Buffalo’s ISIS Supporting Terrorist and Its Klan Supporting Terrorist

Published August 7, 2015 | By emptywheel

Screen Shot 2015-08-07 at 3.37.00 PM

Michael O’Neill

On January 21, 2015, the Niagara County Sheriff’s office responded to a report of an explosion at the house of Chair of the Niagara County Legislature, William Ross.  They discovered that his step-son, former corrections officer Michael O’Neill, who lived with his mother and step-father at the house, had blown off his leg while working with explosives in the garage. In addition to the one that exploded, there were 6 completed Improvised Explosive Devices in the garage, along with shrapnel, fireworks powder, and other explosives precursors.

The complaint made no mention of any evidence beyond the explosives precursors.

O’Neill was brought to a local hospital where he had his leg amputated.

When an ATF and Sheriff’s investigator interviewed O’Neill at the hospital, he claimed he had been making the bombs to blow up tree stumps.

Arafat Nagi

A week later, on July 29, also in the Buffalo area, FBI Agent Amanda Pike arrested US citizen Lackawanna resident Arafat Nagi on charges of attempting to materially support ISIS. The complaint laying out the case against Nagi relied on trips to Turkey and Yemen (Nagi has family in the latter), a slew of tweets supporting ISIS, and some 2012 and 2013 purchases of military equipment — including body armor and a machete — and Islamic flags from eBay. The complaint also included pictures Nagi had tweeted out depicting ISIS and extremist flags and Abu Bakr al-Baghdadi.

Screen Shot 2015-08-07 at 5.59.52 PM

The most recent event cited in the complaint was a February 28, 2015 conversation (apparently not taped) between Nagi and an associate who — given the redaction of a descriptive footnote — almost certainly either has a criminal record or is working off some arrest, in which Nagi said he’d use insurance money to travel to Syria. The associate — not Nagi — raised meeting with al-Baghdadi (presumed to be Abu Bakr al-Baghdadi).

Screen Shot 2015-08-07 at 6.03.20 PM

In spite of the silence about any precipitating event that led to Nagi’s arrest in July, the US Attorney for Western New York (and the husband of Lieutenant Governor Kathy Hochul), William Hochul, had a press conference to announce Nagi’s arrest. Both court documents and public reporting indicated that the Muslim community had tipped authorities off to Nagi’s increasing belligerence in support of radical views.

Michael O’Neill

On July 27, Magistrate Hugh Scott had a hearing on O’Neill’s custody. In spite of the government’s request, Scott did not place O’Neill in US Marshal custody right away, in part so his mother could visit him more easily.

On July 30, Magistrate Scott again deferred his decision on custody to receive briefing.

Arafat Nagi

On July 31, Nagi had his arraignment before the same judge, Magistrate Hugh Scott. Scott ordered Nagi, whose last incriminating act was in February, held without bail, citing the seriousness of his alleged crime and past (2013) violence. Scott further cited, “the volume and nature of the social media usage [that] indicate that Nagi has formed a strong intent to join and to support ISIL and was looking for opportunities to do so.”

Michael O’Neill

On August 5, Scott held a third hearing on O’Neill’s detention. O’Neill’s attorney argued that his 7 IEDs did not constitute bombs at all (remember, he said he was going to attack tree stumps with them). The government said they were, pointing to the shrapnel in one of the constructed bombs. The judge agreed, noting “there is no non-malevolent explanation for why that explosive powder needed to contain or to be associated with nails and other shrapnel.” Unlike in Nagi’s detention consideration, Scott did not mention his prior violence, such as the bar fight a year ago that was precipitated when O’Neill used a racial slur in response to a request for a lighter.

If I’m reading the docket correctly, after a recess in this Wednesday hearing, Scott issued his written opinion. Only then did the parties proffer new evidence. His defense shows that a number of DWUI charges (one of which resulted in him losing his gun permit in 2010,which in turn referenced earlier alcohol issues recorded by his work, presumably, the corrections facility where he used to work) had been resolved with no jail time.

Screen Shot 2015-08-07 at 5.28.28 PM

But only then — after the judge had already decided to hold O’Neill because he put BBs and nails in his IEDs — did the government introduce this evidence, evidence that had to have been apparent (and probably was collected) when the ATF and Sheriff’s investigator did their initial investigation of what O’Neill had been doing in the garage owned by the Chair of the County Legislature.

That evidence shows that the work bench at which Ross’ step-son was emptying fireworks for powder and adding nails to IEDs was decorated with a Stormtrooper poster, a picture of Nathan Bedford Forrest, a Confederate flag, and a poster advertising, “The KKK wants you.” O’Neill also appears to have had a sword (most visible in Exhibit 14) not mentioned in any legal document.

I don’t fault Scott that he didn’t mention the evidence that O’Neill was constructing bombs amid a bunch of white supremacist propaganda — he hadn’t been shown it or apparently even informed of it until he issued his opinion. But I find it notable that the prosecutors — and Hochul, who held a press conference upon the arrest of a guy who hadn’t done anything incriminating (at least according to the complaint) since February — didn’t mention this until this stage of the proceedings. And while Hochul commented publicly to the press, I don’t believe he had a formal press conference to highlight the guy making 7 bombs in his step-dad’s garage did so under the glare of the first Klan Grand Wizard.

O’Neill’s politically connected step-father, in whose garage he was assembling bombs right below Nazi and Klan paraphernalia, said “he didn’t know what O’Neill was doing and if he did, he would have alerted authorities,” which appears to make him far less attentive than the Muslims who reported Nagi’s belligerence. Judge Scott expressed some skepticism that Ross could miss both the explosives construction and the Nazi propaganda in clear view in his garage.

The US Attorney’s office says it is investigating O’Neill’s devices to see if they can determine where he learned to build the IEDs and whether they can determine precisely what “stumps” he had in mind for a target. Notably, these IEDs are probably powerful enough the government could charge O’Neill with possession of WMD, which carries a terrorist enhancement, if they discover he had plans of using those IEDs to terrorize.

Nagi and O’Neill

Since Nagi’s arrest, a number of commentators — including this post and a paragraph of this excellent Ryan Reilly piece — place this case among those where someone is accused of terrorism exclusively for speech. The bulk of the evidence in this case, aside from two trips to Turkey during which Nagi didn’t join ISIS, amounts to speech, albeit clearly hateful speech.

We don’t yet know whether O’Neill has engaged in similar public hate speech (aside from the racist comment last summer that seems to have gotten him hospitalized); what has been mentioned so far is dead tree propaganda, nothing that would reflect interaction with others (his neighbors, at least, had no idea what he was doing in the garage at all hours of the night). Moreover, there is the added (inexcusable but predictable) factor that this guy was the step-son of a politically connected guy, which would lead prosecutors to exercise some caution about crying terrorism without a good deal of evidence.

Still, these two extremists were working their way through the same court room at the same time. The contrast between the two cases is instructive.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in Terrorism | Tagged , , , | 7 Comments

Mankiw’s Principles of Economics Part 6: Markets Are Usually A Good Way to Organize Economic Activity

Published August 7, 2015 | By Ed Walker

The introduction to this series is here.
Part 1 is here.
Part 2 is here.
Part 3 is here.
Part 4 is here.
Part 5 is here.

Mankiw’s sixth principle of economics is: Markets are Usually a Good Way to Organize Economic Activity. There are six paragraphs of explanation. About half say that central planning as in Communist Russia doesn’t work, culminating with this:

Central planners failed because they tried to run the economy with one hand tied behind their back – the invisible hand of the marketplace. Page 11.

Mankiw says that in a market economy, the decisions of a central planner are replaced by decisions of millions of market participants. Firms decide what and how much to make, and households decide where to work and what to buy. It is wonderful how this system is so successful at “organizing economic activity to promote overall economic well-being.” The magic is prices.

As a result of the decisions that buyers and sellers make, market prices reflect both the value of a good to society and the cost to society of making the good.

But, when government interferes with the market and prevents prices from adjusting to supply and demand, disaster awaits. Thus, taxes “adversely affect the allocation of resources, for they distort prices and thus the decisions of households and firms.”

Mankiw doesn’t define the terms market, or marketplace. That fits perfectly with Mirowski’s Second Commandment of Neoliberalism: Thou Shalt Erase Distinctions. Here is his discussion in full:

What sort of “market” do neoliberals want to foster and protect? It may seem incredible, but historically, both the neoclassical tradition in economics and the neoliberals have both been extremely vague when it comes to analytical specification of the exact structure and character of something they both refer to as the “market” Both seem overly preoccupied with what it purportedly does, while remaining cavalier about what it actually is. For the neoliberals, this allows the avoidance of a possible deep contradiction between their constructivist tendencies and their uninflected appeal to a monolithic market that has existed throughout all history and indifferently across the globe; for how can something be “made” when it is eternal and unchanging? This is solved by increasingly erasing any distinctions among the state, society, and the market, and simultaneously insisting their political project is aimed at reformation of society by subordinating it to the market. Emphasis in original.

While neoliberals do not define market, they assert that it is perfect, as Mirowski’s Third Commandment says: Thou Shalt Worship “Spontaneous Order”. Neoliberals assert that markets are emergent phenomena, and are inevitable and perfect. The theory of Natural Law is thus updated for the 21st Century with a metaphor from biology.

Just as Mirowski says, it is difficult to see what Mankiw means by market. There is nothing to be learned from his statement that the market economy consists of the decisions of millions of firms and households, not least because it ignores the decisions of hundreds of thousands of governmental units, controlling the spending of about 1/3 of the GDP. And it’s difficult to understand how the many thousands of rules that govern many thousands of markets can be translated into formal language, let alone into mathematical terms. Mankiw relies on a sort of collective understanding to provide sufficient clues that the average reader will know what he means, which is part of the problem. If the textbook doesn’t define things so that everyone is talking about the same thing, it is dangerous because people assume others agree with them when they don’t. The lack of a definition is a signal of sloppy thinking.

Mankiw gives us mushy statements like markets promote overall economic well-being. The only people who can participate in markets are those with money. The level of participation is directly related to how much money one has. The fact is that markets cater to people with lots of money, those who can buy whatever they want. When resources or goods are actually scarce, markets allocate them to those with money. When there is plenty, markets can serve those with less money. But markets will never do anything for poor people.

I’m stunned by the nonchalant statement that households decide where to work. I’m equally stunned by the idea that taxes distort markets because they affect spending decisions. It goes with his forgetting to mention government as a market participant. If we didn’t have taxes, that would distort markets too, because people would have to buy protection and roads and a lot more.

If, as Manikw claims, markets measure the value of goods to society, then the values of goods to society are determined by the rich. Markets do not include all the costs of production and therefore that part of Mankiw’s statement is false, assuming it meant anything measurable.

This entire statement of principle is useless as a guide to anything specific. Again, I realize this is just an introduction, but students treat it as accurate. It’s easy to remember and it will stick with people long after they leave school.

I’ve written several posts on the nature of markets as used in introductory economics courses, including this one and the linked posts, and more at Firedoglake, including this one. If you go to this link and search for Bernard Harcourt, or for masaccio markets, you can find much more. For anyone not aware of it, FDL is no more, and all my posts can be found at Shadowproof.com., but you have to search. Here’s my definition of market:

A market is the set of social arrangements under which people buy and sell specific goods and services at a specific point in time.

Social arrangements means all of the things that constrain and organize human action, including laws, regulations, social expectations, conventions, and standards, whether created or enforced by governments, institutions or local traditions.

With that definition, Mankiw’s Principle No. 6 becomes more or less true, though meaningless. My definition carries no pretense of fairness or social justice. It doesn’t suggest that the market is perfect at any point in time; instead it suggests that markets can and should be the subject of social action to insure social goals. Maybe that’s a good reason for neoliberals and their friend Mankiw to avoid providing their own definition. After all, as Adam Smith tells us:

Consumption is the sole end and purpose of all production; and the interest of the producer ought to be attended to, only so far as it may be necessary for promoting that of the consumer. The Wealth Of Nations, Book IV Chapter VIII, v. ii, p. 660, para. 49.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in Economics | Tagged , , | 3 Comments

Jeb Bush’s Service on Bloomberg Foundation Disappears into the Memory Hole

Published August 7, 2015 | By emptywheel

Ginalou made a remarkable discovery this morning. In the transcripts from last night’s debate that have been released thus far, the exchange where Megyn Kelly asks Jeb Bush about his service on the Bloomberg Foundation at a time when it supported Planned Parenthood (here’s an earlier report on it) has been scrubbed. The exchange should appear where it says “(COMMERCIAL BREAK)” here.

Screen Shot 2015-08-07 at 10.02.07 AM

Someone caught it in the YouTube above (though Fox will surely do a take-down of that). Fox appears only to be releasing selected clips of the debate, and this exchange is not included.

Here’s my transcription for posterity:

Kelly: Governor Bush, let’s start with you. Many Republicans have been outraged recently by a series of videos on Planned Parenthood. You now say that you support ending federal funding for this organization. However, until late 2014, right before you started your campaign, you sat on the board of a Bloomberg charity that quite publicly gave tens of millions of dollars to Planned Parenthood, while you were a Director. How could you not know about these well-publicized donations [a few boos] and if you did know, how could you help a charity so openly committed to abortion rights?

Bush: I joined the Bloomberg foundation because of Mike Bloomberg’s shared commitment for meaningful education reform. That’s why I was on it. We never had a debate about the budget. It was presented and we approved it. Not item by item. Here’s my record. As governor of the state of Florida, I defunded Planned Parenthood. [applause] I created a culture of life in our state. We were the only state to appropriate money for crisis pregnancy centers. We expanded dramatically the number of adoptions out of our foster care system. We created — we did parental notification laws. We ended partial birth abortion. We did all of this. And we were the first state to do a “choose life” license plate. Now 29 states have done it and tens of millions of dollars have gone to create  a culture where more people, more babies are adopted.

Kelly: But did you know?

Bush: [pause] No. I didn’t know. But it doesn’t matter. I was working on this board because of the education. My record is clear. My record as a pro-life governor is not in dispute. I am completely pro-life and I believe that we should have a culture of life, it’s informed by my faith from beginning to end. [big applause] And I did this not just as it related to unborn babies, I did it at the end-of-life issues as well. This is something that goes way beyond politics. And I hope one day that we get to the point where we respect life, in its fullest form, across the board. [applause]

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in Culture | Tagged , , | 15 Comments

Christie Lied about 9/11 to Try to Shut Down Paul’s Opposition to Dragnet Spying [Updated]

Published August 7, 2015 | By emptywheel

One of the most contentious exchanges in last night’s debate came when Megyn Kelly raised Chris Christie’s past attacks on Rand Paul for opposing the bulk dragnet.

KELLY: Alright, gentlemen, we’re gonna switch topics now and talk a bit about terror and national security.

Governor Christie. You’ve said that Senator Paul’s opposition to the NSA’s collection of phone records has made the United States weaker and more vulnerable, even going so far as to say that he should be called before Congress to answer for it if we should be hit by another terrorist attack.

Do you really believe you can assign blame to Senator Paul just for opposing he bulk collection of people’s phone records in the event of a terrorist attack?

CHRISTIE: Yes, I do. And I’ll tell you why: because I’m the only person on this stage who’s actually filed applications under the Patriot Act, who has gone before the federal — the Foreign Intelligence Service court, who has prosecuted and investigated and jailed terrorists in this country after September 11th.

I was appointed U.S. attorney by President Bush on September 10th, 2001, and the world changed enormously the next day, and that happened in my state.

This is not theoretical to me. I went to the funerals. We lost friends of ours in the Trade Center that day. My own wife was two blocks from the Trade Center that day, at her office, having gone through it that morning.

Never mind that most US Attorneys don’t, themselves, go before the FISC to present cases (usually it is people from the National Security Division, though it was OIPR when Christie was US Attorney), never mind that the name of the court is the “Foreign Intelligence Surveillance Court.

The real doozie here is Chris Christie’s claim that he “was appointed U.S. attorney by President Bush on September 10th, 2001.”

On December 7, 2001 — three months after the attacks — President Bush released this notice of nomination.

The President intends to nominate Christopher J. Christie to be United States Attorney for the District of New Jersey.   Christie has been a partner with Dughi, Hewitt and Palatucci of Cranford, New Jersey since 1987.  He is a graduate of the University of Delaware and Seton Hall University School of Law.

Christie was confirmed quickly and started as US Attorney in January 2002.

Now, maybe Bush spoke with his big New Jersey fundraiser Chris Christie and assured him the payoff — in the form of a key appointment — would be coming. Maybe that conversation even happened on September 10.

But it is not the case that he was nominated on September 10.

I attribute this fib — like the mistakes about the name of FISC — to be bluster and debate confusion. What I find more offensive is that Andrea Mitchell, when hailing Christie’s national security credentials later in the night, literally claimed he was nominated on September 10 and started on September 12.

And there’s a far bigger subtext here.

Christie implies he was involved in the dragnet in question. He was US Attorney from January 2002 to December 2008 — so he in fact would have been in office during the two years when the phone dragnet worked through the Servic–um, Surveillance court, and four years of the Internet dragnet. But if, as he implies, he was involved in the dragnet for the entire span of his tenure — and remember, there were huge cases run out of Trenton right out of 9/11 — then he was also using the fruits of illegal wiretapping to do his job. Not Servic — um, Surveillance court authorized dragnets and wiretaps, but also illegal wiretaps.

Which may explain why he’s so invested in rebutting any questions about the legitimacy of the program.

Update: Here’s what his official biography says about his tenure as US Attorney. (h/t JH)

Christie was named U.S. Attorney for the District of New Jersey in 2002. As the chief federal law enforcement officer in New Jersey, earning praise from leaders in both parties and drawing national attention for his efforts in battling political corruption, corporate crime, human trafficking, gangs, terrorism and environmental polluters.

Update: In an absolutely hysterical attempt to rebut the clear fact that he was not nominated when he said he was, Christie’s people said he was informed he would be on September 10 at 4:30 (as I suggested was likely). But the rest of the explanation makes it clear they hadn’t even done a background check yet!

The intervening crisis caused by the terrorist attacks on New York and Washington then delayed action on the nomination. In the interview for the book, Christie said he didn’t hear again from the White House for two weeks and that things were slowed because there were no available FBI agents to do background checks, as they had been assigned to investigating the 9/11 attacks.

 

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in FISA | Tagged , , | 18 Comments

Tesla Patches Faster than Chrysler … and than Android [UPDATED]

Published August 6, 2015 | By emptywheel

Wired’s hack-of-the-day story reports that researchers hacked a Tesla (unlike the Chrysler hack, it required access to the vehicle once, though the Tesla also has a browser vulnerability that might not require direct access).

Two researchers have found that they could plug their laptop into a network cable behind a Model S’ driver’s-side dashboard, start the car with a software command, and drive it. They could also plant a remote-access Trojan on the Model S’ network while they had physical access, then later remotely cut its engine while someone else was driving.

The story notes how much more proactive Tesla was in patching this problem than Chrysler was.

The researchers found six vulnerabilities in the Tesla car and worked with the company for several weeks to develop fixes for some of them. Tesla distributed a patch to every Model S on the road on Wednesday. Unlike Fiat Chrysler, which recently had to issue a recall for 1.4 million cars and mail updates to users on a USB stick to fix vulnerabilities found in its cars, Tesla has the ability to quickly and remotely deliver software updates to its vehicles. Car owners only have to click “yes” when they see a prompt asking if they want to install the upgrade.

In my understanding, Tesla was able to do this both because it responded right away to implement the fix, and because it had the technical ability to distribute the update in such a way that was usable for end users. Chrysler deserves criticism for the former (though at least according to Chrysler, it did start to work on a fix right away, it just didn’t implement it), but the latter is a problem that will take some effort to fix.

Which is one reason I think a better comparison with Tesla’s quick fix is Google’s delayed fix for the Stagefright vulnerability. As the researcher who found it explained, Google address the vulnerability internally immediately, just like Tesla did.

Google has moved quickly to reassure Android users following the announcement of a number of serious vulnerabilities.

The Google Stagefright Media Playback Engine Multiple Remote Code Execution Vulnerabilitiesallow an attacker to send a media file over a MMS message targeting the device’s media playback engine, Stagefright, which is responsible for processing several popular media formats.

Attackers can steal data from infected phones, as well as hijacking the microphone and camera.

Android is currently the most popular mobile operating system in the world — meaning that hundreds of millions of people with a smartphone running Android 2.2 or newer could be at risk.

Joshua Drake, mobile security expert with Zimperium, reports

A fully weaponized successful attack could even delete the message before you see it. You will only see the notification…Unlike spear-phishing, where the victim needs to open a PDF file or a link sent by the attacker, this vulnerability can be triggered while you sleep. Before you wake up, the attacker will remove any signs of the device being compromised and you will continue your day as usual – with a trojaned phone.

Zimperium say that “Google acted promptly and applied the patches to internal code branches within 48 hours, but unfortunately that’s only the beginning of what will be a very lengthy process of update deployment.”

But with Android the updates need to go through manufacturers, which creates a delay — especially given fairly crummy updating regimes by a number of top manufacturers.

The experience with this particular vulnerability may finally be pushing Android-based manufacturers to fix their update process.

It’s been 10 days since Zimperium’s Joshua Drake revealed a new Android vulnerabilitycalled Stagefright — and Android is just starting to recover. The bug allows an attacker to remotely execute code through a phony multimedia text message, in many cases without the user even seeing the message itself. Google has had months to write a patch and already had one ready when the bug was announced, but as expected, getting the patch through manufacturers and carriers was complicated and difficult.

But then, something unexpected happened: the much-maligned Android update system started to work. Samsung, HTC, LG, Sony and Android One have already announced pending patches for the bug, along with a device-specific patch for the Alcatel Idol 3. In Samsung’s case, the shift has kicked off an aggressive new security policy that will deploy patches month by month, an example that’s expected to inspire other manufacturers to follow suit. Google has announced a similar program for its own Nexus phones. Stagefright seems to have scared manufacturers and carriers into action, and as it turns out, this fragmented ecosystem still has lots of ways to protect itself.

I make this comparison for two reasons. One, if Google — the customers of which have the hypothetical ability to send out remote patches, even if they’ve long neglected that ability — still doesn’t have this fixed, it’s unsurprising that Chrysler doesn’t yet.

But some of the additional challenges that Chrysler has that Tesla has fewer of stem from the fragmented industry. Chrysler’s own timeline of its vulnerability describes a “third party” discovering the vulnerability (not the hackers), and a “supplier” fixing it.

In January 2014, through a penetration test conducted by a third party, FCA US LLC (“FCA US”) identified a potential security vulnerability pertaining to certain vehicles equipped with RA3 or RA4 radios.

A communications port was unintentionally left in an open condition allowing it to listen to and accept commands from unauthenticated sources. Additionally, the radio firewall rules were widely open by default which allowed external devices to communicate with the radio. To date, no instances related to this vulnerability have been reported or observed, except in a research setting.

The supplier began to work on security improvements immediately after the penetration testing results were known in January 2014.

But it’s completely unclear whether that “third party” is the “supplier” in question. Which means it’s unclear whether this was found in the supplier’s normal testing process or in something else.

One reason cars are particularly difficult to test are because so many different suppliers provide parts which don’t get tested (or even adequately specced) in an integrated fashion.

Then, if you need to fix something you can’t send out over a satellite or Internet network, you’re dealing with the — in many cases — archaic relationships car makers have with dealers, not to mention the limitations of dealer staff and equipment to make the fix.

I don’t mean to excuse the automotive industry — they’re going to have to fix these problems (and the same problems lie behind fixing some of the defects tied to code that doesn’t stem from hacks, too, such as Toyota’s sudden acceleration problem).

It’s worth noting, however, how simplified supply and delivery chains make fixing a problem a lot easier for Tesla than it is for a number of other entities, both in and outside of the tech industry.

UPDATE — 4:30 PM EDT —

Hey, it’s Rayne here, adding my countervailing two cents (bitcoins?) to the topic after Marcy and I exchanged a few emails about this topic. I have a slightly different take on the situation since I’ve done competitive intelligence work in software, including open source models like Android.

Comparing Fiat Chrysler’s and Google’s Android risks, the size and scale of the exposures are a hell of a lot different. There are far more Android devices exposed than Chrysler car models at risk — +1 billion Android devices shipped annually around the globe as of 4Q2014.

Hell, daily activations of Android devices in 2013 were 1.2 million devices per day — roughly the same number as all the exposed Chrysler vehicles on the road, subject to recall.

Google should have a much greater sense of urgency here due to the size of the problem.

Yet chances of a malware attack on an Android device actually causing immediate mortal threat to one or more persons is very low, compared to severity of Chrysler hack. Could a hacker tinker with household appliances attached via Android? It’s possible — but any outcome now is very different from a hacker taking over and shutting down a vehicle operating at high speed in heavy traffic, versus shutting off a Phillips remote-controlled Hue lamp or a Google Nest thermostat, operating in the Internet of Things. The disparity in annoyance versus potential lethality may explain why Google hasn’t acted as fast as Tesla — but it doesn’t explain at all why Chrysler didn’t handle announcing their vulnerability differently. Why did they wait nearly a year to discuss it in public? Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in automobiles, Cybersecurity | Tagged , , , , , , , | 14 Comments

On Hiroshima Anniversary, Iran Deal Opponents Make One More Push Based on Parchin Photos

Published August 6, 2015 | By Jim White
Hiroshima was flattened by the US on August 6, 1945 by the deployment of a nuclear weapon.

Hiroshima was flattened by the US on August 6, 1945 by the deployment of a nuclear weapon. (Wikimedia Commons)

Seventy years ago today, on August 6, 1945, the US dropped an atomic bomb on Hiroshima, Japan. By November of that same year, approximately 130,000 people were dead because of that single bomb, which targeted a civilian population. Three days later, the US deployed a second nuclear weapon in Nagasaki. It appears that these horrific weapons were not needed, despite the prevailing myth surrounding their use. Even with the subsequent proliferation of nuclear weapons, the US remains the only country to have ever used them outside a testing scenario, while countries as unstable as North Korea and Pakistan have achieved nuclear weapons capability at some level.

As might be expected, Japan’s Prime Minister Shinzo Abe is using the occasion of this anniversary to call for an end to nuclear weapons. Last week, Javad Zarif made an excellent move, in suggesting that now that Iran has signed an agreement with the P5+1 group of countries on its nuclear technology, there should be a push to remove nuclear weapons and all WMD from the Middle East. Recall that Iran has agreed to the most intrusive inspections regime ever put into place in a country that didn’t first lose a war, making their call for inspections of Israel’s nuclear weapons program especially strong. These two calls together represent an appeal to those who prefer peace over war while placing the highest possible value on civilian lives.

That attitude of favoring peace over war and putting civilians first stands in stark contrast to those who oppose the Joint Comprehensive Plan of Action signed by the P5+1 and Iran. As Barack Obama pointed out yesterday, those who are opposing the deal are the same people who were so tragically wrong about the decision to invade Iraq in 2003:

President Obama lashed out at critics of the Iran nuclear deal on Wednesday, saying many of those who backed the U.S. invasion of Iraq now want to reject the Iran accord and put the Middle East on the path toward another war.

/snip/

While calling the nuclear accord with Iran “the strongest nonproliferation agreement ever negotiated,” Obama also seemed to turn the vote on the deal into a referendum on the U.S. invasion of Iraq a dozen years ago, a decision he portrayed as the product of a “mind-set characterized by a preference for military action over diplomacy.”

Obama said that when he first ran for president, he believed “that America didn’t just have to end that war. We had to end the mind-set that got us there in the first place.” He added that “now, more than ever, we need clear thinking in our foreign policy.”

One of the saddest aspects of this push for war over diplomacy is that much of it comes from deep within the US government itself. In many of my posts on the path to the P5+1 accord with Iran, I have noted the nefarious process of anonymous “disclosures” coming sometimes from “diplomats” and sometimes from “intelligence sources” that get transcribed into the press by a small handful of “reporters”. Usually the worst offender on this front is George Jahn of AP. A recent retiree from this fold is Fredrik Dahl who now, ironically, appears to be the primary press contact for the IAEA. But never fear, rushing into the void created by the departure of Dahl (or perhaps his insertion into an operative role further inside the apparatus), we have the dynamic duo of Eli Lake and Josh Rogin. Their blather being put out as “journalism” is not worthy of a link here. If you want to find it, try going to Marcy’s Twitter and searching for “not The Onion”.

Of course, the high point of this process of manufacturing nuclear charges against Iran and then getting them into the media is the notorious “laptop of death“. Running a close second, though, are the charges that Iran has engaged in developing a high explosives trigger device at the Parchin site. Showing that those who engage in this level of deceit have absolutely no pride, the charges of this work have proceeded despite an equally plausible explanation that the high explosives chamber could just as easily have been used to develop nanodiamonds. Further, those making these charges have allowed themselves to be baited into a ridiculous level of “analysis” of satellite photos of the site, with hilarious results from how Iran has played them.

Despite this level of embarrassment, one of the primary tools in this process, David Albright, couldn’t resist one last try on the satellite photo front. Yesterday, he breathlessly informed us that there are a couple of new sheds on the Parchin site and there is even some debris. And, get this, a crate has been moved! Seriously, here is the “meat” of Albright’s analysis (pdf): Continue reading

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in War, WMD | Tagged , , , , , , , , , , , , , , , | 11 Comments

FBI’s 5-Year Effort to Avoid Inspector General Scrutiny of Its Phone Dragnet Use

Published August 5, 2015 | By emptywheel

Screen Shot 2015-08-05 at 1.15.53 PMAs part of today’s Senate Judiciary Hearing on DOJ OLC’s decision to make DOJ’s Inspector General ask nicely before it gets certain kinds of materials it needs to conduct its work, John Cornyn asked what changed in 2010 to make the FBI start pushing back against sharing information freely with the IG.

Inspector General Michael Horowitz responded,

I was not the Inspector General at that time, but my understanding is that the memos and decisions from the legal counsel at the FBI followed several OIG reviews of the handling of National Security Letters, Exigent Letters, and other hard-hitting OIG reviews, because there was no other change in the law, no policy change, no regulatory change…

Horowitz is suggesting that because Horowitz’ predecessor, Glenn Fine, released reports that showed FBI abuse of national security programs, FBI started pushing back against sharing information. The claim is particularly interesting given that the Exigent Letters report, which was released in January 2010, significantly implicated FBI’s General Counsel’s office, including then General Counsel and now lifetime appointed judge (with Cornyn’s backing) Valerie Caproni.

The suggestion is also interesting given that Fine resigned in 2010 after starting an investigation into the use ofSection 215 and PRTT. It took years before DOJ had a working Inspector General again, resulting in a long delay before Congress got another report on how the government was using the phone dragnet.

All of which is all the more troubling, given that Horowitz revealed that,

Just yesterday, I’m told, in our review of the FBI’s use of the bulk telephony statute, a review that this committee has very much been interested in our doing, we got records with redactions, not for grand jury, Title III, or fair credit information, because those have been dealt with, but for other areas that the FBI has identified legal concerns about.

This is particularly troubling given that just weeks ago the USA Freedom Act mandated certain IG reviews of phone dragnet activities.

But the FBI is still obstructing such efforts.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in FISA | Tagged , , , | 8 Comments

FBI Flies Its Now-Exposed Spy Plane over America’s Biggest Arab-American City

Published August 5, 2015 | By emptywheel

Screen Shot 2015-08-05 at 10.55.52 AM

In June, the AP reported on the FBI’s fleet of spy planes (following up on the work of the WaPo and independent journalists around the country). In it, they described how the FBI wanted them to keep the details of the front companies owning the planes secret.

The FBI asked the AP not to disclose the names of the fake companies it uncovered, saying that would saddle taxpayers with the expense of creating new cover companies to shield the government’s involvement, and could endanger the planes and integrity of the surveillance missions. The AP declined the FBI’s request because the companies’ names – as well as common addresses linked to the Justice Department – are listed on public documents and in government databases.

That hasn’t stopped the FBI from flying the planes under the same thin cover. Today, the Detroit Free Press reported that one of those planes has spent the last week flying over Dearborn, the biggest concentration of Arabs in the country.

The thing is, in spite of the claim to the AP that FBI would need to create new covers for their secret spy planes, they didn’t.

The 2010 Cessna is registered to a company called OTV Leasing of Bristow, Va. The registration, like other aircraft included in the AP investigation, is linked to a bank of post office boxes in Bristow.

OTV Leasing was among at least 13 fake companies used by the FBI that were identified during the AP investigation.

The chief executive of OTV Leasing is listed on aircraft records as Robert Lindley. The AP reported that Lindley is listed as CEO of several other front companies, and has at least three distinct signatures on aircraft records. The FBI did not disclose to the AP whether Lindley was a U.S. government employee; the news agency could not reach him for comment.

It’s bad enough that the population of Dearborn is being surveilled by such a high tech plane. But to do so when everyone now knows these are spy planes is all the more problematic. It’s almost hubristic, a display that the FBI can spy on that particularly population with impunity.

In Yemen they fly drones. In Dearborn, they fly planes that have already been outed as FBI spy tools.

Update: The FBI reassured community leaders this was not mass surveillance targeting a racial or religious communities.

The FBI was conducting a specific criminal probe and not investigating credible terror threats nor targeting racial or religious communities, the bureau told community leaders at a meeting Wednesday night.

[snip]

“Contrary to the suggestion of some recent media reporting, the FBI does not employ aviation assets to conduct mass surveillance nor to target specific communities,” Abbate said in a statement. “Neither does the FBI monitor lawfully protected First Amendment activity. Further, the FBI Detroit Field Office is not aware of any specific or credible threats within the local Detroit Metropolitan area.”

There are several problems with what has been relayed of this statement though (and CAIR-MI Director Dawud Walid makes some of them). First, what the FBI means by mass surveillance and what normal humans do are totally different things. If the surveillance is targeted, but sucks in thousands incidentally, FBI still doesn’t consider it mass surveillance (nor does it report it as such in required congressional reporting).

Also, if you were targeting Dearborn’s Arab-American residents, you’d be targeting neither based on religion (because a significant percentage of the Arab population is Christian) nor, technically, on race (Arab is not considered a race, at least by the census).

And the FBI has big, but secret, exceptions to what it considers “lawfully protected First Amendment activity.”

It may well be true that Dearborn’s residents have nothing to worry about. But the statement — at least what got published here — should not allay any concerns.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in Drones | 3 Comments

GM Supports Obtaining Cybersecurity Immunity Just after Hack Vulnerability Revealed

Published August 5, 2015 | By emptywheel

Dianne Feinstein just gave a long speech on the Senate floor supporting the Cyber Information Sharing Act.

She listed off a list of shocking hacks that happened in the last year or so — though made no effort (or even claim) that CISA would have prevented any of them.

She listed some of the 56 corporations and business organizations that support the bill.

Most interestingly, she boasted that yesterday she received a letter from GM supporting the bill. We should pass CISA, Feinstein suggests, because General Motors, on August 4, 2015, decided to support the bill.

I actually think that’s reason to oppose the bill.

As I have written elsewhere — most recently this column at the DailyDot — one of my concerns about the bill is the possibility that by sharing data under the immunity afforded by the bill, corporations might dodge liability where it otherwise might serve as necessary safety and security leverage.

Immunizing corporations may make it harder for the government to push companies to improve their security. As Wyden explained, while the bill would let the government use data shared to prosecute crimes, the government couldn’t use it to demand security improvements at those companies. “The bill creates what I consider to be a double standard—really a bizarre double standard in that private information that is shared about individuals can be used for a variety of non-cyber security purposes, including law enforcement action against these individuals,” Wyden said, “but information about the companies supplying that information generally may not be used to police those companies.”

Financial information-sharing laws may illustrate why Wyden is concerned. Under that model, banks and other financial institutions are obligated to report suspicious transactions to the Treasury Department, but, as in CISA, they receive in return immunity from civil suits as well as consideration in case of sanctions, for self-reporting. “Consideration,” meaning that enforcement authorities take into account a financial institution’s cooperation with the legally mandated disclosures when considering whether to sanction them for any revealed wrongdoing. Perhaps as a result, in spite of abundant evidence that banks have facilitated crimes—such as money laundering for drug cartels and terrorists—the Department of Justice has not managed to prosecute them. When asked during her confirmation hearing why she had not prosecuted HSBC for facilitating money laundering when she presided over an investigation of the company as U.S. Attorney for the Eastern District of New York, Attorney General Loretta Lynch said there was not sufficient “admissible” evidence to indict, suggesting they had information they could not use.

In the same column, I pointed out the different approach to cybersecurity — for cars at least — of the SPY Act — introduced by Ed Markey and Richard Blumenthal — which affirmatively requires certain cybersecurity and privacy protections.

Increased attention on the susceptibility of networked cars—heightened by but not actually precipitated by the report of a successful remote hack of a Jeep Cherokee—led two other senators, Ed Markey and Richard Blumenthal, to adopt a different approach. They introduced the Security and Privacy in Your Car Act, which would require privacy disclosures, adequate cybersecurity defenses, and additional reporting from companies making networked cars and also require that customers be allowed to opt out of letting the companies collect data from their cars.

The SPY Car Act adopts a radically different approach to cybersecurity than CISA in that it requires basic defenses from corporations selling networked products. Whereas CISA supersedes privacy protections for consumers like the Electronic Communications Privacy Act, the SPY Car Act would enhance privacy for those using networked cars. Additionally, while CISA gives corporations immunity so long as they share information, SPY Car emphasizes corporate liability and regulatory compliance.

I’m actually not sure how you could have both CISA and SPY Act, because the former’s immunity would undercut the regulatory limits on the latter. (And I asked both Markey and Blumenthal’s offices, but they blew off repeated requests for an answer on this point.)

Which brings me back to GM’s decision — yesterday!!! — to support CISA.

The hackers that remotely hacked a car used a Jeep Cherokee. But analysis they did last year found the Cadillac Escalade to be the second most hackable car among those they reviewed (and I have reason to believe there are other GM products that are probably even more hackable).

So … hackers reveal they can remotely hack cars on July 21; Markey introduced his bill on the same day. And then on August 4, GM for the first time signs up for a bill that would give them immunity if they start sharing data with the government in the name of cybersecurity.

Now maybe I’m wrong in my suspicion that CISA’s immunity would provide corporations a way to limit their other liability for cybersecurity so long as they had handed over a bunch of data to the government, even if it incriminated them.

But we sure ought to answer that question before we go immunizing corporations whose negligence might leave us more open to attack.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in automobiles, Cybersecurity | Tagged , , , | 3 Comments

Neoliberalism Helped Syrian Banks Evade Sanctions

Published August 5, 2015 | By emptywheel

I’ve written a lot about how neoliberalism has been counterproductive for any soft war we’re waging against ISIS, Russia, or China. We keep forcing allies and client states — including post Arab Spring Egypt and, especially, Ukraine — to adopt neoliberal policies. That creates more instability at precisely the time the new regime (like it or not) is trying to consolidate.

Neoliberalism doesn’t offer much benefit for many of the hearts and minds we’d like to win over.

But it has helped someone.

According to this fascinating WaPo analysis (and underlying study), the reason Syrian elites and their banks have been able to withstand sanctions is because Bashar al-Assad adopted (mixed) neoliberal policies when he assumed control. It created an interconnected elite whose ties with were Assad more inextricably linked than they had previously been, such that people doing business with sanction targets have too much invested in the regime itself to stop doing business with the sanctioned entities.

Bashar aimed to revamp the three decades of populist structure in an ‘authoritarian upgrading’ to pursue neoliberal economic policies, eventuallyshifting public assets to a network of crony capitalists close to the regime. The abandonment of socialist policies in a post-populist era culminated with the establishment of the Damascus Securities Exchange (DSE) in 2009. The number of firms listed on the exchange has since grown, even after 2011, and currently comprises 23 companies spanning sectors such as transport, media, industry, agriculture, banking and insurance.

[snip]

The newly established Syrian private banking system redistributed the monopolistic market share of public banks with private lenders, while maintaining a degree of protectionism so the state-owned banks preserved their banking services monopoly. This arrangement was part of what Raymond Hinnebusch termed a ‘middle way’ of allowing the expansion of the private sector while ostensibly reforming state owned enterprises.

The booming private banks attracted politically connected businessmen, including many former politicians and senior security officials, natural partners for foreign institutional investors for whom a 49 percent Syrian ownership was required for an operating license until 2010.

[snip]

Thorough review of disclosures made by publicly listed private banks on the DSE indicate a similar trend, in which prominent Syrian businessmen— some of whom have been sanctioned for their support to the regime— own a substantial number of shares and even sit on the board of directors in multiple banks. As my research shows, there are at least 23 individual investors whose shareholdings exceed 1 million shares. With more than 36 million shares in aggregate, these individuals make up at least 4.5 percent of overall shares of private banks and 11 percent of total retail investors’ stock ownership.

This is symptomatic of the emergence of a new generation of ‘regime businessmen,’ whose relationship with the state transformed from a de facto alliance since Bashar al-Assad came to power to the central backbone of the regime now. Through joint business ventures and inter-family marriages, this alliance translated into the regime businessmen’s dominance of profitable sectors, including energy, banking and finance, construction, and tourism, and has in turn ensured the regime’s economic survival.

[snip]

Most of these businessmen have substantial investments in the country that outweighed their overseas assets and commercial interests. Their inextricable connections with the ruling political elite have made them highly invested in the survival of the regime.

I suspect the same is true of Russia.

That’s not all that surprising. With the exception of the largest banks, our business elite is pretty committed to the US regime, largely as a result of the cronyist benefits that those ties afford.

Indeed, the analysis raises more general questions about whether neoliberalism makes dangerous regimes more resilient.

But I also note the irony.

Tweet about this on TwitterShare on RedditShare on FacebookGoogle+Email to someone
Posted in Financial Fraud, Treasury | Tagged | 3 Comments
1 2 3 1,019

Emptywheel Twitterverse

bmaz I am looking at you Sunday broadcast and cable morning shows. Little @chucktodd must be creaming in his pants https://t.co/jd7uj9BRH2
7mreplyretweetfavorite
bmaz So most intelligent+responsible thing for @CNN, @MSNBC + @Fox would be to jam some more of that dumb shit up our ass https://t.co/sguLZddCmQ
9mreplyretweetfavorite
bmaz You know, there has just been insufficient coverage by US political press of this latest Donald Trump racist, misogynistic assholery.
11mreplyretweetfavorite
bmaz @JohnAmato @Silke_Berlinn somehow stumbled into it from couple yrs ago. Is excellent. Damn near came over to see one of shows there in LA.
15mreplyretweetfavorite
bmaz Special for @JasonLeopold: What all the best Iran-Contra facilitators are wearing in Phoenix this summer: http://t.co/EZED1fvI8m
23mreplyretweetfavorite
bmaz RT @JasonLeopold: Spotted at LA Farmers Market. John McCain torture sauce. Cc @bmaz #capitialism #badtaste https://t.co/3AykIMYFhq
32mreplyretweetfavorite
bmaz A bruch in Bel-Aire? An actress in Hollywood? Wait, McCain Hot Sauce?? Send it @JasonLeopold or be presumed dead. https://t.co/KM9ZPvnjHJ
50mreplyretweetfavorite
bmaz @ryanjreilly @TreyYingst I do not understand modern anarchy!
59mreplyretweetfavorite
bmaz @ryanjreilly @TreyYingst Dude is on the sidewalk
1hreplyretweetfavorite
bmaz Also, attention @GrantWoods https://t.co/du98IXaKyf
1hreplyretweetfavorite
bmaz Still don't know that much about Silke Berlinn, but one Mr. @JohnAmato can fucking kill it on the saxophone. https://t.co/6WECMME7dH
1hreplyretweetfavorite
JimWhiteGNV I consider it a failure of Trump's imagination that he would have teamed with Stone in the first place. Trump is devious enough on his own,
1hreplyretweetfavorite

Meta

Latest Posts

August 2015
S M T W T F S
« Jul    
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

Recent Tag Cloud

ACLU Al Franken Apple Barack Obama Bashar al-Assad CAIR Caroline Krass Chamber of Commerce Chelsea Manning chemical weapons Chris Christie Chrysler Chuck Grassley CISA Condi Rice David Albright Dianne Feinstein Dzhokhar Tsarnaev Edward Snowden EFF Elizabeth Warren Glenn Fine GM Google Hassan Rouhani Iran Iran nuclear program Iran nuclear technology Israel James Clapper Jason Chaffetz Jeffrey Sterling John Carlin John Cornyn John Kerry John McCain Michael Horowitz Mike Bloomberg nuclear weapons P5+1 Parchin Rand Paul Raymond Davis Richard Blumenthal Richard Burr SEC Sheldon Whitehouse Thomas Drake USA Freedom Act Valerie Caproni