Tuesday, October 28, 2014

No evidence feds hacked Attkisson

Former CBS journalist Sharyl Attkisson is coming out with a book claiming the government hacked her computer in order to suppress reporting on Benghazi. None of her "evidence" is credible. Instead, it's bizarre technobabble. Maybe her book is better, but those with advance copies quoting excerpts  make it sound like the worst "ninjas are after me" conspiracy theory.

Your electronics are not possessed by demons

Technology doesn't work by magic. Each symptom has a specific cause.

Attkisson says "My television is misbehaving. It spontaneously jitters, mutes, and freeze-frames". This is not a symptom of hackers. Instead, it's a common consumer complaint caused by the fact that cables leading to homes (and inside the home) are often bad. My TV behaves like this on certain channels.

She says "I call home from my mobile phone and it rings on my end, but not at the house", implying that her phone call is being redirected elsewhere. This is a common problem with VoIP technologies. Old analog phones echoed back the ring signal, so the other side had to actually ring for you to hear it. New VoIP technologies can't do that. The ringing is therefore simulated and has nothing to do with whether it's ringing on the other end. This is a common consumer complaint with VoIP systems, and is not a symptom of hacking.

She says that her alarm triggers at odd hours in the night. Alarms work over phone lines and will trigger when power is lost on the lines (such as when an intruder cuts them). She implies that the alarm system goes over the VoIP system on the FiOS box. The FiOS box losing power or rebooting in the middle of the night can cause this. This is a symptom of hardware troubles on the FiOS box, or Verizon maintenance updating the box, not hackers.

She says that her computer made odd "Reeeeee" noises at 3:14am. That's common. For one thing, when computers crash, they'll make this sound. I woke two nights ago to my computer doing this, because the WiMax driver crashed, causing the CPU to peg at 100%, causing the computer to overheat and for the fan to whir at max speed. Other causes could be the nightly Timemachine backup system. This is a common symptom of bugs in the system, but not a symptom of hackers.

It's not that hackers can't cause these problems, it's that they usually don't. Even if hackers have thoroughly infested your electronics, these symptoms are still more likely to be caused by normal failure than by the hackers themselves. Moreover, even if a hacker caused any one of these symptoms, it's insane to think they caused them all.

Hacking is not sophisticated

There's really no such thing as a "sophisticated hack". That's a fictional trope, used by people who don't understand hacking. It's like how people who don't know crypto use phrases like "military grade encryption" -- no such thing exists, the military's encryption is usually worse than what you have on your laptop or iPhone.

Hacking is rarely sophisticated because the simplest techniques work. Once I get a virus onto your machine, even the least sophisticated one, I have full control. I can view/delete all your files, view the contents of your screen, control your mouse/keyboard, turn on your camera/microphone, and so on. Also, it's trivially easy to evade anti-virus protection. There's no need for me to do anything particularly sophisticated.

We are experts are jaded and unimpressed. Sure, we have experience with what's normal hacking, and might describe something as abnormal. But here's the thing: ever hack I've seen has had something abnormal about it. Something strange that I've never seen before doesn't make a hack "sophisticated".

Attkisson quotes an "expert" using the pseudonym "Jerry Patel" saying that the hack is "far beyond the abilities of even the best nongovernment hackers". Government hackers are no better than nongovernment ones -- they are usually a lot worse. Hackers can earn a lot more working outside government. Government hackers spend most of their time on paperwork, whereas nongovernment hackers spend most of their time hacking. Government hacker skills atrophy, while nongovernment hackers get better and better.

That's not to say government hackers are crap. Some are willing to forgo the larger paycheck for a more stable job. Some are willing to put up with the nonsense in government in order to be able to tackle interesting (and secret) problems. There are indeed very good hackers in government. It's just that it's foolish to assume that they are inherently better than nongovernmental ones. Anybody who says so, like "Jerry Patel", is not an expert.

Contradictory evidence

Attkisson quotes one expert as saying intrusions of this caliber are "far beyond the the abilities of even the best nongovernment hackers", while at the same time quoting another expert saying the "ISP address" is a smoking gun pointing to a government computer.

Both can't be true. Hiding ones IP address is the first step in any hack. You can't simultaneously believe that these are the most expert hackers ever for deleting log files, but that they make the rookie mistake of using their own IP address rather than anonymizing it through Tor or a VPN. It's almost always the other way around: everyone (except those like the Chinese who don't care) hides their IP address first, and some forget to delete the log files.

Attkisson quotes experts saying non-expert things. Patel's claims about logfiles and government hackers are false. Don Allison's claims about IP addresses being a smoking gun is false. It may be that the people she's quoting aren't experts, or that her ignorance causes her to misquote them.


Attkisson quotes an expert as identifying an "ISP address" of a government computer. That's not a term that has any meaning. He probably meant "IP address" and she's misquoting him.

Attkisson says "Suddenly data in my computer file begins wiping at hyperspeed before my very eyes. Deleted line by line in a split second". This doesn't even make sense. She claims to have videotaped it, but if this is actually a thing, it sounds like more something kids do to scare people, not what real "sophisticated" hackers do. Update: she has released the video, the behavior is identical to a stuck delete/backspace key, and not evidence of hackers.

So far, none of the quotes I've read from the book use any technical terminology that I, as an expert, feel comfortable with.

Lack of technical details

We don't need her quoting (often unnamed) experts to support her conclusion. Instead, she could just report the technical details.

For example, instead of quoting what an expert says about the government IP address, she could simply report the IP address. If it's "75.748.86.91", then we can judge for ourselves whether it's the address of a government computer. That's important because nobody I know believes that this would be a smoking gun -- maybe if we knew more technical details she could change our minds.

Maybe that's in her book, along with pictures of the offending cable attached to the FiOS ONT, or the pictures of her screen deleting at "hyperspeed". So far, though, none of those with advanced copies have released these details.

Lastly, she's muzzled the one computer security "expert" that she named in the story so he can't reveal any technical details, or even defend himself against charges that he's a quack.


Attkisson's book isn't out yet. The source material for this post if from those with advance copies quoting her [1]][2]. But, everything quoted so far is garbled technobabble from fiction rather that hard technical facts.

Disclosure: Some might believe this post is from political bias instead of technical expertise. The opposite is true. I'm a right-winger. I believe her accusations that CBS put a left-wing slant on the news. I believe the current administration is suppressing information about the Benghazi incident. I believe journalists with details about Benghazi have been both hacked and suppressed. It's just that in her case, her technical details sounds like a paranoid conspiracy theory.


jeff a. taylor said...

Thank you. The lack of any real technical deets along with the bizarre unnamed sources bit had me flashing, I'm sorry, to a Crazy Cat Lady. I have no doubt the federal security state undertakes all manner of black spy ops -- but this matter does not seem to involve one.

chmod007 said...

Frankly, it sounds like BadBIOS.

Matt H said...

Coming from you, this is great -- you're definitely the last person who would be defending the feds againsts claims of tampering with journalists unless you really believed it!

Harwood said...

He rather conveniently avoids explaining the classified documents buried in her system files.

Mark Mullin said...

Two things - first, some of us do refer to 'military grade encryption' when discussing software with certifications to run on military networks. It is true in some less cryptographically advanced environments the native crypto being replaced issues many correct dire warnings about the downgrade. Secondly, if I really ever saw 75.748.86.91 appear on a working IP4 network and resolve to anything, I would be instantly fascinated. :-)

Eunice Snively said...

She does have a video of the "erasing." It's posted on Politico. She doesn't show the keyboard except one time and I found myself worrying that she is insane and was doing it all herself. Which is a shame if true because I want her to be right.

Hagar said...

If the government hackers (or CBS's) are as bad as you say, does not this support rather than cast doubt on her description of her experiences?

And there are those 3 classified documents buried in her BIOS.

Mark Ackmann said...

Ms. Attkisson has struck me in several other contexts as a sane, scrupulous, and ojbective journalist. Rather than speculating on third-hand descriptions of what went on, why don't we wait for 1) the book, and 2) the report of the investigation conducted by the forensic firm that CBS hired. You contradict yourself about IP masking. You presume that the "expert" that told Ms. Attkisson that the IP address indicated to him that it was a government entity isn't someone who in fact is familiar with the phony IP addresses the government might use. I believe she claims he is on the inside. That was the import for me.

Geetom said...

'She says that her computer made odd "Reeeeee" noises at 3:14am.'

I think it's probably her Windows updating and waking up the hd, it's set to auto update at 3AM everyday by default.

Unknown said...

How did Attkisson "muzzle" the security expert? If he signed a non-disclosure agreement that would be standard procedure when doing forensic analysis that would appear in a book.

You're speculating based on hearsay and second hand information.

Hagar said...

Further, if the motive for this hacking is her reporting on Fast & Furious, there is no reason to ascribe superior intelligence or competence to those people, though they presumably are intelligent enough not to go asking NSA or the FBI for help.

And Attkisson is a "civilian" and would rely on what her "experts" are telling her, and of course, their skill in detecting fiendishly clever hacking would go to justify the size of their bills for their services.

I think I agree with the commenter above; let's wait and see how it all shakes out.

Down Girl said...

Excuse me. Do you know the difference between EVIDENCE and PROOF?

What Attkisson offers -- no long shots of the keyboard, touchpad, USB ports, other people in room who might be remotely controlling her system -- is consistent with her story: she was sitting there one evening when text started disappearing before her eyes. She grabbed a phone and pointed it at the monitor and recorded.

It was sudden and shocking. She didn't have time to go into makeup and stage the shot.

She's posted what she got. It isn't proof -- AND SHE IS NOT CLAIMING TT'S PROOF -- but it's evidence.

It may be lousy evidence, but she can't NOT show every last thing she has.

Lisa Hauser said...

Clearly, we don't have all the facts yet but there is nothing in Attkinson's history to show us that she is not a credible source of information. She is offering us what she knows and suspects. Without a doubt, her experience is worthy of our attention and we should all want to get to the bottom of what happened.

Dangerous Dreamer said...
This comment has been removed by the author.
Dangerous Dreamer said...

So three security experts (one from CBS) all take a look at her computer and her telecomm connections to her home all conclude that something nefarious is indeed going on and yet this yahoo reads her book and concludes that there's no evidence of a hack. Give me a break. The video that was posted shows someone remotely controlling her PC and most probably try to spook her by deleting lines of her document before her eyes. And also what about the classified documents that were buried on folders that no one would save documents in. I'm sorry but I'm no security expert but I do work in IT for 30 years and I can tell that there is certainly something go on here and secondly in my experience you do NOT make sweeping statements like this "expert" made with absolutely no access to any evidence at all.

mtwzzyzx said...

Ever seen Gaslight? It'd be the perfect hack intended to intimidate, precisely because knowledgeable people like you would try to debunk it.

Let's wait and see.

Unknown said...

Govt. "Plumbers" weren't exactly master criminals at Watergate either.