I had every intention to post something last night concerning the leaked NSA report on Russian election hacking, the oddly named young alleged leaker and the possible motivations behind her action. But I faced a dilemma. Even though the NSA document has been widely published, it is still classified. I no longer hold an active security clearance, but I am still legally bound by the many security agreements I have signed over the years. Technically speaking, I am not supposed to be reading or hearing about this latest leaked NSA report or commenting upon it except in the most circumspect manner. For anyone else here who has signed one of these ubiquitous security agreements at some time in your life, this is something to keep in mind.
On the other hand, I have solemnly sworn to support and defend the Constitution against all enemies. I took this oath before God. I pledged my life and sacred honor. If I ever found myself faced with a decision to go with a solemnly sworn oath before God or my signature on a legal agreement, I certainly hope I would choose my sacred honor and loving God over the penalties of the US legal code, no matter how severe those penalties might be. But more on this later. Here’s my comments on some questions raised by some of our correspondents.
1. Why did Reality Winner have access to this document? Reality probably was first processed for a TS clearance shortly after she began training as an Air Force linguist and before she was assigned to NSA at Fort Meade as a linguist. As such, she was given an account on NSANet. This TS/SCI intranet gives analysts broad access to practically all intelligence information within NSA and across many other IC agencies. This wide ranging access came about because of unexamined advances in information technology and the deliberate decision to eliminate the stove piping of intelligence as a post-9/11 intelligence reform. Very little remains behind the walls of need-to-know besides HUMINT operational data and designated SAPs.
This became a real problem with cyber operations and cyber reporting. This reporting often required detailed and specific data to be of use to network defenders. If these reports were available in the existing intelligence reporting databases, any analyst could access it. When I was setting up my last collection outfit, I was advised by a high level CIA tech dude to make my reporting limited distribution outside the normal reporting system from the git go. Otherwise some bonehead analyst who thought they were a 1337 cyber-sleuth would start investigating from his NIPRNet box and blow the operation. I ended up establishing a reporting system that was technologically decades out of date but still responsive to the needs of my customers. Perhaps a certain amount of stove piping will come back into vogue.
2. Why did a contract linguist have a TS/SCI clearance? Almost every job in the IC requires a TS/SCI clearance as a minimum requirement. Almost every building is a SCIF. This is especially true at the NSA. Even some of the cleaning staff have TS/SCI clearances, but no IT system access. The alternative is to stop over-classifying everything or make due with far fewer TS/SCI cleared personnel. I don’t see either happening anytime soon.
3. Is this a real NSA document? Unless the FBI arrest warrant is also a total fabrication, the document is real. The FBI states so in the warrant. The Intercept also redacted parts of the document at the request of the NSA when it became apparent that it was going to be published. If it was fake, the NSA would have just blown off the Intercept reporter.
Many will continue to insist this document is fake along with every other piece of information about the “Russians tried to hack the election” thing. It’s all part of the vast snowflake conspiracy to get Trump out of office, just like the USG was behind the 9/11 attacks and the Sandy Hook shooting was a hoax perpetrated by Obama in an effort to take all our firearms. I can't help you.
4. Did this and other illegal leaks damage our collection capability? I have no doubt the sum total of information that has been made public concerning the Russian info op has degraded our capabilities to collect against the Russian target. However, I believe Obama’s personal warning to Putin in September 2016, his “red phone” warning to Putin along with the expulsion of 35 Russian officials in December 2016 and the 6 January 2017 DNI report tipped Putin to holes in his commo systems. As soon as I heard our government accuse Putin of being behind the DNC hacks, I knew we were deep in their shit. All that didn’t come about because of the CrowdStrike malware report. The illegal leaks were just icing on the cake.
5. What was Reality Winner thinking? Damned good question. If she thought she was going to be a protected whistle blower, she was hopelessly mistaken. Her stunt will end up costing her ten years of her life. Perhaps she thought she could outfox the NSA and FBI and get away with it. Given her background, she should have known better. She hated Trump and the Republican agenda. Maybe in her naiveté, she thought this small act would help in stopping Trump and the Republicans. That’s hardly seems worth ten years of her life.
There’s another possibility. This may apply to Winner and to the other illegal leakers. There is a real possibility that Russia made a deliberate and concerted effort to disrupt our electoral process in the run up to the 2016 election. Based on my experience with Russian info ops, I believe this happened. I do not know it happened because I don’t have access to the intelligence. I don’t appreciate others trying to give me illegal access to this intelligence. I still have faith in the system to weather this storm and do the right thing.
What the Russians did was not a crime against humanity or an act of war. Compared to what we did to Ukraine, it was elegant and bloodless. No, it was just hardball international politics and I don’t begrudge them for trying. But I do want them to know that any effort to try anything like this again will be quickly discovered and it will cost them more than they hoped to gain.
But Russian info ops do not constitute a crisis requiring illegal leaking of classified information. If Trump and/or those around him colluded with the Russians in the execution of this info op, I want them and the Russians spanked hard. If the Trump administration is actively seeking to suppress the investigation and protect the Russians, I want them spanked. Either of these cases would mean that the reins of power are currently in the hands of enemies of the Constitution. Although I have faith that our system can deal with this possibility, perhaps Winner and other leakers lack this faith. Perhaps, as misguided as this is, they choose to honor their sworn oaths to the Constitution rather than their signature on a legal agreement. It doesn’t matter. If caught and tried they will all probably face prison time... that is unless they are high level muckety-mucks
TTG
Great post, thanks TTG. I concur on all points you covered. I do have one snivel: don't believe we should be going back to stovepiping intel. Perhaps it could be done in a limited way as you suggest. Although I am not computer savvy enough to even imagine how that would work.
I saw that Assange calls her a hero, and offered a $10K reward to burn an Intercept reporter for reportedly outing the leaker. And yet Assange was the one that enabled the Russians by posting their hacks on wikileaks. And he claimed to be 1000 percent confident that the Russians had nothing to do with the leaked emails he published. Miss Winner should tell him to stick his support where the sun don't shine. His involvement will get her a maximum sentence.
Posted by: Gene O. | 07 June 2017 at 01:35 AM
I remember when Watergate was ongoing, all the cries about our democratic way of life being in danger. I said then, as you are saying now, that our constitution and the governance upon which is is founded are a whole lot stronger and more durable than such doomsayer give it credit for.
Posted by: Bill H | 07 June 2017 at 01:59 AM
I am most concerned with her age. I would not have been concerned about that many years ago, but recently I've come to believe that we do little in this country to train our young people how to think logically. The country and our educational systems are now so divided ideologically that the young are most likely, no matter where they are being educated, at the whim of their instructors' personal ideologies and are being taught what to think, not how to think.
And your mention of God shows me clearly that you do most likely come from my generation. It doesn't appear to me that many her age nowadays believe there is a God and most are taught that they, themselves, are quite able to to decide right and wrong without any help from a Deity.
So, you are right, I think, in feeling many will end up spending years in prison. It would be wise to set up good libraries in those facilities with books on philosophy, religion, logic, and even on the advances that have been made in understanding how the brain works. I will even suggest that the libraries should have literature from all past centuries of human writing and history books from all time period. (I am overwhelmed with the artistic talent of our youth and with their advanced abilities in many subjects and in athletics. But somehow we have failed to make them aware that they are not really little gods.)
Posted by: DianaLC | 07 June 2017 at 02:50 AM
It is a big can of worms. It opens up a lot of questions as to who sets foreign policy, who decides who and what is the "enemy", what past involvement we have had in interfering with Russian elections and the follow-on repercussions on a tit-for-tat basis, why Russian attempts but not Israeli or Ukrainian (and others) are bad but the others okay, etc. the list can be very long. It certainly doesn't excuse any government employees for releasing anything classified and as you say low level but not high level (Petraeus for example) will get punished to the maximum extent possible.
Perhaps this now sets the stage for a series of follow-on arrests and prosecutions which are way past due. Maybe it is also a slippery slope and the higher mucky-mucks will slide down into the level of prosecution as the efforts to clean house and gains momentum. We are seeing traitorous behavior throughout the US government and especially in the Clintonista's realm. Where it ends up is anyone's guess but watching Trump I can guess that it won't be anything that we could predict. I think in this case this particular analyst is a useful idiot who has opened up the door to a cascade of events. Perhaps this is progress and will aid Trump in the long run? Perhaps we will see a change to the Constitution similar to what was recently enacted in Germany to stifle fake news? It is a whole new game if this goes the way I think it might.
Posted by: Old Microbiologist | 07 June 2017 at 03:21 AM
Gene, I think it is likely that there are multiple efforts running simultaneously some external of which some were state sponsored and others just garden variety hackers. However, it is very possible that most were really internal and conducted by various IC elements inside the US government. The release of the NSA and CIA hacking tools have shown they developed and implemented hacks designed to look like foreign government attacks. So, winnowing out who did what to whom and when is going to be really next to impossible especially if the investigation is led by the perpetrators (as likely happened in Ukraine with MH-17). It will be interesting to watch this unfold.
Posted by: Old Microbiologist | 07 June 2017 at 03:25 AM
More of the pot calling the kettle black. If the Russians did as claimed, I would not be surprised, at all, given the meddling we have done politically there. I am specifically thinking of our meddling in the election which gave Yeltsin his second term, and the putsch in Ukraine.
I believe a consequence of these revelations will be mass migration of all Russian computer systems off Intel architecture chips and onto ChiRus CPUs, concomitant with migration onto a ChiRus OS, for the express purpose of making NSA sleuthing more difficult. This will be followed by massive continuing assaults on AngloZionist networks for the purpose of finding exploits capable of shutting down critical utilities, ala Stuxnet vsavis the Iranian centrifuges.
The US will complain, but given their behavior, nothing will come of it.
Meanwhile, the Medical access crisis, and public health crises in the USA will go unattended, the elderly will continue to live on dog food, and those who work for minimum wage will continue to survive, barely, on Food Stamps.
Before you flame me, I'm a Vietnam Vet. I too took an oath "to support and defend the constitution under Almighty God" and I too went into harms way, and I too believed in duty, honor, country.
INDY
Posted by: Dr. George W. Oprisko | 07 June 2017 at 05:11 AM
TTG, thank you for this
"If I ever found myself faced with a decision to go with a solemnly sworn oath before God or my signature on a legal agreement, I certainly hope I would choose my sacred honor and loving God over the penalties of the US legal code, no matter how severe those penalties might be."
And I agree with this: "The illegal leaks were just icing on the cake."
Posted by: TonyL | 07 June 2017 at 05:18 AM
I have not found anyone offering the entire report, even the articles claiming that this document was "leaked online" provide neither a link, nor any plausible method of finding said document. All smoke, no fire.
The article in "The Intercept" has just a few details from that NSA report, with sections blacked out (why black anything if the whole document is already leaked) and even these details apparently their journalist was unable to read properly (yes the article is not even consistent with the small amount of evidence it does put forward). For example, the diagram showing the phishing attach strategy uses the words "Probably within" in relation to the connection with GRU. Hmm, what does that mean "probably"? Sounds kind of uncertain. How does this journalist interpret this word?
"The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU."
There you go "probably" is equivalent to "no doubt". Something you can only learn from journalists (the least trusted profession on Earth).
Now the rest of what he describes is the same phishing that's been going on for 20 years or more, which is very well known to most people on the Internet. We all get buckets of junk email, containing links to all sorts of dodgy sites... big deal, nothing new here. Some people will click on them, there's always someone. OK, many variations exist, and two-factor authentication introduces a bit of an extra complexity, but none of that is specific to Russia, nor even relevant to the question of whether Russia is involved.
In terms of actual evidence... zip. I mean something that directly links the Russian government. Just show me one tiny bit of real first-hand evidence.
Many other news sources are making reference, to a reference, to the original Intercept article. Which really doesn't help a whole lot.
Overall... highly unconvincing.
Posted by: Tel | 07 June 2017 at 06:52 AM
Thank you TTG for a nuanced analysis based strictly on the known facts. You have stated the tradeoffs of wide versus narrow distribution of classified data pretty clearly but at a very high level. Previous posting leads me to believe that these tradeoffs are not clearly understood by SST readers. Could someone post a more detailed explanation? Or least some links?
Posted by: Fredw | 07 June 2017 at 08:05 AM
TTG -
Thanks for this thoughtful and informative post.
I have assumed that Hilary Clinton would have been a priority target for Russia and other counties with substantial intelligence capabilities while she was Secretary of State. If so, is it plausible that Russian intelligence (or Russian hackers) had obtained her private server emails? If this is likely, and if Russia wanted to impact the election, it would seem to me that releasing her "private" emails - which probably included any seriously problematic activities - would have had a substantially larger impact on the election than releasing the DNC emails.
Posted by: Joe100 | 07 June 2017 at 09:15 AM
Tel,
A pdf of the document is on documentcloud.org. This is an analytical report, not a piece of raw intelligence. It does not even refer to the raw intelligence reports as footnotes or endnotes as most reports I've seen. The report refers to GRU origin of the operation as confirmed information rather than analytical judgement.
Posted by: The Twisted Genius | 07 June 2017 at 09:28 AM
TTG
"Obama’s personal warning to Putin in September 2016, his “red phone” warning to Putin along with the expulsion of 35 Russian officials in December 2016 and the 6 January 2017 DNI report tipped Putin to holes in his commo systems. As soon as I heard our government accuse Putin of being behind the DNC hacks, I knew we were deep in their shit. All that didn’t come about because of the CrowdStrike malware report. The illegal leaks were just icing on the cake." IMO your points all imply that there had been a massive US penetration of Russians comms and that the Obama administration progressively indicated to the Russians by implication that this had occurred. It is nevertheless one thing to suspect that this was true and quit another to KNOW because of the content of the leaked diplomatic and GRU material that it is true. The "icing on the cake" was in this case about a foot thick. pl
Posted by: turcopolier | 07 June 2017 at 09:31 AM
As someone with no direct experience with these matters, that's the part that I truly don't get: that IC professionals so feared Trump or so wanted to be at war in Syria or Ukraine or the Baltics or wherever, that they unmasked lots of the US monitoring capabilities in an all out quest to damage Trump. It's very hard to see how that was a rational calculation. It's also interesting that I've only heard people here speak about this cost to the leaking, while most media seem oblivious...
Posted by: Mark Moon | 07 June 2017 at 09:38 AM
TTG
"The report refers to GRU origin of the operation as confirmed information rather than analytical judgment." NSA does not produce finished reports based on multi-sourced. Information, SIGINT, IMINT, HUMINT, Open Source information, etc. It produces either raw reports of what was collected or what it calls semi-processed information that seeks to put its own products in context so that they not be misinterpreted. This evidently was one of the latter, but it must be remembered that such reports from NSA are firmly rooted in and concerned with SIGINT product. pl
Posted by: turcopolier | 07 June 2017 at 09:38 AM
Mark Moon
Until the action of the Georgia Peach there was no [articular reason to think that IC professionals did anything like that. Their politically appointed bosses had the same access as the professionals. pl
Posted by: turcopolier | 07 June 2017 at 09:42 AM
Are you including NSA, politicians, and various intel managers as potential enemies of the Constitution? There seems to be ample evidence there was massive violation of the Constitution involving the Fourth Amendment and chilling of First Amendment rights by collection of phone and internet communications by the NSA specifically. The National Intelligence Director even lied to our Representatives about this collection.
This is a monumental violation of trust on the American people. Regardless of any good intent to protect us, the potential for damage to individuals going forward is incredible. This reminds me of two former army friends looking out a window view of the street and talking in an infamous prison in Moscow during Stalin's reign. The one in custody asked his friend, "Am I a suspect?" his friend answered "No you're guilty, all those people out there are the suspects." Are we all suspected terrorists?
As to Winner and more appropriately Snowden, I'll paraphrase Martin Luther King, "an individual who breaks a law because his conscience tells him what he is doing is right, and who willingly accepts the penalty of imprisonment in order to arouse the conscience of the community over an injustice, is in reality expressing the highest respect for law."
Posted by: Marcus | 07 June 2017 at 09:47 AM
pl,
NSA is now firmly rooted in all manner of cyber-int as well. They referred to it as "SIGINT at rest" in a concerted effort to wrest control of all cyber collection from other IC agencies. This all happened after Y2K. Eventually they agreed this field was big enough for everyone. Within DOD the Air Force was always trying to claim this as their own domain.
Posted by: The Twisted Genius | 07 June 2017 at 09:50 AM
TTG
Yes, the cyber connection is there with the NSA/Cybercommand merged function but the Georgia Peach's paper seems to have been intelligence rather than cyberops. pl
Posted by: turcopolier | 07 June 2017 at 10:00 AM
TTG,
The report describes Malicious VB macros & PowerShell - this is amateurs' night. Frankly the GRU should be embarrassed at the exposure of their use of such antediluvian methods.
What is unfortunately rather more convincing is the obvious redaction of named individuals in the GRU from the document. I guess this is what pl refers to in concluding that their internal comms are compromised. Winner clearly didn't see or care about that small detail. She bears no comparison with Snowden, who at least had the good sense to move to Moscow.
Dr. George W. Oprisko also makes a good point in his comment above. Modern strong encryption techniques likely mean we have their secret keys in order to read encrypted traffic - i.e. NSA are inside the Ruskies' machines. If GRU still use Windows/Intel, or other technologies connected with the US, they are greater fools than we give them credit for. Not for much longer I suspect; we could be headed for an intelligence Dark Age.
Posted by: Simplicius | 07 June 2017 at 10:06 AM
It seems that it's difficult to keep information secret if you spread it around the intelligence community but difficult to make good use of information - analyse it and put it in context - if you don't.
Since information shared with a great number of people is always vulnerable to leaks that means that a certain degree of slippage has to be accepted. Quite serious slippage sometimes, because a trivial-seeming item of information might help an analyst on the other side to come to a non-trivial conclusion. Walling off or "stovepiping" particularly sensitive information can't therefore solve the problem entirely.
That "natural slippage" must be something all intelligence services must have to take into account but the less of it the better - if it occurs seldom then it will be easier to identify the source of the leak and seal it off.
What's occurring in the US at present is very far removed from anything that can be called natural slippage:- 1. It seems that a thumb drive and a few spare hours can facilitate the release of information that previously would have taken a major effort to acquire. 2. It also seems that an appeal to conscience, or even to political conviction, can be used to justify any leak by any member of the intelligence community. Put those two together and we move from natural slippage to all hell let loose, which to an outsider seems to be a fair description of what's happening at present in parts of the US intelligence community.
As a dissident deplorable - and getting more dissident and deplorable by the day - you might think that this state of affairs would suit me very well. It opens a window on to what the politicians are doing or authorising. But:-
1. The window's open enough as it is. We need no leaks to tell us we are arming dubious forces in the Ukraine. We need merely to look at the Congressional record. We don't need leaks to tell us that ISIS was let run in Iraq. President Obama told us so on prime time television and why. The Wikileaks revelation that governments go to great lengths to collect and collate data on us wouldn't have surprised the Elizabethans, or not those who knew of Walsingham, nor would the fact that that process is often abused. No one doubts that we have Special Forces all over the ME, or if they do there's enough open source material around to enlighten them, and finding out the names of units or the identity of individuals would add nothing useful to our knowledge.
So we've got chapter and verse for the use our defence and intelligence forces are being put to anyway, We don't need leaked and often dubious footnotes as well.
2. The window's open enough but no one much is looking through it. We need merely look at this site, SST, to see that. Here we see, from the Colonel, you, and other specialist contributors, the record of what we are doing in the ME and elsewhere laid out, together with assessments of that record. The gap between that and what is put out by public media is almost unbridgeable. It is that information gap, not the lack of information, that renders control of the politicians by the voters difficult.
3. Release of defence information, or of information from which defence information might be deduced, is inherently dangerous. The fact that politicians are misusing our armed forces at present, and also misusing our intelligence services, does not mean that those defence forces and intelligence services don't have a genuine function to perform. Unless we take a pacifist line and wish to see no defence forces at all then they'd better be in good shape for times when they might really be needed. That's why I don't want to know, and want no one else to know, such information as mentioned in (1). Releasing information that's not open source about, say. the location of units or individuals adds nothing useful to the information we need and quite possibly puts those units or individuals at risk. Similarly, releasing specific information about our intelligence gathering capabilities tells us nothing we can't guess but could render those capabilities less effective.
That's a more significant consideration for the UK. The American defence establishment is so large that it can no doubt afford to lose a bit of effectiveness without seriously compromising its performance. There's a lot of excess fat there. That's not the case so much in the UK. "Full spectrum" is now merely a pretence, the forces are still undermanned, and the alliances that might compensate for those deficiencies are in question. In addition the army, according to what one hears said publicly by senior officers, has been run ragged in the various recent interventions and the cadre of experienced men to train the next generation is smaller than it should be. For the UK therefore unauthorised release of defence and intelligence information isn't damage that can so easily be accommodated.
Such considerations as I have set out above will be part and parcel of your everyday thinking. But the reason I've set them out is that a passage in your article causes me slight uneasiness:-
"If I ever found myself faced with a decision to go with a solemnly sworn oath before God or my signature on a legal agreement, I certainly hope I would choose my sacred honor and loving God over the penalties of the US legal code, no matter how severe those penalties might be. But more on this later."
One has to agree with that in the case of blatant criminality - a soldier ordered to shoot prisoners might certainly feel that honour came before duty when the two conflict - but the difficulty is that we all have different definitions of blatant criminality. In the case of the release of information you are discussing here, it may be that it was motivated by the belief that Trump or his administration is the embodiment of evil and that all means are fair to combat that evil. The plea of honour or of conscience can therefore be stretched as far as one pleases until it simply becomes a license to do whatever one feels like.
In the US intelligence community I believe a formal process is in place to resolve this conflict. It doesn't work. As far as I know there is no such process in the UK. Instead the Courts sometimes decide retrospectively whether the plea of conscience is justified. I don't think that works too well either. It seems to me that placing the burden of such a decision - whether to go public with damaging information on grounds of conscience - on the individual is unsatisfactory, both for the individual and for the community.
One is therefore forced to the conclusion that the intelligence community, however it's used, has to be regarded as a sealed box. No plea of conscience can justify the release of classified information. The supervision of that community, and the settling of such difficult questions as are raised in your article, has to come from the politicians representing us and acting in good faith.
Which is where all collapse in a heap of laughter. In such cases "You can write to your Congressman" means, I would imagine, as little as "You can write to your MP." But what I'm really saying is that if you've got out of control or derelict politicians then it's inevitable you'll have an intelligence community that doesn't work properly, and no attempt to remedy that by setting out internal rules can be effective.
A simplistic but not I hope facile conclusion. Perhaps your "more on this later" will arrive at a more satisfactory one.
Posted by: English Outsider | 07 June 2017 at 10:11 AM
Dear Sir,
"And of course what destroys reason is passion. The principal passion in politics is greed. That is what pulls you down.” Joseph Campbell, The Power of Myth
Reality isn't being pulled down by her sacred honor but rather her political passions.
Posted by: JMH | 07 June 2017 at 10:17 AM
Great point about pros vs appointees, although one would think that even political appointees should be smart enough or have long enough horizons calculate more rationally. Apparently, that's simply not the case.
Posted by: Mark Moon | 07 June 2017 at 10:30 AM
TTG,
Excellent exposition. I have a few hypothetical questions:
1-Let us posit that there was a successful "Russian" hack of the US election system. Could it really influence the outcome of the election? By what mechanism?
-Do you think the election results were changed due to such a hack?
2-Is it possible that the Russians were running an interference operation to stymie a Borg operation to anoint Hillary Clinton?
-If there were a Borg operation to install La Clinton by derailing Sanders and destroying Trump, would you consider such activity a "subversion of the constitution" as well?
-If so, who has the duty and the means to counter it?
3-Is there, or is there not, "(a) vast snowflake conspiracy to get Trump out of office"? Perhaps one might substitute "Borg" for "snowflake" to make the question more appropriate.
Pax.
ishmael Zechariah
Posted by: ishmael Zechariah | 07 June 2017 at 10:30 AM
Whatever the arguments either way, the balance in the trade-off seems to be tipping further in one direction almost daily. If someone this junior and dumb can cause so much damage so easily, it seems to me the balance needs to be redressed.
Posted by: Account Deleted | 07 June 2017 at 11:12 AM
English Outsider
It is not just in the intelligence community that such documents are circulated. The IC are not the consumers, merely the producers. pl
Posted by: turcopolier | 07 June 2017 at 11:35 AM