Cyberwar is the Department of Stone Throwing, promoting the increased use of stone projectiles, from the safety of its offices – which are in the Department of Glass Houses.
Aug 1, I tweeted this:
If you do a little thinking and some research about the IRS’ various computer system upgrades, you can make some pretty accurate guesses about how good their internal security is. I’d assumed it was inevitable that someone would drop Trump’s tax filings – there are probably hundreds (more likely thousands) of people who have the necessary access to retrieve that data and exfiltrate it from the network.
Bruce Schneier has some stuff to say about that. In 1997, Marv Schaeffer, when he was working for ARCA Systems, and I, got roped into doing some pro bono assessment work of the IRS’ Cyberfile system. I’m pretty sure they binned our report and I definitely know they wished they never asked us. Our recommendation was “do not go live with this system.” There were far more problems than Bruce describes; he’s generally more optimistic than I am.
I do believe, from some things that I’ve heard, that the IRS at least has the capability to look through system logs and see who was accessing the Trump files.
The timing of the tax filings dropping to NYT is: at the most awkward possible time, right before the next debate, with enough time to hype the disclosures before the election. It’s so professional – cue the hue and cry that it’s Russian hackers, right?
Amended post continues:
I’ve had a chance to read the article about the mail showing up in the mailbox at the newspaper, etc. Very interesting!
The point about the 9 not aligning is really interesting. That implies it’s a copy from original source (Mitnick’s version) not a digital version. Mitnick says he was using tax preparing software – much of which is set up for E-filing. I’m interested by the bit about it not having enough decimal places (what, there were no billionaires in 1996?) that’s such a detailed little thing. It’s almost like it was planted in the story as a head fake.
With regard to making the letter appear to have been posted from inside the Trump organization:
I walked to my mailbox and spotted a manila envelope, postmarked New York, NY, with a return address of The Trump Organization.
OK, as far as attribution goes, that’s on par with the FBI concluding “Russian hackers” because someone is using a particular keyboard mapping set. There are mail pickup/drop points in most commercial properties, it’d be pretty simple to drop things in an envelope with a nicely printed return address. For a convincing attribution, I think we need better than that.
Accountants using selectric typewriters on a billionaire’s humongous tax return full of real estate transactions and investments, in 1996? Heh. Pull the other one.
I should clarify: my posting was not attempting to say “Trump docs came from IRS.” It was more “Trump docs!” and “I wouldn’t be surprised if they came from someone who had access inside the IRS. Because there are tons of people who do, and it wouldn’t be hard to print off scans and mail them to a friend to drop in a postal box somewhere in NYC.” I’m assuming that The Donald is going to be foaming at the mouth and generally flipping his wig – this is just another opportunity for him to make himself look bad. :)
I wonder if we’ll ever know who dropped those docs and where they came from. I’m betting that the whole Trump Organization thing is window-dressing. Maybe we’ll learn once the bodies are buried, but I probably won’t be alive to say “I told you so”
A bunch of years ago (2009) I did a piece on cloud computing security, which Trump may have lifted heavily from:
bittys says
If it was Russian hackers, i’d love to know how they managed to post them from the Trump offices
http://www.nytimes.com/2016/10/03/insider/the-time-i-found-donald-trumps-tax-records-in-my-mailbox.html
Iris Vander Pluym says
It was the squirrels. OBVIOUSLY. Wake up sheeple!
Marcus Ranum says
The FBI says that North Korea uses squirrels. Allegedly.
Holms says
Shouldn’t the title be “One Of the Problems With the Cyber:”? And if you’re not sure what the hell I’m referring to here, go do some research over at the Google.
brucegee1962 says
The reporter who broke the story said that the envelope that the tax returns came in indicated it was coming from within the Trump organization. It certainly seems likely that some of the orange one’s minions secretly loathe him and want nothing more than to see him go down in flames. Even if it was an outside job, though, it’s a genius move to make it look like an insider, because now we’ll get to see him drop everything and start purging employees and making them go through loyalty tests.
Marcus Ranum says
Holms@#3:
I’m not sure what you’re talking about. Are you referring to the shorthand some newbies use, i.e.: “cyber” for “cyberwar/cybersecurity”? I prefer not to.
Marcus Ranum says
brucegee1962@#4:
The reporter who broke the story said that the envelope that the tax returns came in indicated it was coming from within the Trump organization.
I’m skeptical. What would have been more indicative was how it came: was it the full 1000 page stack, or scans of it, or a PDF ready for signature. That’d tell more about the actual origin than the envelope it came it. It’s really easy to make things look like they were mailed from somewhere, and if I were trying to make Trump lose his mind I’d make it look like it was one of his insiders who stabbed him in the back.
I doubt the Clinton campaign is behind it, but they’ll sure as hell capitalize on it. Trump’s pissed off enough people that it was inevitable. And the timing is exquisite.
John Morales says
Marcus, Holms refers to this: https://www.youtube.com/watch?v=wUjdFS52fR8
Owlmirror says
Additional refs for “the cyber” and “the Google” by “The Donald”, which appear on “the internets”.
Marcus Ranum says
Holms, Owlmirror and John Morales:
Oh, christ. I have deliberately avoided paying any attention to what Trump thinks about computer security. For the same reason that an industrial construction engineer avoids paying attention to Trump’s plans for wall-building.
Now you’ve made me go and read it. Thanks a lot.
Marcus Ranum says
I’m really underwhelmed by everyone’s take on “The cyber” including Cluley’s. And I am really reluctant to wade into it myself because the US’ reaction to cyberwar has been horribly naive and irresponsible and after beating that drum for 12+ years I am tired of listening to my own shouting. But not as tired as I am of listening to Trump.
Owlmirror says
Here’s a weird thought: The three pages of state tax returns might be an odd implicit signal, or prologue to an explicit backchannel signal, to whatever group might have and be thinking of releasing more Clinton e-mails. It kinda depends on there being more damaging Clinton e-mails in the custody of Wikileaks (or whoever) that were deliberately held back, to be released closer to the election.
The signal being something like “You’re anti-Clinton, and want to release stuff that damages her? Well, we’re anti-Trump, and here’s a sample of stuff that damages him. If you release more, then so do we.”
Am I being too paranoid, or not paranoid enough?
Marcus Ranum says
Owlmirror@#12:
I doubt it’s that complicated. My guess is that there are various groups in the game from various sides – ranging from strictly partisan on one side to sociopaths just doing it for the lulz. I can even grant that there may be other nations involved (why not? I just wish there was some evidence…) The Trump doxx sounds like it was someone who thought it over and put some effort into hiding their actions (compare to Guccifer 2.0) I was thinking it’d be funny if someone doxxed Trump back in August; apparently I wasn’t the only one.
I’m interested to see if all the “cyber-” stuff sort of moots itself. I don’t think Clinton’s emails or the DCC emails did that much damage. The people who are partisans already have formed opinions that won’t budge. The “attacks on voting machines” stuff seems like scaremongering to me: set up a basis to call for infinite recounts if your side loses.
I guess what I think we’re seeing is that politics as usual encompasses cybertricks as just the usual run of leaking, sneaky, attempting to embarrass, vote manipulation, etc. The internet doesn’t really add much.