Cuffed: Govt contractor 'used work PC to leak' evidence of Russia's US election hacking A 25-year-old contractor has been charged with leaking NSA files that claim Russian intelligence hacked at least one maker of voting software used in 2016's US elections. Reality Leigh Winner, who held a top-secret clearance and worked at government tech provider Pluribus International, is accused of passing classified …
I'm assuming that she wouldn't have had a smart phone on her to take a picture of her monitor?
Another method would be print to a file, sneak the file out, and then print it from somewhere else - depends on whether sneaking a digital copy out is easier or harder than sneaking out a doctored A4 printout.
This post has been deleted by its author
The result was so close that you can reasonably claim just about everything swung it.
But none of that makes a difference. The rules are the rules, the game is over and there's no plausible way to replay it.
Does it raise doubts about the mandate of the current bunch of rulers? Yes, but frankly if you didn't have quite a lot of those sorts of doubts already, you're (a) not paying attention and (b) unlikely to be persuaded now.
With respect, winning by the rules is what having a mandate is defined as.
Years of that Blairperson shrieking about his Man-Date when a majority of the country voted for someone else, is what defines politics for me these days.
Isn't that this report suggests the GRU targeted the US election SW suppliers a big hint that maybe Trump did not win by the rules?
Seriously let's play a game.
You are a foreign Intelligence organization. You specifically target a company (at least one) who write the software used in US election machines. You are doing this because
a) You want to be able to influence US elections at will
b) You want to get advance notice of who is winning
c) You want to steal the software so it can be used in future elections in your own country without buying it.
All of the above are possible.
Which do you think is the more likely?
Except the software these companies produced have nothing to do with the voting machines. Their software is used in voter registration, not the same thing at all.
Unless you've got a lot of "boots on the ground" willing to commit vote fraud about the only thing they could do with the ability to mess with registration records is to change or delete individual voters records, forcing them to cast a provisional ballot.
Now theoretically, if it's a big enough plot you could create a bunch of bogus voters, and then have your fellow travelers cast votes under those names, but that would be difficult, especially in places where they have voter ID laws (which is another reason why such laws are a good idea).
"With respect, winning by the rules is what having a mandate is defined as."
That may be how it works in a parliamentary system, but in the U.S., where power is split between three separate organizations (President, Senate, and House of Representatives; I'm skipping the oversight power of the Supreme Court for the moment), a mandate is a psychological attribute dependent upon the margin of victory.
Despite his win, Trump's popular vote loss tends to offset any "mandate" claims.
Honestly, the last president who had a clear mandate was Nixon (in my opinion of course; your candidate's mileage may vary). And he had to resign to avoid impeachment. So even a "mandate" won't shield you from your actions.
Abraham Lincoln won the 1860 presidential election by the same rules, give or take a few changes over the next 150+ years, with about 40% of the total vote. Events of the following five years establish quite decisively that he did not in any reasonable sense have a mandate to govern. While the results are far less lopsided, it remains true that in 2016 none of the candidates was the choice of a majority of those who voted, and that probably is true of the population of eligible voters as well. To claim that any of them would have a mandate stretches the common understanding a bit too far. It would be better to say that because we accept the legitimacy of the constitutional procedures (if we do) we should in consequence of that accept the legitimacy of the president chosen according to those rules.
What a complete crock of bullshit. We have no faith in government, except maybe to fuck us over every chance it gets.
Trump nominating the most toxic folks into their various offices to undermine any progress made in those offices (for example, Mr.Pai claiming broadband isn't telecommunications; the education minister refusing to help the students fucked over by the failed for-profit-college industry; giving a guy who shares the presidents climate change denial stance the job in charge of protecting the environment; ad nauseum), and you think We The People have any faith in you?
Pull your head out of your ass, take a deep breath, wipe the shit from your eyes, & join the rest of us in the real world. Your jack booted Hitler-esque actions are drowning out our cries to stop.
Fuck you.
Indeed. After Obama had insisted that CO2 was a pollutant. So he could regulate it and tax it.
You dont get to be president except by being a lying cheating two faced sumbtich and let's face it, at least Trump is more amusing that that vinegar faced old pussy he was up against.
"undermines public faith in government."
It is already undermined by NSA sitting on it instead of handing it off to the FBI and/or the congress for a thorough investigation. There is stuff you just do not sit on, regardless of how "classified" it is.
Also, it is quite interesting HOW did NSA get their mitts on the information. They are not supposed to be snooping on US election companies so exactly where did they do "signal intelligence" to be in possession of this information.
It is already undermined by NSA sitting on it instead of handing it off to the FBI and/or the congress for a thorough investigation. There is stuff you just do not sit on, regardless of how "classified" it is.
Two problems with that:
1 - you have raw intel here, without any context. We don't know if that is "just in" and fully qualified and verified informationAnd what makes you think this wasn't already happening?
2 - what makes you think they were not already sharing? If you use Gmail, you don't know who else is looking at your data either.
Also, it is quite interesting HOW did NSA get their mitts on the information. They are not supposed to be snooping on US election companies so exactly where did they do "signal intelligence" to be in possession of this information.
I reckon that may have happened in the same manner as with the Trump goons in office: when communications went across the border. For all we know it may have bene picked up at the same time as an assumption of active collusion is becoming more and more plausible by the day.
This highlights one of the main issues I have with leaking: when data is pulled out of context you risk assumptions that are not based on fact. Intelligence is guesswork based on data, but the aim is to get as close to the facts as possible and that's not possible without knowing more about the data.
The other issue I have is with leaking in general: that should not be your aim when you join an organisation. I know I'm going against that grain here (and maybe I'm a bit old fashioned about it), but if you give your word to protect the information you are handling, you have given your word. I know it's fashionable to pass everything to the press, but even these organisations are sometimes working to protect people (for instance, by finding evidence that Trump and friends are basically working for Russia) and a lack of trust in staff is not helping. I know I'm probably sparking a debate here, but despite abuse, confidentiality and secrecy DO have their place.
Evidence that the NSA did not provide the information to the FBI (and DHS)?
Both the DHS and the FBI issued warnings to states in August, 2016 about attempts to penetrate state voter registration databases. This was reported publicly at the time, and it is not unlikely that the information that triggered the warnings came partly from the NSA.
That the NSA snoops on the GRU whenever and however it can is certain. Under FISA section 702, this allows them to take note of such things as identifiable spear phishing by presumed GRU agents directed at US targets. Other parts of the US Code allow them to report such activities to the FBI, as may well have happened in late 2015, when the FBI contacted the Democratic National Committee to tell them they were hacked. Whether that constitutes snooping on the US targets is a matter of definition, but it is plainly legal at present, as well as very likely acceptable to many of the victims of such attacks.
"undermines public faith in government."
I thought that was Trump's job!
"The President is very much a figurehead - he wields no real power whatsoever. He is apparently chosen by the government, but the qualities he is required to display are not those of leadership but those of finely judged outrage. For this reason the President is always a controversial choice, always an infuriating but fascinating character. His job is not to wield power but to draw attention away from it. "
"Thanks for nothing"
Seriously though, a publication that specializes in publishing leaks has no basic clue about protecting its sources and sanitizing received documents?
And microdots can survive a trip through an office copier, or was some other identification method used?
I would have thought The Intercept would have retyped the document, or scanned it in, run OCR, and then sent that back to the spooks.
But just flopping it on a scanner, and sending that back? Well, of course then the microdots survived the process. After all, they look just like "random" flecks of toner.
And to think that Ms. Winner just mailed it off to them, also without taking any steps to anonymize the document. She could have at least run it through dodgy fax machines a few times.
Ah, well, at least it wasn't info that was really hidden, it just confirms what everybody was suspecting all along. The voting machine companies have dodgy products, the employees can be easily spear-fished, the politicians can also be spear-fished, and Microsoft always has bugs/holes as features.
This post has been deleted by its author
From what I read about it, when it was published the NSA did a search to see who accessed the document, and found that six people had, and she was the only one with correspondence with a journalist.
They didn't say whether she used her NSA email to correspond - one would hope not, but she's probably sending it plaintext which would get it captured by the NSA's backbone snooping.
No microdots required.
I know the process for obtaining 'top secret' clearance, having done so myself at one point (long expired now) They want you to provide them a lot of information, but it all seems focused on getting you to give them information they are almost certainly able to obtain themselves, so I think it is more to detect deliberate omissions or lying.
The problem is overclassification - for example the IP addresses and hostnames of machines in the DoD internal network are classified Secret. Let's forget that they are running DNS servers to tell you those things... Because so many things will be classified Top Secret, just about everyone who works in the DoD, let alone the NSA, will require Top Secret clearance. So they can't be particularly selective or have too intensive of a vetting process or they'll be short staffed.
As a result, all the real secrets are Top Secret - SCI (secure compartmentalized information) or the so-called 'codeword access'. I have to think (hope?) that access to the real secrets covered under some of those codewords will weed out people like her. Perhaps even people like me, who since I sympathize with whistleblowers conceivably could become one under the right circumstances.
Read another article that says they were able to use the microdots to track which printer had printed the document, they found six people had printed the document, and she had emailed The Intercept from her work computer.
Can't believe she was dumb enough to email it from her work computer. Even without the microdots or auditing they could probably have counted the number of NSA staffers who emailed The Intercept in the past month on one hand, and zeroed in on her!
@Rustbucket wrote: And microdots can survive a trip through an office copier, or was some other identification method used?
I've heard there are subtle ways these printed classified documents are modified and so can be identified, such as minuscule modifications to the spacing between words and lines, and the serifs in serif fonts. Copying still reproduces these subtle changes and so identifies who printed it. Retyping a multi-page document can be impractical.
It's also not hard to log what user printed what pages from which document. And I suspect that cell phones and cameras are banned from these highly classified workplaces.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
