Category: Cyberwarfare

We’re Responding to Russia. Don’t Tell the President

During the just-concluded G20 summit in Osaka, Japan, President Trump sardonically warned Russian President Vladimir Putin to stay away from the 2020 US presidential election. Responding to a reporter’s question, Trump playfully pointed his finger at Putin and said, “Don’t meddle in the election.” Putin just laughed.

The president might think that the ongoing Russian efforts to interfere in American democracy is all just a big joke. But his administration doesn’t.

It was only a few days earlier that Trump accused The New York Times of a “virtual act of treason” for a June 15 story that revealed that U.S. Cyber Command had placed “implants” — software code that can be used for surveillance or attack — deep inside the Russian electrical grid. Still mad about the story two days later, he tweeted that it was “fake news” and called on the newspaper to release its “phony” sources.  

Even Putin was puzzled by the president’s reaction.  “I am not sure how we should interpret that — if it means that they disclosed real information or it was a planted story,” he said during his annual “Direct Line” with Russian citizens. “But in any case, we have to respond one way or another; we must understand what this is about.”

Putin was asking the right question. What about the report had prompted the president’s unhinged response? Why was the president so upset about a report that the U.S. government was, after years of inaction, finally fighting back against Russian cyberattacks?

The little-noticed answer lies buried in defense legislation and executive orders signed by Trump himself. Although written in dense bureaucratese, what it says is pretty remarkable: Rather than work with the president when it comes to Russia, Trump’s administration has simply decided to work around him.

Like a parent with a obstinate child, the Trump administration, with an assist from Congress, cut the president out of the decision-making loop on national security decisions involving Russia. The Times, then, was a convenient scapegoat for the president’s impotent fury at his own people.

It’s no secret that Trump has long refused to acknowledge even basic truths about the Russian threat, but the consequences to U.S. national security aren’t so well known.

This definitive report in The Washington Post — based on interviews with more than 50 (!) current and former U.S. officials — described how the intelligence community was structuring the president’s daily brief (PDB) to avoid upsetting Trump.

“If you talk about Russia, meddling, interference — that takes the PDB off the rails,” said a second former senior U.S. intelligence official….

Trump has never convened a Cabinet-level meeting on Russian interference or what to do about it, administration officials said. Although the issue has been discussed at lower levels at the National Security Council, one former high-ranking Trump administration official said there is an unspoken understanding within the NSC that to raise the matter is to acknowledge its validity, which the president would see as an affront.

“Doubting the intelligence, Trump pursues Putin and leaves a Russian threat unchecked,” Greg Miller, Greg Jaffe, Philip Rucker, Dec. 14, 2017.

For far too long, the response to ongoing Russian cyberattacks was a big fat ZERO. That only encouraged Russia and other countries to wreak havoc in cyberspace.

“The warning lights are blinking red again,” Dan Coats, Trump’s own director of national intelligence warned in July 2018. “Today, the digital infrastructure that serves this country is literally under attack.”

Then things started to change.

On August 13, 2018, Trump signed a defense bill that basically gave the U.S. military’s Cyber Command a green light to respond to Russia.

The aptly named John S. McCain National Defense Authorization Act authorized Cyber Command to take “appropriate and proportional” action aimed at disrupting, defeating, and deterring Russian cyberattacks, including those aimed at our democracy. The bill also allowed the defense secretary to authorize clandestine military activity in cyberspace without prior presidential approval.

The conference report on the bill, written by Republican and Democrat members of both the House and the Senate, was revealing:

The conferees have been disappointed with the past responses of the executive branch to adversary cyberattacks and urge the President to respond to the continuous aggression that we see, for example, in Russia’s information operations against the United States and European allies in an attempt to undermine democracy. The administration’s passivity in combatting this campaign, as documented repeatedly in hearings before the congressional defense committees in the past 2 years, in the judgment of numerous executive branch officials, will encourage rather than dissuade additional aggression. The Congress has worked diligently to ensure that the Department possesses the necessary capabilities and authorities to combat, in particular, these Russian information operations, and this authorization represents further progress toward that objective. The conferees strongly encourage the President to defend the American people and institutions of government from foreign intervention.

Read that again and take a moment to reflect on that remarkable passage.

Two days after signing the McCain defense bill, the president signed National Security Presidential Memorandum No. 13. This still-secret memorandum freed the military to conduct offensive cyber operations “without a lengthy approval process,” so long as they don’t cause “death, destruction or significant economic impact,” The Washington Post reported last year.

Apparently without realizing what he was doing, Trump had just given the go-ahead for the types of operations described in the Times article that left him so unhinged.

General Paul Nakasone

Spearheading America’s aggressive response in cyberspace to Russia is General Paul Nakasone, the dual-hatted leader of the National Security Agency and U.S. Cyber Command.

Nakasone has pushed a strategy of “persistent engagement” with our Russian foes in cyberspace. In other words, we don’t sit back and wait for our enemies to attack; we take the fight to them.

Under Nakasone, U.S. Cyber Command has shifted from a response force to a proactive one that meets our adversaries in the foreign networks where they lurk. “If we find ourselves defending inside our own networks, we have lost the initiative and the advantage,” Nakasone told a professional military journal.

Securing the 2018 midterm elections was Cyber Command’s No. 1 priority, Nakasone told Congress, and it prompted him to create the “Russia Small Group.”

On Election Day last year, the Russia Small Group shut down the computer networks at the Internet Research Agency, the so-called St. Petersburg “troll factory” behind much of the social media manipulation during the 2016 election. The Russia Small Group also helped state election officials identify vulnerabilities and improve threat warning and it dispatched forces to beef up cyber defenses in Montenegro, North Macedonia and Ukraine.

Much of its work remains secret, but U.S. senators hinted earlier this year that it was no coincidence that the 2018 midterms were not impacted by Russia. Further proof of the group’s success is the fact that it’s now a permanent fixture at the NSA/Cyber Command, housed in a new, $500 million cyberwarfare bunker at Fort Meade, Maryland.

Few Americans realize that the United States is flexing its muscles in the cyber realm, but Russia is keenly aware of what’s going on. “Vitally important spheres of our economy have been targeted with cyberattacks from abroad,” Dmitry Peskov, the Kremlin spokesman, said in the wake of the Times report. An anonymous law enforcement source told RIA Novosti, a Kremlin-owned news outlet, that the Times story about U.S. incursions in the electrical grid is true, although the Russians say they’ve managed to stop the attacks so far. Last fall, Russian trolls and hackers received direct messages identifying them by their real names and warning them not to interfere in the affairs of other nations.

The only one who seems unsure of what’s happening is the president, who may have realized too late what he signed away when he gave his administration the authority to go on the offensive against Russia.

The implications of the decision to take decision-making authority out of the president’s hands are sobering. It was not a decision that was taken lightly.

It reflects a judgement on the part of Congress and the administration that when it comes to Russia, the 45th president poses a threat to the national security of the United States.

Facebook, Jared Kushner and Russia

forbes-cover-12202016-final_1000x1311Call me skeptical.

I don’t believe that Facebook won the election for Donald Trump. That’s the claim put forth in this hagiographic profile of Jared Kushner in Forbes and in many other media outlets.

The traditional campaign is dead, another victim of the unfiltered democracy of the Web–and Kushner, more than anyone not named Donald Trump, killed it.

We see these stories every time a new president is elected. A while back it was Obama’s “data crunchers.” This time, the key to Trump’s victory, Kushner would like us to believe, were computer algorithms that targeted potential Trump supporters with social media to stunning effect.

Kushner takes credit for hiring Cambridge Analytica, a company owned by Robert Mercer who also happens to be a Trump supporter, Breitbart investor, and a reclusive hedge fund billionaire.

The secret weapon was Cambridge Analytica’s computer algorithms that figure out who you are based and what motivates you based on all the times you click Like on Facebook, as Cambridge Analytica’s Jack Hansom explains in this video:

These algorithms turned up some surprising findings. Liking the New Orleans Saints mean you’re less likely to be “conscientious,” i.e. do the right thing. And liking the Energizer Bunny means you’re more likely to be neurotic.

So what? Well, one or two of these things don’t tell you much, but the average person has hundreds of Facebook Likes which allows Hansom and his colleagues to build a surprisingly accurate picture of your personality. You can test this on yourself here.

Facebook allows you to drill down to the kind of person in the kind of place you want. (You can even reach “Jew haters” in Idaho if you wish.) Here’s Cambridge Analytica’s CEO Alexander Nix showing how his company’s model could be used to drill down to find every “persuadable” gun rights advocate in Iowa:

It’s very impressive (and very creepy), and it makes for a good story, one that Silicon Valley loves in an everybody-is-stupid-except-for-me way.

But the problem with the claim that Kushner and his machine learning wizardry won the election for Trump is that everybody was doing it. Hillary Clinton had a team of mathematicians and analysts crunching data. Ted Cruz had hired Cambridge Analytica as well, but then he ran into the Trump train.

I may be wrong, but I’d wager the $1.8 billion worth of free airtime that TV networks gave Trump every time he opened his trap probably had a lot more to do with him winning the election than Cambridge Analytica.

Trump knows how to get on TV: He is a promotional genius. What will he say next? He’s a modern day PT Barnum and Jeff Zucker‘s CNN couldn’t get enough.

Setting that aside, the Facebook/Jared Kushner story is still pretty important. And what’s important about it is that Special Counsel Robert Mueller thinks it’s pretty important. Facebook may not have won Trump the election, but it may seriously damage his presidency.

CNN reported Sunday that Mueller, who’s investigating Trump’s links to Russia, had served Facebook with a search warrant.  Mueller was interested in the $100,000 worth of ads purchased by bogus accounts that Facebook on Sept. 6 acknowledged had  “likely operated out of Russia.”

Mueller’s search warrant for Facebook is a big deal, a former federal prosecutor explains:

Mueller would have had to show the judge that there was reason to believe that one or more foreign individuals committed a crime and the evidence of the crime could be found on Facebook’s servers.

The crime is that foreign nationals are prohibited from contributing money “or other thing of value” (like $100,000 worth of Facebook ads) in connection with an election. It’s also against the law to solicit, accept, or receive such a contribution.  (Here is the statute.) And if someone on the Trump campaign knew about the Russian Facebook ads and did nothing to stop it, that is also a crime — aiding and abetting.

Did someone on the Trump campaign know about the Russian Facebook ads. We don’t know yet, but the answer lies in targeting. To put it in Watergate terms: Who targeted whom and when?

Were the Russian Facebook ads and the Trump campaign targeting the same people? And if so, how did a bunch of Russian trolls in St. Petersburg or Vladivostok or where ever know to target, say, black women in Milwaukee or rural voters in Michigan’s Upper Peninsula, for example?

I tried to ask Alex Stamos, Facebook’s chief security officer, but didn’t get a reply.

This question intrigues Sen. Mark Warner, the leading Democrat on the Senate intelligence committee, as he said on the Pod Save America podcast:

Warner: When you see some of the explanation and some of the fact that it appears that, for example, women and African Americans were targeted in places like Wisconsin and Michigan, where the Democrats were too brain dead to realize those states were even in play … It was interesting that those states seem to be targeted where the bots — where they could could create a lot of these fake Twitter and Facebook accounts, could in fact overwhelm the targeted search engines that would end up saying on your news feed, you suddenly got stuff that “Hillary Clinton’s sick” or “Hillary Clinton’s stealing money from the State Department.”

I get the fact that the Russian intel services could figure out how to manipulate and use the bots. Whether they could know how to target states and levels of voters that the Democrats weren’t even aware really raises some questions. I think that’s a worthwhile area of inquiry.

How did they know to go to that level of detail in those kinds of jurisdictions?

Vietor : I wonder if they just asked Jared [Kushner] like Trump does with all of his questions. We’ll find out.

Warner : We’ll find out. More to come on that.

Sen. Warner thinks it’s a worthwhile line of inquiry, and it’s a good bet Mueller does too. The information Facebook handed over to Mueller included the targeting criteria the bogus Russian accounts used, The Wall Street Journal reported.

An unnamed Trump campaign staffer told CNN that the key to the whole inquiry may be found on Facebook’s servers.

Only Facebook can answer three critical questions: were the same databases used by the Trump campaign and Russian operatives to coordinate targeting of voters; was money used to promote pro-Trump posts, and, if so, how much was spent and by whom; and will Facebook reveal if bots were successfully used to push fake news posts?

Hopefully, Robert Mueller knows the answers.

Fake News as a Weapon: Trump, Russia and the World of Rumors

Have you heard the rumor that Donald Trump is mentally ill? Did you hear that President Obama wiretapped Trump Tower? With the help of British intelligence?  Or that a child-sex ring connected to Democrats was being run out of a Washington, D.C. pizza restaurant?

boston-herald-rumor-clinic-dont-spread-rumours-war-poster

via New England Historical Society

American society is being bombarded by rumors. Fake news websites push stories like the aforementioned “Pizzagate.” Russian has an army of Twitter trolls who blast out all sorts of wild rumors. Even Donald Trump’s own tweets deluge us with confusing and contradictory information.

It seems awful hard to know what’s true and what’s not these days. Where is the antidote for the epidemic of fake news? Many of us may feel like we can’t even trust our own judgment. And maybe, that’s the point.

The post-truth era, as it’s been called, might feel very familiar to American spies operating behind enemy lines in World War II. Back then, U.S. operatives were coming up with creative ways to damage morale and divide the leadership of Nazi Germany. One of their best weapons was the use of carefully crafted, well-timed rumors.

Rumors were a specialty of the Morale Operations Branch of the Office of Strategic Services (OSS), the predecessor of today’s CIA. One of the most famous of the OSS’ rumor campaigns was “Where Is Hitler?” The OSS would broadcast a fake report that Hitler was supposed to appear at an upcoming rally.  When Hitler inevitably failed to show, the OSS would float rumors that Hitler was ill or suffering from a mental breakdown. These rumors spread so widely that they became the subject of articles in American newspapers, including The New York Times.

Screen Shot 2017-03-21 at 10.02.37 PM

Creating a loss of confidence in leaders was just one was just one the tricks dreamed up by the OSS Morale Operations branch. Others are spelled out in a now declassified field manual, which is a guide on how to use rumors, forgeries, blackmail and bribery to destabilize a country. What the OSS called “subversive rumors” could be used to cause enemy populations to distrust their own news sources, create division among racial, political and religious lines, to create confusion and dismay with a welter of contradictory reports, and to tip the balance when public opinion was in a precarious state, among other things.

Viewed in this light, fake news seems less a nuisance and more like something that would trouble our intelligence community. And indeed, they do appear concerned. The U.S. intelligence community recently concluded that Russia mounted an “influence campaign” during the 2016 presidential election that blended covert intelligence operations with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or “trolls.” Russia influence campaign sought to undermine faith in U.S. democracy and denigrate Hillary Clinton’s campaign.

In essence, Russia has created a modern version of the OSS Morale Operations branch. Social media gives the modern operative powers the likes of which his or her OSS forerunner could only have dreamed. Whereas the OSS had to send operatives into enemy territory to plant rumors, the modern influence campaign can without leaving home harness the power of social media sites. Facebook, Twitter and YouTube are machines for the rapid transmission of rumors.

While the technology behind rumor campaigns has evolved, the nature of rumor itself hasn’t changed much in the 74 years since the OSS wrote its field manual. The OSS defined a rumor as “an unauthenticated, unofficial story or report, represented and transmitted as fact.” This distinguishes it from propaganda, which stamps its authorship on its message. Anybody can start a rumor. Crafting a good one is an art form.

via New England Historical Society

The old OSS characteristics of what makes a good rumor still hold true: A good rumor still must be simple, consisting of a single idea. It must be plausible. It is tied to some known facts, yet is impossible to completely verify. It frequently appears as an “inside” story.  The best rumors to spread are existing ones. “In many cases, the most effective rumor policy will be to spread further rumors that have arisen spontaneously in enemy territory,” the field manual advises.

A good rumor must also be vivid. Rumors with “strong emotional content” are extremely effective. (Case in point: the unforgettable, unverifiable story of Trump cavorting in a Moscow hotel room with prostitutes.) A suggestive rumor was well adapted to spreading fear and doubt, by doling out limited but tantalizing bits of information that allow the audience to formulate conclusions (“FBI Director James Comey made an unexpected trip to the White House.”)

Robert Knapp, who developed the section of the OSS’ Field Manual on rumors and wrote academic papers on the subject, likened a rumor to a torpedo. “Once launched, it travels of its own power,” he wrote. Knapp had an insight into what gave rumors their power: They expressed and gratified the emotional needs of the community, just as daydreams and fantasies expressed the needs of the individual. Rumors gave sense and direction to fears, resentments or hopes. ”No rumor will travel far unless there is already a disposition among those who hear it to lend it credence,” he wrote in a 1944 paper.

Among the many coincidences involving Russia and Donald Trump, one that goes unnoticed is their mutual grasp of the power of rumor. Trump used rumors to stunning effect in his campaign, beginning with the suggestion that President Obama was born in Kenya. This rumor tapped into deeply-held beliefs about President Obama that many people were not comfortable expressing publicly. Outright racism is unacceptable to most Americans. However, many found the disguised racism of a rumor about the African-American president’s birthplace more palatable. There is frequently a racist undertone to many of Trump’s rumors: Muslims celebrating Sept. 11 in New Jersey, illegal immigrants voting, terrorist incidents that didn’t happen, and so on.

Rumors may also help explain Trump’s appeal. In a recent interview, Time magazine’s Michael Scherer pressed Trump on his use of rumors. “What am I going to tell you? I tend to be right,” the president told him. “I’m an instinctual person, I happen to be a person that knows how life works.” In other words, Trump’s rumors feel true to him, even if they can’t be verified. Trump’s words also feel true to his supporters, almost like an article of faith. He is making a connection on a deep emotional level that, once established, is difficult to break.

However, Trump’s predilection for rumors over facts is dangerous, for it leaves him wide open to manipulation. Unwittingly or not, Trump has spread rumors that originated in Russia. The story spread by the White House that President Obama used British intelligence to spy on Trump and his associates started as a story on RT, the Kremlin-backed propaganda outlet.  On the campaign trail, Trump quoted a report that appeared to originate on Sputnik, another Kremlin-backed media outlet.  At a March 30 Senate intelligence committee hearing, Clint Watts, a former FBI agent and an expert on Russian disinformation, explained  in striking terms the problem with having a rumor-monger for a president:

Rumors do work on the campaign trail, but they are toxic to the presidency. Credibility is one of the president’s strongest assets, never more so than in moments of crisis. Trump seems not to understand that, as president, he is the authority, and the White House is the place where rumors end, not where they begin. If President Trump truly wants to make America great again, he must stop spreading rumors.

If Trump won’t quash rumors, others must do it for him. Many news organizations are now regularly refuting the president’s rumors. This effort harkens back to World War II, when rumors were an even bigger problem then they are now. Robert Knapp, the OSS’ rumor expert, founded a “rumor clinic” in Boston that collected rumors and sought to put and end to them. A column first published in the Boston Herald in 1943 quoted the rumor in italics followed by the word FACT. Rumor clinics opened in many cities, but quickly faded following a clash with the Roosevelt administration’s Office of War Information. Government bureaucrats wanted to smother rumors with facts, rather than call attention to them by singling them out for disproof. (For more on this click here.)

Knapp proposed that rumors could serve as an “index of morale.” They may be a better gauge of the true state of public opinion than any poll or survey. Rumors allow expression of the deeply held beliefs and fears that won’t be repeated to a stranger. A look at the rumors prevalent in American society show we are a deeply divided along racial, political, and religious lines. Many Americans have little or no confidence in our elected leaders. We distrust our own news sources.

In sum, American morale has been deeply wounded. We are much weaker than we think we are.

A Mole in the White House?

We now have a confirmation of sorts that the Russian FSB agents arrested last month were working for the CIA.

Today’s news, via the private Russian news agency, Interfax, concerns the arrest of Sergei Mikhailov and others on charges of treason. Mikhailov was serving as deputy director FSB’s Centre for Information Security (see my earlier post for background on this agency).

He reportedly was arrested in December during an FSB meeting and led out with a bag over his head.

Also arrested was Dmitry Dokuchayev, a former hacker going by the pseudonym Forb who agreed to work for the FSB, and Ruslan Stoyanov, a senior researcher at a prominent Russian computer security company, Kaspersky Lab.

Interfax reports that a fourth suspect has also been arrested, and the spy ring involves a total of eight people a total of eight people are under suspicion.

Based on a reading of the scant information in the public record, some inferences can be drawn that raise troubling questions about the speed of these arrests.

In its Jan. 6 report, the U.S. Intelligence Community was able to state with “high confidence” that Russian President Vladimir Putin had ordered a campaign to influence the 2016 U.S. election, including the hacking of Democratic party computer networks and email accounts. Russia’s goal was to undermine confidence in American democracy and help Donald Trump get elected.

Until then, the U.S. Intelligence Community had only expressed  its “confidence” that Russia had hacked the election. In an Oct. 7 statement, the U.S. Director of National Intelligence stated that the releases of hacked Democratic Party documents and emails were “consistent with the methods and motivations of Russian-directed efforts.” The IC was silent about the goal of helping Trump.

There’s an important distinction between “high confidence” and just plain “confidence” that reflects the quality of the intelligence underlying the analysis. These are not academic distinctions. The United States can and does go to war over intelligence, as in Iraq in 2003. In fact, the failure to find weapons of mass destruction in Iraq led to the use of these levels of analytic confidence.

What changed? What gave the DNI “high confidence” in its conclusions that Russia hacked the election?

This sentence from the Jan. 7 DNI report is telling:

Further information has come to light since Election Day that, when combined with Russian behavior since early November 2016, increases our confidence in our assessments of Russian motivations and goals. (emphasis added)

The report did not spell out this new source of information in any detail. However, a few days later, The New York Times, filled in some of the blanks. This further source of information was human intelligence or HUMINT.

But one current and one former United States official, speaking about the classified recruitments on condition of anonymity, confirmed that human sources in Russia did play a crucial role in proving who was responsible for the hacking.

Let’s connect these dots:

  1. By its own admission the U.S. Intelligence Community gained valuable information after Trump’s election on Nov. 8.
  2. If — and this is a huge if — that information came from Mikhailov, the treasonous FSB officer, then he and his co-conspirators were exposed in little more than a month.

A month. Exposing a spy ring in a month is pretty darn fast. The FBI spent years investigating the network of Russian “illegals” — deep cover secret agents — before arresting them in 2010.

The question Langley must be asking itself is: How was Mikhailov exposed?  And even more troubling: Is there a mole in the White House?

This is not (complete) lunacy. Steve Hall, former CIA chief of Russia operations, told NPR that there is a “live question” now at the CIA about what to do if President Trump asks for the source of information on something that puts Vladimir Putin in a bad light. Can the CIA tell him they don’t trust him?

Rumors are swirling around the world’s intelligence communities that Russia holds a thick folder of kompromat, or blackmail on President Trump. There are reports of multiple videotapes of Trump’s dalliances with Russia prostitutes who, as Putin himself boasted, are “the best in the world.” Trump’s own strange relationship with the Russian president (see Trump-Putin Timeline) take some of the starch out of his denials that this is all, as he put it, “fake news.”

Then, there are reports that American spies have reached out to their Israeli colleagues and told them to be careful what information they share with the Trump administration because there was a back channel to Moscow. Her Majesty’s Secret Service is said to be nervous as well.

Before we go too deep down this rabbit hole, let’s consider that it’s quite possible that Mikhailov and company were not working for the CIA, and the whole story is Russian disinformation meant to further weaken our increasingly fragile democracy by continuing to focus interest on this story. This is not only possible, but highly plausible.

Another possibility: Assuming Russia did hack the U.S. election to elect Trump, is it possible that Trump’s denials that he has nothing to do with Russia are true?  Maybe there is another Aldrich Ames running around the CIA feeding secrets back to Moscow?

Question is: Who?