Today I heard our one-time California Representative, Democrat Jane Harmon, reassure people that all is well in the world of US intelligence. She said that after the two big intelligence failures, the US intelligence services had been totally reorganized. I wondered, which two big failures? She listed them as missing 9/11 despite lots of indications, and of being wrong, wrong, wrong about weapons of mass destruction in Iraq before the second Gulf War. Fair enough.
She pointed out that after those failures a new post, the Director of National Intelligence, was created to bring some order and coherence to our no less than seventeen! spy agencies.The current DNI, James Clapper, was testifying today before Congress regarding Russian involvement in the DNC penetration. Ex-Rep Harmon said that she believed that now, everything was just wonderful, and she was shocked to see the Donald not bow down to Clapper’s superior knowledge …
My first thought, of course, was of President Obama calling ISIS the “Junior Varsity” and saying that they posed no threat. Obviously he was basing his claim on the combined output of our new you-beaut all-for-one seventeen intelligence agencies, topped off by the wisdom of DNI James Clapper.
Unfortunately for Clapper and the US, in the event ISIS turned out to be the number one threat of the 21st century to Europe and to the US. This is not a minor miss. This is not our intelligence agencies failing to notice some obscure Russian action in Kyrgyzstan.
This is our seventeen intelligence agencies working together in their combined wisdom to totally miss the biggest threat of the century to date.
Then I remembered this from last year:
More than 50 intelligence analysts working out of the U.S. military’s Central Command have formally complained that their reports on ISIS and al Qaeda’s branch in Syria were being inappropriately altered by senior officials, The Daily Beast has learned.
The complaints spurred the Pentagon’s inspector general to open an investigation into the alleged manipulation of intelligence. The fact that so many people complained suggests there are deep-rooted, systemic problems in how the U.S. military command charged with the war against the self-proclaimed Islamic State assesses intelligence.
“The cancer was within the senior level of the intelligence command,” one defense official said.
Finally, I remembered that DNI James Clapper went before Congress not long ago and solemnly assured both Congress and the American people that nobody was spying on millions of Americans … only to be outed as a damn liar not long afterwards when Edward Snowdon revealed that yes indeedy, they absolutely were spying on millions of us.
So Ex-Representative Harmon will have to forgive me if I do not take the assessments of James Clapper and “the senior level of the intelligence command” at face value. He has demonstrated that even when he raises his hand and swears to tell the truth you can’t trust him.
And further, I’m not buying Senator John McCain’s claim that this is some kind of test of being a real American, based on whether we accept without question the unsubstantiated claims of the often-wrong US intelligence community. Given their recent history of errors, mistakes, and false claims including the DNI flat-out lying to Congress, we’d be fools not to question their claims.
Let me take you through the current example, the hacking of the DNC and Podesta emails. I wrote a précis of this before, let me repeat it here.
First fact. It’s very possible (few things in espionage are ever fully clear) that Russia hacked the DNC. However, the information released to date is far from convincing.
Next fact. There is no evidence at all that the Russians released one scrap of whatever they found if they hacked it. I read the Joint Action Report (JAR). It has one sentence on the release of the information, saying:
The U.S. Government assesses that information was leaked to the press and publicly disclosed.
That’s it. That’s all they say about it.
Note the clear distinction I make between HACKING information and DISCLOSING the hacked information, which I will continue to make in this post with capital letters. Over and over I see people conflating the two, either deliberately or not, including the intelligence community. Hacking information and disclosing information are very, very different.
Sadly, the only information we have from the seventeen agencies to date, the Joint Action Report (JAR), is a joke. It is only two pages long, and they merely parroted the findings of the investigation of CrowdStrike, a private security firm hired by the DNC to investigate the hack. The CrowdStrike study was published half a year ago, on June 12th, 2016. It was then picked up by CNN and broadcast on June 14, 2016. It showed evidence that two kinds of software known to be used by two different Russian private hacker groups had penetrated the DNC server. The CrowdStrike report strongly suggested but provided no evidence of Kremlin involvement in the hack.
OK, let me stop here and ask an interesting question. Care to guess why the two-page joint effort of the seventeen intelligence agencies contains no more information than the CrowdStrike analysis of the DNC hack?
You’ll love this … the intelligence agencies don’t know more than that because the intelligence community never even examined the DNC servers. Seriously. And why didn’t the intelligence community examine the the DNC servers? Why did they rely on CrowdStrike for their information? From CNN:
The Democratic National Committee “rebuffed” a request from the FBI to examine its computer services after it was allegedly hacked by Russia during the 2016 election, a senior law enforcement official told CNN Thursday.
“The FBI repeatedly stressed to DNC officials the necessity of obtaining direct access to servers and data, only to be rebuffed until well after the initial compromise had been mitigated,” a senior law enforcement official told CNN. “This left the FBI no choice but to rely upon a third party for information. These actions caused significant delays and inhibited the FBI from addressing the intrusion earlier.”
This statement is in response to reports that the FBI never asked the DNC for access to the hacked systems.
And now, of course, Democrats angrily rubbish Trump’s name for not trusting the same intelligence community that the DNC didn’t trust to examine their own servers.
In any case, about a week after it was revealed by CNN that the Russians had penetrated the DNC server, on June 22nd, Julian Assange’s organization Wikileaks published the emails in question. Assange said since then and emphatically repeated this week that the emails were leaked to them by a disgruntled Democrat who was sickened by the information that the DNC had secretly colluded to throw Bernie Sanders under the bus.
Of the intrusion, the JAR says the following:
In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims. APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spearphishing emails. In the course of that campaign, APT29 successfully compromised a U.S. political party. At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
In spring 2016, APT28 compromised the same political party, again via targeted spearphishing. This time, the spearphishing email tricked recipients into changing their passwords through a fake webmail domain hosted on APT28 operational infrastructure. Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
Note that they have clearly laid out the HACKING of the information, giving lots of details taken from the CrowdStrike report. However, the crack that they are trying to peanut butter over and hope you won’t notice is the total lack of information about the DISCLOSING of the information. They put in one throwaway sentence at the end of the report … pathetic.
And in particular, the name “Wikileaks” was never mentioned, which is very revealing.
Look, I’m not a fanboi of Julian Assange. In my opinion he did not sufficiently sterilize some of the military information that he leaked, and it may have compromised allies and sources, possibly lethally. And for this he is roundly and perhaps justifiably hated by both the military and the intelligence communities. Today Senator McCain asked DNI James Clapper if he gave any credence to Wikileaks, and Clapper sneered an emphatic no.
Which means that if the US intelligence community had the slightest scrap of evidence implicating Wikileaks you can be damn sure it would be in their report. And that, in turn, means that they have no such evidence and don’t want you to notice that.
Now like I said, I’m not fond of Assange … but here’s the thing. He has never been shown to be lying in a single document that he leaked, or in a single statement he made about how Wikileaks obtained a document. Everything he has put out there has been true and verified. His leaking may indeed be morally wrong. And as to him being anti-Amercan, likely so, although not exclusively.
But all the same … what he has leaked and what he has said has been 100% true.
Yes, I understand that Assange is hated, perhaps justifiably … but that assuredly doesn’t mean he is wrong. And yes, the Russians may well have HACKED the DNC emails … but I find it very doubtful that they DISCLOSED the DNC emails. Here are my reasons:
- The HACKED information was much more valuable to the Russians as blackmail material, particularly because at the time (June) no one dreamed that Trump could ever win. The Russians love blackmail, as do all intelligence services. They’d be wasting blackmail gold on a very long-odds bet that Trump would triumph. Imagine what the Russians could have done with blackmail material on an incoming Clinton Administration.
- The Russians would have known they’d already been associated with the HACKING when CNN broadcast it at least a week before the DISCLOSURE. So they would have known that blowback would be inevitable if they DISCLOSED the information—they would be sure to be blamed.
- Long term, if you were Putin would you rather face Trump and James “Mad Dog” Mattis, or Hillary and Joe “Attack Poodle” Biden? Yes, I know back then Mad Dog wasn’t chosen yet … but really, as Putin would you rather face Trump and Pence, or Hillary and Huma?
- Assange says he absolutely didn’t get the info from the Russians, often and loudly, and his offsider backs up his account.
- US intelligence has provided zero evidence that the Russians DISCLOSED the emails.
So when I add it all up, the odds that Russia is behind the HACKING are pretty good, although far from conclusive … but the odds that the Russians are behind the DISCLOSURE are about zero. I think the emails were both leaked and hacked … which means that the Russians may indeed have further blackmail material about the Democrats.
Which brings me to my final point. Our cyber defenses suck. Badly. As just one example among many, China hacked records of sensitive personal details for 22 MILLION people who applied for Government jobs. These contained all kinds of personal details including security vetting issues, often embarrassing and potentially illegal, about all these millions of people.
Where was this full-court-press kind of hysteria about spies under the bed back then? Why were no Chinese diplomats expelled? Why no Chinese sanctions? And this was only one successful attack on the US Government among many on Obama’s watch.
So my final point is that yes, I think that cybersecurity is a very important issue, and from appearances Trump thinks the same … but the lack of any US reaction to the loss of sensitive data on twenty-two million Americans clearly shows that the Obama Administration doesn’t share my concern.
Here it was a lovely day, sunny but cold. I worked setting up my tools in my new shop. For the first time since forever, I have an actual shop space with room for all my tools. We have two days in between storms here, so I’ve been drying gear and bringing my tools out from my previous hobbit shop that I hand-dug under my house … life is good.
I wish the best of this world for each of you,
PS—In your comments, please QUOTE THE EXACT WORDS YOU ARE REFERRING TO so we can all understand what you are discussing.