly selective reading of the article with a bias on ab praeceptis' part. Of course Bruce comes in with a bias too, since he wrote on the subject for the Atlantic last September.


As for Citizen Lab being a CIA front, that is a great question. But nobody here has presented anything better than internet-standard conspiracy theory. Sure, the MacArthur Foundation has been implicated in other CIA propaganda conspiracy theories. All of which amounts to competing propaganda conspiracy theory meant to throw shade over any inquiry. One option is to take the same tack we see in the Shadow Brokers thread: All inquiry is futile. Your knowledge is incomplete and some of it might be tainted so you are a fool to try and speculate.

I still didn't see much legitimate scrutiny of the "technical investigative side".

ab praeceptisMay 30, 2017 4:19 PM

moops

You it it mixed up.

To *accuse* the cia or the nsa of doing something evil would require solid evidence and conclusive arguments.

But that is not what this is about.

This is about accusing Russia or China of something also requires solid evidence and conclusive arguments. Same rules for everyone, right?

It is the us-american authorities as well as many us-americans who accuse Russia or China or at least seriously paint them as most likely perpetrators.

Defending against that is not about solid evidence and conclusive arguments. It is merely about shaking the allegations and showing them and what is brought forward as evidence as inconsistent and not conclusive (or in us lingo as by far *not* beyond reasonable doubt).

It is the accuser who needs to present conclusive and stringent evidence. For the defendant it's sufficient to show that the allegation and or "evidence" is poor.

Moreover it seems just reasonable to utterly mistrust any us media or organization, particularly in cases where the us is involved.

Keep in mind that what you said about e.g. citizens lab was said about fbi, cia, nsa, too, not at all long ago.

Finally, we are in the field of security and one of the most important rules in our field says "Trust *nothing*. Verify!"
*That* is why I was surprised by someone of B. Schneiers calibre falling for little more than hear-say and wild allegations.

When we design security related protocols we *verify* and moreover we assume the worst possible attacker of the Yolev-Dao model. We assume that nothing and nobody can be trusted and that we need *proof*, period. Btw, in (proper, the engineering way) software design we (reasonably!) assume that we can not even trust ourselves. That's why we verify the code we wrote.

You are quick in assuming an insult against person X, yet at the same time you have no qualms about insulting me (probably you didn't even notice it).

I suggest that you cool down, activate your brain, and apply the laws of reason.

Clive RobinsonMay 30, 2017 4:34 PM

@ Rachel,

Citizen means a vassel-slave of the state- corporation.

On the Corp front, HR does not talk of anything as human as "citizen", no they use expressions like "Out sourcing a unit of work resource". Which means some poor wage slave is now unwaged and ejected out the door by security with a cardbox of possessions if liked or a refuse bag they have to pay for if not...

After all it's hard to have anything you can anthropormise if it has no commonality with anything human or living in your thinking.

moopsMay 30, 2017 4:35 PM

@ab praeceptis


*That* is why I was surprised by someone of B. Schneiers calibre falling for little more than hear-say and wild allegations.

I *think* the problem here is the pull quote. The pull quote should have the largest qualifier on it as it is the most speculative of documented claims.

In fact, I suspect that if the quote had left out "Russian-linked" you would have been fine with everything in there. The rebuttal seems to consist of "Not Russia-linked, but CIA-linked".

But that requires an extra level of counter-intelligence. It's not Russia targeting a Russia-critic. It's the CIA framing Russia targeting a Russia-critic. Does it happen? maybe, but it is a more extraordinary claim, and I would like to see even better evidence. Just because the CIA has motives and means does not mean there is evidence.

TMMay 31, 2017 3:52 AM

Rachel: "list of Heroes in the Schneier Hall of Fame"

Very funny.

"Citizen means a vassel-slave of the state- corporation."

Take that, liberals!

I consider this comment style trolling and won't take notice of any posts by you any more.

RachelMay 31, 2017 7:34 AM

TM

as you wish. No trolling intended. But I am happy if you are happy.
Someone did literally post a list of 'heroes in the Schneier hall of fame' , not long ago, namely Clive Robinson, Nick P, Thoth, Ab Praeceptis, and Dirk Praet. All of whom are well deserving of such stature. Their contributions certainly stand out.
My point being, you were asking Ab Praeceptis to keep quiet.
Ab Praeceptis has serious street cred in these multiple aligning arenas in my opinion, and further than that I find his arguments compelling and refreshing. You on the other hand, quite respectfully, I have never heard of before.

As for ' citizen, ' my point stands. It is legalese. Legalese is deliberately intended to mislead, because it sounds like regular speech but has entirely different meanings and applications to 'those in the know'. It means we can contract to terms and conditions without our knowing. It means when we read a T & C it is deliberately deceptive without one knowing what the words are intended to mean in that specific context. 'may..' as in 'if you choose not to meet your agreements we may decide to charge you a fee' means we WILL charge you a fee.

If you are asked, are you a citizen, and you answer 'yes' it means you are contractually consenting to all the definitions and implications of being a citizen, which is indeed is synonymous with being a vassel of the state. Which is certainly not the same as being a free, independent sovereign man or woman.

People think if they hire a lawyer the lawyer is there to represent them, right? Wrong. Look up a Blacks Law Dictionary. It clearly states the laywers fealty and subservience is in this order to the State, the Judge, the Bar Association, and only finally the client . I believe it needs to be 4th Edition or before as they've disguised it in more recent editions.

look up Strawman as a legal term
this is by no means a definitive site found after a quick check but it attends to some of what I refer
http://www.yourstrawman.com/

In Love

Dirk PraetMay 31, 2017 8:39 AM

@ Rachel

Someone did literally post a list of 'heroes in the Schneier hall of fame' , not long ago, namely ...

Off the top of my head, I'd like to add @Wael, @ Alan S, @Skeptical, @65535, @Gerard Van Vooren, @Green Squirrel, @Slime Mold with Mustard, as well as past contributors like @Robert T, @Doug Colter, @Mike The Goat, @Davi Ottenheimer and several others.

@ Clive

On the Corp front, HR does not talk of anything as human as "citizen" ...

They generally refer to members of the labour force as "resources". So do most managers.

Robert E. MoronMay 31, 2017 4:54 PM

"Apparently they have very low standards at the Pacific Institute"

Said the Trump backer, right?

I mean you literally endorse a traitorous ponzi-scheme scammer for President.

One who sold out to the Russians while cracking down on pesky first world liberties, like a free press.

The Pacific Institute reinstated someone accused of changing his story 1 time.

You are signing off on a man who has given away 3 top-secret bits of info in as many days, directly in person.

You want to pick nits based on character and integrity, you should start at the top of the gallows.

notmyrealnameMay 31, 2017 6:22 PM

CitizenLab, the very same one that receives funding from such credible organisations as the "open society institute" and "palantir technologies". I stopped reading there.

Dan H.June 1, 2017 12:05 PM

One principle of the US legal system is to exclude any evidence that has been brought to light as a result of criminal activities; the "Fruit from the poisoned tree" idea. This is a principle that many tax authorities would do extremely well to follow; just because most of a leak is accurate does not mean that all of it can be trusted.

Since any criminal investigation has to work from the point of a suspect being innocent until proven guilty, this exclusion of potentially tainted evidence makes sense. It is merely a great pity that there are so few clear-thinking individuals in law enforcement these days.

Yellow DrawerJune 21, 2017 11:37 AM

Here's another example from last year, just weeks after Bruce predicted that this would become a phenomenon.

https://www.theregister.co.uk/2016/10/06/fancy_bears_wada_hack_update/

WADA claimed that athletes' medical information that was stolen from them and released by Fancy Bears didn't accurately reflect the original data.

Commenters speculated whether Fancy Bears had been inspired by Bruce's article to alter the dox, or whether WADA had been inspired by Bruce's article to claim that Fancy Bears had altered the dox.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.