Easy Comey Easy Goey

What’s really going to tangle up the opposition is that the stated reason for firing Comey is a perfectly good reason to fire Comey, except that it happens not to be why they’re firing Comey.  He praised the damn letter to high heaven at the time.  It would strain even the credulity of the estimable Dr Pangloss to believe that he has suddenly done a 180 and come round to believe that the violations of due process that contributed so much to his victory are in fact violations of due process.  This is the platonic ideal of tail wags dog: he wanted to fire Comey, and so they found the only remotely plausible justification.  As in the case of all of the intemperate CIA hyperventilation about Assange, however, many Democrats agree that Comey deserves the boot– it may not be not nearly so unpopular as it looks from here in the Tidal Marsh.

Do not delude yourself: there won’t be a special prosecutor.  The commentariat has got to quit pretending that there might be.  There won’t be a special prosecutor because the AG (or deputy AG) has to appoint one, and they’re the ones who recommended Comey’s dismissal in the first place.  Failing the AG’s office, Congress could technically have one appointed by passing a law that moved the appointment process out of the AG’s office, but it would have to get past a veto.  The story is not that Ben Sasse got out there like a real person and threw a fit.  The story is that aside from those few people who have not had their spines surgically removed, Republicans are circling the wagons, no doubt a difficult feat for the boneless.  Mitch McConnell is already whoring himself out to the White House.  That 2/3rds vote doesn’t exist.

The firing of Comey is a political crisis, not a constitutional one, but it’s still an existential threat to the separation of powers and the rule of law.  The regime will survive it.  Jack Shafer is funny and also right: Trump is the Teflon Man, and this can get off the front pages fast if he does something sufficiently spectacular elsewhere as a chaser.  I dare not speculate what that might be.  In Congress, this is going to degenerate into partisan warfare that will make the Benghazi hearings look like the Year of Jubilee.  Elsewhere, the Beltway Buzz, or rather the Beltway My-Phone-Is-On-Vibrate-Because-I’m-In-Class-Stop-Texting-Me-Oh-My-God, informs me that the rank-and-file FBI are not amused.  There may be leaks on the scale of a major hull breach impending.  Not that that helps: it’ll just degrade the rule of law faster.

And fuck you, Lavrov.

There Is A Fancy Bear In The Woods…

The Warren assigned your Auntie Weasels to produce a full account of what our glorious leader likes to call The Cyber, so here goes.  Even without the IC’s TS-SCI Ears-Only Eat Before Reading intel, the attribution is not seriously in doubt.  The DNC breach is the most straightforward.  It was carried out by APT28 (Fancy Bear, Sofacy, GRU) and APT29 (Cozy Bear, FSB).  These groups are Russian covers.  This was known well before the DNC hacks: these groups operate out of Russian time zones, build their code in Russian-language environments, and only seem to attack targets of interest to Putin’s ‘government’.  There’s more history of these threat groups here and here.

Guccifer 2.0 claims to be a Romanian, like the original.  They’re not.  The consensus is that Gucci is six KGB politicals in an unconvincing black hacker hoodie (TW: fake Cyrillic). To start with, a chat with a reporter from Motherboard revealed that Gucci does not, in fact, speak correct Romanian, and the metadata is riddled with Russian, as spotted by PwnAllTheThings (although interestingly suggesting a wannabe Chekist hacktivist rather than GRU).  Linguistic analysis of their English suggests Russian is a more likely native language than Romanian.  Later, they sent a written statement displaying some of the same grammatical markers to a cybersecurity conference hosted in London by PSBE Futures Group.  To cement the case against Gucci’s personhood, they cleaned up their English and their metadata soon after the first interview. As to The Cyber, in the chat interview with Motherboard, Gucci claims to have broken into the DNC via an NGP VAN 0day in the summer of 2015, except that:

  1. CrowdStrike found no such thing.
  2. NGP VAN is a cloud-based service not stored locally on any DNC machines and is not a particularly efficient attack vector.
  3. Any breach would have been spotted when NGP VAN did the Dec. 2015 audit to figure out how the Sanders campaign wound up seeing the Clinton donor and voter rolls.
  4. NGP VAN is sufficiently specialized and obscure that there isn’t a commercial market for 0days.

This is in effect a claim to be vastly more sophisticated than the Bears, and it’s coming from some time-traveling quantum twerp who doesn’t seem to realize that building a 0day is laughably inefficient when a phish would accomplish the same with much less sorrow.  Not only that, but they continue to insist that not only did they use a vulnerability which apparently does not exist, but also that they were the only attacker inside the DNC.  Which is all a roundabout way of saying that the person blogging and speaking to reporters knows buggerall about The Cyber, and [bad Russian accent] also is KGB cutout.  Lastly, as has been observed over and over again, the dox Gucci released were impressively boring and do not in any way further his alleged ideological goals.  Thomas Rid of King’s College Cambridge suggests, based on the quick turnaround between the DNC noticing Bears running around in their network, CrowdStrike’s involvement, and the sloppy appearance of Gucci, that the DNC leak was a panicky seat-of-the-pants attempt to salvage an otherwise blown operation, and not a very good one.  It’s evidently enough for KGB purposes to sow enough doubt to give a foothold to the Putinistas, whataboutists, and conspiracy-mongers. The ThreatConnect guys’ theory, citing the ludicrous amplification of the whole thing on Russian state media and the low value of the dox, that Gucci’s stuff was ultimately more useful to Putin for reinforcing narratives on state media than as an active measure here in the US is very interesting.  But what was the primary purpose of the op, before CrowdStrike came along to blow the whole show sky-high: passive intelligence collection or active measures?  Since so far the Warren lacks the manpower and infrastructure to bug the Kremlin, we’ll have to invite wild speculation.

As for Podesta, SecureWorks has this technical account of the phishing campaign that got him and this breakdown of their targets.  The phishing email that got Podesta turns up in the Wikileaks dump (link obviously goes to Wikileaks, approach with however much caution fits your paranoia level).  TG-4127, the group it’s associated with, is our old friends Fancy Bear again.  Much of the information published by DCLeaks also seems to have come from this phish, and as far as I’ve seen all of it was obtained by APT28, but I need to follow that rabbit hole a little further to see whether other phishing campaigns may have been involved.  This one got caught because of an opsec fail in the use of Bitly to mass-generate customized landing pages.  The phish itself wasn’t nearly as crude as it looks from the plaintext in WL.  Podesta would have seen this, also via @PwnAllTheThings:

This is pretty good, as it goes: the tipoff is accounts.googlemail.com and of course the URL at the fraudulent login page.  One has to wonder if they tried to put the source of the fake breach in Ukraine deliberately.  Maybe this phishing email may be what Putin was referring to when he tried to pin the leaks on the Ukrainian government?

Krypt3ia makes a pretty good case, based on the metadata, that the Clinton Foundation dox were fake.  Motherboard has some reporting on the same thing (even the rightist Daily Caller thinks they’re bogus).  The Hill reports that the Clinton Foundation was able to turn up no evidence of a breach: Gucci the invisible wonder-hacker strikes again?  You tell me.  This seems kind of weird and haphazard, and casts doubt on the authenticity of Gucci’s other data dumps.  It’s certainly not the KGB’s best work.  It’s also, let’s be real, kind of weird that no emails either from or claiming to be from the Notorious HRC Server have turned up anywhere in all this mess.  Maybe they would have, if Trump hadn’t publicly asked the Russians to cough them up.  Who knows.

Lastly, the feds interrupted an attack on voter registration infrastructure in Illinois and Arizona before any damage was done.  Voter rolls are part of the public record, so there’s no intel-collection motive for this, although the KGB is somewhat notoriously bad at OSINT.  It remains unclear what was intended.

Further bulletins as events warrant.

[Jefferson Airplane plays loudly]

I’ve enlisted a couple of friends (hereafter the Warren) to go down the Russia scandal rabbit hole with me for the next couple of weeks.  Having been unable to find a centralized account of everything known and everything alleged, we’ve decided to make one ourselves.

Our preliminary organizational work is turning up a reasonably straightforward story amidst all the weirdness: Paul Manafort is a direct link between the campaign and a dizzying tangle of sketchy Russians, and since the summer Roger Stone has been telling anyone who will listen that he has a back-channel to Wikileaks.  If any hard evidence of coordination is going to come out, it’s likely going to be related to those two.  I’m going to predict at the outset that we will not end up discovering that Trump is some sort of deep-cover Russian mole.  This isn’t an octopus, it’s a bucket of eels.  There isn’t going to be a continuous plot because there is no continuity of participants.  The bucket of eels is fascinating on its own— there are all sorts of other interconnected questionable characters in the regime’s orbit who manage to turn the whole mess into what a certain webcomic artist once called a double Mobius reacharound— but most of the connections are probably not very important.  We already know that Trump has a history with the Russian mob, and we’ll likely find out that he has a history of all manner of inappropriate contacts with people in the Russian intelligence services, but that does not mean that he is aware that these people are members of the Russian intelligence services.  We may also find out that he’s being blackmailed, through his financial entanglements or maybe through lifestyle kompromat, although it’s hard to envision what would embarrass him.

I’ll also soon be moving to a squalid apartment filled with newspaper cuttings and red string.

And Another Thing

I find the Greenwaldian muttering about the IC not tolerating contact with Russia totally preposterous.  In an absolute sense, the Trumpist reconciliation line on Russia is not hugely different from the previous two administrations’ positions at the beginning of their terms, and is just as likely to run headlong into fundamental incompatibilities in US and Russian interests as the last two were.  Making friends with Russia and going skipping off happily into the steppe has been an ambition of US presidential candidates since the end of the Cold War, and it just never does seem to go as planned.  This is because there is a Chekist asshole in charge now and before that there was Yeltsin, who only looks good by comparison.  You didn’t exactly see this supposed cartoonish hostility to diplomatic relations with Russia manifesting in the same way when Bush and Obama had their respective disastrous goes at it.   Fuck you, Glenn.  Get off my lawn.

What does make the Trumpist line stand out from the past is Trump’s characteristic fondness for strongmen (c.f. Erdogan, al-Sisi, Orban, need I go on), and that this comes on the heels of Putin’s deliberate, hostile interference in our domestic politics.  This is not perhaps a common view, but I have no problem with above-board, clearly-labelled foreign involvement in US electoral politics, as long as it doesn’t involve campaign donations.  Putin wants to come and give an opinion?  Fine.  He wants to run his crazy TV station here?  Also fine.  He wants to pay canvassers to go out in the streets and tell people that Putin thinks they should vote for Trump?  Sure, still don’t care, so long as they’re clearly labelled.  I do take a dim view, on principle, of covert election meddling.  It’s bad when we do it, it’s bad when the Russians do it too.

The issue here remains overclassification.  This is updated mischief for the 21st century, and we need to understand the extent and intent of the mischief before we can arrive at any sort of democratic consensus on what should be done about it (and obviously something like cutting off diplomatic relations with Russia over this would be beyond stupid but as far as I know, no one serious is suggesting that).

Oh yeah and also all the lying.

Warranted Twitter Panic

I got on Twitter just now and everything was on fire so I went to do my laundry and think about this a little.  It seems to me there are four possibilities here:

  1. There was a legitimately obtained FISA warrant, for whatever value of “legitimately” can be associated with FISA.
  2. There was an ordinary surveillance warrant out on the campaign.
  3. The Obama administration did something spectacularly illegal.
  4. There is no warrant at all and POTUS is just raving.

2, 3, and 4 seem relatively unlikely to me, except insofar as FISA is sometimes unconstitutional.  If there’s an ordinary, fully-constitutional warrant out, we need to know about it yesterday if not sooner, but what he’s talking about is most likely the FISA warrant reported at the Guardian, which was initially turned down as too broad.  It’s not inconsistent to believe simultaneously that FISA is sometimes unconstitutional and also that we have a problem that requires investigation if there is sufficient evidence on POTUS to eventually get any kind of FISA warrant on him.  How the constitutional needle is to be threaded depends on the specifics [Edit: I went digging around again and other reporting seems to suggest that the FISA warrant was obtained in the course of a felony investigation, which may mean probable cause was required, but this is also mainly from British sources so take the salt shaker].

And then one wonders where exactly the regime plans on taking this.  They’re not about to be going after FISA: that would be reducing their own power.  They’re not going to plead insanity: that would be crazy.  So that leaves them either with giving in to demands for an investigation (which won’t happen), or with an attempt to launch their own into illegal Obama administration wiretapping, for which there is no known evidence but when has that ever stopped them.

Anyway it’s totally insane that people who likely couldn’t pass an SSBI are running around the White House unhindered.