The Daily Parker

Politics, Weather, Photography, and the Dog

Another birthday, another long walk

Just as I did a year ago, I'm planning to walk up to Lake Bluff today, and once again the weather has cooperated. I'll take cloudy skies and 25°C for a 43-kilometer hike. (I would prefer 20°C and cloudy, but I'll take 25°C anyway.)

As I enjoy my breakfast in my sunny, airy office right now, mentally preparing for a (literal) marathon hike, life feels good. Well, until I read these things:

And hey, all you other Chicago athletes, good news! The City now has a website where you can find out the likelihood of the Chicago River giving you explosive diarrhea!

About that Russian document

The Guardian reported on Thursday that they had obtained, and validated, a document purporting to come from a January 2016 meeting of Russian president Vladimir Putin and his security team. The document has everything an opponent of the XPOTUS could want:

They agreed a Trump White House would help secure Moscow’s strategic objectives, among them “social turmoil” in the US and a weakening of the American president’s negotiating position.

Russia’s three spy agencies were ordered to find practical ways to support Trump, in a decree appearing to bear Putin’s signature.

There is a brief psychological assessment of Trump, who is described as an “impulsive, mentally unstable and unbalanced individual who suffers from an inferiority complex”.

There is also apparent confirmation that the Kremlin possesses kompromat, or potentially compromising material, on the future president, collected – the document says – from Trump’s earlier “non-official visits to Russian Federation territory”.

Journalist Julia Ioffe, who has reported on Russia for years, and who has made no secret of her belief that the XPOTUS had no business visiting the White House, let alone living there, took all of this with an entire salt lick:

It sounds absolutely amazing and gratifying, but is it true? The short answer is: we don’t know, but there are...reasons to be skeptical.

As Marc Polymeropoulos, a retired C.I.A. officer who fought Russian active measures from 2017 to 2019 from inside Langley, put it, “this seems to be packaged too neatly. Kremlin documents like this don’t leak.” On this, I agree with Marc. It just seems too pat and fits the narrative we want to believe a little too neatly.

“This definitely looks like something the Kremlin could have written and ‘leaked’ for the purpose of making people look ridiculous when it’s published and everyone gets really excited about it,” said one former U.S. government official who worked on Russia. Look, for instance, at the response to the report: the American media is again talking about Trump and whether the election had been rigged by the Kremlin. (Let’s remember that undermining confidence in election security is not an exclusively Republican sport.)

Still, for all my skepticism and all my spidey senses (and sources) telling me this is probably bullshit, it’s important to allow some space for the possibility that this document is real. It might be! But it’s probably not. The real issue is, we just don’t know yet. So if you’re a journalist with good sources in the intelligence community or in the inner sanctum of the Kremlin, get on it. If you’re not, take a beat, and think about whether it’s worth sharing information we don’t yet know to be true. That’s always a good policy.

I'm with Ioffe. If something seems to good to be true, and all that. Plus, as Ioffe also says, it doesn't matter. The XPOTUS is out of office, and with all the state investigations for prosaic things like massive tax fraud coming at him, I don't think we have to worry too much about what Russia may or may not have done to him.

Relaxing weekend

Cassie and I headed up to Tyranena Brewing in Lake Mills, Wis., yesterday to hang out with family. Today, other than a trip to the grocery and adjacent pet store where Cassie picked out an "indestructible" toy that now lies in tatters on the couch, we've had a pretty relaxing Sunday. I thought I'd take a break from Hard Times to queue up some stuff to read tomorrow at lunch:

I will now return to Dickens, because it's funny and sad.

So, nu, how's by you?

After taking Cassie on a 45-minute walk before the heat hits us, I've spent the morning debugging, watching these news stories pile up for lunchtime reading:

Finally, Chicago architecture firm Skidmore, Owings & Merrill has revealed conceptual drawings for a moon base.

Ransomware in the news

I've just received my third nearly-identical fake DMCA takedown notice, which I may decide to turn over to the FBI if I can muster the shits to give. I find it funny how each one of them has a few differences that make them look like something other than lazy script-kiddie stuff. This one again misstated the statutory damage limits for willful copyright infringement, and the randomly-generated name of the "claimant" was no less bizarre than the other two. And yet I wonder why they bothered altering the bits they altered. Maybe there are multiple entities involved, with each email coming from a different person or group? Maybe they have some low-paid flunky typing in the note each time, so I'm watching its slow drift from a semi-competent DMCA notice into the digital equivalent of "hodor?"

This one bounced through an IP address in New York State, which means my previous guess that this was a domestic script-kiddie operation might be wrong. For one thing, the threatening language has a few tells that its author doesn't speak English natively. I had originally thought the author merely wanted to sound more convincing by using stock phrases and "magic" legal words, but now that I've seen three examples of the same basic text, it looks more like Russian-inflected English. In any event, I wave my private parts at their aunties.

Both the New Yorker and New York Times published reports over the weekend about crap like this. In the first, Rachel Monroe talked with ransomware negotiator Kurt Minder about negotiating with criminals:

For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert.

Hackers use various techniques to gain access to a company’s computers, from embedding malware in an e-mail attachment to using stolen passwords to log in to the remote desktops that workers use to connect to company networks. Many of the syndicates are based in Russia or former Soviet republics; sometimes their malware includes code that stops an attack on a computer if its language is set to Russian, Belarusian, or Ukrainian.

When Minder founded GroupSense, in Arlington, Virginia, in 2014, the cybersecurity threat on everyone’s mind was data breaches—the theft of consumer data, like bank-account information or Social Security numbers. Minder hired analysts who spoke Russian and Ukrainian and Urdu. Posing as cybercriminals, they lurked on dark-Web marketplaces, seeing who was selling information stolen from corporate networks. But, as upgrades to security systems made data breaches more challenging, cybercriminals increasingly turned to ransomware.

Early last year, GroupSense found evidence that a hacker had broken into a large company. Minder reached out to warn it, but a server had already been compromised. The hacker sent a ransom note to the company, threatening to release its files. The company asked Minder if he would handle the ransom negotiations. Initially, he demurred—“It never occurred to me as a skill set I had,” he said—but eventually he was persuaded.

The profile on Minder dovetailed with the Times' collaboration with a criminal named Woris who gave the paper access to the tools gangs use to launch ransomware attacks:

The Times gained access to the internal “dashboard” that DarkSide customers used to organize and carry out ransom attacks. The login information was provided to The Times by a cybercriminal through an intermediary. The Times is withholding the name of the company involved in the attack to avoid additional reprisals from the hackers.

Access to the DarkSide dashboard offered an extraordinary glimpse into the internal workings of a Russian-speaking gang that has become the face of global cybercrime. Cast in stark black and white, the dashboard gave users access to DarkSide’s list of targets as well as a running ticker of profits and a connection to the group’s customer support staff, with whom affiliates could craft strategies for squeezing their victims.

In the chat log viewed by The Times, a DarkSide customer support employee boasted to Woris that he had been involved in more than 300 ransom attacks and tried to put him at ease.

“We’re just as interested in the proceeds as you are,” the employee said.

Together, they hatched the plan to put the squeeze on the publishing company, a nearly century-old, family-owned business with only a few hundred employees.

In addition to shutting down the company’s computer systems and issuing the pedophile threat, Woris and DarkSide’s technical support drafted a blackmail letter to be sent to school officials and parents who were the company’s clients.

The Russian government allows this to happen because (a) Russian President Vladimir Putin loves annoying the West, and (b) it seems obvious after two seconds of thought that Russian government officials are probably on the take.

All of this gets so exhausting, doesn't it? Simple economics demonstrates the inevitability of theft. It imposes a tax on everyone else, both financially (it costs money to set up good security) and mentally (I will never get back the hour I spent investigating the bogus DMCA notices). At some point, though, it just becomes easier to tolerate a certain level of theft than to build a squirrel-proof bird feeder.

The world keeps turning

Even though my life for the past week has revolved around a happy, energetic ball of fur, the rest of the world has continued as if Cassie doesn't matter:

And if you still haven't seen our spring concert, you still can. Don't miss it!

I'm screaming in my head

The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:

Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.

I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.

Putin finally gives us the punchline

You have to admire Vladimir Putin's sense of humor. For five years, he's manipulated our STBXPOTUS into doing just about everything Russia could have wanted. Now that our STBXPOTUS has become STBX, Putin doesn't need him anymore. So why not come clean?

He did just that at his year-end press conference last Thursday:

Steve Rosenberg, BBC: Don't you think over the last years you also have borne part of the responsibility for making these relations [with Europe and the West] seem like a cold war...?

Putin: Who withdrew from the missile defense treaties? The INT treaty: who withdrew? It wasn't us but it was the US. ... You do realize that we are smart people, we are not idiots.

Here's the whole clip. The part in question starts at 44:17.

It really warms the heart that our STBXPOTUS never got to the level of artistry and malice Putin can exhibit so casually. He calls our president an idiot, with good evidence to support the insult, while lying on a scale the target of the insult can scarcely fathom.

Also, I love that the French spell his name "Poutine." But that's just an accident of the French language.

Major, ongoing network penetration

FireEye, a cybersecurity firm, revealed last week that unknown parties had penetrated its network and that its clients, including the US Government, were at risk. Bruce Schneier has technical details about the attack. Former Homeland Security Adviser Thomas Bossert lays out the scope of it:

The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.

This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.

According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.

Now, if only we had an administration that believed its experts and a majority party in the Senate that would pass a Defense Reauthorization Bill...

Adhering to our Enemies, giving them Aid and Comfort

So, did the president know about and fail to act on this intelligence, or did his staff conceal it from him? I don't really care; either answer should disqualify them from continuing to work in the White House:

United States intelligence officers and Special Operations forces in Afghanistan alerted their superiors as early as January to a suspected Russian plot to pay bounties to the Taliban to kill American troops in Afghanistan, according to officials briefed on the matter.

The crucial information that led the spies and commandos to focus on the bounties included the recovery of a large amount of American cash from a raid on a Taliban outpost that prompted suspicions. Interrogations of captured militants and criminals played a central role in making the intelligence community confident in its assessment that the Russians had offered and paid bounties in 2019, another official has said.

The emerging details added to the picture of the classified intelligence assessment, which The New York Times reported on Friday was briefed to President Trump and discussed by the White House’s National Security Council at an interagency meeting in late March. The Trump administration had yet to act against the Russians, the officials said.

Mr. Trump defended himself on Sunday by denying that he had been briefed on the intelligence, expanding on a similar White House rebuttal a day earlier, as leading congressional Democrats and even some Republicans demanded a response to Russia that the administration had yet to authorize.

Read that last graf again: the president responded not by demanding Russia stop the practice, not by sending his flaccid Secretary of State to excoriate Putin in person, not by doing anything that a normal person would do in this situation. No, the president flatly lied that he just didn't know about the contents of his daily intelligence brief. I guess he didn't want to risk offending his KGB case officer.

Remember back in 2015 and 2016 when we worried a lot about Russia's influence over Trump? This is not something I wanted to be correct about, but the evidence is pretty damning.