There has been no shortage of topics to discuss with you since my last MazzInt Blog in August, but I have been diverted by a household move sandwiched between trips to St Louis and Tampa.  We could revisit any number of topics that have been in the news since August such as President Trump’s trip to Asia, the deployment of three carrier strike groups to the Sea of Japan, impactful elections in both Japan and Germany, the Russian uranium deal, or developments in the Mueller investigation.

However what is on my mind right now is an AP article (thttps://wtop.com/government/2017/11/fbi-didnt-tell-us-targets-as-russian-hackers-hunted-emails-2/ ) that appeared over the Thanksgiving Holiday weekend regarding Russian Fancy Bear hackers targeting the personal gmail accounts of individuals with Top Secret security clearances.  This article is on my mind because the reporter who wrote the story told me before it appeared that I was one of Fancy Bear’s targets. Here’s what happened.

I was busy unpacking moving boxes on Friday morning 17 November when I got a call from the United Kingdom. The caller identified himself as Raphael Satter ((https://www.linkedin.com/in/raphaelsatter/) with the Associated Press (AP) and before I could ask why he was calling, he asked if I was Joseph Mazzafro and if my email address was mazzafro@gmail.com?  Since my email is widely known I confirmed who I was and that the email address he referenced was mine.  The reporter than asked me if I was aware of who Fancy Bear was, to which I responded affirmatively. He then asked me if I was aware that Fancy Bear had attempted to hack my gmail account in February 2015.  I said no, but because of my close association with the national security community over many years, I operate on the presumption that my emails are regularly being read by those they are not addressed to.

At this point I am asking myself – – – – what is this reporter looking for?  He then asked me if anyone from Google/gmail or the FBI had informed about me this attempted hack of my gmail account.  I said without hesitation that this call was the first report of any effort to hack my email that I have received. Mr. Satter then went on to explain that the private cyber security firm Secureworks (https://www.secureworks.com/) had developed a list gmail accounts Fancy Bear had tried to penetrate.  He mentioned some of the names which I immediately recognized as now retired leaders of U.S. Intelligence Community (IC) agencies.  Satter said he had spoken to some of them and like me they had not been notified by Google/Gmail or any government counterintelligence (CI) agency about Fancy Bear targeting their gmail accounts.  He then asked me how I felt about hearing this for the first time from an AP reporter to which I responded “No one has ever said to me ‘hey Joe you’ve been targeted by this Russian group.’” I continued “that our own security services have not gone out an alerted me, that’s what I find disconcerting as a national security professional.”   I then explained to Raphael Satter that I was not surprised that the FBI had not notified me because the hack was unsuccessful or they didn’t want to compromise sources and methods  From there the call ended pleasantly.

Dec Mazz Blog

Upon the call’s termination I realized immediately that this was something I should report to DIA as they held my clearance when this Fancy Bear attempted hack occurred.  I called a well-placed individual at DIA for advice and contact information on who I should report this interview from AP to.  When this person got back to me later on 17 November I was advised this was a CI verses a security issue but because I was no longer “affiliated” with DIA the DIA CI office did not have the authority to talk to me about Russian Fancy Bear efforts to hack my gmail or that I learned about it from AP reporter calling in London.  Apparently only the FBI can talk to me about this matter.  In the 10 days between Satter’s phone call to me and his story being run on the AP wire I expressed my concerns indirectly to DIA CI (remember they said they can’t talk to me) that nobody from the government had contacted me and I was concerned that when the story went public I would be seen as not having reported what happened in a timely manner.  I am still waiting to hear from somebody in the government regarding what an AP reporter told me about Fancy Bear attempting to hack gmail accounts of people who have had access to Top Secret Information.

Those who know me won’t be surprised that I have given what has happened (and not happened) to me considerable thought since this 17 November “cold call.”

I am certainly discouraged and confused that no one from the IC has responded to my effort to inform them that a reporter contacted me regarding Fancy Bear hacking attempts against people with known IC connections. I wanted the IC to be ahead of this story before it showed up in the media.  If Secureworks could uncover this Fancy Bear targeting campaign I would like to think that NSA and the FBI were already aware of it, raising the question of the government’s duty to warn American citizens of malicious foreign cyber intrusion attempts.  I am certain that because of the security clearances I have held I have an obligation to report to the government in a timely manner any threats to national security that I become aware of, but apparently when the threat is directed at me the government has no obligation to warn me.  It is not lost on me that one of the reasons those targeted by Fancy Bear didn’t get any notification from the FBI or other parts of the IC is so this hacking effort could be observed and followed, which could put my data and the data others who have served our nations faithfully at risk.  What is not clear to me is whether Google/Gmail was warned by the FBI or DHS about this Fancy Bear hacking effort apparently aimed at those associated with national security so these accounts could be protected.

What I am describing here is a microcosm of the debate that has been gridlocking an effective cyber defense of the United States for at least the past five years.  What is the appropriate quid pro quo for the private sector sharing cyber related activity it observes/encounters with the government in exchange for the government providing meaningful cyber threat information to the private sector?  This story about failure to notify individuals subjected to Fancy Bear Hacking of their gmail accounts will not increase the trust of most Americans that their government is prepared to warn them, if not actually protect them, when they are threatened by a foreign hacking campaign.

That’s what I think; what do you think?









Investigations in Tumultuous Times

Apologies for the hiatus, but I have been diverted by the arrival of our first grandchild Michael, who seems to be able to hold my attention like nothing I have experienced before.

I am not sure how historic the month of May 2017 will turn out to be, but it certainly was tumultuous as seemingly significant events kept playing out. North Korea arrogantly continued to develop nuclear weapons and the ballistic missile means to deliver them, while the president of South Korea was removed from office for corruption and replaced by someone more open to conciliation with Kim Jung Un. China’s Xi Jinping orchestrated and hosted the One Belt One Road (OBOR) Summit in Beijing attended by 28 world leaders including Russia’s Vladimir Putin, where China showed its intentions to develop a new global economic order under its leadership.  The “WannaCry” ransomware caused a massive cyber disruption that demonstrated how fragile the global cyber infrastructure remains.  Meanwhile, President Trump’s Executive Order on Cybersecurity continued the trend of problem description in lieu of actionable prescriptions.  As the fight against ISIS in the Middle East shifted from a strategy of attrition to one of annihilation, an ISIS suicide bomber with apparent help from an embedded terrorist cell killed 22 at a Manchester England rock concerted attended by mostly young teenagers.  President Trump made his first trip abroad where he addressed an Arab Summit in Riyadh saying he was not there to lecture them, but did lecture Western European leaders in Brussels on falling short at meeting their financial commitments to NATO while being ambiguous about US support for Article V of the NATO Charter regarding mutual self-defense.  Rounding out this rather fitful May, President Trump fired FBI Director James Comey for his handling of the investigation into Russia’s election interference activities.  This action precipitated the prompt appointment of Comey’s predecessor Robert Mueller as the Justice Department’s Special Counsel for the Russian Election Interference Investigation.

And as they used to say in top 40 AM radio, the hits kept coming in June! Two bombings in Kabul with significant deaths, the London Bridge Attack, the first ISIS attack in Iran, Saudi Arabia along with four other Arab countries accusing Qatar, of supporting the Muslim Brotherhood, and the Intercept publishing a leaked classified report showing NSA collected intelligence regarding Russian attempts (apparently unsuccessful) to tamper with voter registrations and voting machines.  Probably sensing the need for some wiggle room, Vladimir Putin assured the world that Russia has not and would not sanction interference with other nations’ elections, but he could not control individual Russian “patriotic hackers” (“Green Men of the Internet?) from responding to those who are being unfriendly towards Russia. Hillary Clinton expressed a different view, saying that Jared Kushner and Steve Bannon orchestrated feeding political information to the Russians that they were then able to “weaponize” in ways which effected voter outlooks that contributed to her defeat.  Then there are the leaked reports that President Trump asked DNI Dan Coats and NSA Director Admiral Mike Rogers to intervene with then FBI Director Comey to “let go of the Michael Flynn investigation.”

Reviewing the past six weeks, it is easy to see why Vladimir Putin would observe in his over hyped June 4th interview with Megan Kelly that the American Congress and media, if not the American people, have “gone crazy” over presumed Russian interference with the 2016 election. Of course, the far better story here is that the US was well aware of Russia’s effort to interfere with our 2016 election and that it had no material effect, but there doesn’t seem to be much in the way of political points or media ratings for that line of reasoning.  If there was collusion with the Russians to influence the election those individuals should be shamed or prosecuted (where laws were broken), but in the meantime the Russians are confirming what I believe many US citizens already sense: that our current domestic political and media obsession with Russian election interference is making Putin’s Russia look more powerful than it really is.  As Andrei Kolesnikov, an independent analyst who is a senior associate with the Carnegie Moscow Center observed to David Ignatius, this is a win-win situation for Putin:  “If we did meddle in your elections, we show our might. If we didn’t, we’re pure.”

As Washington braces for testimony before the Senate Select Committee on Intelligence (SSCI) by DNI Dan Coats on June 7th and former FBI Director Comey on June 8th President Trump announced that he plans to nominate Christopher Wray to replace Comey – – –  probably timed to divert at least some media attention away from these SSCI hearings.  Adding more grist to the SSCI hearings on 7/8 June is former DNI James Clapper saying in prepared remarks to Australia’s National Press Club in Canberra that President, Donald Trump’s decision to cultivate Russia and share intelligence with the Putin regime is “very problematic”. He described Comey’s firing as “egregious and inexcusable”. In response to a question the former DNI opined, “I think [when] you compare the two, that Watergate pales, really, in my view, compared to what we’re confronting now.”  Is the former DNI warning that we are in the midst of a constitutional crisis?

For my part, I agree with those who are saying comparisons with Watergate at this point are imperfect and premature, but given all the plausible (though unconfirmed accusations on the table) it is hard to not see a “crisis of government” diverting attention away from a national security environment fomenting with uncertainty and danger for the United States.  While I don’t welcome the upcoming SSCI hearings I see them as essential to publicly getting answers to key questions so we as citizens can make our own judgments:

  • What does IC know about Russia’s interference with the 2016 election; when did the IC know what; and whom did the IC inform when?
  • Do the Trump campaign contacts with Russians close to Putin rise to the level of criminal collusion?
  • Is President Trump a subject or person of interest in the Mueller/FBI investigation?
  • Did President Trump (or anyone on his behalf) attempt to influence FBI Director Comey on how to conduct the FBI’s investigation into Russian interference with the 2016 US elections
  • Did the Intelligence Community use “incidental collection” associated with its 702 authorities, wittingly or unwittingly, to conduct “backdoor” surveillance on US citizens that was subsequently used for political purposes?

I certainly can’t offer any creditable predictions on where the Mueller/FBI, or HPSCI, or SSCI investigations will lead, but I am sure they will make C-SPAN “must watch” TV through the summer!  What seems to be a given though is that no matter what avenues any of these investigations take, there is considerable risk that the IC will be involved somehow in an unflattering way.  The lurking disaster for the IC that I fear the most is a finding by any of these investigations that the IC engaged in back door surveillance of US persons for political purposes.  In the short term that will strangle 702 collection and longer term it will lead to a wire brushing of the IC down to bare metal.

That’s what I think; what do you think?