There is a bunch of strange stuff surfacing surrounding the alleged incident in which the NSA allegedly tried to buy back stolen data from an alleged Russian hacker. I’m tracking it, but there are still many shoes that need to drop before the story begins to even make a shred of sense.
Right now, what we hear is: [nyt]
BERLIN – After months of secret negotiations, a shadowy Russian bilked American spies out of $100,000 last year, promising to deliver stolen National Security Agency cyberweapons in a deal that he insisted would also include compromising material on President Trump, according to American and European intelligence officials.
The cash, delivered in a suitcase to a Berlin hotel room in September, was intended as the first installment of a $1 million payout, according to American officials, the Russian and communications reviewed by The New York Times. The theft of the secret hacking tools had been devastating to the N.S.A., and the agency was struggling to get a full inventory of what was missing.
Several American intelligence officials said they made clear that they did not want the Trump material from the Russian, who was suspected of having murky ties to Russian intelligence and to Eastern European cybercriminals. He claimed the information would link the president and his associates to Russia. Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.
The United States intelligence officials said they cut off the deal because they were wary of being entangled in a Russian operation to create discord inside the American government. They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.
It seems to me that the NSA is using the New York Times to issue press releases, again. Since James Risen over at The Intercept [intercept] is also reporting on this, it also makes me wonder how long this story has been known to him, and whether the New York Times was playing politics (again) by suppressing a story until a convenient time. In case you’ve been asleep lately, the New York Times regularly acts as an establishment propaganda mouthpiece by suppressing news until it’s convenient, or publishing convenient talking-points. [stderr]
It’s … so interesting to try to unpack what’s going on in there. Let’s look at a few chunks and then let’s talk a bit about computer security.
Instead of providing the hacking tools, the Russian produced unverified and possibly fabricated information involving Mr. Trump and others, including bank records, emails and purported Russian intelligence data.
Well, it certainly was important to get that bit about “possibly fabricated information” out there, wasn’t it. My prediction is that the whole article was published in order to get that bit out in the popular consciousness: the Russians have something that they are flogging around and it’s lies, lies, lies fake news fake the fakest news ever probably.
The alleged Russian cybercriminal has good tradecraft; this is all happening through multiple cut-outs. The Intercept reports:
Recently, the Russians have been seeking to provide documents said to be related to Trump officials and Russian meddling in the 2016 campaign, including some purloined FBI reports and banking records. It is not clear whether those documents are in possession of American officials. It is also unclear whether the secret channel has helped the U.S. recover significant amounts of data from the NSA documents believed to have been stolen by the Shadow Brokers.
That’s really interesting, because it would represent a multi-agency break-in dump. FBI reports plus NSA malware plus campaign finance documents.
They were also fearful of political fallout in Washington if they were seen to be buying scurrilous information on the president.
I wonder if this is just normal ineptitude or if the Russians are laughing their asses off, somewhere, going, “let’s give them another lose/lose situation! I bet they choose both paths of ‘lose’!” Because, by not acting resolutely, and by not saying what they actually did they look both like they were incompetent, and trying to not buy scurrilous information. Buttttttt…. they looked at it a bit (see below) uh, but they didn’t buy it. Not much of it. Um. The $100,000 was not a “down payment” it was a, um, look shiny thing!
“Scurrilous information” in this situation, is called “evidence.” So either way, they’re collecting or ignoring evidence. Lose/lose.
they were wary of being entangled in a Russian operation to create discord inside the American government.
Did you actually laugh out loud at that one? I did.
Nugget #5: (From The Intercept)
The existence of the off-the-books communications channel, which has been a closely guarded secret within the U.S. intelligence community, has been highly controversial among those officials who know about it, and has begun to cause rifts between officials at the CIA and the NSA who have been involved with it at various times over the past year.
This means that the NSC and Trump would also know about it. Or, it would mean that the intelligence community is keeping very important secrets from the White House. This is interesting. We can be pretty sure that clarification of who knew what, and when, will be forthcoming. If you are a Trump supporter this would be the “deep state” that people talk about: the intelligence community is deciding/not deciding whether or not to buy a copy of the pee tape, and whatever else the Russians have.
The CIA, which is now headed by a Trump loyalist, CIA Director Mike Pompeo, has at times been reluctant to stay involved in the operation, apparently for fear of obtaining the Trump-related material offered by the Russians, according to sources close to the negotiations.
I find it absolutely inconceivable that an intelligence officer would pass up that kind of stuff for a second. If you’re familiar with the story of the frog and the scorpion, it’s one of those situations.
Then, the story gets more bizzare, according to The Intercept:
In March 2017, the Russian met with the American intermediary and a U.S. official in Berlin and agreed to provide the stolen NSA data from the Shadow Brokers in exchange for payment. The U.S. government used “certain messaging techniques” that the Russian accepted as proof that the U.S. government was behind the negotiations and the proposed deal, according to the documents obtained by The Intercept.
Officials gave the Russians advance knowledge that on June 20, 2017, at 12:30 p.m., the official NSA Twitter account would tweet: “Samuel Morse patented the telegraph 177 years ago. Did you know you can still send telegrams? Faster than post & pay only if it’s delivered.”
That tweet, in exactly those words, was issued at that time.
Got that? This sounds like a bit of cyber-joyriding: some hacker out there is telling their buddies, “watch, I pwn the NSA. They are going to tweet what I tell them when I tell them.” It’s the cyberwar equivalent of “have you got Prince Albert in a Can?”
Allegedly we are talking about a $100,000 payoff against the full dump, at a cost of $1,000,000. It beggars my imagination to think that the CIA thought $1,000,000 was a lot of money. They spend the taxpayer’s money like cocaine-snorting investment bankers in penthouse suites at The Ritz. It is inconceivable that they cared about the money. They probably spent $1,000,000 just worrying about what their agent was going to wear to the dropoff.
The Intercept report sort of slips in:
In December 2017, the Russian turned over documents and files, some of them in Russian. The documents appeared to include FBI investigative reports, financial records, and other materials related to Trump officials and the 2016 campaign.
But the New York Times has apparently seen it but doesn’t think it’s credible.
The Times obtained four of the documents that the Russian in Germany tried to pass to American intelligence (The Times did not pay for the material). All are purported to be Russian intelligence reports, and each focuses on associates of Mr. Trump. Carter Page, the former campaign adviser who has been the focus of F.B.I. investigators, features in one; Robert and Rebekah Mercer, the billionaire Republican donors, in another.
Yet all four appear to be drawn almost entirely from news reports, not secret intelligence. They all also contain stylistic and grammatical usages not typically seen in Russian intelligence reports, said Yuri Shvets, a former K.G.B. officer who spent years as a spy in Washington before immigrating to the United States after the end of the Cold War.
When spies are selling information to other spies, they understand that you include things that substantiate that information; that’s how you fix its value.
It is possible that this is one of the most successful high-level pranks ever played.
One aspect of this story that completely baffles me is that it is cast as the NSA/CIA trying to buy back the data that the Shadow Brokers stole. That makes absolutely no sense at all. None.
Because if I steal your data, I have a copy. You still have your data. We’re not talking about an art work like a stolen painting, that can be “recovered.” So if the NSA was trying to buy back the stolen data, they were trying to buy a copy of their own data, which they currently already have. Probably what they were trying to get was a copy of the original copy – with all the file dates and contents intact, so they could “walk back the cat” and learn more about the leak – except, in theory, they already know what leaked and how. In theory.
The only thing that makes sense is that the NSA/CIA were negotiating to get The Shadow Brokers to promise not to release any more data (it is inconceivable that they would delete all their copies) in return for a large sum of money, and The Shadow Brokers (or prankster hackers pretending to be them) said “LOL do you want kompromat with that?”
This will be another slow-motion intelligence community/Trump administration joint train-wreck. It must be Sunday.
I also get a laugh out of how the various journalists describe the shady/shadowy Russian hacker/cybercriminal who has possible ties to Russian intelligence but whose day job appears to be that they own a kebab stand in Moscow – that is, basically “every cover identity, ever.”