This is either bull shit

…or scary as hell.

U.S. intelligence agencies release analysis of Russian cyber espionage
U.S. intelligence services don’t often release the details of their analysis, but Thursday they did as part of an ongoing effort to pull back the curtain on what U.S. officials believe is malicious Russian cyber activity code named Grizzly Steppe

And they still haven’t released a detailed analysis. Read that “Joint Analysis Report.” In fact, it’s simply yet-another unsubstantiated assertion. No detail in that report supports the claim that the Russian government did this. Maybe they did, but you can’t tell from that doc.

I’m not a pro at this, so I welcome input from someone who is such. As I read it, the JAR simply states that “APT 28/29” used a botnet to send spearphishing emails, which lured dumbasses to a fake web site hosted on a machine that didn’t belong to the “hackers,” and that web site passed the harvested data to yet another neutral machine which, in turn, relayed the data to the actual hackers.

To be able to honestly and definitely say that the Russians did it, the feds (FBI/CIA/NSA/whoever) had to have admin access to the web site host to see what neutral machine the site sent data to. That could come from server logs and/or database files.

Once the next machine is identified, the feds had to have admin access to it, too. They could then analyze server logs or the malicious code to see where it sent data. If you assume that it went straight from that zombie machine to the hackers, you now know the hackers’ IP address, and maybe you can make some claims.

But if the zombie sent the data to another relay between it and the hackers, you have another machine to compromise and analyze. And so on ad infinitum.

Are the feds admitting that they have that many innocent machines on the Internet compromised?

Alternatively, they could have this from human intel: leakers, snitches, spies. But intel from such sources would have to be verified, so we loop back to accessing machines.

Let’s try another scenario. Remember the NSA’s little partnership with AT&T, in which the snoops got to parallel all data running through at least one major Internet backbone router? And then there was the program to intercept routers during shipment and install spyware.

So maybe the NSA simply watched all this happen in near realtime.

Worried yet? Oh, what the heck? It’s only “metadata.”

At any rate, to substantiate the “Russians-did-it” claims, the feds would have to have admin level access to a scary number of Internet servers or routers. To prove the claim, they may have to admit to continuing to do things they’ve sworn up and down they stopped doing.

Advertisements

Comey is obviously planning a new career

Judging by Comey’s bizarre answers in that congressional hearing, he’s clearly looking for a future in stand-up comedy.

Seriously, sending something ‘non-paper’ just means they redact all the classified data and send the unclassified bits; it didn’t mean that they cut off the classification markings and sent it electronically, and we didn’t investigate Clinton lying to Congress because only the IG told us to, but we didn’t have a referral from Congress because we didn’t give Congress the information to know she lied. Or investigating Clinton violated the FRA by witholding emails beyond the deadline, and even lying because she didn’t even turn them all over and we found them later was beyond the investigation’s scope. And so much more. Mostly with a straight face worthy of Josh Earnest

I might have allowed that he recommended no charges out of fear of one of those mysterious accidents and suicides that surround the Clinton’s. But this testimony is so freaking far over the top that he must have been ordered to take one for the team and has been promised some imprressive bennies.

Comey16xo51

“Oops” (not really)

Gee, no one saw that coming. Except, like, everyone but the Feds.

Loretta Lynch Admits That Federal Authorities Have Lost The Orlando Shooter’s Wife
As US Attorney General Loretta Lynch said today, federal authorities are going back and looking at all of the contact with Omar Mateen, as well as those around him in order find out if there is anything that was missed.

However there is one rather large problem with one key person in the investigation, it appears that Noor Salman is missing and may not even be in the state of Florida anymore. In an interview the Sun Sentinel conducted with Seddique Mateen, the shooter’s father, Seddique said that Salman was “not around here.”

Lynch said the following in response to an inaudible question: “right now I do not know exactly the answer to that, I believe she was going to travel but I do not know exactly her location now”

Consider that: A suspect in a terrorism investigation, whom they knew to be planning a trip, and they didn’t track her. I wonder if they even added her to to no-fly list, or if she’s already left the country.

No doubt she’s traveling with that mysterious $9,000 of jewelry. Which she’s keeping solely for the sentimental value, a reminder of her beloved jihadi husband, and not the whole portable wealth thing. You know, when you fly out of the country, they ask about how cash you’re taking, but not jewelry.

Apple vs FBI: Popcorn time

This is getting funny.

Common Software Would Have Let FBI Unlock Shooter’s iPhone
The county government that owned the iPhone in a high-profile legal battle between Apple Inc. and the Justice Department paid for but never installed a feature that would have allowed the FBI to easily and immediately unlock the phone as part of the terrorism investigation into the shootings that killed 14 people in San Bernardino, California.

If the technology, known as mobile device management, had been installed, San Bernardino officials would have been able to remotely unlock the iPhone for the FBI without the theatrics of a court battle that is now pitting digital privacy rights against national security concerns.

So the county was paying for a service that would have gotten the FBI into the phone and cloud, but never bothered installing it. Instead, they screwed up and reset the cloud password, locking themselves out of what they want. Then they went to a federal judge and lied about how it happened.

And the judge ordered Apple to fix everyone else’s mistakes.

Did I miss anything?

The story changes

When last we visited the FBI iPhone fiasco, it appeared that some county IT guy changed passwords on the phone all on his own, while the evidence was in FBI custody. Today…

San Bernardino Shooter’s iCloud Password Reset With FBI Consent, Agency Says
“Since the iPhone 5C was locked when investigators seized it during the lawful search on December 3rd, a logical next step was to obtain access to iCloud backups for the phone in order to obtain evidence related to the investigation in the days following the attack,” said the FBI statement.

The FBI added it worked with county technicians to reset the iCloud password on December 6, which differed from court filings made by the Justice Department that said “the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”

So the guy wasn’t working alone. The FBI wanted it. And they screwed up.

Apple: Investigators ruined best way to access terrorist data
According to senior Apple executives on Friday, the FBI might have been able to obtain data from an iPhone 5C belonging to Syed Farook, one of the San Bernardino terrorists, by connecting it to a familiar Wi-Fi network and having it create a new backup on Apple’s iCloud service.

The idea was foiled, the executives say, because the password to the terrorist’s iCloud account was reset shortly after the FBI took possession of the phone. That meant iCloud and the iPhone couldn’t recognize each other, the executives said.

So, as this is now being reported, we have two issues. First, the Feds lied in their brief to the court. My guess is that they thought admitting that they screwed up might cause the judge to question whether that imposed an obligation on Apple to create a whole new forensic/surveillance tool.

Second, do we really want to give that to bumblers who bungled somthing so basic?

Glad I’m not that guy

So how did the FBI/Apple kerfluffle really start?

San Bernardino Shooter’s iCloud Password Changed While iPhone was in Government Possession
The filing states, “the owner [San Bernardino County Department of Public Health], in an attempt to gain access to some information in the hours after the attack, was able to reset the password remotely, but that had the effect of eliminating the possibility of an auto-backup.”
[…]
The auto reset was executed by a county information technology employee, according to a federal official. Federal investigators only found out about the reset after it had occurred and that the county employee acted on his own, not on the orders of federal authorities, the source said.

 

Questions, questions.

  • If he changed the password to access information, why isn’t the FBI rubber-hosing the password out of him?
  • What information did this guy suddenly need when the Feds took the phone?
    • Was he merely curious?
    • Did he not realize the Feds would notice?
    • Was he looking for incriminating information?
    • If so, why not leave it to LE?
  • If there was incriminating data he knew about, what kind? Was he an accomplice in the attacks, or merely lower level county corruption?

Seriously. At the very least, he had to realize resetting the password on evidence in a federal investigation would be felony “impeding an investigation.” At a minimum, he had to know he’d be suspected as an accomplice in a terrorist attack. What did he need to see so badly to make it worth the obviously inevitable consequences?

If he was deliberately hiding something, what could be worse than a definite felony, and being a terrorist suspect for the rest of his life? At best.

Maybe he really is just a curious dumbass with an IQ lower than whale shit. He is (was?) a government employee, after all.

Look, either the guy knew the new password, or he deliberately randomized it to keep investigators out. If the first, the Feds shouldn’t be making demands of Apple.

In related news:

DOJ would allow Apple to keep or destroy software to help FBI hack iPhone
The Obama administration told a magistrate judge Friday it would be willing to allow Apple to retain possession of and later destroy specialized software it was ordered to create to help federal authorities hack into the encrypted iPhone belong to Syed Rizwan Farook.

 

Looks like someone finally took cognizance of the point I’ve been making: Letting the Feds get that FBiOS is dangerous. I’ve said all along that the correct way to do this would have been to turn the phone over to Apple for forensic extraction. They unlock it, then return the unlocked phone without the security breaking code installed to the Feds.

The FBI absolutely should never get their dirty paws on the countdown bypassing and remote access code. They can’t be trusted.