US Getting Better at Cyber Blaming, Not Cyber Security

Color me skeptical about the Sunday Times report that Edward Snowden’s archive got cracked.  Not saying it couldn’t happen despite 256 bit encryption, accidents do happen, but the story as presented reeks of psyops bullshit unloaded by the NSA-GCHQ team with the help of obliging media in the UK.

What I think is happening is that the United States is upping its game…in public cyberattribution.


Honestly parsing and presenting a cyberattribution dossier is a thankless job.  Remember how the Obama administration looked foolish on the Sony hack?

Sure you don’t.  That was so…four months ago.

Here’s what I wrote back then on the occasion of the rollout of the US government’s Cyber Threats Intelligence Integration Center:

According to AP (actually, according to AP’s Ken Dilanian, the notoriously obliging amanuensis  to the US security establishment ):

White House cybersecurity coordinator Michael Daniel has concluded that cyberintelligence at the moment is bedeviled by the same shortcomings that afflicted terrorism intelligence before 9/11 — bureaucracy, competing interests, and no streamlined way to combine analysis from various agencies, the official said.

The hack on Sony's movie subsidiary, for example, resulted in a variety of different analytical papers from various agencies. Each one pointed to North Korea, but with varying degrees of confidence.


…

As I argued in various venues recently with reference to the Sony hack, for purposes of semiotics (clear messaging, positioning, blame avoidance, and signaling of US government intentions) if not forensics (proving whodunit), painting a convincing, action-worthy cyberbullseye on the back of some foreign enemy is a major challenge for governments these days.

When some high-profile outrage like Sony occurs, the US government has to make a prompt show of control, capability, and resolve.  Letting a bunch of data nerds chew over the data for a few weeks and spit up an equivocal conclusion like “It looks like the same guys who did this did that, and maybe the guys who did that were…” doesn’t quite fill the bill. 

Which is pretty much what happened on Sony.  Various private sector and government actors all stuck their oar in, contradictory opinions emerged, messaging was all over the map. 

…  By establishing a central clearing house for relevant information, the US government is on the right side of the information symmetry equation.  “You say you think this, but you don’t know this, this, and this, or the stuff we can’t tell you because it’s classified above your clearance.” 

And even if the real takeaway from the investigatory process still is “It looks like the same guys who did this did that, and maybe the guys who did that were…” it comes out as “The Cyber Threats Intelligence Integration Center has attributed this cyberattack to North Korea with a high degree of confidence.  By Executive Order, the President has already commanded CyberCommand to make a proportional response.”

You get the picture.

So I expect jobs one and two and three for CTIIC will be to generate persuasive dossiers for backgrounding, leaking, whatever on the PRC, North Korea, and the Russian Federation, to be deployed when some mysterious alchemy of evidence, circumstance, and strategy dictate that one of them has to get tagged as The Bad Guy for some cyberoutrage.

Fast-forward, to employ a quaint VHS-era term, to June 5.  Ellen Nakashima lays out the administration position on the OPM hack in a Washington Post article remarkable for its completely categorical no-two-ways-about-it statement that “China” had dunnit:

With a series of major hacks, Chinabuilds a database on Americans

China is building massive databases of Americans’ personal information by hacking government agencies and U.S. health-care companies, using a high-tech tactic to achieve an age-old goal of espionage: recruiting spies or gaining more information on an adversary, U.S. officials and analysts say.

Groups of hackers working for the Chinese government have compromised the networks of the Office of Personnel Management…

 [caption]

China hacked into the federal government’s network, compromising four million current and former employees' information. The Post's Ellen Nakashima talks about what kind of national security risk this poses and why China wants this information. (Alice Li/The Washington Post)

…

U.S. officials privately said China was behind it.

…

“This is an intelligence operation designed to help the Chinese government,” the China expert said.

Emphasis added, natch.

Either the US has spectacularly upped its forensics game since Michael Daniel’s rueful reflections in February or (my theory)…

The great minds were sitting around a table in Washington and concluded:

“We can’t prove this was a Chinese hack, but let’s turn this around.  Nobody can disprove this was a Chinese hack, so nobody can prove us wrong when if we declare without qualification it was a Chinese hack.  So let’s just go for it.”

Parenthetically, I might point out that one problem I see is, If with categorically and openly identifying the PRC as source of the hack is that we should immediately and openly retaliate at a commensurate level.  Otherwise, where’s our national credibility & deterrence?  Still waiting for the shoe to drop on that one.

The tip-off for me that the WaPo was carrying Obama administration water with this totally backgrounded mostly anonymous scoop was this:

The big-data approach being taken by the Chinese might seem to mirror techniques used abroad by the NSA, which has come under scrutiny for its data-gathering practices under executive authority. But in China, the authorities do not tolerate public debate over the proper limits of large-scale spying in the digital age.

The piece was written June 5, three days after the Obama administration had put the Snowden unpleasantness behind it and totally regained the moral high ground, in its own mind if nobody else’s, by replacing the Patriot Act with the USA Freedom Act a.k.a. "Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act."

Now, with the legalities of the US cyberprograms re-established, it was time to stop playing defense and go on offense against those public-debate-intolerant Chinese!

And that means relaunching the China cyberoutlaw product!  With the story of a hack that had, if I understand Nakashima’s account correctly, had occurred in December 2014!

Again, it is perhaps little remembered except by me that a key US objective for the Xi Jinping—Barack Obama summit in Sunnylands in June 2013 was to cap an eighteen month public opinion campaign against PRC cyberoffenses with a personal rebuke by President Obama and the presentation of an embarrassing dossier to Xi Jinping.

If, as I did, one googled “Xi Jinping cyberwarfare” on June 3, 2013, the first four pages of results included hits like these, indicating that the Western press was energetically singing from the same cyberwar hymnal:

China Doesn't Care if Its 'Digitalized' Military Cyberwar Drill Scares You

Atlanticwire

China Is Winning the Cyber War Because They Hacked U.S. Plans for Real War

Atlanticwire

Krauthammer to Obama: Launch cyber war on China

Fox News

China Is Our Number One National Security Threat

International Business Journal

House Intelligence Chairman: US “Losing” Cyber-War

Wall Street Journal

US Says China Is Stepping Up Cyber War

Financial Times

U.S. China Cyberbattle Intensifies

Politico

Just a reminder; these headlines are from June 2013, not June 2015.

In this case, the China Matters serendipity engine was firing on all cylinders; three days later the Washington Post and Guardian newspapers published their first revelations from Edward Snowden, fundamentally skewing the frame of the Chinese cyberwarfare story.

I’ve always wondered if the timing of Snowden’s revelations had something to do with the hypocrisy of the world’s biggest cybersnoop trying to stick that label on the PRC.

Anyway, the Obama administration has had two years to lick its wounds, do damage control, and reboot the program.

And guess what!  Xi Jinping’s coming to the United States again in September!  This time we’ll be ready for him fer sure!  Snowden discredited!  NSA on top! PRC in doghouse!

I must state here that I believe that PRC cyberespionage program is massive, government-backed, full spectrum, and actively exploring offensive capabilities.  But I also think that the US tactics are destabilizing and escalatory & have more to do with maintaining the US cyberadvantage as part of the burgeoning and profitable China-threat milsec business than they do with diminishing the threat to the American people from PRC cybermisbehavior.

And I take the current spate of news stories as part of an effort to get us used to perpetual cyberwar, just as we were bombarded with stories about malevolent Muslims in the last decade to reconcile us the the Global War on Terror, the erosion of civil liberties, and expensive and perpetual conflicts.

At this time, a trip down memory lane is warranted for people who have forgotten how the Obama administration methodically rolled out PRC Cyberthreat v. 1.0, the buggy pre-Snowden product, and are perhaps not connecting the dots on the rollout of PRC Cyberthreat v. 2.0, Now Bigger and Scarier! and how this might be a factor in the headlines blaring out of their newspapers & TVs & tablets.

Below the fold, for the sake of posterity, a lengthy recap on the first abortive US salvo in the China cyberthreat propaganda war.

Snowden, China, and TAREX

The Snowden camp did itself no favors with its critics and skeptics by revealing information from a highly classified NSA document concerning the use of “Targeted Exploitation” a.k.a. TAREX against the People’s Republic of China in a story published by The Intercept.  Basic story: undercover operatives penetrate PRC telecommunications companies to bug their products.

I’m a Snowden supporter, but I was also taken aback by exposure of a U.S. intelligence operation against a non-allied state.  The existence of TAREX is not classified; but the "forward TAREX presence" in Beijing was supposed to remain classified SECRET/NOFORN for 25 years i.e. not even revealed to our Five Eyes buddies.

Add to that the fact that the two main Chinese telecom providers and presumed TAREX targets, Huawei and ZTE, are effectively banned from U.S. government and telecom networks, so the argument that there was a compelling public interest, at least in the U.S.A., in getting the skinny on this operation is somewhat farfetched.

I e-mailed one of the co-authors of the Intercept expose, Peter Maass, to ask if his story reflected a change in the Snowden ground rules precluding the release of operational details; if TAREX had been revealed elsewhere and therefore was fair game; or if it was related to Snowden’s early days of exile in Hong Kong when he went “off res” and appalled his US supporters by offering details on US spying against PRC and Hong Kong targets, presumably in order to ingratiate himself to the local authorities.

Maass responded:

We give the NSA an opportunity to request redactions to documents we intend to publish. We consider those requests very seriously, and we balance them against the public’s right to know about the activities of their government.

So it appears that The Intercept gave the NSA the chance to argue against revealing TAREX.  The fact that the NSA did not go apesh*t and insist that this revelation be spiked otherwise undercover operatives in the field risked exposure/capture/or worse implies to me that the TAREX program has already been blown and/or terminated.

It’s plausible.  HUMINT operations are notoriously risky.  Targets identify infiltration agents, turn them into double agents, roll up networks etc. etc. etc.

And if one wishes to play eleventy-level chess, the NSA decided it was OK to let the story out, so that global telecom customers would get the message that, even if they eschewed Western equipment in favor of Huawei & ZTE (Iran, for instance relies on Huawei equipment for its national Internet), America is still listening.

But on balance, I could have done without knowing about TAREX.

Fred Kaplan Reliably Wrong on Snowden Clemency

Since I pretty much made a meal out of this issue over on Twitter, I’m returning from 140-character land to the reassuringly logorrheic surroundings of my blog to share my thoughts on the Fred Kaplan think piece that made the case for denying clemency to Edward Snowden.

I was rather bemused by the hosannas this piece attracted from certain quarters.  It’s the usual collection of sneering tropes, innuendo, and speculation, marshaled in this case to repudiate a New York Times editorial urging clemency for Snowden.

Kaplan puts his gloss on what he regards as Snowden’s vile shenanigans to conclude that Snowden would not agree to get strapped to a polygraph for a pre-deal debriefing about what Kaplan regards as his disingenous statements about footsie with the Chinese and Russians and thereby asserts (in the title of his piece) that Snowden “won’t (and shouldn’t) get clemency.”

Predicating any Snowden clemency on Snowden inserting himself into the maw of the US security services for a preliminary adversarial debriefing is, quite frankly, such an obvious straw man that I’m surprised Kaplan’s piece was taken seriously.

But it was, by a lot of people, Ian Bremmer and Josh Marshall among others who, I speculate, are profoundly uncomfortable with what Snowden did and need the feeling that a pound of flesh has been extracted from Snowden’s currently safe, sound, and snowbound borscht-swilling hide in order to get closure.

Let me tell you what I think is in play here, and why Kaplan is willfully or obtusely missing the point.

I think the real point of the New York Times appeal for clemency is not to validate Snowden’s actions or opinions; it's damage control.  It is an attempt to right the ship of American security and foreign policy and commerce. 

The US government, in order to renormalize its dealings with its allies, needs to make a high-profile symbolic gesture that the intrusive unilateral surveillance practices of the NSA, abetted by US high tech companies, have been reined in.  Once this ugly transition has been navigated, the US can reclaim the moral high ground and return to strongarming foreign countries to cooperate with the NSA (and buy American high tech products which now look pretty tainted) under the new, Snowden-approved regime.

Per the NYT:

Many of the mass-collection programs Mr. Snowden exposed would work just as well if they were reduced in scope and brought under strict outside oversight, as the presidential panel recommended.

In other words, it’s all better, the US has come to terms with the extra-legal and/or excessive nature of some NSA practices, we’re the good guys again, Look! We even gave clemency to Snowden!  And you better keep buying Cisco routers!  Or else!

My personal opinion is that the New York Times suggested clemency for Snowden, as opposed to a presidential pardon, in order to throw a bone to the anti-Snowden crowd by acknowledging he had broken the law and not ruling out the possibility that he had harmed certain US-related interests.  

I refer interested readers to the Scooter Libby sentence commutation controversy for additional discussion (and suggest that the NYT may have shaped its Snowden proposal around the Libby case, where arguably rather dirtbag behavior was excused by the president with limited fuss, muss, and sustained public indignation for reasons of White House morale and partisan inclination, rather than any overarching foreign policy goal).

Unfortunately, clemency raises a new set of issues because it is traditionally granted for cause after the recipient has paid his debt to society with a certain amount of time in the slammer.  Maybe the NYT should have proposed a straightforward pardon for Snowden on the grounds of national interest.  Asserting clemency on grounds of equity, on the other hand, opens up the whole can of factual and evidentiary worms for Kaplan and other Snowden detractors to dig in.

I find it amusing that Kaplan’s contemptuous rejection of the clemency gambit, because it was coupled with a recognition that conditions did not yet obtain for trying Snowden for treason, was hailed as some piece of high-minded objectivity.

Tough minded pundits like Fred Kaplan are supposed to look beyond their emotions, look beyond concepts of justice, to make the tough calls to protect American interests.

In this case, the US interest would seem to reside in using a Snowden clemency to hang some faux-reform bunting on Castle Greyskull, the NSA's fortress headquarters in Fort Meade.

By attempting to foreclose clemency, Kaplan is not lifting a middle finger to Snowden or the New York Times; he is flipping off the Obama administration, the US security empire, and the US high tech industries, all of whom are trying to cope with the genuine Snowden effect: the incremental disintermediation of the United States from the world communications, data, and surveillance empire that they had themselves created.

When I read Kaplan’s article, I was reminded of that scene in Airplane! (funny only in a rather creepy way, I must say), where passengers line up to slap a hysterical passenger.

In this case, I imagine Kaplan facing the ire of a long line of US government and private interests, with world influence, security assets, and billions of dollars of contracts at stake, all trying to slap some sense into the guy.  

$5 billion in contracts for Cisco routers!  Slap!  The Brazilian Internet repiped away from the United States! Slap!  The PRC making the moral case against US global surveillance!  Slap!  Angela Merkel can’t let us listen to her cell phone!  Slap!

Yeah, I know, a lot of people think we should be slapping Snowden instead.  Point is, Snowden’s already done what he’s going to do.  It's water under the bridge.  In B-school speak, it's a sunk cost.


The real question is, What is the US going to do about it?  What is Fred Kaplan going to do about it?  

I recall a passage from Kaplan’s clemency slam:

But one gasps at the megalomania and delusion in Snowden’s statements, and one can’t help but wonder if he is a dupe, a tool, or simply astonishingly naïve.

Hmmm.  Pot...kettle...pot...kettle

[After posting this, it occurred to me that perhaps the Kaplan strategy is simply to unfurl the banner of defiance and stick to the line that the problem wasn't Snowden's revelations but the fact that Snowden revealed them.  If so, the appearance of the New York Times editorial and the realization that the foreign policy and media elites were not standing shoulder-to-shoulder would have been a nasty knock.  CH, 1/4/14]

I don't think Edward Snowden is going to get clemency.  But I think it's interesting that the NYT, perhaps working with some people inside the Obama administration, decided to float this trial balloon. And I'm still struck by the emotions that this case continues to arouse.