Hvat’s troll nema þat?

There have been two interesting developments in the world of organized political trolls today:

  1. The Daily Beast discovered that Russian Facebook ops did manage to incite some real-world organizing after all, but I’m linking you to Bellingcat’s writeup instead.
  2. It has generally been expected that Kremlin-backed trolls would go after Merkel, but instead most of the German- and English-language material is being generated by the American alt-right, and the Russians are nowhere to be found.

A few things stand out.  First, the lines between state-run campaigns, astroturf, and citizen propagandizing were never clear to begin with, but soon it’s going to be impossible to draw them at all.  Pretending to be Americans themselves, the Facebook Russians egg on actual right-wing American activists to organize rallies (this is so bananas I almost can’t get my head around it).  Private American citizens organize anonymously online to carry out a propaganda campaign directed towards the German electorate against a German presidential candidate.  Neither of these fit into our existing paradigms of an influence op, but neither are they citizen organizing in any sense we’re accustomed to.

Second, it’s a mistake to get hung up on numbers to the exclusion of all else when considering a decentralized political movement like the alt-right.  Numbers matter for forming voting blocs, but not for the other corrosive effects they can have on public discourse and civil society.  I’m not sure what to do about that, but yelling about how it’s only like two hundred dudes is no more helpful here than in the case of the jihadis.

Lastly, plenty of people have since 9/11 noted the rise of the non-state actor in the context of transnational Islamist terror groups like AQ and Daesh, but we have probably ascribed too much weight to the jihadis as jihadis: it will likely turn out that they were merely the first of the truly powerful non-state actors.  I’ll leave aside the absurdity of a transnational alliance of ethnonationalists for another post, but at least jihadi tactics are in harmony with their universalist ideology.  Anyway, technology has brought certain activities that were once the exclusive domain of the state within reach for the well-organized civilian: large-scale disinformation campaigns, geospatial intelligence, weaponized drones, etc.  It remains to be seen whether the centralization of data by the tech giants will have any mitigating effect on the decentralization of capabilities.


Easy Comey Easy Goey

What’s really going to tangle up the opposition is that the stated reason for firing Comey is a perfectly good reason to fire Comey, except that it happens not to be why they’re firing Comey.  He praised the damn letter to high heaven at the time, and now we’re supposed to believe that he has suddenly done a 180 and come round to the view that the violations of due process that contributed so much to his victory are in fact violations of due process.  This is the platonic ideal of tail wags dog: he wanted to fire Comey, and so they found the only remotely plausible justification.  As in the case of all of the intemperate CIA hyperventilation about Assange, however, many Democrats agree that Comey deserves the boot– it may not be not nearly so unpopular as it looks from here in the Tidal Marsh.

Do not delude yourself: there won’t be a special prosecutor.  The commentariat has got to quit pretending that there might be.  There won’t be a special prosecutor because the AG (or deputy AG) has to appoint one, and they’re the ones who recommended Comey’s dismissal in the first place.  Failing the AG’s office, Congress could technically have one appointed by passing a law that moved the appointment process out of the AG’s office, but it would have to get past a veto.  The story is not that Ben Sasse got out there like a real person and threw a fit.  The story is that aside from those few people who have not had their spines surgically removed, Republicans are circling the wagons, no doubt a difficult feat for the boneless.  Mitch McConnell is already whoring himself out to the White House.  That 2/3rds vote doesn’t exist.

The firing of Comey is a political crisis, not a constitutional one, but it’s still an existential threat to the separation of powers and the rule of law.  The regime will survive it.  Jack Shafer is funny and also right: Trump is the Teflon Man, and this can get off the front pages fast if he does something sufficiently spectacular elsewhere as a chaser.  I dare not speculate what that might be.  In Congress, this is going to degenerate into partisan warfare that will make the Benghazi hearings look like the Year of Jubilee.  Elsewhere, the Beltway Buzz, or rather the Beltway My-Phone-Is-On-Vibrate-Because-I’m-In-Class-Stop-Texting-Me-Oh-My-God, informs me that the rank-and-file FBI are not amused.  There may be leaks on the scale of a major hull breach impending.  Not that that helps: it’ll just degrade the rule of law faster.

And fuck you, Lavrov.

There Is A Fancy Bear In The Woods…

I set myself to piece together a full account of what our glorious leader likes to call The Cyber, so here goes.  Even without the IC’s TS-SCI Ears-Only Eat Before Reading intel, the attribution is not seriously in doubt.  In fact I am not going to use any IC sources at all: I can prove to you that it was the Russians solely with open-source private-sector intel.  Onward.

The DNC breach is the most straightforward.  It was carried out by APT28 (Fancy Bear, Sofacy, GRU) and APT29 (Cozy Bear, FSB).  These groups are Russian covers.  This was known well before the DNC hacks: these groups operate out of Russian time zones, build their code in Russian-language environments, and only seem to attack targets of interest to Putin’s ‘government’.  There’s more history of these threat groups here and here.

Guccifer 2.0 claims to be a Romanian, like the original.  They’re not.  The consensus is that Gucci is six KGB politicals in an unconvincing black hacker hoodie (TW: fake Cyrillic). To start with, a chat with a reporter from Motherboard revealed that Gucci does not, in fact, speak correct Romanian, and the metadata is riddled with Russian, as spotted by PwnAllTheThings (although interestingly suggesting a wannabe hacktivist rather than GRU).  Linguistic analysis of their English suggests Russian is a more likely native language than Romanian.  Later, they sent a written statement displaying some of the same grammatical markers to a cybersecurity conference hosted in London by PSBE Futures Group.  To cement the case against Gucci’s personhood, they cleaned up their English and their metadata soon after the first interview. As to The Cyber, in the chat interview with Motherboard, Gucci claims to have broken into the DNC via an NGP VAN 0day in the summer of 2015, except that:

  1. CrowdStrike found no such thing.
  2. NGP VAN is a cloud-based service not stored locally on any DNC machines and is not a particularly efficient attack vector.
  3. Any breach would have been spotted when NGP VAN did the Dec. 2015 audit to figure out how the Sanders campaign wound up seeing the Clinton donor and voter rolls.
  4. NGP VAN is sufficiently specialized and obscure that there isn’t a commercial market for 0days.

This is in effect a claim to be vastly more sophisticated than the Bears, and it’s coming from some time-traveling quantum twerp who doesn’t seem to realize that finding 0day is laughably inefficient when a phish would accomplish the same with much less sorrow.  Not only that, but they continue to insist that not only did they use a vulnerability which apparently does not exist, but also that they were the only attacker inside the DNC.  That is, the person blogging and speaking to reporters knows buggerall about The Cyber, and [bad Russian accent] also is KGB cutout.  Lastly, as has been observed over and over again, the dox Gucci released were impressively boring and do not in any way further his alleged ideological goals.  Thomas Rid of King’s College Cambridge suggests, based on the quick turnaround between the DNC noticing Bears running around in their network, CrowdStrike’s involvement, and the sloppy appearance of Gucci, that the DNC leak was a panicky seat-of-the-pants attempt to salvage an otherwise blown operation, and not a very good one.  It’s evidently enough for KGB purposes to sow enough doubt to give a foothold to the whataboutists and conspiracy-mongers. The ThreatConnect guys’ theory, citing the ludicrous amplification of the whole thing on Russian state media and the low value of the dox, that Gucci’s stuff was ultimately more useful to Putin for reinforcing narratives on state media than as an active measure here in the US is very interesting.  But what was the primary purpose of the op, before CrowdStrike came along to blow the whole show sky-high: passive intelligence collection or active measures?  I lack the manpower and infrastructure to bug the Kremlin, so we’ll have to wait until something leaks.

As for Podesta, SecureWorks has this technical account of the phishing campaign that got him and this breakdown of their targets.  The phishing email that got Podesta turns up in the Wikileaks dump (link obviously goes to Wikileaks, approach with however much caution fits your paranoia level).  TG-4127, the group it’s associated with, is our old friends Fancy Bear again.  Much of the information published by DCLeaks also seems to have come from this phish, and as far as I’ve seen all of it was obtained by APT28, but I need to follow that rabbit hole a little further to see whether other phishing campaigns may have been involved.  This one got caught because of an opsec fail in the use of Bitly to mass-generate customized landing pages.  The phish itself wasn’t nearly as crude as it looks from the plaintext in WL.  Podesta would have seen this, also via @PwnAllTheThings:

This is pretty good, as it goes: the tipoff is accounts.googlemail.com and of course the URL at the fraudulent login page.  One has to wonder if they tried to put the source of the fake breach in Ukraine deliberately.  Maybe this phishing email may be what Putin was referring to when he tried to pin the leaks on the Ukrainian government?

Motherboard, Krypt3ia (who seems to be the original source here), and even the Daily Caller all agree based on the metadata that the Clinton Foundation dox were fake.  The Hill reports that the Clinton Foundation was able to turn up no evidence of a breach.  This seems kind of weird and haphazard, and casts doubt on the authenticity of Gucci’s other data dumps.  It’s certainly not the KGB’s best work.  It’s also, let’s be real, kind of weird that no emails either from or claiming to be from the Notorious HRC Server have turned up anywhere in all this mess.  Maybe they would have, if Trump hadn’t publicly asked the Russians to cough them up.  Who knows.

Lastly, the feds interrupted an attack on voter registration infrastructure in Illinois and Arizona before any damage was done.  Voter rolls are part of the public record, so there’s no intel-collection motive for this, although the KGB is somewhat notoriously bad at OSINT.  It remains unclear what was intended.

Anyway that’s what we know right now, and why we know it.

[Jefferson Airplane plays loudly]

I’ve enlisted a couple of friends to go down the Russia scandal rabbit hole with me for the next couple of weeks.  Having been unable to find a centralized account of everything known and everything alleged, we’ve decided to make one ourselves.

Our preliminary organizational work is turning up a reasonably straightforward story amidst all the weirdness: Paul Manafort is a direct link between the campaign and a dizzying tangle of sketchy Russians, and since the summer Roger Stone has been telling anyone who will listen that he has a back-channel to Wikileaks.  If any hard evidence of coordination is going to come out, it’s likely going to be related to those two.  I’m going to predict at the outset that we will not end up discovering that Trump is some sort of deep-cover Russian mole.  This isn’t an octopus, it’s a bucket of eels.  There isn’t going to be a continuous plot because there is no continuity of participants.  The bucket of eels is fascinating on its own— there are all sorts of other interconnected questionable characters in the regime’s orbit who manage to turn the whole mess into what a certain webcomic artist once called a double Mobius reacharound— but most of the connections are probably not very important.  We already know that Trump has a history with the Russian mob, and we’ll likely find out that he has a history of all manner of inappropriate contacts with people in the Russian intelligence services, but that does not mean that he is aware that these people are members of the Russian intelligence services.  We may also find out that he’s being blackmailed, through his financial entanglements or maybe through lifestyle stuff, although it’s hard to envision what would embarrass him.

I’ll also soon be moving to a squalid apartment filled with newspaper cuttings and red string.

And Another Thing

I find the Greenwaldian muttering about the IC not tolerating contact with Russia totally preposterous.  In an absolute sense, the Trumpist reconciliation line on Russia is not hugely different from the previous two administrations’ positions at the beginning of their terms, and is just as likely to run headlong into fundamental incompatibilities in US and Russian interests as the last two were.  Making friends with Russia and going skipping off happily into the steppe has been an ambition of US presidential candidates since the end of the Cold War, and it just never does seem to go as planned.  This is because there is a KGB asshole in charge now and before that there was Yeltsin, who only looks good by comparison.  You didn’t exactly see this supposed cartoonish hostility to diplomatic relations with Russia manifesting in the same way when Bush and Obama had their respective disastrous goes at it.  Since then, however, Putin has started a war in Ukraine, made Syria even worse, and stuck his finger into our domestic politics.  Fuck you, Glenn.  Get off my swamp lawn.

What does make the Trumpist line stand out from the past is Trump’s characteristic fondness for strongmen (c.f. Erdogan, al-Sisi, Orban, need I go on), and that this comes on the heels of Putin’s deliberate, hostile interference in our domestic politics.  This is not perhaps a common view, but I have no problem with above-board, clearly-labelled foreign involvement in US electoral politics, as long as it doesn’t involve campaign donations.  Putin wants to come and give an opinion?  Fine.  He wants to run his crazy TV station here?  Also fine.  He wants to send volunteer canvassers to go out in the streets and tell people that Putin thinks they should vote for Trump?  Sure, still don’t care, so long as they’re clearly labelled.  I do take a dim view, on principle, of covert election meddling and foreign donations, no matter who’s doing it.

This is updated mischief for the 21st century, and we need to understand the extent and intent of the mischief before we can arrive at any sort of democratic consensus on what should be done about it (and obviously something like cutting off diplomatic relations with Russia over this would be beyond stupid but as far as I know, no one serious is suggesting that).

Oh yeah and also all the lying.

Warranted Twitter Panic

I got on Twitter just now and everything was on fire so I went to do my laundry and think about this a little.  It seems to me there are four possibilities here:

  1. There was a legitimately obtained FISA warrant, for whatever value of “legitimately” can be associated with FISA.
  2. There was an ordinary surveillance warrant out on the campaign.
  3. The Obama administration did something spectacularly illegal.
  4. There is no warrant at all and POTUS is just raving.

2, 3, and 4 seem relatively unlikely to me, except insofar as FISA is sometimes unconstitutional.  If there’s an ordinary, fully-constitutional warrant out, we need to know about it yesterday if not sooner, but what he’s talking about is most likely the FISA warrant reported at the Guardian, which was initially turned down as too broad.  It’s not inconsistent to believe simultaneously that FISA is sometimes unconstitutional and also that we have a problem that requires investigation if there is sufficient evidence on POTUS to eventually get any kind of FISA warrant on him.  How the constitutional needle is to be threaded depends on the specifics [Edit: I went digging around again and other reporting seems to suggest that the FISA warrant was obtained in the course of a felony investigation, which may mean probable cause was required, but this is also mainly from British sources so take the salt shaker].

And then one wonders where exactly the regime plans on taking this.  They’re not about to be going after FISA: that would be reducing their own power.  They’re not going to plead insanity: that would be crazy.  So that leaves them either with giving in to demands for an investigation (which won’t happen), or with an attempt to launch their own into illegal Obama administration wiretapping, for which there is no known evidence but when has that ever stopped them.

Anyway it’s totally insane that people who likely couldn’t pass an SSBI are running around the White House unhindered.