Evidence – much better evidence than has been produced so far – is building that any hacks – as opposed to leaks – that were done to the DNC were likely done by Ukrainian hackers as a false flag to get Russia blamed for them.
I had been suspicious of the Russian theory due to Jeffrey Carr’s articles on Medium (Google for them, they are vital to understanding the issues) which debunk most of the evidence. I wondered why it was that the equally logical possibility that Ukrainian hackers might have done the hacks as a false flag operation to frame Russian for them was being ignored completely.
I noted that the “evidence” that the compile times for the malware were allegedly during “Russian business hours.” If you look at the time zone maps, you’ll see Moscow is just one hour ahead of Kiev, Ukraine. So that “evidence” was meaningless.
Secondly, I read an article by WordFence, a company which does WordPress blog security, that the PHP malware used was provably Ukrainian and open source, i.e., available to anyone aware of it. There is nothing “Russian” about it.
Then I found the above articles which pretty clearly show connect the dots evidence that the head of CrowdStrike, the company that the FBI RELIED ON for the “evidence”, is run by an anti-Russian Russian ex-pat who has DIRECT connections to Ukrainian ultra-nationalists who are DIRECTLY connected to the Democratic National Committee and who themselves have DIRECT connections to apparently competent Ukrainian hackers. I mean these articles lay it out in chapter and verse based on publicly available data.
I now believe that it is entirely possible that the entire DNC “hack” accusation is a false flag operation organized by Ukrainian individuals, with or without Ukrainian state help, and with or without the knowledge of the Clinton campaign, for the purpose of further ruining US relations with Russia.
The DNC documents themselves were likely “leaked”, not “hacked”. But hacks were done solely for the purpose of getting Russia blamed for them.
This is potentially a HUGE story. If the head of rowdStrike - and possibly members of the DNC itself or the Clinton campaign organization - were knowingly in league with Ukraine ultranationalists who in turn were in contact with competent Ukraine hackers in a false flag attempt to increase the bad relations between the US and Russia for their own political reasons, this would be a massive conspiracy which would put egg on the faces of everyone involved, including the entire US intelligence apparatus, the mainstream media and many other people. The entire Russia-bashing industry would be called into question.
I suspect that what happened is as follows:
1) The DNC and the Clinton campaign decided to tar Trump with the "Russian agent" meme.
2) At some point the DNC and the Clinton campaign became aware that there were one or more serious leaks of information from the DNC - leaks, not hacks.
3) At this point the DNC and the Clinton campaign decided to fake a Russian hacking effort in order to 1) cover the leaks, and 2) use it to continue to tar Trump as a "Russian agent."
4) In order to make a believable case, they contacted some ultranationalist Ukrainians who were involved in the election and who had contact with some reasonable competent anti-Russian Ukrainian hacker collectives. These collectives faked a Russian hack of the DNC.
5) They then called in CrowdStrike, which was already on the DNC/Clinton payroll, a company headed by an anti-Putin Russian ex-pat who would be ready to "validate" the "Russian hack" by accepting flimsy circumstantial and spoofable "evidence" as sufficient for attribution.
6) Then they refused to allow the FBI to use their own infosec forensic experts to inspect the evidence, relying on CrowdStrike officer Shawn Henry's background as a former FBI Assistant Director to deflect the FBI into accepting CrowdStrike's "investigation" as adequate.
The latter fact pretty much makes clear that the DNC and the Clinton campaign knowingly colluded with Ukrainian nationalists to influence the election.
So far from the situation being "Russia influenced the election for Trump", it looks like "Ukrainians influenced the election for Clinton."
This may all sound like "conspiracy theory". There is of course no proof to date of any of this. But the circumstances are just as likely as the theory that Russia decided to "influence the election" by hacking the DNC using the most incompetent hackers and poorest OPSEC they could produce, leaving a trail pointing directly at them.
The one thing we can know is that in intelligence and hacking operations, Occam's Razor - the notion that the simplest solution is usually correct - does not apply. There is too much obfuscation, misdirection and manipulation involved in such operations.
The theory that someone has conducted a false flag operation to frame Russia for hacks is at least as credible as the idea that Russia would attempt to influence the election by randomly hacking the DNC. The latter really makes no sense, given the probability that whatever hacks Russia could do would be less influential on the election than the actions of the candidates themselves - which the Russians would know. And the Russians would also know that if caught, there could be serious repercussions in relations with the US - which means not using incompetent third-party hacker groups who leave trails and use outdated malware.
Some investigative journalists need to follow up on the articles cited above and see where they lead. If this theory is proven, it will be Pulitzer Prize for someone - and major egg for the US intelligence community, the mainstream media, and the infosec community.
LS: I have a couple of questions regarding the use of legendary software PROMIS [Prosecutor's Management Information System], which was developed by my friend William A Hamilton, the founder of the US information technology company Inslaw Inc, and he was also a programer for NSA. Do you know anything about NSA's use of unauthorized copyright infringing copies of Inslaw's PROMIS software for at least 25 years as the software it sold to banks in support of its "follow the money" SIGINT mission?
TD: I don't have any specific knowledge of it. I am certainly aware of the program. I was not part of it. I have heard about it and am aware, had become aware of it over the years, and ... I've had people who've had the history of that program who have actually contacted me over the last couple of years. Unfortunately, it is an example - though I don't have, I can't validate or verify it - not any of the allegations or assertions, any of the history that's been revealed and disclosed regarding PROMIS, none of it surprises me and here's why. It's unfortunate but it is, and I had the direct experience at NSA that NSA would either abscond with or would cast aside really powerful technology and then use it for their own purposes.
LS: Understood, but I would like to ask you, nevertheless one more question related to this. This would be, once NSA controlled the software used by banks to process wire transfers or money and letters of credit it could in theory add, delete and/or modify the amounts of funds in accounts because the funds are just data like any other kind of data. Have you ever heard that NSA or other intelligence agency exploited the banks surveillance version of PROMIS towards such an end?
TD: I've certainly heard of it, I just don't have any proof nor can I verify or validate, but I will tell you one of the aspects that has not been fully disclosed although I blew the whistle on it early on when I, within the system, had gone to key people within the government particularly congressional intelligence committees regarding Stellar Wind. One of the things that Stellar Wind did was actually without, again, without warrants, was gain direct access to financial transaction information at the bank level, credit card level, and this is extraordinary - these secret agreements were put into place regarding the flow of money.
This is shrouded in all kinds of secrecy ... but I was well aware what would that mean if there were those within the system who chose to abuse it, you know far beyond the purpose of tracking money laundering and things of that nature because this is all hidden; ... the life blood of any economy is the money, the money flows, the money deposits, the investments. I can't speak specifically to the allegations or assertions that you mentioned, but I can tell you that I would not be surprised at all that it was used in that manner given my knowledge of other abuses of information and systems that people in secret would use or have access to.
The Iranian presidency is not a "token" position. He has real influence over domestic policy such as the economy in Iran. He just has little influence over foreign policy and national security.
The odds of Iran having a "second revolution", certainly one that is more secular, are next to nil. The majority of Iranians believe in their system of government, even if they aren't totally happy with some of the excesses.
Compared to US "allies" in the region such as Saudi Arabia and Qatar, which are true monarchical dictatorships, Iran is almost a model democracy. They have a higher voting turnout than the US does. Although the candidates are vetted by the cleric council, I'm not sure that's worse than US candidates being vetted by a corrupt national party leadership angling for corporate contributions.
And before anyone raises the point about the 2009 elections, there is ZERO evidence of vote fraud in that election. Google for Eric Brill's report on that.
Much of what you read about Iran in the US mainstream media is about as accurate as what you're reading about Snowden.
The main thing to understand is that Iran absolutely does not have a nuclear weapons program and has zero interest in ever having one. Everything you hear from Obama and the MSM on that is a total lie.
I think this is a good policy. The small amount of time the end users spend checking personal email on their personal devices is a small price to pay for removing a large section of vulnerability from the network.
In addition, while phishing may have dropped 15 percent for some sectors, it's risen for others as the link posted shows. Phishing remains one of the best ways for hackers to breach a network.
Suggesting that PEBCAC is the reason doesn't help. PEBCAC doesn't go away without major training. Worse, hackers with proper reconnaissance can craft an email that NO ONE would refuse to click on because it would look exactly like something they should click on. That's true whether the email comes in as company business or as personal business.
So removing one entire source of such phishing efforts is worth a small price in efficiency.
Personally, I think companies should follow CIA policy: two computers on each desk, one classified, one unclassified. The classified one runs on the main business network, the unclassified one runs on an entirely different network. And never the twain shall meet except via a specific protocol for transferring vetted data from one to the other. This goes beyond just having a firewall and a DMZ.
"We would shut down our business before co-operating with such an order and any VPN serious about privacy would do the same."
Frankly, I call BS. I'll believe that statement when I see it happen. No one who has invested significant funds in a business or worse owes investors is going to shut down that business over a court order even if that order contradicts the very basis of the business.
"So unless law enforcement were to arrest the VPN owners on the spot, and recover their keys and password before they could react"
Which is exactly what they can do. You've obviously never been raided by the Secret Service or the FBI. They will kick your door down, point a 9mm firearm in your face, and tell you to stand still. And you will.
Anyone using a commercial VPN to conduct illegal business - without further methods for obfuscating their identity - is an idiot. Anyone using a commercial VPN to protect their privacy should realize that even if THEY are not subject to a government authorized raid, someone else on that server may be. And when that happens, their privacy is over.
I have a meme about security which goes like this:
You can haz better security, you can haz worse security. But you cannot haz "security". There is no security, Deal.
The same applies to privacy. A VPN is merely a tool. Relying on any one tool to provide security or privacy is a fool's game.
One analysis I saw - as opposed to all the Iran-bashing ones - actually made sense.
It indicated that based on the design the plane probably isn't intended to be "stealth" or even much of a high-altitude fighter. It's probably intended to be an "anti-helicopter" plane. This is because the US Navy will be using anti-submarine and anti-small boat helicopters to prevent Iran from laying mines in the Persian Gulf in the event of a war. Having a small jet that could fly flow, be hard to detect or maneuver against by regular fighter hets, and make mince-meat of helicopters would be a strategic asset.
Personally I doubt they would survive long against US air superiority once achieved, but the concept makes sense.
Most of the Iran-bashing articles just don't get that this was a mockup, not an actual plane. Wait until a test unit rolls off the assembly line to decide whether it will fly or not.
Meanwhile, keep this in mind: There is ZERO evidence that Iran has ANY interest whatsoever in nuclear weapons. ALL the real evidence - and logic - points the other way. ALL the ALLEGED evidence has been debunked by one expert or journalist or another. The notion that Iran is pursuing nuclear weapons is PRECISELY the same BS that Iraq was pursuing "WMDs" - and for the same reasons.
First, any "cyber" anything done by one nation state to another is going to be either "cyber-espionage" or "cyber-sabotage".
Second, no nation state is going to attack the US with "cyber-anything" that causes loss of life or even short or long term critical infrastructure damage because that would result in an immediate or subsequent military strike by the US at that nation state, by definition. The US would not respond over the Internet - that's ridiculous on the face of it.
The same applies to every other nation - except those with no credible ability to threaten the US, such as Iran. Which is why Iran is not engaging in any cyber attacks on the US, despite the US media spin of various incidents. Iran can't afford to because the US is just itching for a war with Iran and Iran can't afford to provoke one.
Which means "cyberwar" is in fact merely a "cyber" dimension to an actual physical war. Which means absent that physical war, there will be no "cyberwar."
Which means for the most part that any "cyber" conflict is going to be relegated to espionage - or in the case of things like Stuxnet, sabotage from one major power to a much weaker power who can't effectively respond due to the threat of actual physical military attack.
All the hype about China's "cyber-threat" is also irrelevant because all China's hackers are doing is stealing corporate intellectual property in an attempt to "level the playing field" in economic terms. Which frankly I think is just fine, given how long China was kept down by Western interests. Paying the West back for the Brits pushing opium seems reasonable to me.
Not to mention that anyone who thinks the US isn't engaged in large-scale industrial espionage against other countries, as well as the European Union, is just naive. Further not to mention that the US uses its military and economic power as a bludgeon on most of the nations of the world and has done so for the last hundred years, a history which is far worse than any "cyber-spying" of industrial processes.
Back in the mid-80's, I was employed by an IBM Series 1 VAR (Value-Added Reseller). They were planning to become an IBM PC VAR, so they sent me to IBM PC Repair school (a week-long course on basic PC repair.) There I was told that PC repair was a profit center for any VAR.
So clearly Toshiba is greedier than those companies who release their manuals as they don't want independent PC techs and repair shops fixing their computers when their authorized dealers and the main company itself can profit from repair revenue.
I've noticed that Toshiba machines tend to be more expensive than others and with less support for some time. I'd never recommend a Toshiba laptop to a client. Go for Acer or Asus or Lenovo or Dell.
Their statement claimed a "significant match" with the stolen UIDs, and then the quote above says "100 percent certainty".
Frankly, I'm not convinced. It could be that they merely have the same UIDs that the hackers stole. They also aren't very forthcoming as to how or when the data was stolen (if they even know).
However, the hackers who claimed the FBI was involved should provide more proof of their claims at this point. Otherwise the impact of their release does nothing but damage their credibility given this company's claims.
They want power. You get power for hoovering up everything, regardless of whether you can use it to track "terrorists".
Enough info will be retrievable and useful for the real purposes of such information gathering, i.e., spying on "threats" such as libertarians, anarchists, or anyone who simply doesn't like the way the government is run by corrupt politicians.
It's also useful for spying on the people who are supposed to do "oversight" on the NSA.
Anyone with any knowledge of intelligence agencies in any century knows that collecting masses of ostensibly useless information is a basic cornerstone of such agencies. The Russians did it in the 19th century, the Nazis did it in the 20th century, and the US has been doing it over the same time span. So does every other intelligence agency in every other country. The US is just better at it because it can throw more taxpayer money at it - money from the people being spied on.
The US taxpayers no longer control the US government - if they ever did. They can't stop the US government from starting wars, they can't stop the gov from spying on them, they can't stop the gov for arresting them for no reason and throwing them in a mental institution like that Marine.
Face it - it's over. You're living in 1984 and have been since well before 1984. And there's nothing the taxpayer can do about it because he's too gutless to take up a gun.
Like most rich foundations, the purpose of it is to provide influence and control, not charity.
If you look at the Foundation's Web site, you'll see that all these "huge" donations to charities are spread out OVER TEN YEARS or more! The actual amount of money doled out in a given year is a minute fraction of the Foundation's assets.
In addition, given the assets of the Foundation, I recall the US government nearly removed its status as a charitable foundation because so LITTLE percentage of its assets were being expended on actual charitable work.
The Gates Foundation is a stock-laundering scam. Gates can't sell large amounts of his Microsoft stock all at once because of SEC rules on major corporate shareholders. So he creates a foundation - run by his father - that he can donate the stock to. Then the foundation uses the value of that stock to invest in other corporations Gates wants to influence.
It's a standard scam for the uber-rich, nothing more. While obviously a certain number of people and charities get some decent assistance, the "philanthropic" motivation is just a PR scam.
"appeared to involve a US Attorney leaving out key information, making blatantly false insinuations about other facts, and in some cases, what appears to just be lying"
All I can say about this remark is...DUH!
I was once in a Federal holding cell awaiting an appearance in court. A defendant in an earlier case comes in laughing. He says the Magistrate was skeptical about the testimony of a DEA agent. The prosecuting attorney tells the Magistrate, "But Your Honor, this man is a Federal agent. He wouldn't lie!"
The Magistrate bursts out laughing. He tells the attorney, "Don't tell me a Federal agent wouldn't lie in this courtroom!"
Attorneys and cops are professional liars and they do it most of the time.
And this: "the police's actions 'could be compared to entering a courtroom and arresting a person during the course of his or her testimony. It is simply not done in a civilized jurisdiction that is bound by the rule of law.'"
That term "civilized jurisdiction" doesn't apply to either the US or Canada... Both are fascist-corporate states ruled by people with money and power, just like the worst South African zoo state - and with worse consequences because both countries are far more powerful than a zoo state. African zoo states tend to kill only their one people - not a million people and displace four million more in countries thousands of miles from their location whereas the US and Canada (and NATO countries in general) MAKE THEIR LIVING doing that sort of thing.
Sharon Corr (of the rock group, The Corrs) and her husband, Belfast attorney Gavin Bonnar, are going to be ticked off.
I had a huge Twitter argument with Bonnar a couple times over IP issues. He hates file sharing with an insane passion. His wife and her rock group generally hate it as well, having served as spokespersons for the Euro equivalent of the RIAA. She even stood up and complained loudly at a meeting with either the Taoiseach or some other high ranking government official that they weren't doing enough to fight file sharing.
I love Sharon for her music and generally being a nice person, but she, and especially her husband, are way off base on the IP issue.
I just had another slam bang debate with Sharon Corr's husband, lawyer Gavin Bonnar, on Twitter the other day. He had been ranting as usual about how file sharing had "killed the music industry stone dead" and other nonsense, including that ISPs certainly could track and deny illegal file sharing by their customers. I responded that he was clueless about technology or the state of his own wife's industry (she believes this stuff, too, BTW - see "Sharon Corr denounces Irish Government inaction on file-sharing", http://wordpress.hotpress.com/themusicshow/2010/10/05/sharon-corr-denounces-irish-government-inactio n-on-file-sharing/). He proceeded to do his usual thoughtful responses which included calling me an "idjit" and a thief, etc., etc. I responded with links to a ton of the articles from this Web site explaining how the industry is not dying and such.
The next day, still smarting from the thrashing I gave him, he actually went to my IT support Web site and quoted my pricing terms to prove that I expected to get paid for my work while stealing from artists. I explained that he apparently didn't know the difference between work for hire and a state "contract" imposed by fiat.
So, yes, Twitter is hard to debate on. But if you've got the links, you just bombard your opponent with facts.
Not that it does any good, of course. These people are as immune to facts as a religious fundamentalist.
Nonetheless I still adore Sharon Corr! She's gorgeous, talented and nice when it doesn't involve file sharing.
Intellectual property is BY DEFINITION a coercive mechanism which abrogates BASIC FREEDOMS such as control of own's own property (by denying that it IS "your" property") and one's own person (by specifying what acts you can or cannot take with regard to things you physically possess).
IP is an attempt to use state power to impose a coercive monopoly for the benefit of a select demographic.
And economics has long established that ALL monopolies are by definition coercive (since there are very few "natural" monopolies, and those few have to compete with other ways of doing the same things.)
And history and economics has long established that coercion in a marketplace distorts and corrupts the marketplace to the detriment of society as a whole.
Intellectual property is BY DEFINITION anti-freedom.
When someone infringes on an IP, it removes a SALE.
This is what IP promoters complain about. They lose a SALE.
To them this is "theft". Except it's not. Because while someone has valid reasons to be paid by a product, they have no valid reasons to expect a SALE - which is a voluntary act on the part of the purchaser. If the purchaser does not want to buy, the seller is deprived of a sale, but NOTHING IS STOLEN.
On the case of infringement, the prospective consumer of a product has simply acquired the product from an "unauthorized distributor". Said "distributor" also did not "steal" anything - they simply copied something they possessed, which the technology allows. The net effect of the confluence of technological capability and someone willing to redistribute their copied product is that the original producer loses a sale.
But nothing is being stolen anywhere up or down the line.
There is no difference between this situation and the situation I usually use as an example: If I borrow my neighbor's hammer to do a job instead of buying one of my own, I have denied the hammer producer of a sale. But I have not "stolen" anything from the producer because I DO NOT OWE THE PRODUCER A SALE.
The essence of intellectual property is to persuade the state to coerce consumers to give a producer a sale by enforcing intellectual property laws OVER AND ABOVE the laws enabling freedom of possession of objects and freedom to use objects purchased in free trade as the owner sees fit.
Nothing proves this more than the repeal of "first sale" by the recent court decision.
Intellectual property is first and foremost an attempt to abridge personal freedom for the benefit of a select group. It is coercive by definition. And historically there isn't the slightest shred of evidence that this coercion has ever had a socially beneficial impact.
The institution of the state is by definition coercive. In history, it has been argued that the state is "necessary" or at least a "necessary evil" because of human nature. In fact, one could argue the exact opposite - that because of human nature, no state can be anything other than coercive and imperialist. But regardless of that debate, no valid argument can be presented to justify intellectual property as anything other than an attempt to suppress personal freedom for another's benefit.
The argument that IP is necessary for the promotion of inventions to improve the human condition has been shot down empirically and historically, and has no logical basis other than speculation.
Bottom line: You bet it's important to distinguish between copying and theft. It's the difference between coercion and non-coercion - and anyone trying to blur that distinction (and it's not surprising it's a lawyer trying here!) is trying to coerce YOU, by fraud now, and undoubtedly by force later.
A couple years ago, Sharon Corr's sister, Andrea, lead vocalist of the Irish rock band The Corrs, put out an album. She had a Bebo page and a MySpace page and a Web site, but they were maintained by somebody who didn't have a clue. Despite the fact that Andrea is loved by her fans, her album basically bombed. I suspect part of that was because her outreach was mismanaged.
Fast forward to today. Her sister, Sharon Corr, has a new album coming out next week (after being delayed for nearly a year). Sharon has been interacting directly with her fans in almost every venue. She Twitters and was voted "Ms. Twitter" by her fans in the UK. Her husband even Twitters. She has a Youtube channel and regularly posts videos and "video chats". Last Valentine's Day, she went off to London for the weekend and left a Valentine's Day kiss video on her Web site. Her Web site is well maintained. She's done tons of radio interviews and appeared on various TV and performance venues with all manner of artists including Jeff Beck.
All in all, her interaction with fans has been little short of brilliant. The Corrs have always been known for being nice to fans, but Sharon has topped the band as a whole. The Corrs were never much for Internet outreach, but Sharon appears to be advised by someone more competent.
The amusing thing is that she's quite anti-file sharing and her husband Gavin Bonnar (a Belfast lawyer) is rabidly so. I had a huge Twitter debate with him over file sharing at one point, which is hard to do in 140 characters.