Easy Comey Easy Goey

What’s really going to tangle up the opposition is that the stated reason for firing Comey is a perfectly good reason to fire Comey, except that it happens not to be why they’re firing Comey.  He praised the damn letter to high heaven at the time, and now we’re supposed to believe that he has suddenly done a 180 and come round to the view that the violations of due process that contributed so much to his victory are in fact violations of due process.  This is the platonic ideal of tail wags dog: he wanted to fire Comey, and so they found the only remotely plausible justification.  As in the case of all of the intemperate CIA hyperventilation about Assange, however, many Democrats agree that Comey deserves the boot– it may not be not nearly so unpopular as it looks from here in the Tidal Marsh.

Do not delude yourself: there won’t be a special prosecutor.  The commentariat has got to quit pretending that there might be.  There won’t be a special prosecutor because the AG (or deputy AG) has to appoint one, and they’re the ones who recommended Comey’s dismissal in the first place.  Failing the AG’s office, Congress could technically have one appointed by passing a law that moved the appointment process out of the AG’s office, but it would have to get past a veto.  The story is not that Ben Sasse got out there like a real person and threw a fit.  The story is that aside from those few people who have not had their spines surgically removed, Republicans are circling the wagons, no doubt a difficult feat for the boneless.  Mitch McConnell is already whoring himself out to the White House.  That 2/3rds vote doesn’t exist.

The firing of Comey is a political crisis, not a constitutional one, but it’s still an existential threat to the separation of powers and the rule of law.  The regime will survive it.  Jack Shafer is funny and also right: Trump is the Teflon Man, and this can get off the front pages fast if he does something sufficiently spectacular elsewhere as a chaser.  I dare not speculate what that might be.  In Congress, this is going to degenerate into partisan warfare that will make the Benghazi hearings look like the Year of Jubilee.  Elsewhere, the Beltway Buzz, or rather the Beltway My-Phone-Is-On-Vibrate-Because-I’m-In-Class-Stop-Texting-Me-Oh-My-God, informs me that the rank-and-file FBI are not amused.  There may be leaks on the scale of a major hull breach impending.  Not that that helps: it’ll just degrade the rule of law faster.

And fuck you, Lavrov.


Lying under OAUTH

I don’t like this new thing where I’m going about my own damn business and suddenly end up on the front lines of the hybrid war, but that’s the cyberpunk dystopia we live in now.  Like nearly everyone inside the Beltway, my workplace got hit with the Google Docs OAUTH worm yesterday afternoon around 1500.  Thanks to Zeynep Tufekci’s efforts on Twitter, I was wise to it well before we actually saw one, and I managed to head my idiot comrades off from clicking on any of them.  I found myself speculating wildly this morning in a Twitter thread, but that’s the rankest Jeet-Heerishness so I’m hopping over to the blog where this belongs.  If you don’t know what an OAUTH phish is, read this.

It’s much too early for attribution, of course, but last time something like this happened, it came from APT28, who, as you may recall from my It Was The Russians attribution roundup post a few weeks ago, are the Russians.  While I should probably wait for further information from those who saw the landing page while there was still a domain to WHOIS, I’m inclined to believe this was intel collection— not necessarily from Moscow— until we have some negative confirmation.  What little I’ve seen of the WHOIS data (Google nuked everything before I got to clap eyes on the genuine article) shows the domains were all registered before TrendLab’s report on APT28’s use of faux-Google OAUTH exploits.  The apparent targets are consistent with the intel theory, as is the technique, if you look at it from a spyish angle instead of a hackish one.

The best argument against a state-level actor is that the phish was a dragnet.  Past OAUTH worms and other phishing campaigns from APT28 and Friends have overwhelmingly been spearphishes.  By contrast, this looks to many people like it could be a bunch of rubes looking to make a buck.



Tell me another one.

The targets involved were media, feds, NGOs, contractors, and apparently academia.  The business sector only seems to have caught it second hand.  This is consistent with the interests of an intelligence service, but not with financial motives.  It’s still unclear where it began, but according to the above Gizmodo article, EFF thinks it may have started at Buzzfeed.  My own first hint of incoming fire was chatter early yesterday afternoon about a Google docs phish affecting journalists and media companies.  I put out some feelers and started hearing about it directly from friends in politics and the media around 1400 yesterday.  In DC it spread fast, like the bubonic plague-themed illustration of exponential growth that my middle school algebra teacher put on for the edification and amusement of a bunch of morbid eighth graders, hopping from journalists onto government networks and thence to NGOs and the private sector.  The ones I saw all came from a compromised address at USAID.

Then, the hard part of a spearphish is the intel-gathering that has to happen beforehand.  Public-facing social media will only tell you so much.  You’re not going to find out about a journalist’s confidential sources there, and many feds avoid realname social media entirely, because of the inherent opsec problem.  If only there was an easy way to map social networks in Washington so you could narrowly focus your OSINT efforts on the likeliest victims.

Enter a malicious Google app that siphons up your contacts and blasts itself out to your entire network.  That Mailinator address, presumably intended to detect whether the messages sent successfully, was CCed for every single hop the phish made between accounts.  Someone has that full dataset somewhere, even though Google nuked the app and the related domains, and is making it into a lovely network graphic with pretty colors and all.

As a phish searching for financial data, this campaign isn’t the greatest: it doesn’t catch any credentials that could be checked against banks or other accounts, and there doesn’t seem to have been a malware payload besides the mischievous app.  As a way to map networks and gather intelligence for a more sophisticated spearphishing campaign while looking like stupid crime, it’s brilliant.  So if there’s another, more subtle round of OAUTH spearphishes hitting intel targets any time soon, you’ll find me at a corner table at the Hamilton in the most disreputable clothes I own, inhaling cocktails and looking smug.

Regarding Beers With The Common Man

The mainstream print media handwringing surrounding their supposed role in the recent ascension of a certain safety-orange populist with a dead badger strapped to his pate is really starting to get to me.  The sin of us coastal elites is supposed to be coastal elitism, of which the Platonic bloody ideal has got to be this condescending notion that the heartland is full of a bunch of goofy hicks who voted for the bombastic day-glo nationalist because they just didn’t know any better and journalists failed them.  This nonsense is vastly more infantilizing than Obamasplaining or thinkpieces about diversity or whatever else it is that sad, self-important urban journalists like to point to as the cause of the populist backlash.  It’s not some backward wasteland, for fuck’s sake: they’re 21st century Americans.  They have smart phones and the same access to fact-checking resources as the rest of us.  Do not try to deny them agency and responsibility.  They chose the Yam despite everything, and if they were underinformed about him, it was because they chose to be underinformed.  The People are just the People: the greatest risk of democracy is that sometimes they are catastrophically wrong.

The one point on which the press has legitimate grounds for self-flagellation is insufficient attention to mob involvement, the Russia thing, the Bondi bribery case, the repeat bankruptcies, and other tentacles of the Trump business octopus.  But to have been mislead by that, one would have to be reading print journalism in the first place.

And we still haven’t accounted for the empty rifle.

Weasels:  So after all the talk this week, I find myself puzzled by the logistics of the circular firing squad.  What am I supposed to be picturing?  Is it an everybody-shoots-the-guy-to-his-left thing or are you aiming at whoever’s across from you through some poor bastard in the middle?

Basmati: Maybe it’s a variation on the handshake problem? Or that scene from Wanted?

Weasels:  No, a Mexican standoff traditionally involves 2n handguns where n is the total number of participants, and your linear firing squad generally has n-1 rifles, and in some cases n-2 bullets.
Weasels:  Besides which Trump is almost certainly opposed to importing standoffs from Mexico.
Weasels: It’s only a handshake problem if every member of the circular firing squad has to shoot every other member, which seems medically implausible.  Presumably it’s the other way round and what matters is that everybody gets shot at least once.

Basmati:  Well if everyone has to get shot once we could talk about spanning trees on K_n.
Basmati:  What’s the Minkowski sum of firing squads?

Weasels:  I’m not interested in a general equation, just the two-dimensional circular case.
Weasels: Well ok, we know that the daisy chain method works for both n=2k and n=2k+1 where n is the members of the firing squad and k is an integer.  The crossfire method only works for n=2k and that’s before you’ve accounted for the odds of bullets colliding.
Weasels: Is this backstopped in some way?  Doesn’t anyone care about civilian casualties?

Basmati: What if instead we take a lattice firing squad? Or a lattice of firing squads??
Basmati: What if they aren’t arranged in a convex fashion?

Weasels:  I think we might be able to solve this as a lattice for any case in which there is an enemy to be executed at the center of the polygon, but I think once the firing squad is no longer convex we’re onto the general case again (circular is obviously a misnomer, except for cases where n—>∞).

Basmati:  What if they’re in hyperbolic space?
Basmati: I think that would be appropriate.
Basmati:  They can’t shoot each other.   They’re all on the edge of the hyperbolic plane.

Weasels: That’s what we do to any journalist caught using analogies without thinking them through.

Basmati: What are they using the analogy for? The election as a whole?

Weasels:  The Republicans, typically.

Basmati:  So the circular firing squad are armed with elephant guns?

Weasels:  Get out of my car.