There is a bunch of strange stuff surfacing surrounding the alleged incident in which the NSA allegedly tried to buy back stolen data from an alleged Russian hacker. I’m tracking it, but there are still many shoes that need to drop before the story begins to even make a shred of sense.
Right now, what we hear is: [nyt]
BERLIN – After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials.
The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.
Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.
The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.
It seems to me that the NSA is using the New York Times to issue press releases, again. Since James Risen over at The Intercept [intercept] is also reporting on this, it also makes me wonder how long this story has been known to him, and whether the New York Times was playing politics (again) by suppressing a story until a convenient time. In case you’ve been asleep lately, the New York Times regularly acts as an establishment propaganda mouthpiece by suppressing news until it’s convenient, or publishing convenient talking-points. [stderr]
It’s … so interesting to try to unpack what’s going on in there. Let’s look at a few chunks and then let’s talk a bit about computer security.
Nugget #1:
Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.
Well, it certainly was important to get that bit about “possibly fabricated information” out there, wasn’t it. My prediction is that the whole article was published in order to get that bit out in the popular consciousness: the Russians have something that they are flogging around and it’s lies, lies, lies fake news fake the fakest news ever probably.
The alleged Russian cybercriminal has good tradecraft; this is all happening through multiple cut-outs. The Intercept reports:
Recently, the Russians have been seeking to provide documents said to be related to Trump officials and Russian meddling in the 2016 campaign, including some purloined FBI reports and banking records. It is not clear whether those documents are in possession of American officials. It is also unclear whether the secret channel has helped the U.S. recover significant amounts of data from the NSA documents believed to have been stolen by the Shadow Brokers.
That’s really interesting, because it would represent a multi-agency break-in dump. FBI reports plus NSA malware plus campaign finance documents.
Nugget #2:
They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.
No shit.
I wonder if this is just normal ineptitude or if the Russians are laughing their asses off, somewhere, going, “let’s give them another lose/lose situation! I bet they choose both paths of ‘lose’!” Because, by not acting resolutely, and by not saying what they actually did they look both like they were incompetent, and trying to not buy scurrilous information. Buttttttt…. they looked at it a bit (see below) uh, but they didn’t buy it. Not much of it. Um. The $100,000 was not a “down payment” it was a, um, look shiny thing!
Nugget #3:
“Scurrilous information” in this situation, is called “evidence.” So either way, they’re collecting or ignoring evidence. Lose/lose.
Nugget #4:
they were wary of being entangled in a Russian operation to create discord inside the American government.
Did you actually laugh out loud at that one? I did.
Nugget #5: (From The Intercept)
The existence of the off-the-books communications channel, which has been a closely guarded secret within the U.S. intelligence community, has been highly controversial among those officials who know about it, and has begun to cause rifts between officials at the CIA and the NSA who have been involved with it at various times over the past year.
This means that the NSC and Trump would also know about it. Or, it would mean that the intelligence community is keeping very important secrets from the White House. This is interesting. We can be pretty sure that clarification of who knew what, and when, will be forthcoming. If you are a Trump supporter this would be the “deep state” that people talk about: the intelligence community is deciding/not deciding whether or not to buy a copy of the pee tape, and whatever else the Russians have.
Nugget #6:
The CIA, which is now headed by a Trump loyalist, CIA Director Mike Pompeo, has at times been reluctant to stay involved in the operation, apparently for fear of obtaining the Trump-related material offered by the Russians, according to sources close to the negotiations.
I find it absolutely inconceivable that an intelligence officer would pass up that kind of stuff for a second. If you’re familiar with the story of the frog and the scorpion, it’s one of those situations.
Then, the story gets more bizzare, according to The Intercept:
In March 2017, the Russian met with the American intermediary and a U.S. official in Berlin and agreed to provide the stolen NSA data from the Shadow Brokers in exchange for payment. The U.S. government used “certain messaging techniques” that the Russian accepted as proof that the U.S. government was behind the negotiations and the proposed deal, according to the documents obtained by The Intercept.
Officials gave the Russians advance knowledge that on June 20, 2017, at 12:30 p.m., the official NSA Twitter account would tweet: “Samuel Morse patented the telegraph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s delivered.”
That tweet, in exactly those words, was issued at that time.
Got that? This sounds like a bit of cyber-joyriding: some hacker out there is telling their buddies, “watch, I pwn the NSA. They are going to tweet what I tell them when I tell them.” It’s the cyberwar equivalent of “have you got Prince Albert in a Can?”
Nugget #7:
Allegedly we are talking about a $100,000 payoff against the full dump, at a cost of $1,000,000. It beggars my imagination to think that the CIA thought $1,000,000 was a lot of money. They spend the taxpayer’s money like cocaine-snorting investment bankers in penthouse suites at The Ritz. It is inconceivable that they cared about the money. They probably spent $1,000,000 just worrying about what their agent was going to wear to the dropoff.
The Intercept report sort of slips in:
In December 2017, the Russian turned over documents and files, some of them in Russian. The documents appeared to include FBI investigative reports, financial records, and other materials related to Trump officials and the 2016 campaign.
But the New York Times has apparently seen it but doesn’t think it’s credible.
The Times obtained four of the documents that the Russian in Germany tried to pass to American intelligence (The Times did not pay for the material). All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.
Yet all four appear to be drawn almost entirely from news reports, not secret intelligence. They all also contain stylistic and grammatical usages not typically seen in Russian intelligence reports, said Yuri Shvets, a former K.G.B. officer who spent years as a spy in Washington before immigrating to the United States after the end of the Cold War.
Nugget #8:
When spies are selling information to other spies, they understand that you include things that substantiate that information; that’s how you fix its value.
It is possible that this is one of the most successful high-level pranks ever played.
Computer Security:
One aspect of this story that completely baffles me is that it is cast as the NSA/CIA trying to buy back the data that the Shadow Brokers stole. That makes absolutely no sense at all. None.
Because if I steal your data, I have a copy. You still have your data. We’re not talking about an art work like a stolen painting, that can be “recovered.” So if the NSA was trying to buy back the stolen data, they were trying to buy a copy of their own data, which they currently already have. Probably what they were trying to get was a copy of the original copy – with all the file dates and contents intact, so they could “walk back the cat” and learn more about the leak – except, in theory, they already know what leaked and how. In theory.
The only thing that makes sense is that the NSA/CIA were negotiating to get The Shadow Brokers to promise not to release any more data (it is inconceivable that they would delete all their copies) in return for a large sum of money, and The Shadow Brokers (or prankster hackers pretending to be them) said “LOL do you want kompromat with that?”
This will be another slow-motion intelligence community/Trump administration joint train-wreck. It must be Sunday.
I also get a laugh out of how the various journalists describe the shady/shadowy Russian hacker/cybercriminal who has possible ties to Russian intelligence but whose day job appears to be that they own a kebab stand in Moscow – that is, basically “every cover identity, ever.”
Caine says
Holy shit. What a perfect storm of incompetence and stupid. I was laughing and shaking my head.
Not relevant at all, when I was scrolling down and the Spy vs Spy graphic showed up, before the ‘Spy vs Spy’ crystallized, I saw a badger. Sometimes morphine is really fun.
komarov says
Ooooh…
…
You might have opened with that. I kept asking myself what this buyback stuff was all about. I almost entertained the notion that an actual physical break-in might have occured with someone raiding the archives, which would have explained the NSA trying to figure out what was missing. But why bother? It seems these days everything is apparently online if you know how to get to it.
“Good morning, I’m a maintenance contractor here to oil your squeaky filing cabinets. If they’re locked I’ll need to borrow a key, thanks so much. Oh, the ultra-top-secrets are always the worst, so I’ll need to take them back to the workshop.”
Dunc says
(Adjusts tin foil hat…)
I’m increasingly starting to suspect that the goal of modern psyops is not to advance or hinder any specific agenda, but rather to destroy the citizen’s ability to have any fucking idea of what’s actually going on – to fatally undermine the very concept of reality. “Yeah, it’s nonsense, we know it’s nonsense, you know it’s nonsense, we know you know its nonsense… What are you gonna do?”
Owlmirror says
As usual, my hopelessly naive brain is hopelessly confused as to why Russians who are using Trump properties to launder money are trying to dish dirt on him. Isn’t the dirt supposed to be held off if he’s continuing to be a useful stooge? Or is the dirt a sign that Putin or someone is pissed off at Trump for not stooging enough?
Or is it a sign that one faction of Russians is trying to get at another faction by way of Trump?
cvoinescu says
Comprehending even a fraction of this seems to be way above my pay grade.
That said, I do see the badger too.
Marcus Ranum says
Owlmirror@#4:
It’s a head-shaking mystery to me, too.
The main thrust of the Russia interference story is that Russia decided to make American Democracy and Capitalism look stupid. So: anything that happens is probably incited by the Russians! It’s all very convenient.
I heard another one in some intelligence chatter about how allegedly during the 2008/9 economic collapse, Putin allegedly asked the Chinese if they wanted to join in and dump US bonds. The Chinese allegedly said “no thanks.” (on account of that they already own the US) but it’s an interesting story and mirrors other stories that the US and Saudi Arabia conspired to collapse the Russian economy by depressing the price of oil. These sorts of stories are interesting to me, but I don’t see how we can determine if they’re true or not.
My suspicion is that Russia has the same sort of problem that the US has: its intelligence agencies are populated with sekrit skwirrel people who have their own agendas and pursue (covertly) whatever they considerable in their (and maybe their interpretation of Russia’s..) interest. They are not “out of control” any more than the CIA or NSA are “out of control” they’re just “operating aggressively and independently.” In the US we occasionally see the NSA and CIA going off in different directions, to spite the FBI, or the FBI’s former assistant Director deciding to leak because of inter-agency rivalry – Watergate happened because Mark Felt, a senior FBI bureaucrat, thought that president Nixon was getting too cozy with the CIA – he decided to adjust that with some selective leaking and instead he brought down the government. Putin, being a former KGB covert operations intelligence officer probably has a better idea of the kind of shenanigans an office-building full of sekrit skwirrels gets up to than Trump does. What Trump sees as the “deep state” is probably just the US’ massively over-built intelligence apparatus playing games with itself, against itself, against the Russians, and against everyone else.
American presidents don’t understand how severely and frequently they are played by the bureaucracies they imagine they control. Since they stopped controlling the pentagon and intelligence community via the budget they have basically learned that they can do whatever they want. Of course they would – once you let bureaucracies operate in secret you wind up with sekrit skwirrels with massive covert budgets which with they can pursue independent agendas. Given that Russia is a crony-state that has always had a strong secret police/sekrit skwirrel component, I tend to assume that they’ve got a runaway intelligence apparatus too.
In other words, the view from Marcus-land is that there’s a war going on between clans of sekrit skwirrels who are beholden to nothing but their own agendas, and those of us in the non-covert world (including Putin and Trump) only see the echoes of what leaks out or is disclosed for convenience.
PS – I really hope I am completely wrong.
Marcus Ranum says
Dunc@#3:
“Yeah, it’s nonsense, we know it’s nonsense, you know it’s nonsense, we know you know its nonsense… What are you gonna do?”
Perhaps the “deep state” is really the “dada state”
jrkrideau says
I am currently of the opinion that it looks like a very nice con job, either official or unofficial. If it was official, the SVR RF are laughing like mad. Great value for what probably was peanuts.
I believe that Sun Tsu has been required reading in the Imperial Russian/USSR/Russian officer corps for a long time.
If unofficial, a talented conman has US$100,000 and is quietly chuckling while wondering if he or she can sell the credulous Americans access to Putin’s private archives or, perhaps, offer them Saint Basil’s Cathedral as a convenient observation post on the Kremlin.
@3 Dunc
If the con was official it seems to have spread fear, confusion and increased animosities among key government agencies and would have weakened a war-mongering Trump. I would bet that any of the Russian involvement in the election would have easily been shown to be false.
If it was an unofficial con, some one or ones had enough information to cobble together a saleable package. Even if they did not get the 1 million, they probably covered expenses.
@4 Owlmirror
I doubt that even Tump and his family are stupid enough to be laundering money now. Up until he won the election yes, but he, his family and associates are of no use to oligarchs in Russia or other former republics of USSR.
He ceased to be a useful stooge as soon as he was elected, well probably sooner. It seems clear that he never thought he would win so he probably never thought about the issue.
Or is the dirt a sign that Putin or someone is pissed off at Trump for not stooging enough?
As a laundryman, he became useless when elected. They were probably willing to let him alone, or even smile at him as he had made sounds about wanting better relations with Russia. So even though he was a buffoon, there was some hope of improved relations with the USA and Europe.
Now he is starting to sound like a war-mongering lose cannon, he is not much better than Hilary. Sanctions have not been dropped, in fact I think they may have been increased with more threatened. (I have read a somewhat jaundiced description of the latest proposed list as the Kremlin telephone book married to Forbes list of the worlds richest men).
Or is it a sign that one faction of Russians is trying to get at another faction by way of Trump?
Anything is possible but other than for goodwill, Trump has been useless to anyone in Russia since the election. At the moment I cannot see how getting at Trump would help in a Russian faction fight.
The Russian Government has enough problems, they do not need increasing US paranoia with the Government having no contingency plans.
Marcus Ranum says
komarov@#2:
You might have opened with that. I kept asking myself what this buyback stuff was all about. I almost entertained the notion that an actual physical break-in might have occured with someone raiding the archives, which would have explained the NSA trying to figure out what was missing. But why bother? It seems these days everything is apparently online if you know how to get to it.
When I started writing the piece, I thought seriously about just posting the NYT quote, highlighting the part about “recover data”, and writing “WTF?” under it in red crayon.
Oh, what the heck:
Marcus Ranum says
We need some surrealist hacker to extort some business:
Hacker: We have a copy of your customer database! If you give us 500 bitcoin, we will delete it.
Company: (sends 500 bitcoin)
Hacker: OK, we deleted it.
(minutes go by)
Hacker: We have another copy of your customer database! If you give us 500 bitcoin, we will delete it too.
Company: Wow, these guys are good!
Marcus Ranum says
Meanwhile, the Russians having been banned from the winter olympics, the South Koreans have apparently experienced all kinds of hacking problems with their computers.
Elsewhere in the news: scientists have determined that water is wet.
jrkrideau says
@ Marcus
Given that Russia is a crony-state that has always had a strong secret police/sekrit skwirrel component, I tend to assume that they’ve got a runaway intelligence apparatus too.
I doubt it, well, not to the extent that the USA does. I am sure that the agencies have rivalries, budget fights and so on. It may be difficult to develop such rivalries as well as there really are only two, SVR and FSB with clearly delineated responsibilities. At last count there are, what, 17 in the USA?
SVR and FSB are likely to have far less opportunity to play games as political masters know government. Putin was a colonel in the KGB when he resigned about 27 years ago. Then he went on to be mayor of St. Petersburg and clean up it up. Then he worked for Yeltsin in any number of senior executive positions. Then on to President.
Sergei Lavrov has been a professional diplomat all his working life up to Ambassador to the UN. The Russian system does not just drop someone with no experience into a top job.
Donald Trump, crooked business man and game show host with no government experience. Rex Tillerson, capable senior business executive, no formal government experience.
I remember seeing Putin and Lavrov with Trump and Tillerson and thinking Trump does not even grasp how much he is outclassed.
Secondly, as far as I can tell, the extreme US inter-agency rivalries seem unusual outside of Nazi Germany and maybe some modern dictatorships. Saudi Arabia comes to mind. This seems to be, partly, because there has been no credible existentialist threat to the USA since the end of the US Civil War. One can afford to play power games.
Russia cannot let such dysfunctional rivalries arise because they have such threats. People remember the Great Patriotic War with 20 million or more dead. And then there was the collapse of the Soviet Union, more recently the two Chechen wars, the betrayal by NATO who had promised not to expand eastward, and so on.
Russians just do not have the luxury of playing silly buggers.
brucegee1962 says
What I heard was that they were trying to figure out exactly what got stolen. How would you know you weren’t being played, though?
Marcus Ranum says
brucegee1962@#13:
What I heard was that they were trying to figure out exactly what got stolen
Yes, “walking back the cat” makes some sense except the ‘Shadow Brokers’ already dumped an archive of files including the date/timestamps – it ought to be trivial to determine what was stolen by restoring a copy of the system from backup at that date’s state, and seeing what was in the stolen file tree.
Unless we’re to believe that NSA doesn’t back up its files. I… I… No… That’s inconceivable.
Dunc says
I’m really trying hard not to be a grammar dick these days, but I must say that I particularly enjoy this “existentialist / existential” malapropism… (Which I’ve seen quite a few times now, so it’s not just you, jrkrideau.) It conjures up such wonderful images.
demonax says
Perhaps if someone who has the entrée could ask MI6 or7 what they know of Chris Steele’s insights this could illuminate the spectacle. Remember too that the KGB successors are masters of distraction.
Marcus Ranum says
demonax@#16:
Perhaps if someone who has the entrée could ask MI6 or7 what they know of Chris Steele’s insights this could illuminate the spectacle. Remember too that the KGB successors are masters of distraction.
There are a lot of things Christopher Steele could shed light upon. But did you notice how quickly and thoroughly the US political parties (both of them!) turned around and completely burned him? If that wasn’t revenge, nothing has ever been. Remember that the US political parties are masters of distraction!
Marcus Ranum says
Dunc@#15:
I’m really trying hard not to be a grammar dick these days, but I must say that I particularly enjoy this “existentialist / existential” malapropism…
I normally am not a fan of grammar/vocabulary corrections, either, but I have to admit your pointing that out did give me a chuckle. I can picture Jean Paul Sartre trying to be a threat to anything and failing.
jrkrideau says
# 15 Dunc
existentialist / existential”
Good catch. My face is red.
It was not so much of a malapropism as bloody carelessness on my part. Well okay, technically it’s a malapropism.
My story is that I cannot type (and spelling is a real challenge). I was tired. Etc.
When the spell-checker suggested its 50th correction I just clicked on it. I should know better, it keeps suggesting inquiry when I type enquiry or color when I type colour.
Still, it might be interesting to develop an existentialist argument. Hum, let’s see …. I’ll get back to you on this.
Dunc says
Funnily enough, the more I think about it, questions like “why are you doing this?” and “what’s the point?” probably pose far more threat to the American military than any kind of actual fighting… I like it.