Group items tagged

This morning’s story by Sanger is but the latest in a long line of leaks about classified programs that have two attributes in common: (1) they come from senior Obama administration officials; and (2) they are designed to depict President Obama, in an Election Year, as a super-tough, hands-on, no-nonsense Warrior. Put another way, the administration that is pathologically fixated on secrecy and harshly punishing whistleblowers routinely leaks national security secrets when doing so can politically benefit the President.

 Dear Vital Jewish Voters in Crucial Swing States: behold what this great leader did in secret to pummel Iran.

consider the Obama administration’s ongoing efforts to prosecute former CIA agent Jeffrey Sterling under espionage statutes for allegedly telling The New York Times‘ James Risen — almost ten years ago — about dangerous mistakes the CIA made in trying to infiltrate Iran’s nuclear program (mistakes which actually resulted in helping the Iranian program)

aside from the tried-and-true strategy of Democratic politicians benefiting politically from provoking criticism from the “Left,” Obama officials (and their apparatchiks) are eager to depict him as a violence-wielding aggressor. As Digby put it this week, “the [Obama] campaign is happy about all this condemnation” aimed at the drone program as it “proves [his] macho bona fides.” Obama officials will undoubtedly be just as pleased with any objections to waging undeclared, unauthorized cyber-warfare on Iran’s perfectly legal nuclear program, thus bringing the world yet another new means of destructive warfare

Some believe Assad may be getting technical support from his long-term allies in Tehran, who successfully crushed their own post-election protests that were in part organized over the Internet. China and Russia too are has amongst the world leaders in managing online political activism and dissent, with the latter at least also seen likely helping out in Syria.

Kaspersky suggests that “white” in the file name may refer to Lebanon, a name said to be derived from the Semitic root letters “lbn,” which are also the root letters for “white.” Although in Arabic — a Semitic language — white is “abayd,” in Hebrew — also a Semitic language — the word for white is “lavan,” which comes from the root letters “lbn.”

Like Flame, Gauss is modular, so that new functionality can be swapped in and out, depending on the needs of the attackers. To date, only a few modules have been uncovered — these are designed to steal browser cookies and passwords, harvest system configuration data including information about the BIOS and CMOS RAM, infect USB sticks, enumerate the content of drives and folders, and to steal banking credentials as well as account information for social networking accounts, e-mail and instant messaging.

Gauss also installs a custom font called Palida Narrow, the purpose of which is not known. The use of a custom font designed by the malware authors is reminiscent of DuQu, which used a font called Dexter fabricated by its creators to exploit victim machines. Kaspersky has found no malicious code in the Palida Narrow font files and has no idea why it’s in the code, though the font contains Western, Baltic and Turkish symbols.

the USB module appears to be aimed at bridging an airgap and getting the payload onto systems that are not connected to the internet, as it had been used previously to get Stuxnet onto industrial control systems in Iran that were not connected to the internet. As noted, the payload is only unleashed on systems that have a specific configuration. That specific configuration is currently unknown, but Schoewenberg says it has to do with paths and files that are on the system. This suggests that the attackers have extensive knowledge about what is on the target system they are seeking.

He also posted at least three times while drunk, by his own admission, and opined on topics unrelated to hacking such as the role of religion in politics and policy toward Iran.

MBS’s repression machine is alive and well thanks in no small part to the Trump administration’s refusal to hold the Saudi strongman and his regime to account. 

Since Khashoggi was murdered last October, the CIA has observed its “duty to warn” on three separate occasions, sharing intelligence to alert dissidents based in the U.S., Canada and Norway to threats originating from Saudi Arabia. 

multiple media outlets have cited sources saying that he is still in MBS’s good graces and continuing to work in a similar capacity as before he was officially ousted from the royal court.

The best open-source indication to date that al-Qahtani is continuing his hacking work comes from the Guardian, which reported in June 2019, that it was targeted by a Saudi hacking team at the order of al-Qahtani. The newspaper was initially warned of the order by a source in Riyadh earlier this year, and the threat was subsequently corroborated by a confidential internal order signed by al-Qahtani, which the Guardian reviewed. The document, dated March 7, 2019, was written in Arabic and instructed “heads of technological and technical departments” run from the cybersecurity directorate within the private office of the MBS to “carry out the penetration of the servers of the Guardian newspaper and those who worked on the report that was published, and deal with the issue with complete secrecy, then send us all the data as soon as possible.”

On June 19, 2019, Agnes Callamard, the United Nations (UN) Special Rapporteur on extrajudicial, summary or arbitrary killings, published a report on Khashoggi’s death, calling it a “premeditated extrajudicial execution” at the hands of the Saudi state. “His killing was the result of elaborate planning involving extensive coordination and significant human and financial resources. It was overseen, planned and endorsed by high-level officials. It was premeditated.”

The report specifically names al-Qahtani and MBS as two high-level officials who have not been criminally charged but for whom there is “credible evidence meriting further investigation.” 

In addition to the 22 domains analyzed above, this investigation identified several other domains that are likely linked to al-Qahtani but require further research and analysis

countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well

offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program

freed the agency to conduct disruptive operations against organizations that were largely off limits previously, such as banks and other financial institutions

it lessened the evidentiary requirements that limited the CIA’s ability to conduct covert cyber operations against entities like media organizations, charities, religious institutions or businesses believed to be working on behalf of adversaries’ foreign intelligence services, as well as individuals affiliated with these organizations

“as long as you can show that it vaguely looks like the charity is working on behalf of that government, then you’re good.”

Since the finding was signed two years ago, the agency has carried out at least a dozen operations that were on its wish list, according to this former official. “This has been a combination of destructive things — stuff is on fire and exploding — and also public dissemination of data: leaking or things that look like leaking.” 

“We’re playing semantics — destabilization is functionally the same thing as regime change. It’s a deniability issue,”

“Our government is basically turning into f****ing WikiLeaks, [using] secure communications on the dark web with dissidents, hacking and dumping,”

critics, including some former U.S. officials, see a potentially dangerous attenuation of intelligence oversight, which could have unintended consequences and even put people’s lives at risk

“Trump came in and way overcorrected,” said a former official. Covert cyber operations that in the past would have been rigorously vetted through the NSC, with sometimes years-long gaps between formulation and execution, now go “from idea to approval in weeks,” said the former official. 

an unknown group in March 2019 posted on the internet chat platform Telegram the names, addresses, phone numbers and photos of Iranian intelligence officers allegedly involved in hacking operations, as well as hacking tools used by Iranian intelligence operatives. That November, the details of 15 million debit cards for customers of three Iranian banks linked to Iran’s Islamic Revolutionary Guard Corps were also dumped on Telegram.Although sources wouldn’t say if the CIA was behind those Iran breaches, the finding’s expansion of CIA authorities to target financial institutions, such as an operation to leak bank card data, represents a significant escalation in U.S. cyber operations

These were operations the “CIA always knew were an option, but were always a bridge too far," said a former official. “They had been bandied about at senior levels for a long time, but cooler heads had always prevailed." 

“It was obvious that destabilization was the plan on Iran,”

Neither these two Iran-related findings, nor the new cyber finding, mention regime change as a stated goal, according to former officials. Over time, however, the CIA and other national security officials have interpreted the first two Iran findings increasingly broadly, with covert activities evolving from their narrow focus on stopping Tehran’s nuclear program, they said. The Iran findings have been subject to “classic mission creep,” said one former official.

senior Trump officials weren’t interested in retaliating against Russia for the election interference

The CIA’s “deconfliction is poor, they’re not keeping people in the loop on what their cyber operations are,”

This more permissive environment may also intensify concerns about the CIA’s ability to secure its hacking arsenal. In 2017, WikiLeaks published a large cache of CIA hacking tools known as “Vault 7.” The leak, which a partially declassified CIA assessment called “the largest data loss in CIA history,” was made possible by “woefully lax” security practices at the CIA’s top hacker unit, the assessment said.

Removing NSC oversight of covert operations is a significant departure from recent history, according to Eatinger. “I would look at the intel community as the same as the military in that there should be civilian control of big decisions — who to go to war against, who to launch an attack against, who to fight a particular battle,” he said. “It makes sense that you would have that kind of civilian or non-intelligence civilian leadership for activities as sensitive as covert action.”

“People thought, ‘Hey, George W. Bush will sign this,’ but he didn’t,” said a former official. CIA officials then believed, “‘Obama will sign it.’ Then he didn’t.”“Then Trump came in, and CIA thought he wouldn’t sign,” recalled this official. “But he did.”

Calls for the United States to pull back reject US intervention and hegemony in the Middle East, but they also seek to insulate the United States from the damage past policies have inflicted on the region and distance Americans from the peoples impacted.

The decline of US hegemony and its dominance of global economic and political systems, Schweller explains, has led Americans to “demand a more narrowly self-interested foreign policy” that seeks to insulate Americans from “the vagaries of markets and globalization.” The animating logic of America First, however, does not focus on the country’s global role as much as on the view embraced by Trump’s populist support base that US policy should counter the (perceived) threats posed by transnational flows and interdependence.

Much of the mainstream foreign policy debate in opposition to Trump has revolved around voices advocating for the US to return to a more modest, more multilateral version of its role as a global hegemon that seeks to rebuild the liberal international order.[4] Others are calling for an all-out mobilization against the rise of China and Russia.[5]

Support for restraint has accelerated with recognition of the declining strategic importance of the Middle East and the absence of major threats from the region to core US interests. With the massive expansion of US domestic energy production, Americans increasingly question the US military presence in the Persian Gulf and security commitment to allies in the region. Meanwhile, with unchallenged Israeli control over Palestinian territories, its military capacity that includes nuclear weapons and growing ties between Israel and Arab Gulf states, Israel is in a more secure strategic position than it has ever been. Advocates of restraint also understand that Iran has a limited ability to project conventional military power and even if it wielded a nuclear weapon, its use could be deterred. Lastly, restraint recognizes that the hyper-militarized approach of the global war on terror engages US forces in continuous military operations that are politically unaccountable and often exacerbate the political and socioeconomic conditions that foster armed non-state actors and political violence in the first place.

restraint fails to address the legacies of past US involvement in the region. The hope of insulating the United States from regional instability and future conflicts is also unlikely to be sustainable in the long run.

the Israeli right and their US supporters—including the evangelical right and Islamophobic populists—have been unconstrained in their efforts to shape US goals and policies based on a close identification with the Israeli right and Israeli militarism at the expense of the Palestinians

While advocates of restraint have long opposed excessive US backing of Israel, without the mobilization of domestic political forces that seek to dissociate the United States from Israeli militarism and support Palestinian human rights, a future US president dedicated to restraint will likely find little strategic value or political support for reversing current policies beyond trimming the price tag.

maintain close ties to the Saudi regime and other Arab Gulf states through flows of petrodollar recycling in the form of massive arms sales that sustain American jobs, corporate profits and campaign donations

Americans inside and outside of government will not quickly abandon the benefits they receive from economic, military and political ties to Gulf rulers

today US ties to the Gulf are being shaped by invented security rationales and material interests. Networks of arms sales, private military contractors, logistics firms and Gulf-funded think tanks—often with cooperation from Israel and its backers—have defined US policies by portraying Iran as a strategic threat, supporting arms sales in the name of so-called economic security and defending the strategic importance of protecting the rule of autocratic elites. At the same time, many segments of the US military and national security state have deeply rooted interests in maintaining bases and military-to-military ties in the region

In the foreseeable future, the Middle East will likely experience more instability and conflict due to, in large part, the legacy of US policies over the past two decades, which include the invasion of Iraq, interventions in Libya and Syria, the fostering of proxy wars, the promotion of neoliberal economic reforms, massive arms sales and support for aggressive actions by regional allies such as Israel and Saudi Arabia

the increased capacities for self-organization by armed non-state actors has helped sustain the regional environment of turbulence

It is unlikely that the United States could reclaim the diplomatic credibility needed to rebuild norms of restraint and balancing after having embraced militarism and unilateralism for so long

developments in the region will likely impact other US interests relating to the global economy, rivalry with China, climate change, nuclear proliferation and refugee flows

while the ideological and media infrastructure that mobilized fears to build the spurious case for the Iraq war have been temporarily disrupted, similar processes could be activated in the future to convert fears, such as of an Iranian cyberwar capability, a Chinese naval base in the region, or a resurgence of ISIS, into a strategic threat requiring a US response

the work of forging an alternative path for the United States in the Middle East, one that embraces sustainable anti-imperialism and demilitarization, must go beyond redefining US strategic interests to transforming domestic political, economic and ideological forces that shape US ties to the Middle East

In Notes on a Foreign Country, Suzy Hansen tries to diagnose the current era of anxiety and confusion felt by Americans living in an era when aspects of US exceptionalism and global hegemony are waning. She writes, “It is also perhaps the first time Americans are confronting a powerlessness that the rest of the world has always felt, not only within their own borders but as pawns in a larger international game. Globalization, it turns out, has not meant the Americanization of the world; it has made Americans, in some ways, more like everyone else.”

The effort to envision an alternative, post-exceptionalist US role in the world requires refashioning the debate so that Americans come to view the insecurities experienced by societies abroad as counterparts to the challenges Americans face at home.

Within the turbulent Middle East regional system, efforts to promote security would require not only an end to US military primacy and dominance but also a limit on regional and external interventions, the demobilization of the numerous armed non-state militias and proxy forces and a reversal of processes of state erosion and territorial fragmentation.

Americans need to envision a new internationalism that no longer seeks to remake the world in the American image but defines a new way for living within it

Tensions escalated this year, as the U.S.-brokered negotiations between Ethiopia and Egypt unraveled and new talks mediated by the African Union began

The Ethiopian government does broadly engage in “computational propaganda,” according to a 2019 report from the Oxford Internet Institute. Agencies there use human-run social media accounts to spread pro-government propaganda, attack the opposition, and troll users. The same goes for the Egyptian government.

Social media users from the two countries frequently collide on the Internet, but seem to do so most often on Adel el-Adawy’s Twitter page: As a member of a prominent Egyptian political dynasty, a professor at the American University in Cairo, and the most visible disseminator of the Egyptian perspective on the dam in English, he has amassed a significant following. Adawy, whose pinned tweet is a picture of himself shaking hands with Egyptian President Abdel Fattah al-Sisi, posts frequently about the Nile and Ethiopian affairs, especially when things get sticky.

It’s possible that the engagement is coming from concerned Ethiopians at home and abroad, at the encouragement but not the behest of Ethiopian officials. “I have friends who joined Twitter just for the sake of this. It’s highly emotional and nationalistic,” said Endalkachew Chala, an Ethiopian communications professor at Hamline University in Minnesota.

Construction of the dam was completed in July, and the filling of its reservoir started soon after amid heavy rains but before an agreement between Ethiopia, Egypt, and Sudan was signed. The U.S. government, a top source of aid for both Ethiopia and Egypt, said in August that it would halt some aid to Ethiopia over what it saw as a unilateral move to progress with the dam.

For both countries—Egypt since the 2011 fall of Mubarak and Ethiopia since the 2012 death of strongman Prime Minister Meles Zenawi—national identity has been in flux

the first known time these kinds of digital tools have been used by people from one African country against people from another, said Gilbert Nyandeje, founder and CEO of the Africa Cyber Defense Forum. “It only means one thing. It means we should expect this more and more.”

at the core of Egyptian identity is the Nile, so bolstering nationalism means defending the Nile, too. And officials have encouraged this outlook: One sleekly produced video shared on Facebook by the Ministry of Immigration and Egyptian Expatriates Affairs warned, “More than 40 million Egyptians are facing the threat of drought and thirst.… The cause of water shortage is Ethiopia building a dam five times bigger than its needs.”

a show of vulnerability rare in Arab power politics. But the strategy has helped garner global sympathy for Egypt, even as its Nile claims are framed by Ethiopia as the result of unjust colonial-era agreements in which Egypt’s interests were represented by British colonizers.

the dam provided a unifying issue around which Ethiopians of all ethnic backgrounds could rally. “We do have a lot of divisions—ideological, ethnic, tribal, religious,” said Chala, the Ethiopian professor. “But even though we have these bitter divisions, Ethiopians have overwhelmingly supported this Nile dam especially on social media.”

Ethiopian officials, meanwhile, continue to encourage Ethiopians to post about the dam online and often use the #ItsMyDam hashtag in their own social media posts. This use of social media to rally around the dam has also meant that Ethiopia’s massive global diaspora can get involved, without having to worry about frequent in-country Internet shutdowns that otherwise curtail online movements there.

The thousands of Ethiopian refugees, asylum seekers, and migrants living in Egypt are now facing greater pressure and harassment from Egyptian citizens and authorities since the dam tensions started to heat up

in Ethiopia, it has meant that any domestic criticism of the dam from an environmentalist point of view—namely, that it could disrupt ecosystems and biodiversity, even within Ethiopia—is met with derision

for both countries, surging nationalist sentiment means that it’s harder for officials to agree to, and for the public to accept, compromise

the main sticking points now are related to dispute resolution, drought contingency plans, and future upstream projects. And yet, much of the online rhetoric remains maximalist, even rejecting items that have already been unanimously decided—such as the existence of an Ethiopian Nile dam in any form—raising the possibility that the online tensions and attacks may not subside anytime soon