Read post on Daily Kos — Since Huffington Post has prevented those post from being indexed by Google the post was published on Daily Kos.
During the fear and loathing of the 2016 campaign trail, Hillary Clinton’s private email server was a topic now President Trump made a front and center issue. To my mind, Clinton’s server was both a blatant attempt to dodge public records laws and a national security risk. Whether you think the email server was a smoking gun or you religiously believe it was nothing more than a careless misstep, it absolutely deserved a place in the public eye.
However, it’s now time to shift the public eye to the person who became president. Donald Trump’s brief time in office has already been laden with scandals that would undo most politicians. Unlike with Anthony Weiner or Richard Nixon, there’s no time to fixate on one or two problems because new ones are just a tweet or two away. Donald Trump’s carelessness, ineptitude, and hubris are greater risks to national security than Trump’s wildest accusations speculated of Clinton’s server.
Let’s talk about Mar-a-Lago and North Korean Missiles
Around a month, and approximately 157 scandals ago Trump sat in the quiet privacy of an open country club restaurant receiving a security briefing. Trump and several white house staffers – along with Mar-a-Lago staff, those eating in the restaurant, and potentially anyone with a phone or internet access – learned North Korea had launched a missile off the coast of Japan.
The insight of the mainstream media, we shouldn’t have seen this meeting happening. The far deeper concern, even behind closed doors all these goings on can still be seen. The concern that the phones of Trump and his aides are a likely security risk is backed up by many security experts.
Rooting, Stingrays, Malware & The Complexity of Modern Day Wiretapping
Could the president and his aides be infected? If so how?
Technology pioneer John McAfee was a Libertarian presidential candidate in the 2016 primaries. Like the Libertarian party, he acted to keep ideas from being ignored. In many ways McAfee played Hunter S. Thompson in the 2016 enactment of 1972; openly criticizing and commenting on the campaign for IB Times, News Week, Digital Trends & Business Insider. Last week I interrupted his 20/20 interview to ask him for a few more comments about the CIA, Trump, and cyber security.
In the fashion of Thompson, when McAfee is asked a question, to be sure he will talk about something tangentially related and ultimately create an entirely new topic. When, I asked about Wikileaks documents showing the CIA’s knowledge of zero-day vulnerabilities in Apple products. He answered:
Look up ‘routing programs.' The only phone in the world that cannot be remotely rooted is the Samsung S7 – What I’m calling you on now… And by the way this cell phone, I published this phone number a year ago in Business Insider, because I want people to hack this phone, I want to see what the latest software is and I want to know what the latest techniques are.
I get hacked two or three times a day, the fact it [my phone] can’t be [remotely] rooted, usually gives me the ability to simply do a factory reset and start over. I spoke in Romania about three weeks ago and some hacker, it had to be a state actor, hacked my phone using a Stingray.”
To quickly explain the Stingray is a device made by Harris Corporation, the device name is the Kleenex of the IMSI catcher industry. These devices mimic cell towers to capture identifying information.
There's a shroud of mystery around what these devices are capable of because the Harris Corporation contracts have Non-Disclosure Agreements (Effectively enforced by the FBI) that sound a lot like the first rule of fight club. Famously these contracts prevent their customers from admitting they have a Stingray, even to other government agencies.
Because of the dark, and somewhat ominous cloud floating around this technology I quote several experts talking with differing perspectives on the Stingray. I’ll let you decide the truth of these devices.
Back to the hack of McAfee’s phone. He said it was “amazingly subtle”, that the factory reset button had been intercepted by the malware, meaning when he did a factory reset it looked like everything was perfect. However, the malware was still there. Saying when he took it to AT&T they couldn't fix it, and he had to buy a new S7.
Allen Gwinn is a professor of IT Operations Management at SMU. I asked him if a hack like this was possible. He pointed out “...anything is possible, but this is highly unlikely. I suppose if you could somehow flash the bootloader you might be able to do it. But that would absolutely require physical access to the device.”
I asked if a Stingray or other IMSI catcher could load software onto a cell phone remotely? Gwinn’s response:
An IMSI catcher can initiate a man-in-the-middle attack by taking advantage of a hole in GSM standards for how a carrier authenticates a cell the mobile handset. It can capture and relay mobile-originated traffic by forcing the handset to use no encryption to the cell and extracting the device’s key which it uses to impersonate the device to the cellular network. Even given this, conditions really have to be right for someone with an IMSI catcher to snoop on traffic. If I’m your target and I’m mobile (or even if I’m not mobile and just doing things like walking around a house or a building) my phone may decide to associate with something other than your IMSI catcher. Also, if I’m already on a call, your IMSI catcher is useless. You’ll have to follow me around and wait for me to hang up. The carriers are getting pretty good at detecting IMSI catchers as well. So as time goes on these things get more and more difficult...
Jon T. Norwood, Managing Partner of Broadband Landing Research cataloged many of the known mechanics of Stingrays in an article here. The description Gwinn gave is “between fairly and mostly accurate, depending on the location you’re in… if you’re moving at say 30 MPH over distance Stingrays are of little practical use, similarly if you’re very close to a cell tower or if the government agency has an older version of the device.”
Norwood explained that Stingray technology used to only work on 2G Data Transmission,“...at that point if you were in a highly populated area with many cell towers, you could easily jump from IMSI catcher, to tower, to tower, but the newer Stingrays reportedly work on 3g and 4g.”
IMSI catchers were originally built for use by the military in the middle east and Africa. “In developing countries with little cellular infrastructure, it’s comparatively easy to be the dominant cell signal. When US law enforcement decided to treat US citizens the way we treat the countries we invade the technology adapted and improved.” Said Norwood.
Norwood cited documents from the Department of Justice suggesting remotely flashing a device is not only possible but a relatively common use of IMSI catchers.
Although I cannot confirm with certainty that the Galaxy s7 cannot be remotely rooted or that a Stingray could remotely load software onto a phone. No one was able to demonstrate an S7 being remotely rooted and according to a DoJ document obtained by the ACLU “[Using a Stingray] It may also be possible to flash the firmware of a cellphone so that you can intercept conversations using a suspect’s cellphone as the bug…” Meaning in theory any phone can be rooted remotely by a Stingray.
“The fact is the contracts the Harris Corporation uses are known to be very restrictive. It means if you just look at the known IMSI catchers technology without also following every leak and lawsuit to try to piece it together you'll miss things. Much of the data that is 'publicly' available about the Stingray is from '08 or '09. Almost everything after that is a rare glimpse past the curtain and until you see three or four sources independently saying the same things, it's hard to know for sure. That's the nature of espionage – sad that the US spies on citizens."
This technology is currently a black hole, so experts disagree on the capabilities. If you want to learn more about IMSI catchers, I recommend reading Scientific American’s interview with former U.S. magistrate judge Brian Owsley and the Intercept’s exposé on Stingray manuals.
Surveillance Killed Privacy. Has it killed security?
According to the EEF and the ACLU:
“Stingrays are especially pernicious surveillance tools because they collect information on every single phone in a given area—not just the suspect’s phone—this means they allow the police to conduct indiscriminate, dragnet searches—in some cases on up to 10,000 phones at one time. They are also able to locate people inside traditionally-protected private spaces like homes, doctors’ offices, or places of worship and can be configured to capture the content of communications.”
Stingrays can also record calls according to documents obtained by the ACLU. These documents also discuss flashing a phone’s firmware to turn the phone into a portable bug of sorts. This isn’t a “wiretap” because there are no wires involved, but it is indiscriminate surveillance.
McAfee and Norwood left me with a sinking feeling about these devices, in part because of the stringent contracts – The NDA prevents the customers from even disclosing they have an NDA.
I asked Dennis Dayman the Chief Privacy & Security Officer of Return Path. He pointed out that some contracts had been canceled because “Harris Corporation wouldn’t agree to even the most basic public records responsibility guidelines…” He also said some contracts were canceled because “Harris wouldn’t consent to a contract in an attempt to keep everything secret and non-discoverable and that’s not something cities could live with as a public agency.”
The stingray is starting to feel like a mini version of the Prism program Edward Snowden brought to light. The level of mass surveillance the US government is carrying out make it likely that you’re being surveilled, even if you’re never observed. To quote John Oliver “the government has your dick pics”.
Flashlights, Bibles, Porn & Tweeting Without Self Control
In three years, I’ve had about a dozen face-to-face and virtual interactions with McAfee, every time he talks about mobile security he starts off sounding crazed and paranoid. after explaining himself, he sounds merely paranoid, and, by the time I fact check him I sound crazed and paranoid.
Two years ago when promoting his app D-Vasive McAfee showed me the requested permissions of several top Bible and flashlight apps on Google Play. The apps he showed me requested access to the phone's camera, microphone, contact list, and networks. It’s far from paranoid to believe the Bible app is going to use this information nefariously.
Last week I asked McAfee if Trump's use of a flashlight app to view documents at Mar-a-Lago was a risk to national security. Expecting the question would bring up a similar explanation of the danger posed by free apps.
“I don’t care what apps he uses, it’s not going to make any difference. All you need is Donald’s phone number or a Stingray with a very powerful antenna, ten blocks away from the White House that can distinguish where the phone is coming from, and you own that phone, because that phone can be remotely rooted.” was McAfee’s response.
At another time in the interview when answering another question, McAfee talked about how easy it is to install a keylogger onto any phone. Saying:
“The first thing they do is download a rooter – if it’s an iPhone, a jailbreaker. Remotely jailbreak or root the phone install the keylogger hide it, put your phone back in its normal state and you’re screwed. This is a fact of life.”
I’d be remiss if I didn’t point out he was claiming that every porn site installed a keylogger on every visitor. I wasn’t able to confirm this and keyloggers don’t fit within any business model I could think of for reputable porn sites. But the fact is, any site with a high bandwidth transfer could hide a keylogger and rootkit.
I asked Dayman about the possibility of installing a rootkit onto Trump’s phone. He said:
“[Trump’s] using an Android phone which runs Google made software that's widely regarded as vulnerable to hackers. Sophisticated attackers could manage this with a simple trick, such as coercing Trump into clicking on an infected link in a message or on Twitter on his Android phone. To prevent a breach like this, the National Security Agency issued President Barack Obama a highly secure phone that it designed.”
This means, a single link click from a man who once retweeted a Benito Mussolini quote could give anyone control of the phone of the president of the united states. This is the reason President Obama used a military Blackberry for most of his time in office. When he finally got a smartphone; It couldn't text, take pictures, or play music. Obama once joked with Jimmy Fallon that the phone was basically a three-year-olds play phone.
One more private email server and the missing horseshoe nail
In the old nursery rhyme For want of a nail, the shoe was lost, that missing nail lost the horse, lacking a horse the rider was lost and without the rider the battle was lost and the loss of that battle lost the kingdom. And all for the want of a horseshoe nail.
While in office President Obama's phone was deliberately limited – A phone with no camera is the only precaution to guarantee that phone's camera can never be used to spy on its owner. This is a reasonable precaution to take if you’re the type of person who receives security briefings about North Korean missile tests.
Donald and a number of his staff use normal commercial smartphones. Trump also appears to be running an old version of Android. On top of this, and bringing things full circle, several of Trump’s staff used private email servers for at least some of the time they’ve been in the White House.
Maybe in the next election, Elizabeth Warren can turn the Trump aides use of a private email server into a front and center issue we can’t overlook? Maybe Jeb Bush can bring up Mar-a-Lago? Maybe Lawrence Lessig will run again and not be overlooked by the DNC and blocked from the debates? Maybe a few years from now Bernie Sanders won’t get screwed over by the DNC? Maybe the next Libertarian nominee will win the fight to be in the debate?
Maybe the US will have evolved past the need for a big brother to spy on them and will instead want freedom? My questions are as sincere as sarcastic. So here are a few more.
Can the kingdom be lost all for the want of a horseshoe nail? Is it possible a few reckless people could allow data to be absconded with in a way that puts national security at risk?
The biggest leak of U.S. military documents in modern history came from one individual - Bradley (now Chelsea) Manning. I’m not going to debate if that leak was morally justified but we know that leak was intentional. Manning had access to documents and deliberately released then to the public. You can say it was reckless and stupid, but you cannot argue the release was planned and calculated. Unlike Trump, who carelessly put us all at risk.
Manning was sentenced to 35 years in prison. Manning exposed US war crimes to the public and in the trial the Defense Department investigator into the case, said they uncovered no specific examples of anyone who had lost their life as the result of the leak.
On the campaign trail, Donald Trump sowed seeds of fear and loathing. He called Edward Snowden, Chelsea Manning, and Hillary Clinton traitors. The Trump campaign narrative was that Donald was beyond corruption and only he could save us from Crooked Hillary and others who don’t value security.
Where does this leave National Security?
I’ll be honest when contacting other sources to check everything McAfee told me I hoped that he’d be universally believed to be wrong. He wasn’t. In general McAfee’s statements were either true or some degree of possible. That's not a reassuring feeling.
We live in a world where a paranoid, cyber security veteran can be hacked. Where mass government surveillance makes it safe to say you are being spied on, even if nothing was done with the data. This is a brave new world, and I’m scared.
The way Trumps presidency is going, I long for President Clinton, or Johnson, Sanders, Lessig or McAfee. I’d like to see President Lightfoot over this… To clarify, I know nothing of Gordon Lightfoot's politics, but I feel we’re on the SS Edmund Fitzgerald and he’s the one man to chronicle the wreck we are heading towards lately.