Bots Against US Page 5
So every time the Trump Campaign, its surrogates, the RNC or its surrogates used specific information or even whole emails stolen from the DNC, they were probably breaking multiple laws.
Federal and State laws, as many states have their own versions of CFAA.
Several people have already been indicted on some of these charges, as well as Conspiracy Against the United States.
But in 2016, not a single member of the Trump campaign or team ever questioned the legality of using these hacked and stolen materials.
They just gleefully made content out of it. Obviously looking back now in 2019; we are all aware of the several meetings and planning going on behind the scenes between the Trump Campaign and the Kremlin.
This occurred through multiple meetings, multiple contacts, in the US and Europe, as well as constant digital consultation and coordination.
So what the world saw in the election of 2016, was literally only one small part of the extremely complicated prism making up the relationship between the Kremlin, Putin, Kremlin controlled media, Trump, the Trump campaign, his family and their supporters in the media.
In 2018 the world learned that in fact the Trump campaign knew about the emails before they were released to the public, and obviously played a massive role in the dissemination of these illegally gotten electronic records. In the summer of 2016, this was not publicly known.
The Trump Campaign and their surrogates made full use of the information trickling out from Guccifer 2.0, and DCLeaks and Wikileaks. The weaponized information war part of the Trump campaign started in full with the release of the DNC emails.
There was a specific intentionality to the releases. There was so much coming out daily, the DNC did not have time to publicly even affirm whether all the emails were accurate.
In other words, there was such a flood of information, that in the short time available there was no chance for a rapid response from the DNC or the Clinton campaign.
There was no time to assert for instance, that some of the emails may have been altered after the hack, then repurposed as original stolen content and disseminated this way.
There have been numerous reports of some of the emails being altered, even in minor ways, and in 2019 some information came to light as a result of the Mueller investigation and the media, about early coordination between Wikileaks and the Trump campaign, earlier than recognized before.
Additionally, there has been some publicly released information showing Wikileaks trying to control what got out when, because of fears of being accused of altering emails.
Chapter 9.
“Treason if True”
During the July Democratic National Committee Convention in Philadelphia, several things happened.
I was there at the DNC and was given credentials so I could go into the convention itself; and in the hotel lobbies around it giving more than a dozen interviews on background about what I was seeing as a cyber security expert.
Democrats at the convention were super upset, but no one seemed to grasp how big of a problem this was and that the cyber attacks were ongoing in another form.
It was not really understood that the cyber attacks morphed into weaponized information warfare through the bots and fake accounts and fake news. Most people felt the hacking was the story, and the subsequent release of the hacked information.
There was genuine panic about the release of the DNC emails, and the notion that the DNC had been hacked. But this was the immediate short-term problem.
The longer term, big picture problem was the subsequent weaponization of the stolen materials and the use of it as computational propaganda.
Unfortunately, none of those press interviews were ever turned into articles. None were questioning who powered the bots; or the level of connectivity and coordination of messaging and information distribution on social media.
The coordination of this messaging and information was between the Kremlin, its media outlets and supporters, and Trump, his campaign and media outlets and supporters.
However, a friend of mine from the President Bill Clinton 1992 and 1996 campaigns, asked me if I would be willing to talk to Gabrielle Levy, a reporter for US News and World Report. I agreed. The picture above is from a tweet of mine 10 months after this story ran.
I wish there were more reporters that covered this important angle.
-----
Here is what I said in that story:
Alan Silberberg, a cybersecurity expert who serves on the California governor's cybersecurity task force, went even further, accusing Trump of treason in a separate interview with US News – though that bar may be a high one to meet. (link + afterthought added by US News when article was printed.)
"What I saw today was Trump basically admitting that he knows they have more stuff and he's daring them to release it. If it was him, I would have been denying this left and right,"
------
This quote of mine in this US News story was a direct response to then Candidate Trump having a press conference on July 25, 2016 and directly asking Russia to “… find and release 30,000 missing emails from Hillary Clinton.” (sic)
In other words he was signaling that he knew they had stolen the information from the DNC and seemed to be also asserting he knew Russia had more. Even if this was just projection on his part it really set me off.
But what pissed me off more than anything was the idea that this candidate for President was actually coordinating / conspiring with Russia.
Since by that point I was already sure of a definite connection between Trump and the Kremlin based on the digital trail we were following, his public statement to this effect was just non-sensical to me.
Why would he risk the outrage from the media and public by asking Russia for the 30,000 emails if indeed he did not think or even know they had them?
Also it seemed to me this was also telegraphing that he knew Russia had been behind the DNC hacks. How would he have known this?
It was a very complicated play, it seemed like it was a one-off stupid statement, but in reality he was signaling his knowledge and seemingly wanted to be a part of whatever had happened.
Even if the Russians did not have such information, him asking them to release them would make him accessory to the hacking.
Especially since the Russians actually tried to hack Hillary’s server to see if they could obtain the emails, just a few hours after Trump made this request.
The redacted Mueller Report discusses this, as well as numerous news sources. See: https://thehill.com/policy/cybersecurity/439559-mueller-russian-hackers-targeted-clintons-personal-office-hours-after
This is our almost enemy we are talking about, a country run by a brutal man who has killed many people and even had a commercial airliner shot down.
Whether it is Treason, or the peacetime version, “Conspiracy Against the United States” (which indeed Robert Mueller has already brought a few indictments for as of 2019); I stand on my call then.
It is one of the two, either Treason or Conspiracy Against the United States with a hostile foreign power.
No candidate for President should be in a position of accepting stolen or hacked information, let alone actually using it. Previous campaigns have gone to the FBI when offered pilfered information.
No candidate for President should ever be directly asking a hostile foreign power to release something they hacked. It showed how close they worked and how much coordination was really going on.
This man made it clear, he did not care to be seen doing something that is and was either treason; or conspiracy against the US. Simply by asking for this request to be done, he was probably in violation of the law. (I am not a lawyer so leaving that part to others.)
Chapter 10.
DNC Proposal and side effects
In August of 2016 I was asked to submit a proposal to the DNC about creating a training program to help defeat socially engineered attacks on the 50 State Chairmen of the DNC.
This request came through an outside person who was part of both the DNC and Hillary Clinton’s General election campaign.
After waiting several weeks in total, finally we got an answer. They were going to pass on utilizing Digijaks because “…already have 5 cyber security companies, what do we need a 6th one for?”
We pushed back that none of the companies they had engaged were specialists in socially engineered attacks nor in specific training elements to combat them. But their answer stood.
To this day, I feel very strongly that we should have pushed harder, but I don’t really know what we could have done.
It was actually quite frustrating because I knew they needed what we offered. They sort of knew but did not want to believe that there were yet more cyber attacks coming, just of a different nature.
There was an attitude of “…well we already got hacked, and they got all the stuff they need… so why would they attack again?”
Personally I believe that the senior DNC management was essentially shell shocked and as such it was hard to see the trees through the forest. It was probably really hard to imagine yet another attack coming.
Social engineering attacks now account for over 50% of all cyber attacks. Even the initial phishing of John Podesta was a socially engineered attack. See this for more information on social engineering attacks accounting for over 50% of all cyber attacks.
The actual hacking of the DNC was a network intrusion/ advanced persistent threat.
The hackers were in the DNC systems for months, maybe even longer. In fact the DNC was actually hacked by two different groups, each one a different element of Russian Intelligence. The two groups were the GRU and the FSB, with the GRU ultimately being seen as having run Guccifer 2.0 as well.
The types of socially engineered attacks we were warning about and wanted to help the DNC protect itself against were about using social media and email attacks to destabilize the leadership and make it unsure of what information was real and what was not.
Obviously, what we predicted and wanted to stop happened. We saw dozens of types of social engineering attacks executed against the DNC itself, all the 50 state Chairmen, and many other people related to the DNC.
These included weaponizing information that had been exfiltrated in the original hacks into social media posts and blog posts.
Utilization of fake accounts to drown out the messaging of real accounts; or used to distort the real information. Fake websites, fake social media accounts and fake news outlets combined with a total onslaught of bot activity directed at all of the people involved, 24 hours a day for the duration of the general election.
Unfortunately, in this instance, there was help available, it was just ignored.
While the proposal was originally submitted in August, it took three and half weeks for them to get back to me, at which point I was asked to change some minor things and re-submit it.
For the purposes of this book, I removed some paragraphs below these about pricing and logistics, as well as a second page that went into detail about Digijaks specific offering. But the rest is exactly as I sent it in the summer and early September of 2016.
Hence the date below:
“To: Donna Brazile, Tony Coelho
From: Alan W. Silberberg, CEO DIGIJAKS
September 15, 2016
Prevention of socially engineered attacks against state party chairs and other key players.
Problem: Political pros are not trained in counter espionage. They are now dealing with counter espionage problems masked as “someone hacked my Facebook.” You and your staff and the state chairs and their staff need emergency and critical tactical and strategic training now. This is not about firewalls, or passwords. This is about a psychological state of mind that is being leveraged by the Russians and through them, the Trump folks.
History: The Russians have developed highly skilled socially engineered attack capabilities, with over 17000 twitter paid trolls alone. Multiply this over each social media platform, and you’re dealing with an opposing force (not including Trump and his direct supporters) in the tens of thousands of hackers and coders with the state sponsored capabilities to hack.
Specifically, based on the KGB and now FSB training in propaganda and utilizing the media to blanket foreign elections with wrong or misleading facts, including health rumors. They simply shifted decades old tactics into using social media, email and other digital communication channels, as a first and effective wave of attacks.
They did this exact pattern in Georgia, Estonia, and more recently in Crimea when they wanted to manipulate the elective process.
Russian and other nation state socially engineered attacks against DNC staff and State Chairs – this is no longer a political issue but is a counter espionage one, and the people need to be trained and equipped now, and accordingly.”
-----
So with this proposal getting shot down, it was clear the social attacks would continue with probably disastrous results. That is of course, what happened.
Chapter 11.
Mapping Putin + Trump online
All of this commotion, the craziness of July, the hackings, the timed releases and manipulated media, and the coordinated efforts online got me thinking about the idea of visualizing the connections and if possible. Maybe even in real time to show the rapidity of the coordination going on. One of the specific tools used often in cybersecurity is to visualize the network, to show where there might be gaps, to show who the actors are (good/bad/unknown) and it allows researchers and white hats alike the ability to see information in real time, and not just in rows of numbers or statistics.
Think about the visualization of use of money, or the types of visualization used in medicine, science, and other areas requiring looking at large amounts of data.
As an example of what I am talking about; below is a social network analysis I did of one day of my twitter account getting trolled by hostile accounts and bots.
In the upper left is a stand-alone grouping of accounts with several bright red ones in the middle and outer edges. I highlighted those with red lines I drew outside of that grouping. The lower right of this image is my account in the center and my usual group of followers along with some stragglers.
This image is separated because I broke the links when I blocked those accounts with red. There were lines going from them to me through other accounts.
It really became clear after Trump’s request to get Russia’s help on finding Hillary Clinton’s emails that the need to visualize the network relationships would be super critical in helping to isolate the active players in the ongoing interference in the 2016 elections. So then I started to think about the best way to do this, and of course ended up crowdsourcing it on LinkedIn and twitter.
Somewhere in the course of the mid to late summer of 2016, I started asking if anyone was visually mapping the connections between Trump and Putin. Initially I asked quietly amongst my cyber security colleagues in the US. Then one day I decided to post a tweet about how someone should map this relationship and show it to the world.
Within a day, one of the people I deeply respect in social network analysis, Valdis Krebs responded. Valdis is a world known expert on visualizing social networks and like me was one of the few people who not only saw what was going on during the 2016 Election; but indeed was shouting as loudly as me.
Now to be clear, I asked informally for a chart, a graph if you will, showing the online relationship between Trump and Putin/Kremlin. I didn’t put any specifics into it besides this.
It was my belief then in the summer of 2016, and today in the summer of 2019, that the open source key to devolving the truth about the relationship between Trump/Putin/Kremlin would be the recording and articulation of the second-by-second coordination occurring between both sides almost 24 hours a day.
There were sometimes some gaps and sometimes one side might jump the ship and launch their message a few minutes prematurely when it was clear the message
was supposed to come from the other side.
Twitter would have had 100% access to those types of analytics. What they make available to the public through their firehose is a huge amount of data, but not the specifics like this.
Twitter might still indeed have this very set of data—or it may have been destroyed to lower the chance of them getting caught up in any legal issues. But the point is, the microsecond coordination going on was not just a one off but continued steadily throughout the campaign.
Even today in 2019, we often see the Kremlin release joint news a few minutes before the Trump White House, clearly showing this coordination not only occurred but also was not just confined to the election but has continued to this day.
Valdis sent me a Twitter DM with a very colorful and intricate map/graph. This was the first chart he sent, listing the then known relationships between Trump, his campaign including Manafort, and Putin/Kremlin. I was simply astounded to see what he sent. It was far more involved then even I realized.
Also, to his credit, he, like me, has since stayed on the case of Trump/Russia and has continually built upon those initial maps/graphs/charts he showed me. It started with a few dozen people and groups and contacts and has, as of mid-2019, blossomed into a graphic with 500+ contacts and over 1,500 interactions (known). Since it is his work, I would refer you to his website, http://www.thenetworkthinkers.com/2019/01/paths-to-putin.html
These visualizations obviously do not include secret meetings or encrypted communications. It is based on both the social network relationships and those reported in traditional media. What else is there? What other uncovered or unpublished relationships, meetings, electronic communications?
Chapter 12.
Trolls Trolling
As the general election of 2016 headed into late September and early October, the bots intensified their attacks. So did the humans who worked with them, controlled them, and, ultimately, those influenced by them.