I had every intention to post something last night concerning the leaked NSA report on Russian election hacking, the oddly named young alleged leaker and the possible motivations behind her action. But I faced a dilemma. Even though the NSA document has been widely published, it is still classified. I no longer hold an active security clearance, but I am still legally bound by the many security agreements I have signed over the years. Technically speaking, I am not supposed to be reading or hearing about this latest leaked NSA report or commenting upon it except in the most circumspect manner. For anyone else here who has signed one of these ubiquitous security agreements at some time in your life, this is something to keep in mind.
On the other hand, I have solemnly sworn to support and defend the Constitution against all enemies. I took this oath before God. I pledged my life and sacred honor. If I ever found myself faced with a decision to go with a solemnly sworn oath before God or my signature on a legal agreement, I certainly hope I would choose my sacred honor and loving God over the penalties of the US legal code, no matter how severe those penalties might be. But more on this later. Here’s my comments on some questions raised by some of our correspondents.
1. Why did Reality Winner have access to this document? Reality probably was first processed for a TS clearance shortly after she began training as an Air Force linguist and before she was assigned to NSA at Fort Meade as a linguist. As such, she was given an account on NSANet. This TS/SCI intranet gives analysts broad access to practically all intelligence information within NSA and across many other IC agencies. This wide ranging access came about because of unexamined advances in information technology and the deliberate decision to eliminate the stove piping of intelligence as a post-9/11 intelligence reform. Very little remains behind the walls of need-to-know besides HUMINT operational data and designated SAPs.
This became a real problem with cyber operations and cyber reporting. This reporting often required detailed and specific data to be of use to network defenders. If these reports were available in the existing intelligence reporting databases, any analyst could access it. When I was setting up my last collection outfit, I was advised by a high level CIA tech dude to make my reporting limited distribution outside the normal reporting system from the git go. Otherwise some bonehead analyst who thought they were a 1337 cyber-sleuth would start investigating from his NIPRNet box and blow the operation. I ended up establishing a reporting system that was technologically decades out of date but still responsive to the needs of my customers. Perhaps a certain amount of stove piping will come back into vogue.
2. Why did a contract linguist have a TS/SCI clearance? Almost every job in the IC requires a TS/SCI clearance as a minimum requirement. Almost every building is a SCIF. This is especially true at the NSA. Even some of the cleaning staff have TS/SCI clearances, but no IT system access. The alternative is to stop over-classifying everything or make due with far fewer TS/SCI cleared personnel. I don’t see either happening anytime soon.
3. Is this a real NSA document? Unless the FBI arrest warrant is also a total fabrication, the document is real. The FBI states so in the warrant. The Intercept also redacted parts of the document at the request of the NSA when it became apparent that it was going to be published. If it was fake, the NSA would have just blown off the Intercept reporter.
Many will continue to insist this document is fake along with every other piece of information about the “Russians tried to hack the election” thing. It’s all part of the vast snowflake conspiracy to get Trump out of office, just like the USG was behind the 9/11 attacks and the Sandy Hook shooting was a hoax perpetrated by Obama in an effort to take all our firearms. I can't help you.
4. Did this and other illegal leaks damage our collection capability? I have no doubt the sum total of information that has been made public concerning the Russian info op has degraded our capabilities to collect against the Russian target. However, I believe Obama’s personal warning to Putin in September 2016, his “red phone” warning to Putin along with the expulsion of 35 Russian officials in December 2016 and the 6 January 2017 DNI report tipped Putin to holes in his commo systems. As soon as I heard our government accuse Putin of being behind the DNC hacks, I knew we were deep in their shit. All that didn’t come about because of the CrowdStrike malware report. The illegal leaks were just icing on the cake.
5. What was Reality Winner thinking? Damned good question. If she thought she was going to be a protected whistle blower, she was hopelessly mistaken. Her stunt will end up costing her ten years of her life. Perhaps she thought she could outfox the NSA and FBI and get away with it. Given her background, she should have known better. She hated Trump and the Republican agenda. Maybe in her naiveté, she thought this small act would help in stopping Trump and the Republicans. That’s hardly seems worth ten years of her life.
There’s another possibility. This may apply to Winner and to the other illegal leakers. There is a real possibility that Russia made a deliberate and concerted effort to disrupt our electoral process in the run up to the 2016 election. Based on my experience with Russian info ops, I believe this happened. I do not know it happened because I don’t have access to the intelligence. I don’t appreciate others trying to give me illegal access to this intelligence. I still have faith in the system to weather this storm and do the right thing.
What the Russians did was not a crime against humanity or an act of war. Compared to what we did to Ukraine, it was elegant and bloodless. No, it was just hardball international politics and I don’t begrudge them for trying. But I do want them to know that any effort to try anything like this again will be quickly discovered and it will cost them more than they hoped to gain.
But Russian info ops do not constitute a crisis requiring illegal leaking of classified information. If Trump and/or those around him colluded with the Russians in the execution of this info op, I want them and the Russians spanked hard. If the Trump administration is actively seeking to suppress the investigation and protect the Russians, I want them spanked. Either of these cases would mean that the reins of power are currently in the hands of enemies of the Constitution. Although I have faith that our system can deal with this possibility, perhaps Winner and other leakers lack this faith. Perhaps, as misguided as this is, they choose to honor their sworn oaths to the Constitution rather than their signature on a legal agreement. It doesn’t matter. If caught and tried they will all probably face prison time... that is unless they are high level muckety-mucks
TTG
Someone is simple, that's for sure.
Posted by: raven | 08 June 2017 at 10:35 AM
Department of irony: what is the problem with POTUS plugging the holes in the sieve that is the WH?
Posted by: Dr.Puck | 08 June 2017 at 11:14 AM
Thank you for this erudite and enlightening response. Could you elaborate using simple sentences so that some of us dissident deplorables can understand your impeccable reasoning?
Ishmael Zechariah
Posted by: Ishmael Zechariah | 08 June 2017 at 11:37 AM
raven
IMO you should refrain from making cryptic little denigrating comments. If you want to say something do so but don't act like some snotty kid troll. pl
Posted by: turcopolier | 08 June 2017 at 12:02 PM
pantaraxia,
Thanks for that link.
If Ritter’s grasp of the technicalities is sound, a key paragraph may be the following:
‘The classification markings on the NSA document leaked by Winner indicate that it is “originator controlled” (i.e., a foreign source) that has been released to the United States via protocols that comply with the requirements of the Foreign Intelligence Surveillance Act, or FISA. The only source for collection against European-based Google Cloud data is the GCHQ-run Muscular operation.’
In an earlier discussion, I noted the GCHQ link in the claims that the metadata on documents release by ‘Guccifer 2.0’ suggested a ‘smoking gun’, implicating the GRU.
Discussing the initial claims by ‘CrowdStrike’ on 16 June 2016 – which were to be accepted without any apparent attempt whatsoever at verification by the FBI – I noted that they portrayed the Russian hackers as virtuosos. And I went on to write:
‘It was on the following day that a site called ‘Ars Tecnica’ published the revelations which appeared to indicate that, in fact, the hackers had clumsily left indications pointing unambiguously to a Russian origin – most notably, the Christian name and patronymic of Dzerzhinsky.
‘These had, apparently, been “teased out of the documents and noted on Twitter by an independent security researcher who goes by the handle PwnAllTheThings.” This, it turned out, was a certain Mark Tait.
‘On 28 July, Tait produced a post on the ‘Lawfare’ site, entitled “On the Need for Official Attribution of Russia’s DNC Hack.”
‘(See https://www.lawfareblog.com/need-official-attribution-russias-dnc-hack .)
‘The bio accompanying the article reads:
“‘Matt Tait is the CEO and founder of Capital Alpha Security, a UK based security consultancy which focuses on research into software vulnerabilities, exploit mitigations and applied cryptography. Prior to founding Capital Alpha Security, Tait worked for Google Project Zero, was a principal security consultant for iSEC Partners, and NGS Secure, and worked as an information security specialist for GCHQ.’
‘Note that: “worked as an information security specialist for GCHQ.”.
In that post, I also discussed the BuzzFeed ‘dossier’, supposedly produced by the former MI6 operative Christopher Steele.
As to his organisation, in the ‘Thirties it was utterly incompetence, whose enthusiasm for ‘appeasement’ and congenital unthinking Russophobia did a great deal to push the Soviet Union into making a pact with Germany, and thus destroying such chances as there were of avoiding the Second World War, and all the misery it brought in it its wake.
This, of course, including both the Holocaust and the disastrous Soviet occupation of Eastern Europe, including the Baltics.
One had hoped that MI6 might have improved, but as far as I can see, this was overoptimism.
As to GCHQ, this saddens me immensely to say this, because Bletchley Park, out of which it came, was a great product of an older British liberal culture.
Very many indications suggest that it is now as corrupt as MI6. Among these, there has never been any convincing repudiation of the suggestion by Andrew Napolitano that GCHQ were used to allow Trump’s opponents to avoid the need to get a FISA warrant for critical surveillance operations.
As I said in my previous comment, if Americans are prepared to see corrupt former employees – and I will now add current – employees of British intelligence play a major role in the attempted reversal of the results of a Presidential election, then on your own heads be it.
Posted by: David Habakkuk | 08 June 2017 at 01:18 PM
David
This sure is a very tangled web. And Comey's testimony shows that there's more than meets the eye. Many, many cross-currents between the Clinton "matter" and Trump's "I hope.."!!
And the role of elements in British IC as well as the US IC? Are these agencies so huge and so politicized that the left hand no longer knows what the right hand does, as there seems to be many "free agents" playing their own games?
In any case, these internal games have resulted in the disclosure of some highly secret information that will no doubt setback our intelligence operations and enable the Russians and others to revamp & strengthen their secure communications. All for what? Gin up an impeachment of Trump??
As long as the "high level muckety-mucks" as TTG calls them, can commit espionage with no consequences, it is all just kabuki theater. I notice that there is no discussion of this espionage among the chattering classes as it doesn't fit with their propaganda.
Posted by: Sam Peralta | 08 June 2017 at 03:44 PM
FWIW, 1664RM, over all I agree with your assessment.
For many, however, it is impossible to appreciate that the MSM media is directly related to the events they cover, that the practices and priorities of news coverage reflects the intent of ownership, not at all the historical importance of events.
Posted by: Castellio | 08 June 2017 at 05:45 PM
David Habakkuk,
"The classification markings on the NSA document leaked by Winner indicate that it is “originator controlled” (i.e., a foreign source) that has been released to the United States via protocols that comply with the requirements of the Foreign Intelligence Surveillance Act, or FISA. The only source for collection against European-based Google Cloud data is the GCHQ-run Muscular operation."
That explanation of ORCON (originator controlled) is totally wrong. It means that the creator of the report controls further distribution of that report. It has nothing to do with the nature or identity of the source. In this report, it means the NSA office that produced this report whose identity was redacted. In this case the ORCON caveat is related to technical details that is often contained in cyber-related reports. Note the two caveat paragraphs at the beginning of the report. I referred to this problem in my discussion of the intelligence distribution system I had to establish for one of my projects.
If Ritter is using this erroneous definition of ORCON to reach any conclusions about the report, he is off on the wrong tangent.
Posted by: The Twisted Genius | 08 June 2017 at 06:38 PM
"There is a simple truth about Russian and Chinese cyber operations that you and most Americans have not been able to grasp. Both these countries use vast armies of unorganized and semi-organized patriotic hackers to further their national goals. Control over these hackers is loose and unconventional and they are not supplied with government code to conduct their hacking."
Seems to me is that's what we have in our Snowflake Warriors like Millenium Winner. I'm a bit surprised the Deeply Anti-Borg populists haven't come to her defense. Isn't she just a brave little drown-it-in-the-bathtub operator?
Posted by: Ked | 08 June 2017 at 07:28 PM
TTG,
Why not just penetrate the organizations that count the votes? Given the deep seated emotional need of some of their employees to destroy Trump and what he stands for that should be rather easy.
Posted by: Fred | 08 June 2017 at 07:44 PM
Thank you for your erudite contribution.
I was always more effective with a gladio in hand rather than a pen, or as in this case, a keyboard. The gladio is now thankfully put to rest forever thus you have to put up with my random ramblings.
I wonder, why this point of view should not be any less credible than anything created on Wall St or Fleet St? ...
http://russia-insider.com/en/politics/something-very-wrong-reality-winner-and-nsa-leak/ri20054
Except or course that it contains the word 'Russia'
Our security agencies are experts at creating diversions of every kind, especially those of a "Trojan Horse" like nature whether they be leaks, hacks, 'bots' or any number of things that would on face value appear to be representing something from somewhere else, such is the nature of espionage. The problem today is that we are in mortal danger of utter fatigue ... our media is flooded with articles describing events of this nature on a daily basis.
Ask yourself the question ... who benefits? Scratch the surface, this one stinks.
Posted by: 1664RM | 08 June 2017 at 08:18 PM
Fred,
All manner of machines are being looked at for hacking vulnerabilities. Luckily all attempts i know of require close or physical access to the machines or software. Even updates to these machines are done manually without network connections. Because of our decentralized system, changing a vote count is a damned difficult thing to do. To do it remotely would be damned near impossible in my view. But I do remember there were serious questions about the vote count during the Democratic primary in California. I don't know if anything came of that.
Posted by: The Twisted Genius | 08 June 2017 at 08:59 PM
Agree with your description of the nuts and bolts of what HRC did. Not sure if that qualifies as "treason" exactly, but at very least gross negligence. My guess is that a detailed investigation of the Clinton Foundation would reveal what they have been attempting to hide.
"It involved the disclosure of real-time positional information on friendly forces positions & future intentions, in addition to that of several terrorist networks.
This action would have directly endangered the lives of both US & allied service men & women at the very tip of the spear."
We don't know whether that server was hacked, nor by whom... so once again it comes down to gross negligence, not treason. That said, many have been punished for much less.
Posted by: Tel | 09 June 2017 at 05:09 AM
"What was Reality Winner thinking?" She wasn't. I'm not surprised. Have you worked with any 25 year old linguists lately?
And before anyone starts ranting and raving about snowflake millennials, we weren't paragons of logic and reason in my day. Each generation has had its morons leaking shite and being stupid. I've read the reports of past morons when things are slow and I'm bored at work. It's a distinct pleasure - like reading about NFL superstars who go broke gambling and being stupid.
What were they thinking?
Posted by: Cold War Zoomie | 09 June 2017 at 08:57 PM
Scott Ritter has used a very fine comb to go through the Intercept documents. The claims made in the article are simply made up. They are not backed by what is provided in the documents.
---
http://www.truthdig.com/report/item/leaked_nsa_report_short_on_facts_proves_little_in_russiagate_case_20170607
Leaked NSA Report Short on Facts, Proves Little in ‘Russiagate’ Case
Posted on Jun 7, 2017 By Scott Ritter
---
The Intercept journos in Question had an agenda here. The blew the cover of the leaker - maybe intentional. One of those journos had been involved in blowing the cover of Kirakou who blew the whistle on CIA torture and is still the only one put into jail in relation to Brennan's and Ayatollah Mike's torture campaign.
--
As for the "Russian hacking" claims.
There is ZERO evidence for that. It does not make sense in the first place. It was first introduced by Clinton as an "excuse" for her and the DNC's malfeasance and loss of the election.
Note that Andrea Chalupa played a big part at the DNC and in the campaign. The Crowdstrike company that is the only one the DNC let "investigate" the "hacking" is led by one Abromovich (also at Atlantic Council)
Chalupa and Abromovich are both part of the (fascist) Ukraine mafia. The Atlantic Council received large sums from an anti-Russian Ukrainian billionaire. It was Clinton who drove the putsch in Kiev.
---
I have seen ZERO evidence that would back up the claim of "Russian hacking". All that was ever presented are just rumors and hints of some spearfishing by whoever.
Spearfishing is not a "Russian method" as some journos claim. It is the most simple way of getting into an account and has been done for decades by every run-of-the-mill criminal on the Internets.
Posted by: b | 10 June 2017 at 03:32 AM
b
"The claims made in the article are simply made up." You entirely miss the point and so does Ritter. This document is an ANALYTIC report. It is a report to consumers OUTSIDE the SIGINT world. It states DIRNSA's conclusions and would deliberately seek to avoid giving the consumers the raw data. I guess you would need to have inhabited the system to understand this. Your fascination with whether or not the document "proves" GRU involvement in the IO against the US election is actually a trivial matter. What matters is that the document implies US ability to read GRU encrypted communications. pl
Posted by: turcopolier | 10 June 2017 at 08:26 AM