Auribus teneo lumpum.

DISCLAIMER: All predictions should be viewed through the lens of how wrong I was when that I said there would never be a special prosecutor.

Since Douthat’s now-infamous Amendment XXV op-ed brought the constitutional shenanigans out of the depths of the Blawgs into the mainstream discourse, I’ve found myself asking yet again what we the opposition are expecting to accomplish.  Not-Trump is, in the abstract, a worthy goal, especially with no one worse looming on the horizon yet.  In practice, achieving not-Trump by not-electoral means is likely to bring with it a host of other, more interesting problems.  As a connoisseur I find these fascinating, but as a citizen I’m not so enthusiastic.  There are three constitutionally legitimate ways of achieving not-Trump before 2020: resignation, impeachment, or Amendment XXV. Resignation is boring and I’ll eat my hat if it happens. The other two options have a common obstacle: neither of them would have any popular legitimacy.

The advantage of impeachment is that it’s hard to call it undemocratic: it’s right there in the constitution and only elected officials are involved. However, the absence of consensus makes it unlikely that Congress will risk the process in the first place. Impeachment has to follow public opinion. Most likely we will only see action from Congress if a critical mass of Republican voters are demanding Trump gets the hook, otherwise it’ll just be Clinton Redux.  Then, I’m not persuaded by the argument that Amendment XXVing him is inherently undemocratic: it’s initiated by the cabinet, but it still requires the consent of 2/3rds of Congress if you’re going to make it stick. It doesn’t seem to be within the original intent of the amendment, which was to provide a mechanism for replacing the president if he was incapacitated but not killed in an assassination attempt, but creatively literalist legal interpretation is a noble American tradition.  Of course, that doesn’t matter: when the average member of the People can’t name their own senator, we shouldn’t expect them to grasp, let alone get behind, this sort of casuistic constitutional contortion.

The practical objection to Amendment XXVing him out is that the now-infamous groveling meeting where everyone except Mattis pledged their eternal love for Our Glorious Leader suggests that the cabinet would not be interested in doing any such thing. The speculative objection to Amendment XXVing him is that, if successful, it does nothing to solve any crisis of legitimacy—  it makes it far worse.  Theoretically it puts him where he can’t trash institutions or start a war on Twitter, but as soon as the process is started, we’ve got ourselves a Type II constitutional crisis. It begins with the most spectacular Twitter hissy fit ever seen in this mortal vale of tears and probably the firing of the entire cabinet. Next comes exhausting quarrels over the meaning of “unable to discharge the powers and duties of his office” both on the floor of Congress and in the public discourse. No consensus will ever be reached.  We’re stuck with a Mexican standoff in DC.  The conflict totally consumes Congress. Trump and Pence are both insisting on their authority, and the rest of the executive is trying to function with even less leadership than usual, since there’s neither the time nor the inclination to confirm replacements.  SCOTUS is trying to referee a situation that has no precedent except perhaps the Western Schism. At least half, and likely more, of the People won’t be having it.  The National Mall could fill with dueling protest camps. After that it’s probably not safe to make predictions.

In a piece called “The Guardrails Cannot Contain Trump”, Krauthammer vagueblogs at Douthat and despite the title goes on about how when guardrails are failing we must strengthen the guardrails. Krauthammer and all the other Very Serious People are correct insofar when you’re trying to keep a constitution together, tricks tend to be an own-goal, but we cannot say in advance that Trump will be worse than some kind of strange state of exception any more than we can say that such a state of exception will be worse than Trump.  The problem is that the Very Serious People don’t offer any serious suggestions on how we’re supposed to shore up the norms and institutions.  Our legislative deadlock is not new, and it’s not improving.  “Congress should redouble oversight” is just screaming into the void: the failure of the system is largely due to the longstanding unwillingness of Congress to properly perform its oversight role, or to exercise a number of other powers it constitutionally possesses over the executive.  The bureaucracy will fall: when the principled resign in protest, their positions get filled by weasels or go unfilled altogether.  Douthat’s idea is crazy, but at least he’s aware that we’ve run out of good choices.

When I started this post, I was convinced that neither impeachment nor Amendment XXV would happen.  After tonight’s Russia-Thing-related stories, I’m not so sure.   We’re out of good choices, but we have to choose anyway.

The Palestine Principles

I used to live in Jerusalem, for my sins, and when we finally got out of there, my friends and I set to work finding the general cases for the lessons we’d learned about surviving as politically questionable expats in an occupied city.  If you’re a middle-class young person from a G8 country, living at the mercy of what is often referred to merely as the Situation or somewhat more theologically as the Inshallah Factor has a bit of a learning curve to it.  While we were on the spot, the Moscow Rules had been bandied about a lot, so we tried to get our list down to ten, for symmetry.  Our rules were these:

  1. Everything is political, including this rule.
  2. The true partisan can rationalize anything.
  3. Assume nothing.
  4. Keep a low profile.
  5. It never goes smooth.
  6. Never go against your gut.
  7. Have an exit strategy.
  8. Technology is your enemy.
  9. Don’t try to disrupt known surveillance.
  10. Whatever you did, you’ll hear about it at the border.

When we wrote them, we meant these for the unaffiliated foreign bystander in places like the West Bank or Ukraine, but someone had proposed a general theory that once 1 and 2 held good in a society, it was only a matter of time before the rest would start to apply as well.  It’s starting to look like we’re going to find out.

June 2017: The Library of Alinksandria

Yet another troubling survey, this time on Americans’ views on the proper role of the media.

Tor Ekeland on oversentencing of hackers.

“Cyber operations coerce by imposing costs and destabilizing an opponent’s leadership. As costs grow and destabilization spreads, backing down eventually becomes less painful than standing tall, causing the adversary to comply with the coercer’s demands.”

In our latest installment of Don’t Piss Off The Nerds, the Turkish thugs who attacked protesters outside the DC embassy got the shit OSINTed out of them.

In hindsight suppressing that 2009 DHS report on violent rightist extremism was probably not the greatest idea.

Shadi Hamid on how Egypt could have gone differently and how to get democracy to stick more broadly.  He doesn’t address whether or not democracy can survive absent liberalism, and in the last paragraph there’s a very interesting potential rabbit hole about the consent of the governed.

No, Alan, the president does not have unilateral authority over the people investigating him and his top aides.

Much of the discussion surrounding the not-actually-very-illuminating leak on compromised voter systems revolves around whether or not the KGB achieved lateral motion and was able to compromise provisioning infrastructure.  Even if they didn’t, they succeeded, because we’re worrying about it.

There’s an unlikely alliance between anarchists in Exarchia and the Donbass separatists.  Idiot leftists continue to confuse Putin’s territorial revanchism for anti-imperialism, just because the US isn’t a fan of it.  Don’t be that guy.

Go listen to a very old Greek Marian hymn (but stay out of the comments if you value your sanity).

“… realist liberalism is the kind of liberalism that, perhaps surprisingly, most closely reflects the ethos of the modern novel: its astonishment at the extent of our incommunicable subjectivity, its conviction that each psyche contains (to quote the character from Marilynne Robinson’s Gilead) “a little civilization.” Diverse by nature, we come to be ever more diverse as a result of social and political development. The further we are from violent anarchy, the less we resemble one another in our zeal for mere survival. My aspirations will not excite you; my vision for society will not motivate you; the justifications for government policy that convince me will not convince you.  Liberal institutions do not deny or seek to alter this state of normative fragmentation but, on the contrary, work with it and tend to celebrate it.”

Jack Goldsmith’s piece from February on il Douche’s tweets and the immigration EO bears re-reading now that the case is inching closer to SCOTUS.  In practice I think his predictions will hold, but I don’t believe it’s been thought through beforehand like he speculates.

A case study in watchman-watching: wardriving for IMSI catchers.

Bret Stephens should have written this last summer.

A growing number of Android apps have a charming habit of listening for ultrasonic beacons in sound produced by other devices.  Identifying the Big Brotherish potential in this kind of thing is left as an exercise to the reader.

This story in the New York Times about a Russian assassin in Kiev posing as a journalist is pretty wild.  I’m inclined to wonder what his exit strategy was going to be.

The Doubleswitch phishing attack has been used extensively against journalists and activists in Venezuela and elsewhere, both to cut off comms and to run info ops against the opposition off already-trusted accounts.  It’s probably coming here sooner or later.  Keep an eye on that story about all those DoD-linked Twitter accounts that got owned by bears.

Krauthammer on Article V.  Not all deterrence is MAD.

The Opsec Fail of the Month award goes to everyone involved in the Reality Winner leak.  This fills the blogger with acute second-hand embarrassment.  Honorable mention to Mike Flynn.

Batman’s the worst.

This is Radio Yerevan.

Our listeners ask us: “Is it possible to solve a problem which has no solution?”
We answer: We don’t answer questions related to terrorism.

Our listeners ask us: “Is it true that in Berkeley—”
We answer: Yes. Yes it is.

Our listeners ask us: “Can Leninism succeed in America?”
We answer: In principle, yes, once Steve Bannon returns from exile to resume his rightful place on the NSC.

Our listeners ask us: “What is the most permanent feature of the administration’s immigration policy?”
We answer: Temporary travel bans.

Our listeners ask us: “What do the directors of federal agencies have in common with the homeless and unemployed?”
We answer: They are all uncertain about their next day.

Our listeners ask us: “What should I do if a federal employee takes a seat at the bar beside me and starts to sigh?”
We answer: Demand he stop bashing the President at once.

Our listeners ask us: “What methods do Deep State leakers use in their subversive work against the White House?”
We answer: You can find our SecureDrop under ‘Contact Us’ on our homepage.

May 2017: URL of the Chaldees

Stop blaming Trump on the poor, she repeated incessantly.

David Frum of all people has written the only good article about The Generals I’ve seen.  This feels weird, but I’ll take it.

No, “robot privilege” is not the latest Social Justice™ talking point, but give it time.

APT28 continues to be at it, with some quality compartmentalization failage yet again.  By the time this is published, we might hear whether they’ve gotten any results.

Max Boot (I know, I know) on the inevitability of normalization.

Ha ha ha ha wow Laura Poitras really doesn’t want to talk about Wikileaks and the Panama Papers for some reason.

Back in his Noo Yawk days, our glorious leader liked to use mafioso intimidation tactics on business rivals and city officials.

The latest round of the Gorkening finds that his doctorate isn’t real and he was denied a security clearance in Hungary.  And then somehow I missed this when I read his ridiculous book, but this dumb fascist bastard thinks that the answer to terrorism is fusing the police, military, and IC into a single unified security service.  What could possibly go wrong?

Go listen to this version of Psalm 104 by the Yamma Ensemble.  In general, go listen to the Yamma Ensemble.

Mexico can make us sorry.

Like fighting Putin? There’s an app for that.  Identifying potential problems with this idea is left as an exercise to the reader.

Romans got lead poisoning from a grape must preserve called defrutum, not from lead pipes.  I learned this in Latin class, but I had forgotten it.

I burst out laughing in a crowded coffee shop at this video from Reason about the TSA.

Digital Forensics Lab on the origins and propagation of a Russian fake news story.  Don’t piss off the OSINT nerds.  It’s not worth it.

“If Russia did it, why is there evidence?”  Someone else wrote the screed about Greenwald and the Whataboutists that I keep starting and getting too mad to finish properly.

“Internet blockages, even when targeted at specific websites, are not necessarily rational decisions based on strategic thought. They are very often knee-jerk reactions by autocratic governments, or military juntas, to the loss of control over the society they rule.”

Facebook says they’re cracking down on information operations.

It’s as good a time as any to dig HST’s Nixon obit out of the archive.

Shadow Brokers didn’t just dump a bunch of code: they also may have doxxed NSA personnel, which is a new one.

Maciej Cegłowski on the inhumanity of algorithms and Silicon Valley’s refusal to acknowledge that they’ve created a “toolkit for authoritarians.”

Still more damn Straussians and also Yarvin (they’re called Claremonsters, Andrew).

Germany’s plague of hipster Nazis adds an interesting if regrettable layer of complication to haircut politics.

The culprits in the MU scandal were much more organized than one might think.  And apparently there’s even a Russian intel angle, because everybody and their maiden aunt has a Russian intel angle these days (can I still say “maiden aunt”?).  Minus one to Slytherin for two Bellingcat links in the same roundup.

The complete scumbag of the month award goes to Robert Fisher.  He shares the opsec fail of the month award with the NRO.  Security is hard.

Listen to the refugees. Start with Mujanović himself, Kasparov, Gessen.

You know what to do (although strictly speaking it should be CVNNVS NOBIS GRABENDVS EST).

Easy Comey Easy Goey

What’s really going to tangle up the opposition is that the stated reason for firing Comey is a perfectly good reason to fire Comey, except that it happens not to be why they’re firing Comey.  He praised the damn letter to high heaven at the time.  It would strain even the credulity of the estimable Dr Pangloss to believe that he has suddenly done a 180 and come round to believe that the violations of due process that contributed so much to his victory are in fact violations of due process.  This is the platonic ideal of tail wags dog: he wanted to fire Comey, and so they found the only remotely plausible justification.  As in the case of all of the intemperate CIA hyperventilation about Assange, however, many Democrats agree that Comey deserves the boot– it may not be not nearly so unpopular as it looks from here in the Tidal Marsh.

Do not delude yourself: there won’t be a special prosecutor.  The commentariat has got to quit pretending that there might be.  There won’t be a special prosecutor because the AG (or deputy AG) has to appoint one, and they’re the ones who recommended Comey’s dismissal in the first place.  Failing the AG’s office, Congress could technically have one appointed by passing a law that moved the appointment process out of the AG’s office, but it would have to get past a veto.  The story is not that Ben Sasse got out there like a real person and threw a fit.  The story is that aside from those few people who have not had their spines surgically removed, Republicans are circling the wagons, no doubt a difficult feat for the boneless.  Mitch McConnell is already whoring himself out to the White House.  That 2/3rds vote doesn’t exist.

The firing of Comey is a political crisis, not a constitutional one, but it’s still an existential threat to the separation of powers and the rule of law.  The regime will survive it.  Jack Shafer is funny and also right: Trump is the Teflon Man, and this can get off the front pages fast if he does something sufficiently spectacular elsewhere as a chaser.  I dare not speculate what that might be.  In Congress, this is going to degenerate into partisan warfare that will make the Benghazi hearings look like the Year of Jubilee.  Elsewhere, the Beltway Buzz, or rather the Beltway My-Phone-Is-On-Vibrate-Because-I’m-In-Class-Stop-Texting-Me-Oh-My-God, informs me that the rank-and-file FBI are not amused.  There may be leaks on the scale of a major hull breach impending.  Not that that helps: it’ll just degrade the rule of law faster.

And fuck you, Lavrov.

Lying under OAUTH

I don’t like this new thing where I’m going about my own damn business and suddenly end up on the front lines of the hybrid war, but that’s the cyberpunk dystopia we live in now.  Like nearly everyone inside the Beltway, my workplace got hit with the Google Docs OAUTH worm yesterday afternoon around 1500.  Thanks to Zeynep Tufekci’s efforts on Twitter, I was wise to it well before we actually saw one, and I managed to head my idiot comrades off from clicking on any of them.  I left work in a stew, went to the gym in a stew, failed to bench-press Putin’s equivalent in grubby metal plates, and then found myself speculating wildly this morning in a Twitter thread, but since I always end up yelling GET A BLOG at inveterate threaders (lookin’ at you, Jeet Heer), I’m moving this over here where it belongs.  Anyone all like “Weasels, dude, what the fuck are you talking about?” should 1. stop living under such a rock and 2. read this.

It’s much too early for attribution, of course, but last time something like this happened, it came from APT28, who, as you may recall from my It Was The Russians attribution roundup post a few weeks ago, are the Russians.  While I should probably wait for further information from those who saw the landing page while there was still a domain to WHOIS, I’m inclined to believe this was intel collection— not necessarily from Moscow— until we have some negative confirmation.  What little I’ve seen of the WHOIS data (Google nuked everything before I got to clap eyes on the genuine article) shows the domains were all registered before TrendLab’s report on APT28’s use of faux-Google OAUTH exploits.  The apparent targets are consistent with the intel theory, as is the technique, if you look at it from a spyish angle instead of a hackish one.

The best argument against a state-level actor is that the phish was a dragnet.  Past OAUTH worms and other phishing campaigns from APT28 and Friends have overwhelmingly been spearphishes.  By contrast, this looks to many people like it could be a bunch of rubes looking to make a buck.

Yeah.

Sure.

Tell me another one.

The targets involved were media, feds, NGOs, contractors, and apparently academia.  The business sector only seems to have caught it second hand.  This is consistent with the interests of an intelligence service, but not with financial motives.  It’s still unclear where it began, but according to the above Gizmodo article, EFF thinks it may have started at Buzzfeed.  My own first hint of incoming fire was chatter early yesterday afternoon about a Google docs phish affecting journalists and media companies.  I put out some feelers and started hearing about it directly from friends in politics and the media around 1400 yesterday.  In DC it spread fast, like the bubonic plague-themed illustration of exponential growth that my middle school algebra teacher put on for the edification and amusement of a bunch of morbid eighth graders, hopping from journalists onto government networks and thence to NGOs and the private sector.  The ones I saw all came from a compromised address at USAID.

Then, the hard part of a spearphish is the intel-gathering that has to happen beforehand.  Public-facing social media will only tell you so much.  You’re not going to find out about a journalist’s confidential sources there, and many feds avoid realname social media entirely, because of the inherent opsec problem.  If only there was an easy way to map social networks in Washington so you could narrowly focus your OSINT efforts on the likeliest victims.

Enter a malicious Google app that siphons up your contacts and blasts itself out to your entire network.  That Mailinator address, presumably intended to detect whether the messages sent successfully, was CCed for every single hop the phish made between accounts.  Someone has that full dataset somewhere, even though Google nuked the app and the related domains, and is making it into a lovely network graphic with pretty colors and all.

As a phish searching for financial data, this campaign isn’t the greatest: it doesn’t catch any credentials that could be checked against banks or other accounts, and there doesn’t seem to have been a malware payload besides the mischievous app.  As a way to map networks and gather intelligence for a more sophisticated spearphishing campaign while looking like stupid crime, it’s brilliant.  So if there’s another, more subtle round of OAUTH spearphishes hitting intel targets any time soon, you’ll find me at a corner table at the Hamilton in the most disreputable clothes I own, inhaling cocktails and looking smug.