The so-called “market of ideas”. And since Edward Bernays, marketing has dominated the rhetoric of the market of ideas. And marketing depends on “consumer intelligence”, not the intelligence of the consumer but the intelligence about the consumer’s hot buttons.
Scott Ritter reports about the technical information that has been grist for the information war about the election from the beginning. He also reports on how the marketing strategies of cybersecurity and software firms play in to how the events of 2016 played out.
Ritter’s point is this: DNC approached cybersecurity as an inhouse operation backed up by an aggresssive cybersecurity analysis, attribution, and response company. That company was CrowdStrike. DNC’s inhouse protection failed catastrophically (in political terms). When they brought in CrowdStrike, that company’s skill set seemed to go more toward narrative management than toward skilled attribution of the intruder. Meanwhile, the self-claimed actor was dismissed as a hoax and the assumption was made that of 30 potential government actors, the alleged government actor was Russia. Ritter furthermore says that CrowdStrike then and not controls the evidence from the DNC servers that could give other investigators information about attribution but that it (and the DNC) refuses to release that evidence.
What emerges in this reporting is how vulnerable we are because the US government (for us), cybersecurity firms (for their clients), and all of the organizations that handle sensitive data can neither secure their servers from a determined attack, reliably attribute an attack, or work to shut down the source of an attack once identified. Nor have they devoted sufficient resources to figure out how reduce the ability to carry out an attack. Indeed, the US National Security Agency is more interested in carrying out attacks on other organization’s assets than on protecting US assets.
That last reality is why the intelligence community has not been able itself to provide reliable attribution in the absence of political motivation. They too are reactive; moreover they are politically constrained by their sources of funding.
It is a vulnerability that was introduced when the internet became a real-time communication tool instead of just an interface for lookup in the equivalent of what Internet Archive aspires to be — a global public library.
The story now reduces to the marketing spin of the various actors involved or alleged to be involved.
CrowdStrike has a motto: “You don’t have a Malware Problem, You Have an Adversary Problem.”
The only clear beneficiary of the DNC leak was the Trump campaign and even then just barely.
They would be the most obvious adversary.
The assumption that only the Russians could have done such a wide-ranging cyberattack has shielded direct action by the Trump campaign from scrutiny. It as also shieded hackers friendly with Julian Assange, who might have a grudge against how the Clinton State Department made him a man without a country. What other adversaries would have a motive and a means?
The DNC legitimately is worried that an investigation of their server materials in CrowdStrike hands could expose other confidential transactions. This impasse is completely predictable.
Would an additional direction in Mueller’s investigation include what is known about the leak and the Trump campaign’s knowledge (if any) of the leak or the contents of the leaks, or coordination. Testimony about the more easily discovered meeting coordinating with Russia during the campaign could lead to clarity about the cyberintrusions. After all the subjects and topics of the leaks were reminiscent of Nixon’s Watergate operation.
What is clear is that the crapification of the internet is more and more obvious and at some point draws away internet traffic as network operation turn the revenue screws.
The implications of this caper are very clarifying for politics, international relations, technology, and information consumption.
You write:
Indeed. It is obvious on every level, from systems like Google and Facebook becoming (supposedly) independent censors on many levels…societal and political, if those two systems can be defined separately…right on down to to the techification of almost all commerce and on through BlogWorld U.S.A, this little blog, and the mass of spam appearing on every level…advertisements in our email, etc.
Crapification.
Precisely.
The only remaining question is:
Has this been purposely allowed to happen in order to block the power of unrestricted free exchange of information…a real threat to the controllers on all levels…or is it just the usual human tendency to turn marvelous inventions into world-destroying pollution?
I don’t know, myself. Somewhere in between those two extremes, I think… controllers belatedly recognizing the danger of the internet and encouraging its destruction by normal human failings.
So it goes.
Thank you, Tarheel. You are certainly a bulwark against crapification.
Reason on.
Later…
AG
Good, sober, and conservative presentation by Ritter.
Unfortunately, anyone that looks into this matter ends up relying on not only CrowdStrike’s/Alperovitch’s attribution conclusions but also the sequence of CrowdStrike’s DNC engagement that Alperovitch has reported after the fact.
After reading the Esquire article when it was published last October, I dismissed much of it as fiction. The “cyber-sleuths” come in to rescue the poor damsel in distress and do so within hours and begin stalking the villain. And for weeks the villain roamed and snatched the damsel’s panties. (Checking just now on this trope, learned that it’s prevalent in video games.)
Assuming this report is factually correct (and I wouldn’t put money on that), it doesn’t reveal how DNC techies became aware of the penetration of their servers or the nature of the penetration. Of the four participants in the meeting, only one, Andrew Brown, had any tech expertise. (Seems odd to me that outside counsel would have been there, but maybe that’s SOP in DC). And from his DNC bio, Brown is more of a data analyst than a techie:
FWIW – ISSI on twitter:
Back to the DNC narrative:
hmm. Who I notice isn’t ever mentioned in any of these reports is Andrew Therriault — his DNC bio:
Therriault’s Linkedin resume is more complete.
In any corporation, other than apparently the DNC, Inc, this is the in-house staffer that would have been drafted for a role in assessing a computer server data breach. Excluding Therriault (and my sense it that it wasn’t by omission but by design) is IMO a tell. (And no, Therriault isn’t a geek that can’t speak in whole sentences and doesn’t wear pajamas to work.)
More dots:
On May 25, 2016 Therriault announced his resignation as he’d been hired by The City of Boston as the Chief Data Officer. (The 25th was a Wednesday. By mid-June (June 15), he was no longer at the DNC, but his last day at the DNC may have been days or a week or so earlier. There’s nothing suspicious in the timing wrt to Terriault. (The position of Chief Data Director was announced on February 18, 2016 by Mayor Walsh and Terriault was well-qualified for the job. Based on his public postings since he’s been on the job, he loves it.)
Convenient and coincidental for CrowdStrike and DWS?
Coincidental that the most recent DNC email that’s been published was dated May 25, 2016. Yet CrowdStrike claims not to have shut out “the bears” until over two weeks later than May 25. If Guccifer 2.0 were Russian intel or just a free agent hacker, May 25 would have had no significance to them in extracting DNC emails. (No, Therriault isn’t the leaker; no motive or too many motives to stay in the good graces of Democratic Party VIPs.) This dot contributes to the narrative that it was an inside leak.
A few months ago, Clinton on her excuse making tour, trashed the DNC’s data operations. “Therriault unleashed a double expletive when referring to Clinton’s comments (he called them f**king bullsh*t, and then deleted the tweet”. More evidence that Therriault is a professional that takes pride in his work but is also a DP team player.
CrowdStrike and the NSA are pointing fingers as to who has the actual evidence of a breach. If what has been reported about NSA’s superb multi-billion-dollar vacuum cleaner or foreign data, both should.
Someone wanted to blow up a data breach (routine or not, we don’t know) into an election issue. My current suspicions was that it was a CrowdStrike marketing ploy that got out of hand because too many people wanted to shaped the story in the leak pipeline. And the blowback from that bungling allowed Russia to succeed beyond their wildest dreams at something the might or might not had more than a perfunctory hand in. It is the organizational reaction, not the technical wizardry that make information war effective. Manipulating that organizational reaction is what marketing (especially to institutional clients/targets) is all about.
The implications are that the response is not bombs, drones, and armies. The strategic response is effective marketing of one’s own.
It is increasingly looking like a hired gun defender’s scoring an own goal. When everything becomes clear, will CrowdStrike have a reputation left? The persistence of StratFor is not encouraging. Who comes out looking better is Norton. And Kapersky, but that creates its own problems.
Also, it looks like the vaunted VAN system was a fundamental point of vulnerability. Wonder if that was because of the time constraints in getting the Sanders campaign integrated into the system.
There are some huge problems in shared campaign information systems between candidates who are going against each other in a primary campaign. I’m not sure developers have a good grasp on the security issue involved in flipping primary data to aid a party in the general election. It is likely why Obama kept his system strictly separate and operated with dual systems, allowing party operatives to control the party system. Or that’s the way I understand that it worked.
The other issue is engaging vendors. Who can you trust and who is competent? I hope that some developers who want to see Democrats elected are working on some solution. It is not a trivial problem.
All this systems tech stuff is way beyond my pay grade. However, have noted that opinions on NGP-VAN have been good in the past few years. Maybe it wasn’t so good in 2012 when Obama last ran.
Disagree — with one small exception that I’ll get to in a moment. The timeline doesn’t work for that interpretation. Something was brewing at the DNC weeks, possibly months before there was a hint of a “story in the leak pipeline.”
Look at the DNC oppo research file on Trump from 12/15 — generic and mostly known and not interesting stuff. Too many of Trump’s opponents had too much money not to have invested some of that on digging up dirt on Trump and appeared to have come up with nothing. No chance that a Republican that finds dirt or anything that can be spun to look dirty on an opponent is going to pass on using it. Have to also assume that the RNC was compiling (more like updating) its oppo research file on HRC. Note in that DNC Trump file, not one word about Russia or Putin.
Look at the polls from Feb-April 2016. Start with Q Feb 2-4, HRC 46% and Trump 41%, but her weakness as a candidate was revealed in that same poll: HRC 41% and Rubio 48% and she was tied with Cruz at 45%. She was still beating the clown, but Rubio and Cruz aren’t far behind Trump in being cartoonish.
Through March, her lead over Trump increased, but in a Sanders/Trump match-up he fared better than HRC did in an HRC/Trump match-up and Trump did worse against Sanders. And she was still only running even with Cruz. By May her support was softening but so too was Trump’s. Mid-May NBC, HRC 46%: Trump 43% and Sanders 54%: Trump 39%.
As Trump was preparing to waddle his nomination victory lap, something was softening his support. This is where I suspect the DNC comes in. Anti-Russian Ukrainians were a presence there and were best positioned to respond immediately to Trump’s hiring of Manafort. (I think this is bs because lobbying sins for in foreign governments are bipartisan.) Plus they had the little prequel in the summer of 2015 when Roger Stone was an Trump advisor. This may have been helpful in holding back Trump as HRC was still dealing with the FBI investigation of her emails. But inherently it wasn’t robust enough to take him down and its shelf life wouldn’t last until November. They needed something stronger.
Whether or not there was an intrusion of the DNC servers, that’s when a story line began to hatch. Scheduled release date around the time of the RNC convention. Secret projects on the premises of any institution get sussed out by at least one employee within two weeks, sometimes within hours. May not have all the i’s dotted and t’s crossed, but institutional scuttlebutt is remarkably accurate. What I suspect is that this led an insider to download the files and probably had complicated reasons for doing so and have had only a half-baked idea on what to do next.
What files were Assange/Wikileaks looking at as of 6/12/16 when he made his comment about being in possession of files related to Clinton. Everyone seems to assume from subsequent events and disclosures that it was DNC files and not HRC campaign and Clinton foundation files and that the DNC recognized that they’d been hit and something taken because CrowdStrike had been assessing their system for several weeks. So, they took what they had — Putin “bears” — and ran with it within two days. This is where it all gets very murky.
Not plausible to me that Guccifer 2.0 is a Russian operative. Too sloppy in leaving tracks that pointed to Russia — he was reinforcing the DNC narrative that he claimed to dispute. Beyond that and so far, it’s not been possible to identify Guccifer 2.0 and his role in all of this.
The part of Sy Hersh’s recent intemperate remarks that I found intriguing was that a teaser DNC files was submitted to Wikileaks. That’s something that the NSA (or associates) would have been able to pick up and quickly run and inquiry when needed. If Hersh is correct, by June 14, multiple entities, including Guccifer 2.0, knew what was in that teaser file. Either intentionally or inadvertently what G-2.0 posts confirmed was the authenticity of a cache of DNC files (none particularly damaging except to the eagle-eyed Jared Beck, assuming he hadn’t been informed of more). The DNC/Democratic operatives did make an effort to dispute the authenticity, but that market plan flopped. So, they went the victim route — we was robbed by Putin-Russia. It’s also implausible to me that if CrowdStrike had nailed “the bears,” that they wouldn’t have been begging the FBI/NSA/CIA/etc. to come take a look.
The VIPS report on the G-2.0 DNC download on July 5, 2016 can’t be dismissed. The forensics aside (above my pay grade), CrowdStrike claimed that they’d locked down the DNC servers by June 12. Plus, would the real initial culprit risk a download after it was publicly known that some sort of intrusion had occurred earlier? That’s the behavior of a copycat not the one that got away with the original crime.
Somebody — perhaps all of the actors — in all of this is lying. We just don’t yet know (I’m always an optimist in such mattes and am not rewarded nearly enough for it) who lied and what’s the truth.
I had two points about Scott Ritter’s analysis:
My own view is that it more likely was either internal or the security on the DNC was frightfully misadministered (which might have been a feature, a vulnerability, or a covert operation).
Something that comes in a package waving Cyrillic characters is highly suspect for a “sophisticated government operation”. Unless you want to advertise as the culprit as part of a larger strategy. That technical detail is not hard to understand because its context is not technical at all, but political.