Simpson/Dossier Testimony and Why these Wire Transfers?

Image result for glenn simpson fusion

photo

Primer: FNC: The co-founder of the firm behind the anti-Trump ‘dossier’ told House investigators Tuesday that he personally discussed with members of the media allegations of Trump-Russia collusion, though he did not speak to the sources behind the claims, a source told Fox News.

According to a source familiar with the matter, Fusion GPS co-founder Glenn Simpson refused to answer key questions during his seven-hour, closed-door appearance before the House Intelligence Committee. The source said he would not answer questions on his relationship with specific journalists or ties to the Democratic National Committee and Hillary Clinton campaign, which financed the anti-Trump research via the law firm Perkins Coie.

But the source said Simpson acknowledged he did not personally look into certain aspects of the dossier — which was authored by former British intelligence officer Christopher Steele and contained salacious allegations about the Trump team’s ties to Russia.

Simpson told investigators he never spoke to the underlying sources of the document, never traveled to Russia and did not verify the dossier beyond comparing the claims to “open source” media reporting.

The source said Simpson also told investigators he was “upset” when then FBI Director James Comey re-opened the Hillary Clinton email investigation in late October 2016, and Simpson wanted to push back.

Simpson’s appearance was arranged last week in coordination with his attorneys.

The committee initially sought to subpoena Simpson, but withdrew it in exchange for his voluntary testimony.

“Throughout this entire year, the White House and its allies on the Hill and elsewhere have attempted at every turn to smear Fusion GPS because of its connection to the Steele Dossier,” Simpson’s attorney Joshua Levy said Tuesday.

He said Steele and Simpson briefed reporters on the dossier, but neither Simpson nor Fusion GPS paid members of the media to publish stories of any kind. The House Intelligence Committee is back in court Wednesday as Fusion tries to prevent the release of its bank records.

Levy, however, said the dossier is solid.

“What they did do is they contracted with Christopher Steele. … This experienced British intelligence official came back with a report. That now in hindsight looks quite accurate,” Levy said.

Fox News reported earlier this month that Simpson met with Russian lawyer Natalia Veselnitskaya before and after the June 2016 Trump Tower meeting with Donald Trump Jr. and others.

Fox News reported that, during that period, bank records show Fusion GPS was paid by a law firm for work on behalf of a Kremlin-linked oligarch while also paying Steele to dig up dirt on Trump.

But Levy said his client was “shocked and surprised” when he learned in media accounts about the Trump Tower meeting and her presence.

The FBI is examining why Russia transferred nearly $400,000 to its embassies ‘to finance’ the ‘election campaign of 2016’

The FBI is reviewing a series of wire transfers totaling more than $380,000 sent in August and September of last year by the Russian government to its embassies around the world — most with the memo “to finance election campaign of 2016” — BuzzFeed News reported on Tuesday.

It is unclear which “election campaign” the money was for — the US campaign was in full swing, but Russia’s lower house of Parliament was also set to hold an election on September 18.

The funds were transferred to about 60 embassies worldwide from August 3 to September 20, 2016, according to BuzzFeed News. At least one transaction originated from VTB Bank, the report said.

VTB, which is majority-owned by the Kremlin and was sanctioned by the US in 2014, transferred $30,000 to the Citibank account of Russia’s Washington, DC, embassy on August 3, prompting the bank to examine VTB’s other transactions over the same period.

Citibank would then have been required to inform the Treasury’s Financial Crimes Enforcement Network, or FinCEN, if it noticed any suspicious activity.

The Senate Intelligence Committee, which BuzzFeed News says has been made aware of the wire transfers, asked the Treasury for its FinCEN records in April, The Wall Street Journal reported at the time. It received over 2,000 documents from the financial-crimes unit, which monitors over 200 million Bank Secrecy Act records involving more than 80,000 financial institutions.

A dossier compiled by the former British spy Christopher Steele alleging ties between President Donald Trump’s campaign and Moscow claimed that Russian “diplomatic staff” paid “relevant assets” to provide “a two-way flow of intelligence and other useful information.”

“Source E claimed that Russian diplomatic staff in key cities such as New York, Washington DC and Miami were using the emigre ‘pension’ distribution system as cover,” the dossier reads. “The operation therefore depended on key people in the US Russian emigre community for its success. Tens of thousands of dollars were involved.”

The congressional intelligence committees have been examining the dossier’s claims as part of their investigations into whether the Trump campaign colluded with Moscow to influence the outcome of the election.

The special counsel Robert Mueller is leading a parallel investigation into Russia’s election interference. Mueller began hiring lawyers in June with extensive experience in dealing with fraud, racketeering, and other financial crimes. Late last month, the Trump campaign chairman, Paul Manafort, and his longtime business associate Rick Gates were indicted by a grand jury as a result of charges stemming from the investigation.

Mueller’s team is reportedly scrutinizing a meeting in December between Jared Kushner, Trump’s son-in-law, and Sergey Gorkov, the CEO of another sanctioned Russian bank, Vnesheconombank.

Related reading: Top Democrat: Trump’s DOJ nominee helped Russian bank sue over Trump-Russia dossier

Secret Planes, Russia, China and the United States oh My

 

Back Channel Communications Between Wikileaks/Donald Jr.

CIA Director Mike Pompeo has called WikiLeaks a hostile agent bent on taking down America. Meanwhile, Julian Assange continues to inject himself and WikiLeaks into all political affairs in the United States, to what end has not been determined.

Meanwhile, Congress has all the direct message communications between someone at WikiLeaks and Donald Trump Jr. that was apparently leading the Twitter communications during the campaign season. Many of those communications from WikiLeaks had a response from Donald Jr.

Image result for donald trump jr twitter photo

Immediately after this became public, Julian Assange took to twitter to push back.

He posted on Twitter the following:

I cannot confirm the alleged DM’s from @DonaldJTrumpJr to @wikileaks. @wikileaks does not keep such records and the Atlantic’s presentation is edited and clearly does not have the full context. However, even those published by the Atlantic show that: 1/

WikiLeaks loves its pending publications and ignores those who ask for details. Trump Jr. was rebuffed just like Cambridge Analytica. In both cases WikiLeaks had publicly teased the publications. Thousands of people asked about them. 2/

WikiLeaks can be very effective at convincing even high profile people that it is their interest to promote links to its publications. 3/

WikiLeaks has such chutzpah that it allegedly tried to convince Trump Jr to leak his father’s tax returns & his own “Russian lawyer meeting” emails (he did). WikiLeaks appears to beguile some people into transparency by convincing them that it is in their interest. 4/

trump-jr-wikileaks.jpg

He also asked to be the U.S. ambassador to Australia…sheesh. Anyway….Assange was referring to the Atlantic article about those communications of which Congressional committees have copies provided by his lawyer. Here is that summary:

Just before the stroke of midnight on September 20, 2016, at the height of last year’s presidential election, the WikiLeaks Twitter account sent a private direct message to Donald Trump Jr., the Republican nominee’s oldest son and campaign surrogate. “A PAC run anti-Trump site putintrump.org is about to launch,” WikiLeaks wrote. “The PAC is a recycled pro-Iraq war PAC. We have guessed the password. It is ‘putintrump.’ See ‘About’ for who is behind it. Any comments?” (The site, which has since become a joint project with Mother Jones, was founded by Rob Glaser, a tech entrepreneur, and was funded by Progress for USA Political Action Committee.)

The next morning, about 12 hours later, Trump Jr. responded to WikiLeaks. “Off the record I don’t know who that is, but I’ll ask around,” he wrote on September 21, 2016. “Thanks.”

The messages, obtained by The Atlantic, were also turned over by Trump Jr.’s lawyers to congressional investigators. They are part of a long—and largely one-sided—correspondence between WikiLeaks and the president’s son that continued until at least July 2017. The messages show WikiLeaks, a radical transparency organization that the American intelligence community believes was chosen by the Russian government to disseminate the information it had hacked, actively soliciting Trump Jr.’s cooperation. WikiLeaks made a series of increasingly bold requests, including asking for Trump’s tax returns, urging the Trump campaign on Election Day to reject the results of the election as rigged, and requesting that the president-elect tell Australia to appoint Julian Assange ambassador to the United States.

“Over the last several months, we have worked cooperatively with each of the committees and have voluntarily turned over thousands of documents in response to their requests,” said Alan Futerfas, an attorney for Donald Trump Jr. “Putting aside the question as to why or by whom such documents, provided to Congress under promises of confidentiality, have been selectively leaked, we can say with confidence that we have no concerns about these documents and any questions raised about them have been easily answered in the appropriate forum.” WikiLeaks did not respond to requests for comment.

The messages were turned over to Congress as part of that body’s various ongoing investigations into Russian meddling in the 2016 presidential campaign. American intelligence services have accused the Kremlin of engaging in a deliberate effort to boost President Donald Trump’s chances while bringing down his Democratic rival, Hillary Clinton. That effort—and the president’s response to it—has spawned multiple congressional investigations, and a special counsel inquiry that has led to the indictment of Trump’s former campaign chair, Paul Manafort, for financial crimes.

It’s not clear what investigators will make of the correspondence, which represents a small portion of the thousands of documents Donald Trump Jr.’s lawyer says he turned over to them. The stakes for the Trump family, however, are high. Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, is already reportedly a subject of interest in Special Counsel Robert Mueller’s investigation, as is the White House statement defending him. (Trump Jr. was emailed an offer of “information that would incriminate Hillary,” and responded in part, “If it’s what you say I love it.”) The messages exchanged with WikiLeaks add a second instance in which Trump Jr. appears eager to obtain damaging information about Hillary Clinton, despite its provenance.

Though Trump Jr. mostly ignored the frequent messages from WikiLeaks, he at times appears to have acted on its requests. When WikiLeaks first reached out to Trump Jr. about putintrump.org, for instance, Trump Jr. followed up on his promise to “ask around.” According to a source familiar with the congressional investigations into Russian interference with the 2016 campaign, who requested anonymity because the investigation is ongoing, on the same day that Trump Jr. received the first message from WikiLeaks, he emailed other senior officials with the Trump campaign, including Steve Bannon, Kellyanne Conway, Brad Parscale, and Trump son-in-law Jared Kushner, telling them WikiLeaks had made contact. Kushner then forwarded the email to campaign communications staffer Hope Hicks. At no point during the 10-month correspondence does Trump Jr. rebuff WikiLeaks, which had published stolen documents and was already observed to be releasing information that benefited Russian interests.

WikiLeaks played a pivotal role in the presidential campaign. In July 2016, on the first day of the Democratic National Convention, WikiLeaks released emails stolen from the Democratic National Committee’s servers that spring. The emails showed DNC officials denigrating Bernie Sanders, renewing tensions on the eve of Clinton’s acceptance of the nomination. On October 7, less than an hour after the Washington Post released the Access Hollywood tape, in which Trump bragged about sexually assaulting women, Wikileaks released emails that hackers had pilfered from the personal email account of Clinton’s campaign manager John Podesta.

On October 3, 2016, WikiLeaks wrote again. “Hiya, it’d be great if you guys could comment on/push this story,” WikiLeaks suggested, attaching a quote from then-Democratic nominee Hillary Clinton about wanting to “just drone” WikiLeaks founder, Julian Assange.

“Already did that earlier today,” Trump Jr. responded an hour-and-a-half later. “It’s amazing what she can get away with.”

Two minutes later, Trump Jr. wrote again, asking, “What’s behind this Wednesday leak I keep reading about?” The day before, Roger Stone, an informal advisor to Donald Trump, had tweeted, “Wednesday@HillaryClinton is done. #WikiLeaks.”

WikiLeaks didn’t respond to that message, but on October 12, 2016, the account again messaged Trump Jr. “Hey Donald, great to see you and your dad talking about our publications,” WikiLeaks wrote. (At a rally on October 10, Donald Trump had proclaimed, “I love WikiLeaks!”)

“Strongly suggest your dad tweets this link if he mentions us,” WikiLeaks went on, pointing Trump Jr. to the link wlsearch.tk, which it said would help Trump’s followers dig through the trove of stolen documents and find stories. “There’s many great stories the press are missing and we’re sure some of your follows [sic] will find it,” WikiLeaks went on. “Btw we just released Podesta Emails Part 4.”

Trump Jr. did not respond to this message. But just 15 minutes after it was sent, as The Wall Street Journal’s Byron Tau pointed out, Donald Trump himself tweeted, “Very little pick-up by the dishonest media of incredible information provided by WikiLeaks. So dishonest! Rigged system!”

Two days later, on October 14, 2016, Trump Jr. tweeted out the link WikiLeaks had provided him. “For those who have the time to read about all the corruption and hypocrisy all the @wikileaks emails are right here: http://wlsearch.tk/,” he wrote.

After this point, Trump Jr. ceased to respond to WikiLeaks’s direct messages, but WikiLeaks escalated its requests.

“Hey Don. We have an unusual idea,” WikiLeaks wrote on October 21, 2016. “Leak us one or more of your father’s tax returns.” WikiLeaks then laid out three reasons why this would benefit both the Trumps and WikiLeaks. One, The New York Times had already published a fragment of Trump’s tax returns on October 1; two, the rest could come out any time “through the most biased source (e.g. NYT/MSNBC).”

It is the third reason, though, WikiLeaks wrote, that “is the real kicker.” “If we publish them it will dramatically improve the perception of our impartiality,” WikiLeaks explained. “That means that the vast amount of stuff that we are publishing on Clinton will have much higher impact, because it won’t be perceived as coming from a ‘pro-Trump’ ‘pro-Russia’ source.” It then provided an email address and link where the Trump campaign could send the tax returns, and adds, “The same for any other negative stuff (documents, recordings) that you think has a decent chance of coming out. Let us put it out.”

Trump Jr. did not respond to this message.

WikiLeaks didn’t write again until Election Day, November 8, 2016. “Hi Don if your father ‘loses’ we think it is much more interesting if he DOES NOT conceed [sic] and spends time CHALLENGING the media and other types of rigging that occurred—as he has implied that he might do,” WikiLeaks wrote at 6:35pm, when the idea that Clinton would win was still the prevailing conventional wisdom. (As late as 7:00pm that night, FiveThirtyEight, a trusted prognosticator of the election, gave Clinton a 71 percent chance of winning the presidency.) WikiLeaks insisted that contesting the election results would be good for Trump’s rumored plans to start a media network should he lose the presidency. “The discussion can be transformative as it exposes media corruption, primary corruption, PAC corruption, etc.,” WikiLeaks wrote.

Shortly after midnight that day, when it was clear that Trump had beaten all expectations and won the presidency, WikiLeaks sent him a simple message: “Wow.”

Trump Jr. did not respond to these messages either, but WikiLeaks was undeterred. “Hi Don. Hope you’re doing well!” WikiLeaks wrote on December 16 to Trump Jr., who was by then the son of the president-elect. “In relation to Mr. Assange: Obama/Clinton placed pressure on Sweden, UK and Australia (his home country) to illicitly go after Mr. Assange. It would be real easy and helpful for your dad to suggest that Australia appoint Assange ambassador to [Washington,] DC.”

WikiLeaks even imagined how Trump might put it: “‘That’s a real smart tough guy and the most famous australian [sic] you have!’ or something similar,” WikiLeaks wrote. “They won’t do it but it will send the right signals to Australia, UK + Sweden to start following the law and stop bending it to ingratiate themselves with the Clintons.” (On December 7, Assange, proclaiming his innocence, had released his testimony in front of London investigators looking into accusations that he had committed alleged sexual assault.)

In the winter and spring, WikiLeaks went largely silent, only occasionally sending Trump Jr. links. But on July 11, 2017, three days after The New York Times broke the story about Trump Jr.’s June 2016 meeting with Natalia Veselnitskaya, a Russian lawyer with connections to Russia’s powerful prosecutor general, WikiLeaks got in touch again.

“Hi Don. Sorry to hear about your problems,” WikiLeaks wrote. “We have an idea that may help a little. We are VERY interested in confidentially obtaining and publishing a copy of the email(s) cited in the New York Times today,” citing a reference in the paper to emails Trump Jr had exchanged with Rob Goldstone, a publicist who had helped set up the meeting. “We think this is strongly in your interest,” WikiLeaks went on. It then reprised many of the same arguments it made in trying to convince Trump Jr. to turn over his father’s tax returns, including the argument that Trump’s enemies in the press were using the emails to spin an unfavorable narrative of the meeting. “Us publishing not only deprives them of this ability but is beautifully confounding.”

The message was sent at 9:29 am on July 11. Trump Jr. did not respond, but just hours later, he posted the emails himself, on his own Twitter feed.

Trifecta of Intel Chaos, Shadow Brokers, Wikileaks, NSA

photo

WikiLeaks announces “Vault 8”

Those releases were part of a series of leaks WikiLeaks called Vault 7. Now, WikiLeaks says Hive is just the first of a long string of similar releases, a series WikiLeaks calls Vault 8, which will consist of source code for tools previously released in the Vault 7 series.

The WikiLeaks announcement has sent shivers up the spines of infosec experts everywhere, as it reminded them of April this year when a hacking group named The Shadow Brokers published cyber-weapons allegedly stolen from the NSA.

Some of the tools included in that release have been incorporated in many malware families and have been at the center of all three major ransomware outbreaks that have taken place n 2017 — WannaCry, NotPetya, and Bad Rabbit. More here.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide

 

WASHINGTON — Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, the cybersecurity expert was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”

With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, “Every time it happens, you essentially have to start over.”

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

A screenshot taken as ransomware affected systems worldwide last summer. The Ukrainian government posted the picture to its official Facebook page.

Millions of people saw their computers shut down by ransomware, with demands for payments in digital currency to have their access restored. Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.

American officials had to explain to close allies — and to business leaders in the United States — how cyberweapons developed at Fort Meade in Maryland, came to be used against them. Experts believe more attacks using the stolen N.S.A. tools are all but certain.

Inside the agency’s Maryland headquarters and its campuses around the country, N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers. Much of the agency’s cyberarsenal is still being replaced, curtailing operations. Morale has plunged, and experienced cyberspecialists are leaving the agency for better-paying jobs — including with firms defending computer networks from intrusions that use the N.S.A.’s leaked tools.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

In response to detailed questions, an N.S.A. spokesman, Michael T. Halbig, said the agency “cannot comment on Shadow Brokers.” He denied that the episode had hurt morale. “N.S.A. continues to be viewed as a great place to work; we receive more than 140,000 applications each year for our hiring program,” he said.

Compounding the pain for the N.S.A. is the attackers’ regular online public taunts, written in ersatz broken English. Their posts are a peculiar mash-up of immaturity and sophistication, laced with profane jokes but also savvy cultural and political references. They suggest that their author — if not an American — knows the United States well.

“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “monthly dump service” of stolen N.S.A. tools. It was a typically wide-ranging screed, touching on George Orwell’s “1984”; the end of the federal government’s fiscal year on Sept. 30; Russia’s creation of bogus accounts on Facebook and Twitter; and the phenomenon of American intelligence officers going to work for contractors who pay higher salaries.

The Shadow Brokers have mocked the N.S.A. in regular online posts and released its stolen hacking tools in a “monthly dump service.”

One passage, possibly hinting at the Shadow Brokers’ identity, underscored the close relationship of Russian intelligence to criminal hackers. “Russian security peoples,” it said, “is becoming Russian hackeres at nights, but only full moons.”

Russia is the prime suspect in a parallel hemorrhage of hacking tools and secret documents from the C.I.A.’s Center for Cyber Intelligence, posted week after week since March to the WikiLeaks website under the names Vault7 and Vault8. That breach, too, is unsolved. Together, the flood of digital secrets from agencies that invest huge resources in preventing such breaches is raising profound questions.

Have hackers and leakers made secrecy obsolete? Has Russian intelligence simply outplayed the United States, penetrating the most closely guarded corners of its government? Can a work force of thousands of young, tech-savvy spies ever be immune to leaks?

Some veteran intelligence officials believe a lopsided focus on offensive cyberweapons and hacking tools has, for years, left American cyberdefense dangerously porous.

“We have had a train wreck coming,” said Mike McConnell, the former N.S.A. director and national intelligence director. “We should have ratcheted up the defense parts significantly.”

America’s Cyber Special Forces

At the heart of the N.S.A. crisis is Tailored Access Operations, the group where Mr. Williams worked, which was absorbed last year into the agency’s new Directorate of Operations.

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies. Jim Lo Scalzo/European Pressphoto Agency

T.A.O. — the outdated name is still used informally — began years ago as a side project at the agency’s research and engineering building at Fort Meade. It was a cyber Skunk Works, akin to the special units that once built stealth aircraft and drones. As Washington’s need for hacking capabilities grew, T.A.O. expanded into a separate office park in Laurel, Md., with additional teams at facilities in Colorado, Georgia, Hawaii and Texas.

The hacking unit attracts many of the agency’s young stars, who like the thrill of internet break-ins in the name of national security, according to a dozen former government officials who agreed to describe its work on the condition of anonymity. T.A.O. analysts start with a shopping list of desired information and likely sources — say, a Chinese official’s home computer or a Russian oil company’s network. Much of T.A.O.’s work is labeled E.C.I., for “exceptionally controlled information,” material so sensitive it was initially stored only in safes. When the cumulative weight of the safes threatened the integrity of N.S.A.’s engineering building a few years ago, one agency veteran said, the rules were changed to allow locked file cabinets.

The more experienced T.A.O. operators devise ways to break into foreign networks; junior operators take over to extract information. Mr. Williams, 40, a former paramedic who served in military intelligence in the Army before joining the N.S.A., worked in T.A.O. from 2008 to 2013, which he described as an especially long tenure. He called the work “challenging and sometimes exciting.”

T.A.O. operators must constantly renew their arsenal to stay abreast of changing software and hardware, examining every Windows update and new iPhone for vulnerabilities. “The nature of the business is to move with the technology,” a former T.A.O. hacker said.

Long known mainly as an eavesdropping agency, the N.S.A. has embraced hacking as an especially productive way to spy on foreign targets. The intelligence collection is often automated, with malware implants — computer code designed to find material of interest — left sitting on the targeted system for months or even years, sending files back to the N.S.A.

The same implant can be used for many purposes: to steal documents, tap into email, subtly change data or become the launching pad for an attack. T.A.O.’s most public success was an operation against Iran called Olympic Games, in which implants in the network of the Natanz nuclear plant caused centrifuges enriching uranium to self-destruct. The T.A.O. was also critical to attacks on the Islamic State and North Korea.

It was this cyberarsenal that the Shadow Brokers got hold of, and then began to release.

Like cops studying a burglar’s operating style and stash of stolen goods, N.S.A. analysts have tried to figure out what the Shadow Brokers took. None of the leaked files date from later than 2013 — a relief to agency officials assessing the damage. But they include a large share of T.A.O.’s collection, including three so-called “ops disks — T.A.O.’s term for tool kits — containing the software to bypass computer firewalls, penetrate Windows and break into the Linux systems most commonly used on Android phones.

Evidence shows that the Shadow Brokers obtained the entire tool kits intact, suggesting that an insider might have simply pocketed a thumb drive and walked out.

But other files obtained by the Shadow Brokers bore no relation to the ops disks and seem to have been grabbed at different times. Some were designed for a compromise by the N.S.A. of Swift, a global financial messaging system, allowing the agency to track bank transfers. There was a manual for an old system code-named UNITEDRAKE, used to attack Windows. There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

After 15 months of investigation, officials still do not know what was behind the Shadow Brokers disclosures — a hack, with Russia as the most likely perpetrator, an insider’s leak, or both.

Some officials doubt that the Shadow Brokers got it all by hacking the most secure of American government agencies — hence the search for insiders. But some T.A.O. hackers think that skilled, persistent attackers might have been able to get through the N.S.A.’s defenses — because, as one put it, “I know we’ve done it to other countries.”

The Shadow Brokers have verbally attacked certain cyberexperts, including Mr. Williams. When he concluded from their Twitter hints that they knew about some of his hacks while at the N.S.A., he canceled a business trip to Singapore. The United States had named and criminally charged hackers from the intelligence agencies of China, Iran and Russia. He feared he could be similarly charged by a country he had targeted and arrested on an international warrant.

He has since resumed traveling abroad. But he says no one from the N.S.A. has contacted him about being singled out publicly by the Shadow Brokers.

“That feels like a betrayal,” he said. “I was targeted by the Shadow Brokers because of that work. I do not feel the government has my back.”

The Hunt for an Insider

For decades after its creation in 1952, the N.S.A. — No Such Agency, in the old joke — was seen as all but leakproof. But since Mr. Snowden flew away with hundreds of thousands of documents in 2013, that notion has been shattered.

The Snowden trauma led to the investment of millions of dollars in new technology and tougher rules to counter what the government calls the insider threat. But N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

Mr. Martin’s gargantuan collection of stolen files included much of what the Shadow Brokers have, and he has been scrutinized by investigators as a possible source for them. Officials say they do not believe he deliberately supplied the material, though they have examined whether he might have been targeted by thieves or hackers.

But according to former N.S.A. employees who are still in touch with active workers, investigators of the Shadow Brokers thefts are clearly worried that one or more leakers may still be inside the agency. Some T.A.O. employees have been asked to turn over their passports, take time off their jobs and submit to questioning. The small number of cyberspecialists who have worked both at T.A.O. and at the C.I.A. have come in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 breaches.

Then there are the Shadow Brokers’ writings, which betray a seeming immersion in American culture. Last April, about the time Mr. Williams was discovering their inside knowledge of T.A.O. operations, the Shadow Brokers posted an appeal to President Trump: “Don’t Forget Your Base.” With the ease of a seasoned pundit, they tossed around details about Stephen K. Bannon, the president’s now departed adviser; the Freedom Caucus in Congress; the “deep state”; the Alien and Sedition Acts; and white privilege.

“TheShadowBrokers is wanting to see you succeed,” the post said, addressing Mr. Trump. “TheShadowBrokers is wanting America to be great again.”

The mole hunt is inevitably creating an atmosphere of suspicion and anxiety, former employees say. While the attraction of the N.S.A. for skilled cyberoperators is unique — nowhere else can they hack without getting into legal trouble — the boom in cybersecurity hiring by private companies gives T.A.O. veterans lucrative exit options.

Got a confidential news tip?

The New York Times would like to hear from readers who want to share messages and materials with our journalists.

Young T.A.O. hackers are lucky to make $80,000 a year, while those who leave routinely find jobs paying well over $100,000, cybersecurity specialists say. For many workers, the appeal of the N.S.A’s mission has been more than enough to make up the difference. But over the past year, former T.A.O. employees say an increasing number of former colleagues have called them looking for private-sector work, including “graybeards” they thought would be N.S.A. lifers.

“Snowden killed morale,” another T.A.O. analyst said. “But at least we knew who he was. Now you have a situation where the agency is questioning people who have been 100 percent mission-oriented, telling them they’re liars.”

Because the N.S.A. hacking unit has grown so rapidly over the past decade, the pool of potential leakers has expanded into the hundreds. Trust has eroded as anyone who had access to the leaked code is regarded as the potential culprit.

Some agency veterans have seen projects they worked on for a decade shut down because implants they relied on were dumped online by the Shadow Brokers. The number of new operations has declined because the malware tools must be rebuilt. And no end is in sight.

“How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.”

One N.S.A. official who almost saw his career ended by the Shadow Brokers is at the very top of the organization: Adm. Michael S. Rogers, director of the N.S.A. and commander of its sister military organization, United States Cyber Command. President Barack Obama’s director of national intelligence, James R. Clapper Jr., and defense secretary, Ashton B. Carter, recommended removing Admiral Rogers from his post to create accountability for the breaches.

But Mr. Obama did not act on the advice, in part because Admiral Rogers’ agency was at the center of the investigation into Russia’s interference in the 2016 election. Mr. Trump, who again on Saturday disputed his intelligence agencies’ findings on Russia and the election, extended the admiral’s time in office. Some former intelligence officials say they are flabbergasted that he has been able to hold on to his job.

A Shadow War With Russia?

Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.

But there is a more specific back story to the United States-Russia cyber rivalry.

Starting in 2014, American cybersecurity researchers who had been tracking Russia’s state-sponsored hacking groups for years began to expose them in a series of research reports. American firms, including Symantec, CrowdStrike and FireEye, reported that Moscow was behind certain cyberattacks and identified government-sponsored Russian hacking groups.

The Moscow headquarters of Kaspersky Lab, a Russian cybersecurity firm that hunted for N.S.A. malware. Kirill Kudryavtsev/Agence France-Presse — Getty Images

In the meantime, Russia’s most prominent cybersecurity firm, Kaspersky Lab, had started work on a report that would turn the tables on the United States. Kaspersky hunted for the spying malware planted by N.S.A. hackers, guided in part by the keywords and code names in the files taken by Mr. Snowden and published by journalists, officials said.

Kaspersky was, in a sense, simply doing to the N.S.A. what the American companies had just done to Russian intelligence: Expose their operations. And American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found. The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.

So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect.

In February 2015, Kaspersky published its report on the Equation Group — the company’s name for T.A.O. hackers — and updated its antivirus software to uproot the N.S.A. malware wherever it had not been replaced. The agency temporarily lost access to a considerable flow of intelligence. By some accounts, however, N.S.A. officials were relieved that the Kaspersky report did not include certain tools they feared the Russian company had found.

As it would turn out, any celebration was premature.

On Aug. 13 last year, a new Twitter account using the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools.

“We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”

Inside the N.S.A., the declaration was like a bomb exploding. A zip file posted online contained the first free sample of the agency’s hacking tools. It was immediately evident that the Shadow Brokers were not hoaxsters, and that the agency was in trouble.

The leaks have renewed a debate over whether the N.S.A. should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying — rather than immediately alert software makers so the holes can be plugged. The agency claims it has shared with the industry more than 90 percent of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the resulting damage to businesses and ordinary computer users around the world can be colossal. The Trump administration says it will soon announce revisions to the system, making it more transparent.

Mr. Williams said it may be years before the “full fallout” of the Shadow Brokers breach is understood. Even the arrest of whoever is responsible for the leaks may not end them, he said — because the sophisticated perpetrators may have built a “dead man’s switch” to release all remaining files automatically upon their arrest.

“We’re obviously dealing with people who have operational security knowledge,” he said. “They have the whole law enforcement system and intelligence system after them. And they haven’t been caught.”

Surveillance: China’s Big Brother, America’s Also?

photo

Video footage sent back to China, for what? Comprehensive espionage… Are U.S. manufacturers no longer making camera equipment or offering surveillance technology? What that any part of the trade deals President Trump signed with President Xi? Anyone?

Surveillance Cameras Made by China Are Hanging All Over the U.S.

Company 42%-owned by the Chinese government sold devices that monitor U.S. Army base, Memphis streets, sparking concerns about cybersecurity

The Memphis police use the surveillance cameras to scan the streets for crime. The U.S. Army uses them to monitor a base in Missouri. Consumer models hang in homes and businesses across the country. At one point, the cameras kept watch on the U.S. embassy in Kabul.

All the devices were manufactured by a single company, Hangzhou Hikvision Digital Technology. It is 42%-owned by the Chinese government. More here.

***

Its state-of-the-art surveillance cameras monitor the movements of millions of Britons going about their daily lives in airports, government buildings, sports stadiums, high streets and stations.

Hikvision, a company controlled by the Chinese government, was recently revealed to be Britain’s biggest supplier of CCTV equipment, raising fears its internet-linked cameras could be hacked from Beijing at the touch of a button.

Last week, undercover Mail on Sunday reporters posed as businessmen to infiltrate its headquarters in the ‘surveillance city’ of Hangzhou in eastern China, to investigate its activities.

What they found will raise fresh cause for concern about a company whose growing influence in the UK has already been questioned by former MI6 officers and Security Ministers. Far from being the independently run business it claims to be in its customer-friendly marketing, Hikvision is controlled by China’s ruling Communist Party. These capacities enable the Chinese authorities to track dissidents, activists and human-rights campaigners, who are routinely rounded up and detained.

As it rapidly expands its global presence, Hikvision has been generously bankrolled by Chinese state banks, which critics say give it an unfair commercial edge.

It received £2.4 billion from China Development Bank in December and a further £2.3 billion loan from the Export-Import Bank of China in August, both of which are controlled by the Chinese government. More here.

***

According to yearly independent research data from IHS Market, Hikvision accounted for 19.5% of market share in global video surveillance industry in 2015, up from 4.6% in 2010, and has been ranked the No.1 market share leader globally for video surveillance equipment for five consecutive years. In 2015, Hikvision was ranked first in EMEA market with 12.2% market share, and was ranked second in Americas market with 7.3% market share.

Hikvision provides video surveillance products and vertical market solutions in the global market, through more than 2,400 partners in 155 countries and regions. In mainland China, Hikvision now partners with more than 40,000 distributors, system integrators and installers. The Company’s products and solutions have been widely deployed in a number of vertical markets and in notable facilities around the world including the Beijing Olympic Stadium, Shanghai Expo, Philadelphia Safe Communities in the U.S., South Korea Seoul Safe City, Brazil World Cup Stadium, the Italy Linate Airport, and many others.

Hikvision is dedicated to providing global resources and locally-based technical, engineering, sales and service supports to its valued customers around the world. In Hikvision’s oversea sales team, about 90% of the employees are local residents; for example, Hikvision European has about 210 employees, among which, over 190 are locals.

***

Imagine a world where almost everyone can be tracked, and everything can be seen by cameras linked directly to the Chinese government.

The rapid growth of a little known Chinese manufacturer of high-powered surveillance technology has some people concerned that it’s no longer a theory.

American flag waves beside CCTV cameras on top of the U.S. embassy in Berlin, Germany, Oct. 25, 2013.

American flag waves beside CCTV cameras on top of the U.S. embassy in Berlin, Germany, Oct. 25, 2013.

Hangzhou Hikvision Digital Technology, a company controlled by the Chinese government, is now the world’s largest supplier of video surveillance equipment, with internet-enabled cameras installed in more than 100 countries.

Capable of capturing sharp images even in fog, rain or darkness, Hikvision claims its most advanced technologies can recognize license plates and tell if a driver is texting while behind the wheel. They can also track individuals with unrivaled “face-tracking” technology and by identifiers such as body metrics, hair color and clothing.

In the United States alone, the company’s surveillance systems can be found everywhere from prisons to airports to private homes and public schools, and even in places with sensitive national security concerns, such as Fort Leonard Wood military base in Missouri. Abroad, its cameras were installed in the U.S. embassy in Kabul, Afghanistan.

According to a U.S. government procurement document published on IPVM.com, the world’s largest online video surveillance trade magazine, U.S. embassy officials decided in August 2016 to allow only Hikvision suppliers to bid on the installation contract.

Stephen Bryen, a widely published expert on international affairs and cyber security, wrote an article outlining his concerns about the purchase, saying the Hikvision cameras were never proven to be any more secure than comparable models.

“If the procurement officer actually thought these cameras were more secure than others, that would have been claimed as part of the sole-source justification,” he said of the embassy purchase agreement, adding that no claims of any kind were made regarding the Hikvision products.

“The issue is that the U.S. embassy is installing commercial cameras in one if its most sensitive locations,” Bryen wrote. “This is a big mistake, and mistakes like this can cost lives.”

On Monday, a State Department official confirmed the installation via email.

“A Hikvision camera system was initially installed to monitor non-sensitive electrical closets for theft prevention,” the official said of U.S. Embassy Kabul. “The procurement in question was to either expand this or to install a new system. The procurement was cancelled September 2016 and the previously installed cameras were removed.”

It is not known whether other Hikvision products have ever been installed in other U.S. embassies.

Spreading the word

Edward Long, a former employee of a video surveillance equipment company in Florida, recently petitioned the U.S. government with a letter warning that Hikvision cameras are sending information back to China.

“Over the past year, [Hikvision has] … flooded the United States with their equipment,” he wrote. “Every time one of their machines is plugged into the internet, it sends all your data to three servers in China. With that information, the Chinese government can log in to any camera system, anytime they want.”

Frank Fisherman, a general manager for Long’s former employer, IC Realtime Security Solutions, tells VOA that Hikvision devices are engineered for effortless hacking.

“They have their encrypted information set up so they can access even if you change the admin [passwords] and the firewall,” he said, adding that Hikvision may have set aside a “back door” in the production process, such that the manufacturer can monitor devices remotely without the users being aware.

IPVM President John Honovich, however, strikes a less alarmist tone.

“So far, we haven’t found any evidence showing these cameras are sending information back to China, and there is no evidence of such back doors,” he told VOA, cautioning, however, that these facts alone do not rule out a possible security threat.

“The issue that still remains is that maybe [back doors] haven’t been found yet,” he said. “All devices have firmware, [which is] updated all the time, just like you update your computer [or] your PC. At any point during the firmware upgrade, back doors can be added by the manufacturers.”

Among well-known video surveillance equipment manufacturers, Honovich added, Hikvision products may not be worth the risk.

“There are hundreds of security camera manufacturers in the world,” he said. “One can [find a reliable system] without the risk of buying products made by a company largely owned and controlled by the Chinese government.”

A Beijing incubator company

Established in 2001, Hikvision, which originated as a Chinese government research institute, maintains strong ties with that government. More than 42 percent of the company is owned by China’s state-owned enterprises, with the remaining stock owned by a combination of general public stockholders and venture capital investors, including 18 percent from private equity in Hong Kong.

In 2015, when Chinese President Xi Jinping went on an inspection tour of the southern city of Hangzhou, capital of Zhejiang Province, he visited Hikvision’s main office instead of the famous Alibaba headquarters. Xi also met with Pu Shiliang, 38, Hikvision’s head of research and development.

According to the official website of Zhejiang Police Academy, Pu is also the director of a technology laboratory within China’s Ministry of Public Security, the main domestic security agency that has long been criticized for tracking and detaining dissidents and perceived Communist Party opponents of any stripe.

Beginning in 2015, China’s state Development Bank and Export-Import Bank provided Hikvision with 20 billion yuan (nearly $3 billion) in low-interest loans and a 20 billion yuan line of credit. Loans of this size are typically unavailable to Chinese or foreign companies.

Invisible to consumers

Despite the enormous security implications, the United States appears to have made no national security assessment of Hikvision products. As indicated by Long’s online petition, which ultimately closed with only 15 supporters, Hikvision’s links to Beijing are virtually invisible to American consumers.

In April, a New York Times report addressed similar concerns about Chinese drone maker DJI — the world’s largest manufacturer of small drones. The report says the company issued a user agreement that warns customers: “if you conduct your flight in certain countries, your flight data might be monitored and provided to the government authorities according to local regulatory laws.”

In Britain, where many Hikvision cameras have been installed, some government officials have begun voicing concerns.

“If you’ve got cameras that are IP enabled, or potentially could covertly be so enabled … they could potentially be used for malign purposes,” Nigel Inkster, a former British intelligence official, told The Times.

Canadian-based Genetec, one of the world’s leading video surveillance software companies, recently announced that it would no longer offer free technical support for products from either Hikvision or Huawei — a Shenzen-based multinational networking and telecommunications equipment and services company — citing ongoing “security considerations.”

Issuing the announcement, Genetec cited government and corporate clients who called Hikvision and Huawei products “too risky.”

Voice of America received no response to multiple attempts to contact Hikvision’s headquarters in Hangzhou and its branch in California.

Jeffrey He, president of Hikvision’s U.S. and Canadian branch, defended the company during an undated interview with U.S. security monitoring website SourceSecurity.com.

“There have been some misguided accusations targeting Hikvision’s public and industry image, sometimes seeking to create controversy where none exists,” he said. “These questions are geared in general not just to Hikvision, but also to many Chinese manufacturers, and none of these accusations have been proven to be true. These accusations are baseless.

“The Cold War was officially over when the Berlin Wall came down, but I am seeing that, in the minds of some, it never ended,” he added. “We all would be better served if, instead of living in the past, we would look toward the future and the realities of world changes and technology changing along with it.”