Posts
Do Not Trust The Intercept or How To Burn A Source
6
June, 2017
Yesterday The
Intercept published a
leaked five page NSA analysis about alleged Russian interference in
the 2016 U.S. elections. Its reporting outed the leaker of the NSA
documents. That person, R.L. Winner, has now been
arrested and
is likely to be jailed for years if not for the rest of her life.
Intercepted source - R.L. Winner
FBI search (pdf)
and arrest
warrant (pdf)
applications unveil irresponsible behavior by the
Intercept's
reporters and editors which neglected all operational security
trade-craft that might have prevented the revealing of the source. It
leaves one scratching the head if this was intentional or just sheer
incompetence. Either way - the incident confirms what skeptics
had long determined: The
Intercept is
not a trustworthy outlet for leaking state secrets of public
interests.
The Intercept was created to privatize the National Security Agency documents leaked by NSA contractor Edward Snowden. The documents proved that the NSA is hacking and copying nearly all electronic communication on this planet, that it was breaking laws that prohibited spying on U.S. citizen and that it sabotages on a large scale various kinds of commercial electronic equipment. Snowden gave copies of the NSA documents to a small number of journalists. One of them was Glenn Greenwald who now works at The Intercept. Only some 5% of the pages Snowden allegedly acquired and gave to reporters have been published. We have no idea what the unpublished pages would provide.
The Intercept, a subdivision of First Look Media, was founded by Pierre Omidyar, a major owner of the auctioning site eBay and its PayPal banking division. Omidyar is a billionaire and "philanthropist" who's (tax avoiding)Omidyar Network foundation is "investing" for "returns". Its microcredit project for farmers in India, in cooperation with people from the fascists RSS party, ended in an epidemic of suicides when the farmers were unable to pay back. The Omidyar Network also funded (fascist) regime change groups in Ukraine in cooperation with USAID. Omidyar had cozy relations with the Obama White House. Some of the held back NSA documents likely implicate Omidyar's PayPal.
The
Intercept was
funded with some $50 million from Omidyar. It first
hires were
Greenwald, Jeremy Scahill and Laura Poitras - all involved in
publishing the Snowden papers and other leaks. Its first piece was
based on documents from the leaked the NSA stack. It has since
published on this or that but not in a regular media way. The
Intercept pieces
are usually heavily editorialized and tend to have a mainstream
"liberal" to libertarian slant. Some were highly
partisan anti-Syrian/pro-regime
change propaganda.
The website seems to
have no regular publishing schedule at all. Between one and five
piece per day get pushed out, only few of them make public waves.
Some of its later prominent hires (Ken Silverstein, Matt Taibbi) soon
left and alleged that
the place was run in a chaotic atmosphere and with improper and
highly politicized editing. Despite its rich backing and allegedly
high pay for its main journalists (Greenwald is said to receive
between 250k and 1 million per year) the Intercept
is begging forreader
donations.
Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept.
The
NSA "intelligence report" the Intercept publishes along
the piece does NOT show that "Russian military intelligence
executed a cyberattack".
The document speaks of "cyber espionage
operations"
- i.e someonelooked
and maybe copied data but did not manipulate anything. Espionage via
computer networks is something every nation in this world (and
various private entities) do all the time. It is simply the
collection of information. It is different from a "cyberattack"
like Stuxnet which
was intended to create large damage,
The
"attack" by someone was
standard spearfishing and some visual basic scripts to gain access to
accounts of local election officials. Any minor criminal hacker uses
similar means. No damage is mentioned in the NSA analysis. The
elections were not compromised by this operation. The document notes
explicitly (p.5) that the operation used some techniques that
distinguish it from other known Russian military intelligence
operations. It might have been done by someone else.
The
reporters note that the
document does not provide any raw intelligence. It is an analysis
based on totally unknown material. It does include any evidence for
the claims it makes. The
Intercept piece
describes how the document was received and "verified":
The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, ...
...
The NSA and the Office of the Director of National Intelligence were both contacted for this article. Officials requested that we not publish or report on the top secret document and declined to comment on it. When informed that we intended to go ahead with this story, the NSA requested a number of redactions.
The Intercept agreed to some of the redaction requests.
The
piece quotes at length the well known cyber security expert Bruce
Schneier. It neglects to reveal that Schneier is a major partisan for
Clinton who very early on, in July 2016, jumped
on her
"Russia hacked the Democratic National Council" claim for
which there is still no evidence whatsoever.
The
Intercept story
was published on June 5. On June 3 the FBI already received a
search warrant (pdf)
by the U.S. District court of southern Georgia for the home, car and
computers of one Reality
Leigh Winner,
a 25 year old former military language specialist (Pashto, Dari,
Farsi) who worked for a government contractor. In its application for
the warrant the FBI asserted:
19. On or about May 24, 2017, a reporter for the News Outlet (the "Reporter") contacted another U.S. Government Agency affiliate with whom he has a prior relationship. This individual works for a contractor for the U.S. Government (the "Contractor"). The Reporter contacted the Contractor via text message and asked him to review certain documents. The Reporter told the Contractor that the Reporter had received the documents through the mail, and they were postmarked "Augusta. Georgia." WINNER resides in Augusta, Georgia. The Reporter believed that the documents were sent to him from someone working at the location where WINNER works. The Reporter took pictures of the documents and sent them to the Contractor. The Reporter asked the Contractor to determine the veracity of the documents. The Contractor informed the Reporter that he thought that the documents were fake. Nonetheless, the Contractor contacted the U.S. Government Agency on or about June 1, 2017, to inform the U.S. Government Agency of his interaction with the Reporter. Also on June I. 2017, the Reporter texted the Contractor and said that a U.S Government Agency official had verified that the document was real. ...
To
verify the leaked document the reporter contacted a person working
for the government. He used insecure communication channels (SMS)
that are known to be tapped. He provided additional meta-information
about the leaker that was not necessary at all for the person asked
to verify the documents.
It got worse:
13. On June I, 2017, the FBI was notified by the U.S. Government Agency that the U.S. Government Agency had beencontacted by the News Outlet on May 30, 2017, regarding an upcoming story. The News Outlet informed the U.S Government Agency that it was in possession of what it believed to be a classified document authored by the U.S Government Agency. The News Outlet provided the U.S. Government Agency with a copy of this document. Subsequent analysis by the U.S. Government Agency confirmed that the document in the News Outlet's possession is intelligence reporting dated on or about May 5. 2017 (the "intelligence reporting"). This intelligence reporting is classified at the Top Secret level, ...
...
14. The U.S. Government Agency examined the document shared by the News Outlet and determined the pages of the intelligence reporting appeared to be folded and/or creased,suggesting they had been printed and hand-carried out of a secured space.
15. The U.S. Government Agency conducted an internal audit to determine who accessed the intelligence reporting since its publication. The U.S. Government Agency determined that six individuals printed this reporting. These six individuals included WINNER. A further audit of the six individuals' desk computers revealed that WINNER had e-mail contact with the News Outlet. The audit did not reveal that any of the other individuals had e-mail contact with the News Outlet.
The
source that provided the document had no operational security at all.
She printed the document on a government printer. All (color)
printers and photo copiers print nearly invisible (yellow) patters on
each page thatallow
to identify the printer used by its serial number.
The source used email from her workplace to communicate. Ms. Winner
is young, inexperienced and probably not very bright. (She is also
said to be Clinton partisan.) She may not have known better. But a
reporter at The
Intercept should
know a bit or two about operational security.
Sending (and
publishing) the leaked documents as finely scanned PDF's
(which include (de)
the printer code) to the NSA to let the NSA verify them was
incredibly stupid. Typically one only summarize these or at least
converts them into a neutral, none traceable form. Instead
the reporters
provided at several points and without any need the evidence that led
to the unmasking of their source.
Wikileaks is offering $10,000
for the exposure and firing of the person responsible for this.
It
is also highly questionable why the
Intercept contacted
the NSA seven days(!) before publishing its piece. Giving the
government such a long reaction time may lead to preemptive selective
leaks by the government to other news outlets to defuse the not yet
published damaging one. It may give the government time to delete
evidence or to unveil leakers. The
Intercept certainly
knows this. It had been
burned by
such behavior when the National Counterterrorism Center spoiled
an Intercept scoop
by giving a polished version to the Associate
Press.
Back then the Intercept editor
John Cook promised to give government agencies no longer than 30
minutes for future replies. In this case it gave the NSA seven days!
Besides the failure(?) of The Intercept there are other concerns to note.
Why has a 25 year old language specialist for Afghanistan access to Top Secret NSA analysis of espionage in the U.S. election? Where was the "need to know"?
@mattblaze
Simple way to hack elections: Compromise some county offices & systems. Do nothing. If election doesn’t go your way, reveal that you hacked.
10:52 PM - 5 Jun 2017
The
lessons learned from this catastrophic -for the source- leak:
- Start thinking of good op-sec before you think of leaking.
- Computer access gets logged. Do not leave any suspicious (log) trace at your workplace (or anywhere else).
- Do not provide any trace from your immediate workplace or any personal metadata with the leaked material.
And
last but certainly not least:
- Do not trust The Intercept.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.