I had every intention to post something last night concerning the leaked NSA report on Russian election hacking, the oddly named young alleged leaker and the possible motivations behind her action. But I faced a dilemma. Even though the NSA document has been widely published, it is still classified. I no longer hold an active security clearance, but I am still legally bound by the many security agreements I have signed over the years. Technically speaking, I am not supposed to be reading or hearing about this latest leaked NSA report or commenting upon it except in the most circumspect manner. For anyone else here who has signed one of these ubiquitous security agreements at some time in your life, this is something to keep in mind.
On the other hand, I have solemnly sworn to support and defend the Constitution against all enemies. I took this oath before God. I pledged my life and sacred honor. If I ever found myself faced with a decision to go with a solemnly sworn oath before God or my signature on a legal agreement, I certainly hope I would choose my sacred honor and loving God over the penalties of the US legal code, no matter how severe those penalties might be. But more on this later. Here’s my comments on some questions raised by some of our correspondents.
1. Why did Reality Winner have access to this document? Reality probably was first processed for a TS clearance shortly after she began training as an Air Force linguist and before she was assigned to NSA at Fort Meade as a linguist. As such, she was given an account on NSANet. This TS/SCI intranet gives analysts broad access to practically all intelligence information within NSA and across many other IC agencies. This wide ranging access came about because of unexamined advances in information technology and the deliberate decision to eliminate the stove piping of intelligence as a post-9/11 intelligence reform. Very little remains behind the walls of need-to-know besides HUMINT operational data and designated SAPs.
This became a real problem with cyber operations and cyber reporting. This reporting often required detailed and specific data to be of use to network defenders. If these reports were available in the existing intelligence reporting databases, any analyst could access it. When I was setting up my last collection outfit, I was advised by a high level CIA tech dude to make my reporting limited distribution outside the normal reporting system from the git go. Otherwise some bonehead analyst who thought they were a 1337 cyber-sleuth would start investigating from his NIPRNet box and blow the operation. I ended up establishing a reporting system that was technologically decades out of date but still responsive to the needs of my customers. Perhaps a certain amount of stove piping will come back into vogue.
2. Why did a contract linguist have a TS/SCI clearance? Almost every job in the IC requires a TS/SCI clearance as a minimum requirement. Almost every building is a SCIF. This is especially true at the NSA. Even some of the cleaning staff have TS/SCI clearances, but no IT system access. The alternative is to stop over-classifying everything or make due with far fewer TS/SCI cleared personnel. I don’t see either happening anytime soon.
3. Is this a real NSA document? Unless the FBI arrest warrant is also a total fabrication, the document is real. The FBI states so in the warrant. The Intercept also redacted parts of the document at the request of the NSA when it became apparent that it was going to be published. If it was fake, the NSA would have just blown off the Intercept reporter.
Many will continue to insist this document is fake along with every other piece of information about the “Russians tried to hack the election” thing. It’s all part of the vast snowflake conspiracy to get Trump out of office, just like the USG was behind the 9/11 attacks and the Sandy Hook shooting was a hoax perpetrated by Obama in an effort to take all our firearms. I can't help you.
4. Did this and other illegal leaks damage our collection capability? I have no doubt the sum total of information that has been made public concerning the Russian info op has degraded our capabilities to collect against the Russian target. However, I believe Obama’s personal warning to Putin in September 2016, his “red phone” warning to Putin along with the expulsion of 35 Russian officials in December 2016 and the 6 January 2017 DNI report tipped Putin to holes in his commo systems. As soon as I heard our government accuse Putin of being behind the DNC hacks, I knew we were deep in their shit. All that didn’t come about because of the CrowdStrike malware report. The illegal leaks were just icing on the cake.
5. What was Reality Winner thinking? Damned good question. If she thought she was going to be a protected whistle blower, she was hopelessly mistaken. Her stunt will end up costing her ten years of her life. Perhaps she thought she could outfox the NSA and FBI and get away with it. Given her background, she should have known better. She hated Trump and the Republican agenda. Maybe in her naiveté, she thought this small act would help in stopping Trump and the Republicans. That’s hardly seems worth ten years of her life.
There’s another possibility. This may apply to Winner and to the other illegal leakers. There is a real possibility that Russia made a deliberate and concerted effort to disrupt our electoral process in the run up to the 2016 election. Based on my experience with Russian info ops, I believe this happened. I do not know it happened because I don’t have access to the intelligence. I don’t appreciate others trying to give me illegal access to this intelligence. I still have faith in the system to weather this storm and do the right thing.
What the Russians did was not a crime against humanity or an act of war. Compared to what we did to Ukraine, it was elegant and bloodless. No, it was just hardball international politics and I don’t begrudge them for trying. But I do want them to know that any effort to try anything like this again will be quickly discovered and it will cost them more than they hoped to gain.
But Russian info ops do not constitute a crisis requiring illegal leaking of classified information. If Trump and/or those around him colluded with the Russians in the execution of this info op, I want them and the Russians spanked hard. If the Trump administration is actively seeking to suppress the investigation and protect the Russians, I want them spanked. Either of these cases would mean that the reins of power are currently in the hands of enemies of the Constitution. Although I have faith that our system can deal with this possibility, perhaps Winner and other leakers lack this faith. Perhaps, as misguided as this is, they choose to honor their sworn oaths to the Constitution rather than their signature on a legal agreement. It doesn’t matter. If caught and tried they will all probably face prison time... that is unless they are high level muckety-mucks
TTG
Simplicius
"I guess this is what pl refers to in concluding that their internal comms are compromised" No. This NSA generated report could not exist if the US did not have the ability to "read" GRU comms. If that is wrong, tell me why. pl
Posted by: turcopolier | 07 June 2017 at 11:38 AM
I don't don't know what is thinner, the claim that this shows the Russians 'hacked' the election or that there is any sort of serious attempt to apply the rule of law applies to the anti-Trump leakers.
https://wemeantwell.com/blog/2017/06/06/hey-intercept-something-is-very-wrong-with-reality-winner-and-the-nsa-leak/
Weak.
Posted by: LondonBob | 07 June 2017 at 11:45 AM
She is actually from Texas, only been in Georgia for several months. We need a new nickname. I find it hard to write her real name, what were her parents thinking? Texas Tattler? Texas Tipster? Texas Traitor? Texas _______?
Posted by: Gene O. | 07 June 2017 at 12:01 PM
TTG,
IMO, I would be shocked shocked shocked if the Russians (and everyone else with a halfway decent IC) did not hack the DNC and Clinton private servers. As a matter of fact, if the Russians dd not hack them, they should be embarrassed.
Of course I wonder why the NSA did not also note they were hacked.
Oh right, untouchables - duh!
As to whether the Russians would then pass that to wikileaks - seems to me that would be highly risky and with poor payoff.
Thank you again for your edifying piece.
Posted by: ISL | 07 June 2017 at 12:12 PM
Sir,
I am sure you are right, but if it is not the redacted names of GRU personnel that provides this insight, would you mind pointing us simpler folk to the 'tell' in this particular report that gives the game away re GRU's comms being compromised - is it mere reference to the fact that it was a GRU operation? Thanks.
Posted by: Simplicius | 07 June 2017 at 12:13 PM
EO. I really enjoyed this comment. Well put, and I did "bust a gut" at your last part. The "out of control and derelict politicians" seem to be "owned" these days and are no longer representatives of the people but of their masters.
Thomas Jefferson said:
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants."
That will be the time when one truly makes the choice to honor the Constitution, and God.
Posted by: Tigermoth | 07 June 2017 at 12:18 PM
Joe,
Not taking sides for or against HRC, but conceptually I can imagine that the reason behind setting up her own IT system was the attempt to avoid known surveillance within the USG, or possibly from known foreign agencies...
I also think the the public has been desensitized, having so many scandals thrown around in a political quest to bend their minds by whoever has the money to push an agenda. But, yeah, the Sec. of State would certainly be as you say a priority target, no doubt.
Posted by: Stumpy | 07 June 2017 at 12:29 PM
Yellow Rose, perhaps?
Posted by: Stumpy | 07 June 2017 at 12:48 PM
All,
This is one of those times when current events call into question past assertions by the political and government "powers that be".
When electronic voting machines were rolled out concerns were raised about parties (mostly presumed to be domestic) hacking into them to alter election results. Those concerns were addressed with assertions that this was impossible.
Now some among those "powers" are asserting or at least implying that the Russians just did that.
IMO, the #1 question for the "powers" is, "So, were you lying then or are you lying now?"
Posted by: Patrick D | 07 June 2017 at 12:49 PM
Regarding the 10 years this leaker is likely to give up to prosecution; does a similar fate await Snowden if he is ever repatriated?
Posted by: Medicine Man | 07 June 2017 at 01:15 PM
How about "Yellow Rose"?
Posted by: Dave Schuler | 07 June 2017 at 01:35 PM
Extremely naive though: who knows what the fly on the wall would hear as POTUS, Bannon, Kushner, discuss how to initiate a substantial purge of suspected 'disloyalists,' or vulnerable holdover, staff in the IC and justice department?
It seems there is a chicken-and-egg problem concealed in the contradiction inherent to not being able to efficiently "verify and trust" potentially loyal new personnel, with, sustaining ongoing robust intelligence activities. Is the executive branch still lagging in their appointments and staffing effort?
The devil is in the details of serving and being loyal to the Constitution's imperatives--as against the practical idea that the POTUS really needs in his administration many widening circles of loyalists who are faithful to Trump and MAGA, beyond the very small inner circle.
Posted by: Dr.Puck | 07 June 2017 at 01:38 PM
TTG,
The parallel subject to your great article is the security practices of the US voting industry. So, the buried question is "Why, in the year 2017, do we not have a bullet-resistant, if you will, voting system that is both air-gapped from exterior attack as well as responsible against corruption within?"
I offer the cynical answer that the PTB likes the system a bit fuzzy because within a sloppy system it's easier to fudge things a bit. However, the battle can be won prior to voting day by an accidental loss of voter registration data, or by enacting certain rules about document-lacking or 3rd party voters to exclude them from primaries or even the general election. Human factors.
As a side note, I conducted a recent business study on security camera tech, in which I was able to get a demo of the control software to run a whole constellation of security devices that would have potentially allowed me to reverse engineer, NDAs be damned, and hack any system made by that vendor, on top of any Windows exploits. I'll just leave that there.
One of the themes at an upcoming hacker's convention will be how to exploit voting machines/software. Should be interesting.
Remembering the allegations in past years that the Diebold voting machines were rigged to favor conservative candidates, it's not a stretch to assume that, while there are always rumors, where opportunity exists, money follows. There are at least a half-dozen voting machine vendors, so market-driven security and accountability are in force. Voting machine systems are expensive, so many localities run them into the ground well past their shelf life, where old equals vulnerable to failure. Also not a great market for innovation, trying to squeeze $Million-level contracts out of $Thousand-level county officials.
My point being, defending against attacks, be it email systems or voting machines, has to be a decent systems architecture that features intrusion defense and a redundant journaling system so that the vote counts can't be gamed. Maybe if the Silicon Valley anointed would spend a bit less time trying to build an evacuation route to Mars.
Posted by: Stumpy | 07 June 2017 at 01:40 PM
Gene O.,
I'll wait until she has a prisoner # to be refereed to.
Posted by: Fred | 07 June 2017 at 01:51 PM
TTG,
“If Trump and/or those around him colluded with the Russians in the execution of this info op….”
There seems to be one and only one US presidential candidate whose name is associated with Russian “collusion”. What other possibilities are there?
Please remind me again who got paid $500,000 for a speech in Moscow? Who is that person married to and what position did that person’s spouse hold at the time the payment was made? What NGO received millions of dollars from foreign governments and foreign nationals while employing family members of a senior US government official who became a presidential candidate who eventually lost the election? Thank goodness we aren’t considering those people as being corrupt. I haven’t heard that the Honorable Debbie Wasserman-Schultz and Donna Brazile rigged the Democratic Primary because someone outside the US influenced them to do so but maybe we need an investigation to be sure the Russians weren’t behind that too.
Posted by: Fred | 07 June 2017 at 02:17 PM
Pacifica Advocate
Here is the document as redacted by DIRNSA (Director National Security Agency) https://www.documentcloud.org/documents/3766950-NSA-Report-on-Russia-Spearphishing.html#document/p1 It has all the appearances to me of a semi-finished analytic document written by DIRNSA for consumers outside NSA. For some reason DIRNSA asked "The Intercept" to redact the names of specific Russian organizations and individuals. What was this? Professional courtesy?" The story told in the report is of Russian government spear-phishing efforts, but the fact is that the THIS REPORT could not have been written without an intimate knowledge of what the GRU was saying to itself about the project. How else would they know the names? I recognize your ignorance about anything involving intelligence but the level of your obduracy about this would indicate some sort of political motivation. pl
Posted by: turcopolier | 07 June 2017 at 02:45 PM
Colonel,
I think in England the circle allowed access to UK classified intelligence includes politicians, civil servants, external contractors, journalists, anyone within earshot on the commuter train and the bloke down the pub. I don't travel on commuter trains and the pub's not what it was since they've banned smoking so I'm out of the loop.
And not even my long ago reading of John Le Carre helps me with understanding the complex interaction between the intelligence services or those associated with them, and the politicans and the media. I'm still baffled by how Christopher Steele managed to romp around the US electoral scene for so long without anyone in the UK or US intelligence communities batting an eyelid.
You might be interested in my own experience in the intelligence community. It was in the days before I discovered Adblocker so when I looked up say the price of red diesel some algorithm would pursue me for ever with advertisements from fuel companies in impossibly remote parts of the UK. I'd emailed a friend with some caustic remarks on the equipment supplied to our troops in Afghanistan. Immediately an invitation to apply for a job in MI5 appeared on the side of the screen. They must be desperate, I thought, and they've got the number wrong, but I confess I was flattered every time I saw the invitation appear with the advertisements for tractor parts I'd long since fitted and English-made leather shoes I'd never bought.
If you're still looking, MI5, and still desperate, I'm still here. A desk job please, and a civilised pub nearby because I'm at my best with tiny quantities of paperwork at a time, and I promise never to leave my laptop on the train or go near the Ecuadorean embassy.
That, and a suspicion that the smartly dressed men who used to stand around scanning the crowd when I boarded the Irish Ferry weren't porters, is as close as I've got to your world. But seriously, I do recognise that it's an important world, and one none of us wants to see go off the rails.
Posted by: English Outsider | 07 June 2017 at 03:01 PM
Simplicius,
My memory is that Snowden did not intend to move to Moscow. He intended to move through Moscow to somewhere warmer and more fun. The Obama Administration stranded him in Moscow by cancelling his passport while he was travelling, thereby stopping his ability to travel further. I believe Putin pointed this out in an interview somewhere. So it was Obama who caused Snowden to be stranded in the one place with security systems strong enough to protect Snowden from extraordinary rendition or extradition-under-pressure; and also a long-standing incentive to wrap that forcefield of protection around Snowden.
Whatever fun-in-the-sun country Snowden would have rather gone to would have been easier to extort Snowden from or snatch Snowden from. It is Obama who put Snowden out of reach by cancelling his passport and stranding him in Moscow.
Posted by: different clue | 07 June 2017 at 03:14 PM
TTG
Thanks. The GRU wouldn’t be doing their job if they didn’t try to figure out what Washington DC was up to. So far with the Russian PR disaster with MH-17 and being patsies to the restart of the Cold War; I don’t think they've been very successful.
I do think that there is a soft coup underway led by western globalists and those in government who circle in and out through the revolving door to get rid of Donald Trump. This is shaking everything up.
I witnessed the silent mutiny in Vietnam in 69-70. I am astonished that the deplorables in the armed forces and in the military industries whose families have been pushed out of the middle class and those who know friends and family members who've descended into addiction, despair and early death haven’t grasped the connection between this and the endless wars, fake news, scapegoating Russia and the new world order. By all indications the globalists are so isolated in their wealthy bubbles, they don’t realize what their coup is unleashing.
Posted by: VietnamVet | 07 June 2017 at 03:31 PM
If she was trying to avoid surveillance, USG or otherwise, her people would have made more effort to be secure.
Posted by: Fredw | 07 June 2017 at 04:56 PM
I think the young lady's given first name was probably Sara, and she changed it to "Reality" Winner--
http://ibankcoin.com/zeropointnow/files/2017/06/winner.png
The affidavit supporting the arrest warrant is here--
https://www.justice.gov/opa/press-release/file/971331/download
The criminal complaint filed in court to get the case started is here, and is also supported by the affidavit--
https://www.justice.gov/opa/press-release/file/971336/download
As is noted on the complaint, the case is filed in the U.S. District Court for the Southern District of Georgia--
http://www.gasd.uscourts.gov/usdcCourtInfo.asp
The complaint relies on Title 18, U.S. Code, section 793(e), a felony, that can result in a sentence of a fine only, up to 10 years in prison only, or both--
https://www.law.cornell.edu/uscode/text/18/793
"(e) Whoever having unauthorized possession of, access to, or control over any document, writing, code book, signal book, sketch, photograph, photographic negative, blueprint, plan, map, model, instrument, appliance, or note relating to the national defense, or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it; or..."
The two operative phrases at the start of the subsection require that the person had "unauthorized" possession, or, had "... information ... the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation ...", or, both.
Posted by: robt willmann | 07 June 2017 at 04:59 PM
Thanks, I finally found the document. They claim to know the names of the people who did it, but the names are blacked out (presumably by the Intercept??) As you say, no explanation of how these names were discovered.
That graphic on the end saying "Probably within" the GRU is weird because very little of what's in the graphic matches up with what's described in the text. Also the graphic says "Page 1 of 2" but there's no "Page 2 of 2" provided, so perhaps Winner ran out of photocopying credit.
The headers and footers on that last page are quite different from the rest of the document. What's more the technique described in the graphic is about sending a link and then encouraging the victim to click the link to do credential harvesting. A common enough technique, but completely different to what's described in the text above which was the sending of attached Word documents containing VB macro trojans.
My conclusion is that final graphic page actually has nothing to do with the rest of the document, and probably came from a different source document. It's just been chucked on the end there.
I still think the Intercept guys come out looking kind of sloppy not properly checking this stuff for self consistency is nothing else.
Also, if the US government really does know the names of the people involved... why not confront Putin with that? They have been farting around with highly vague accusations for months now, while at the same time sitting on specific names, dates and emails... something strange about that.
Posted by: Tel | 07 June 2017 at 05:56 PM
Absent the redacted names, which presumably could have only come from our penetration of Russian diplomatic communications, was there any other evidence
linking the attack to the GRU. Given the fact that hacking software is so widespread and that state sponsored hacking would most like try to disguise their efforts as the work of another country, can we be sure (absent the redacted names factor)that it wasn't China or even one of our own allies?
Posted by: BrotherJoe | 07 June 2017 at 06:09 PM
Brother Joe
The NSA states in its report that it judges the "actors" herein to be the GRU. This is an analytic report. Understand? pl
Posted by: turcopolier | 07 June 2017 at 06:15 PM
Great post. Did anyone see this https://www.nytimes.com/interactive/2017/06/07/world/europe/anatomy-of-fake-news-russian-propaganda.html?smid=tw-share&mtrref=t.co&_r=0
Posted by: Texas Nate | 07 June 2017 at 06:16 PM