Category: Cyberwarfare

Facebook, Jared Kushner and Russia

forbes-cover-12202016-final_1000x1311Call me skeptical.

I don’t believe that Facebook won the election for Donald Trump. That’s the claim put forth in this hagiographic profile of Jared Kushner in Forbes and in many other media outlets.

The traditional campaign is dead, another victim of the unfiltered democracy of the Web–and Kushner, more than anyone not named Donald Trump, killed it.

We see these stories every time a new president is elected. A while back it was Obama’s “data crunchers.” This time, the key to Trump’s victory, Kushner would like us to believe, were computer algorithms that targeted potential Trump supporters with social media to stunning effect.

Kushner takes credit for hiring Cambridge Analytica, a company owned by Robert Mercer who also happens to be a Trump supporter, Breitbart investor, and a reclusive hedge fund billionaire.

The secret weapon was Cambridge Analytica’s computer algorithms that figure out who you are based and what motivates you based on all the times you click Like on Facebook, as Cambridge Analytica’s Jack Hansom explains in this video:

These algorithms turned up some surprising findings. Liking the New Orleans Saints mean you’re less likely to be “conscientious,” i.e. do the right thing. And liking the Energizer Bunny means you’re more likely to be neurotic.

So what? Well, one or two of these things don’t tell you much, but the average person has hundreds of Facebook Likes which allows Hansom and his colleagues to build a surprisingly accurate picture of your personality. You can test this on yourself here.

Facebook allows you to drill down to the kind of person in the kind of place you want. (You can even reach “Jew haters” in Idaho if you wish.) Here’s Cambridge Analytica’s CEO Alexander Nix showing how his company’s model could be used to drill down to find every “persuadable” gun rights advocate in Iowa:

It’s very impressive (and very creepy), and it makes for a good story, one that Silicon Valley loves in an everybody-is-stupid-except-for-me way.

But the problem with the claim that Kushner and his machine learning wizardry won the election for Trump is that everybody was doing it. Hillary Clinton had a team of mathematicians and analysts crunching data. Ted Cruz had hired Cambridge Analytica as well, but then he ran into the Trump train.

I may be wrong, but I’d wager the $1.8 billion worth of free airtime that TV networks gave Trump every time he opened his trap probably had a lot more to do with him winning the election than Cambridge Analytica.

Trump knows how to get on TV: He is a promotional genius. What will he say next? He’s a modern day PT Barnum and Jeff Zucker‘s CNN couldn’t get enough.

Setting that aside, the Facebook/Jared Kushner story is still pretty important. And what’s important about it is that Special Counsel Robert Mueller thinks it’s pretty important. Facebook may not have won Trump the election, but it may seriously damage his presidency.

CNN reported Sunday that Mueller, who’s investigating Trump’s links to Russia, had served Facebook with a search warrant.  Mueller was interested in the $100,000 worth of ads purchased by bogus accounts that Facebook on Sept. 6 acknowledged had  “likely operated out of Russia.”

Mueller’s search warrant for Facebook is a big deal, a former federal prosecutor explains:

Mueller would have had to show the judge that there was reason to believe that one or more foreign individuals committed a crime and the evidence of the crime could be found on Facebook’s servers.

The crime is that foreign nationals are prohibited from contributing money “or other thing of value” (like $100,000 worth of Facebook ads) in connection with an election. It’s also against the law to solicit, accept, or receive such a contribution.  (Here is the statute.) And if someone on the Trump campaign knew about the Russian Facebook ads and did nothing to stop it, that is also a crime — aiding and abetting.

Did someone on the Trump campaign know about the Russian Facebook ads. We don’t know yet, but the answer lies in targeting. To put it in Watergate terms: Who targeted whom and when?

Were the Russian Facebook ads and the Trump campaign targeting the same people? And if so, how did a bunch of Russian trolls in St. Petersburg or Vladivostok or where ever know to target, say, black women in Milwaukee or rural voters in Michigan’s Upper Peninsula, for example?

I tried to ask Alex Stamos, Facebook’s chief security officer, but didn’t get a reply.

This question intrigues Sen. Mark Warner, the leading Democrat on the Senate intelligence committee, as he said on the Pod Save America podcast:

Warner: When you see some of the explanation and some of the fact that it appears that, for example, women and African Americans were targeted in places like Wisconsin and Michigan, where the Democrats were too brain dead to realize those states were even in play … It was interesting that those states seem to be targeted where the bots — where they could could create a lot of these fake Twitter and Facebook accounts, could in fact overwhelm the targeted search engines that would end up saying on your news feed, you suddenly got stuff that “Hillary Clinton’s sick” or “Hillary Clinton’s stealing money from the State Department.”

I get the fact that the Russian intel services could figure out how to manipulate and use the bots. Whether they could know how to target states and levels of voters that the Democrats weren’t even aware really raises some questions. I think that’s a worthwhile area of inquiry.

How did they know to go to that level of detail in those kinds of jurisdictions?

Vietor : I wonder if they just asked Jared [Kushner] like Trump does with all of his questions. We’ll find out.

Warner : We’ll find out. More to come on that.

Sen. Warner thinks it’s a worthwhile line of inquiry, and it’s a good bet Mueller does too. The information Facebook handed over to Mueller included the targeting criteria the bogus Russian accounts used, The Wall Street Journal reported.

An unnamed Trump campaign staffer told CNN that the key to the whole inquiry may be found on Facebook’s servers.

Only Facebook can answer three critical questions: were the same databases used by the Trump campaign and Russian operatives to coordinate targeting of voters; was money used to promote pro-Trump posts, and, if so, how much was spent and by whom; and will Facebook reveal if bots were successfully used to push fake news posts?

Hopefully, Robert Mueller knows the answers.

Fake News as a Weapon: Trump, Russia and the World of Rumors

Have you heard the rumor that Donald Trump is mentally ill? Did you hear that President Obama wiretapped Trump Tower? With the help of British intelligence?  Or that a child-sex ring connected to Democrats was being run out of a Washington, D.C. pizza restaurant?

boston-herald-rumor-clinic-dont-spread-rumours-war-poster

via New England Historical Society

American society is being bombarded by rumors. Fake news websites push stories like the aforementioned “Pizzagate.” Russian has an army of Twitter trolls who blast out all sorts of wild rumors. Even Donald Trump’s own tweets deluge us with confusing and contradictory information.

It seems awful hard to know what’s true and what’s not these days. Where is the antidote for the epidemic of fake news? Many of us may feel like we can’t even trust our own judgment. And maybe, that’s the point.

The post-truth era, as it’s been called, might feel very familiar to American spies operating behind enemy lines in World War II. Back then, U.S. operatives were coming up with creative ways to damage morale and divide the leadership of Nazi Germany. One of their best weapons was the use of carefully crafted, well-timed rumors.

Rumors were a specialty of the Morale Operations Branch of the Office of Strategic Services (OSS), the predecessor of today’s CIA. One of the most famous of the OSS’ rumor campaigns was “Where Is Hitler?” The OSS would broadcast a fake report that Hitler was supposed to appear at an upcoming rally.  When Hitler inevitably failed to show, the OSS would float rumors that Hitler was ill or suffering from a mental breakdown. These rumors spread so widely that they became the subject of articles in American newspapers, including The New York Times.

Screen Shot 2017-03-21 at 10.02.37 PM

Creating a loss of confidence in leaders was just one was just one the tricks dreamed up by the OSS Morale Operations branch. Others are spelled out in a now declassified field manual, which is a guide on how to use rumors, forgeries, blackmail and bribery to destabilize a country. What the OSS called “subversive rumors” could be used to cause enemy populations to distrust their own news sources, create division among racial, political and religious lines, to create confusion and dismay with a welter of contradictory reports, and to tip the balance when public opinion was in a precarious state, among other things.

Viewed in this light, fake news seems less a nuisance and more like something that would trouble our intelligence community. And indeed, they do appear concerned. The U.S. intelligence community recently concluded that Russia mounted an “influence campaign” during the 2016 presidential election that blended covert intelligence operations with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or “trolls.” Russia influence campaign sought to undermine faith in U.S. democracy and denigrate Hillary Clinton’s campaign.

In essence, Russia has created a modern version of the OSS Morale Operations branch. Social media gives the modern operative powers the likes of which his or her OSS forerunner could only have dreamed. Whereas the OSS had to send operatives into enemy territory to plant rumors, the modern influence campaign can without leaving home harness the power of social media sites. Facebook, Twitter and YouTube are machines for the rapid transmission of rumors.

While the technology behind rumor campaigns has evolved, the nature of rumor itself hasn’t changed much in the 74 years since the OSS wrote its field manual. The OSS defined a rumor as “an unauthenticated, unofficial story or report, represented and transmitted as fact.” This distinguishes it from propaganda, which stamps its authorship on its message. Anybody can start a rumor. Crafting a good one is an art form.

via New England Historical Society

The old OSS characteristics of what makes a good rumor still hold true: A good rumor still must be simple, consisting of a single idea. It must be plausible. It is tied to some known facts, yet is impossible to completely verify. It frequently appears as an “inside” story.  The best rumors to spread are existing ones. “In many cases, the most effective rumor policy will be to spread further rumors that have arisen spontaneously in enemy territory,” the field manual advises.

A good rumor must also be vivid. Rumors with “strong emotional content” are extremely effective. (Case in point: the unforgettable, unverifiable story of Trump cavorting in a Moscow hotel room with prostitutes.) A suggestive rumor was well adapted to spreading fear and doubt, by doling out limited but tantalizing bits of information that allow the audience to formulate conclusions (“FBI Director James Comey made an unexpected trip to the White House.”)

Robert Knapp, who developed the section of the OSS’ Field Manual on rumors and wrote academic papers on the subject, likened a rumor to a torpedo. “Once launched, it travels of its own power,” he wrote. Knapp had an insight into what gave rumors their power: They expressed and gratified the emotional needs of the community, just as daydreams and fantasies expressed the needs of the individual. Rumors gave sense and direction to fears, resentments or hopes. ”No rumor will travel far unless there is already a disposition among those who hear it to lend it credence,” he wrote in a 1944 paper.

Among the many coincidences involving Russia and Donald Trump, one that goes unnoticed is their mutual grasp of the power of rumor. Trump used rumors to stunning effect in his campaign, beginning with the suggestion that President Obama was born in Kenya. This rumor tapped into deeply-held beliefs about President Obama that many people were not comfortable expressing publicly. Outright racism is unacceptable to most Americans. However, many found the disguised racism of a rumor about the African-American president’s birthplace more palatable. There is frequently a racist undertone to many of Trump’s rumors: Muslims celebrating Sept. 11 in New Jersey, illegal immigrants voting, terrorist incidents that didn’t happen, and so on.

Rumors may also help explain Trump’s appeal. In a recent interview, Time magazine’s Michael Scherer pressed Trump on his use of rumors. “What am I going to tell you? I tend to be right,” the president told him. “I’m an instinctual person, I happen to be a person that knows how life works.” In other words, Trump’s rumors feel true to him, even if they can’t be verified. Trump’s words also feel true to his supporters, almost like an article of faith. He is making a connection on a deep emotional level that, once established, is difficult to break.

However, Trump’s predilection for rumors over facts is dangerous, for it leaves him wide open to manipulation. Unwittingly or not, Trump has spread rumors that originated in Russia. The story spread by the White House that President Obama used British intelligence to spy on Trump and his associates started as a story on RT, the Kremlin-backed propaganda outlet.  On the campaign trail, Trump quoted a report that appeared to originate on Sputnik, another Kremlin-backed media outlet.  At a March 30 Senate intelligence committee hearing, Clint Watts, a former FBI agent and an expert on Russian disinformation, explained  in striking terms the problem with having a rumor-monger for a president:

Rumors do work on the campaign trail, but they are toxic to the presidency. Credibility is one of the president’s strongest assets, never more so than in moments of crisis. Trump seems not to understand that, as president, he is the authority, and the White House is the place where rumors end, not where they begin. If President Trump truly wants to make America great again, he must stop spreading rumors.

If Trump won’t quash rumors, others must do it for him. Many news organizations are now regularly refuting the president’s rumors. This effort harkens back to World War II, when rumors were an even bigger problem then they are now. Robert Knapp, the OSS’ rumor expert, founded a “rumor clinic” in Boston that collected rumors and sought to put and end to them. A column first published in the Boston Herald in 1943 quoted the rumor in italics followed by the word FACT. Rumor clinics opened in many cities, but quickly faded following a clash with the Roosevelt administration’s Office of War Information. Government bureaucrats wanted to smother rumors with facts, rather than call attention to them by singling them out for disproof. (For more on this click here.)

Knapp proposed that rumors could serve as an “index of morale.” They may be a better gauge of the true state of public opinion than any poll or survey. Rumors allow expression of the deeply held beliefs and fears that won’t be repeated to a stranger. A look at the rumors prevalent in American society show we are a deeply divided along racial, political, and religious lines. Many Americans have little or no confidence in our elected leaders. We distrust our own news sources.

In sum, American morale has been deeply wounded. We are much weaker than we think we are.

A Mole in the White House?

We now have a confirmation of sorts that the Russian FSB agents arrested last month were working for the CIA.

Today’s news, via the private Russian news agency, Interfax, concerns the arrest of Sergei Mikhailov and others on charges of treason. Mikhailov was serving as deputy director FSB’s Centre for Information Security (see my earlier post for background on this agency).

He reportedly was arrested in December during an FSB meeting and led out with a bag over his head.

Also arrested was Dmitry Dokuchayev, a former hacker going by the pseudonym Forb who agreed to work for the FSB, and Ruslan Stoyanov, a senior researcher at a prominent Russian computer security company, Kaspersky Lab.

Interfax reports that a fourth suspect has also been arrested, and the spy ring involves a total of eight people a total of eight people are under suspicion.

Based on a reading of the scant information in the public record, some inferences can be drawn that raise troubling questions about the speed of these arrests.

In its Jan. 6 report, the U.S. Intelligence Community was able to state with “high confidence” that Russian President Vladimir Putin had ordered a campaign to influence the 2016 U.S. election, including the hacking of Democratic party computer networks and email accounts. Russia’s goal was to undermine confidence in American democracy and help Donald Trump get elected.

Until then, the U.S. Intelligence Community had only expressed  its “confidence” that Russia had hacked the election. In an Oct. 7 statement, the U.S. Director of National Intelligence stated that the releases of hacked Democratic Party documents and emails were “consistent with the methods and motivations of Russian-directed efforts.” The IC was silent about the goal of helping Trump.

There’s an important distinction between “high confidence” and just plain “confidence” that reflects the quality of the intelligence underlying the analysis. These are not academic distinctions. The United States can and does go to war over intelligence, as in Iraq in 2003. In fact, the failure to find weapons of mass destruction in Iraq led to the use of these levels of analytic confidence.

What changed? What gave the DNI “high confidence” in its conclusions that Russia hacked the election?

This sentence from the Jan. 7 DNI report is telling:

Further information has come to light since Election Day that, when combined with Russian behavior since early November 2016, increases our confidence in our assessments of Russian motivations and goals. (emphasis added)

The report did not spell out this new source of information in any detail. However, a few days later, The New York Times, filled in some of the blanks. This further source of information was human intelligence or HUMINT.

But one current and one former United States official, speaking about the classified recruitments on condition of anonymity, confirmed that human sources in Russia did play a crucial role in proving who was responsible for the hacking.

Let’s connect these dots:

  1. By its own admission the U.S. Intelligence Community gained valuable information after Trump’s election on Nov. 8.
  2. If — and this is a huge if — that information came from Mikhailov, the treasonous FSB officer, then he and his co-conspirators were exposed in little more than a month.

A month. Exposing a spy ring in a month is pretty darn fast. The FBI spent years investigating the network of Russian “illegals” — deep cover secret agents — before arresting them in 2010.

The question Langley must be asking itself is: How was Mikhailov exposed?  And even more troubling: Is there a mole in the White House?

This is not (complete) lunacy. Steve Hall, former CIA chief of Russia operations, told NPR that there is a “live question” now at the CIA about what to do if President Trump asks for the source of information on something that puts Vladimir Putin in a bad light. Can the CIA tell him they don’t trust him?

Rumors are swirling around the world’s intelligence communities that Russia holds a thick folder of kompromat, or blackmail on President Trump. There are reports of multiple videotapes of Trump’s dalliances with Russia prostitutes who, as Putin himself boasted, are “the best in the world.” Trump’s own strange relationship with the Russian president (see Trump-Putin Timeline) take some of the starch out of his denials that this is all, as he put it, “fake news.”

Then, there are reports that American spies have reached out to their Israeli colleagues and told them to be careful what information they share with the Trump administration because there was a back channel to Moscow. Her Majesty’s Secret Service is said to be nervous as well.

Before we go too deep down this rabbit hole, let’s consider that it’s quite possible that Mikhailov and company were not working for the CIA, and the whole story is Russian disinformation meant to further weaken our increasingly fragile democracy by continuing to focus interest on this story. This is not only possible, but highly plausible.

Another possibility: Assuming Russia did hack the U.S. election to elect Trump, is it possible that Trump’s denials that he has nothing to do with Russia are true?  Maybe there is another Aldrich Ames running around the CIA feeding secrets back to Moscow?

Question is: Who?

What Is Russia’s Centre for Information Security?

The New York Times reports on a series of arrests involving Russia’s FSB, the successor agency to the KGB that may be connected to the hacking of the 2016 U.S. Election.

According to the Times, one of those arrested, Sergei Mikhailov, was serving as deputy director FSB’s Centre for Information Security. He was arrested on a charge of treason. Earlier in the month, the head of the Centre, Andrei Gerasimov, was dismissed.

What is the FSB’s Centre for Information Security?

Some answers come from Jeffrey Carr, a security consultant out of Seattle who runs the consulting firm TAIA Global and published Inside Cyber Warfare. Carr describes the FSB’s Centre for Information Security (also known as Military Unit 64829) as the organization in charge of protecting Russia’s Internet.

“In sum, any Internet operation originating in Russia are almost certainly monitored and probably overseen by the FSB ISC,” Carr wrote in this analysis. “Current Russian press covers Russian intentions to implement further restrictions on RuNet to counter foreign attempts to wage “information warfare” against Russian and ideologically subvert the Russian population. Whatever final form the new restrictions take, the FSB ISC will be heavily involved.”

In his book, Inside Cyber War, Carr goes a bit further.  The Centre not only defends the Russian Internet (RuNet) it can also attack.
screen-shot-2017-01-28-at-8-24-12-am
Also arrested was Dmitry Dokuchayev, a former hacker going by the pseudonym Forb who agreed to work for the FSB in exchange for dropping charges of credit card fraud. In an interview with a Russian newspaper, (or here in the original Russian) Dokuchayev/Forb said he had carried out a successful cyberattack on the US government.
screen-shot-2017-01-28-at-9-45-08-am

I would be wary of any reports that claim the Centre hacked the U.S. election. Cyberwarfare like conventional warfare is a confusing picture, with many different groups carrying out different but overlapping missions.

Different FSB components are responsible for attacks outside Russia. One is the FSB’s 16th Center, also known by the Orwellian name of the FSB Center for Electronic Surveillance of Communications, according to TAIA Global Another is the FSB’s 18th Center. Another is the FSB’s Fifth Directorate. All three were blamed for cyberattacks and propaganda during the Russian invasion of the Crimean Peninsula.

And President Obama’s executive order imposing sanctions in response to the hacking of the 2016 U.S. Election names both the FSB and the GRU, the main intelligence directorate. It’s believed that the GRU hacks were passed along to Wikileaks and other media outlets during the election.

There’s no evidence yet that the Centre for Information Security had a hand in the 2016 U.S. election hacking, but with their complete command of the Russian Internet they almost certainly would have known about it.