FBI’s Wray Rejects Putin Ideas on Russia Probe

FBI director Christopher Wray dismisses Russian President Vladimir Putin’s suggestions that U.S. investigators observe interviews of wanted suspects in Russia or that Russians observe FBI questioning of suspects in the U.S.

Amid a barrage of headlines about President Trump and Russian meddling in the 2016 election, FBI director Christopher Wray told NBC that Russia “continues to engage in malign influence efforts to this day,” USA Today reports. Trump’s response to a similar question was criticized Wednesday after he appeared to say  that Russia was no longer targeting the U.S. Wray dismissed two ideas from Russian President Vladimir Putin, which Trump called “interesting.” The first was to have American investigators go to Russia to observe interviews of wanted suspects, including those indicted in Special Counsel Robert Mueller’s probe of Russian meddling in the election.

“I never want to say never, but it’s certainly not high on our list of investigative techniques,” Wray said. He said Putin’s other idea, to have Russians come to the U.S. to observe questioning of suspects wanted there, was “even lower on our list of investigative techniques.” Wray also took on the blistering Inspector General’s report on the bureau’s handling of the Hillary Clinton email investigation, calling it “fair” and explaining the biggest lesson he learned was that no matter how big or small an investigation is, the bureau always has to stick to the same policies. He is “unwilling to budge” on protecting the FBI’s sources and methods in its investigations, even with mounting pressure from Congress to delve into details of the ongoing investigation into Russian meddling. Wray called Mueller a “straight shooter” and said the Russia investigation he’s leading is “not a witch hunt,” a term Trump uses frequently.

from https://thecrimereport.org

FBI Have Less Confidence in Agency’s New Leaders

An internal survey of FBI employees further undercuts an explanation President Trump and his aides gave for firing director James Comey and replacing him with Christopher Wray. Trump said the bureau was in turmoil and agents had lost confidence in Comey.

One year after President Trump fired the FBI director James Comey, agents say they have less confidence in the ethics and vision of the bureau’s new leadership, according to internal survey data reported by the New York Times. The survey further undercuts an explanation President Trump and his aides gave for firing Comey and replacing him with Christopher Wray. Trump said the bureau was in turmoil and agents had lost confidence in Comey. The internal data suggest that Trump either misread those views or mischaracterized them. As a whole, FBI morale remains high, despite a barrage of attacks by the president and his allies. Agents said they are proud to work at the FBI, believe in the mission, look forward to going to work and believe their job makes a difference. Scores in those areas remained steady.

Wray was largely unknown to most agents when he came into office during one of the most tumultuous times in FBI history. He brought in a fresh leadership team and a more low-key style than his predecessor. He opted not to spar publicly with Trump, even as the president has attacked the bureau and accused agents of being part of a “witch hunt” against him. Neither the overall positive results nor the declining leadership scores back up Trump’s version of events, in which he brought in Wray to stabilize a wobbly, discredited agency. The figures were obtained through a public records request by the blog Lawfare, which conducted its own analysis and shared the raw data with the Times. FBI officials use the survey, collected around March each year, to identify problem areas.

from https://thecrimereport.org

FBI Agent Strzok Says He is ‘Notch in Putin’s Belt’

Peter Strzok, the FBI agent whose anti-Trump text messages fueled suspicions of partisan bias, told Congress on Thursday that his work has never been tainted by politics and that the intense scrutiny he is facing represents “just another victory notch in Putin’s belt.”

Peter Strzok, the FBI agent whose anti-Trump text messages fueled suspicions of partisan bias, told Congress on Thursday that his work has never been tainted by politics and that the intense scrutiny he is facing represents “just another victory notch in Putin’s belt,” the Associated Press reports. Strzok, who helped lead FBI investigations into Hillary Clinton’s email use and potential coordination between Russia and Donald Trump’s campaign, testified publicly for the first time since being removed from special counsel Robert Mueller’s team after discovery of the derogatory text messages last year. Strzok said he has never allowed personal opinions to infect his work, that he had information that had the potential to damage Trump but never leaked it and that the focus on him by Congress plays into “our enemies’ campaign to tear America apart.”

Republican members of the House judiciary and oversight committees were expected to grill Strzok for hours. They maintain that the text messages with FBI lawyer Lisa Page color the outcome of the Clinton email investigation and undercut the FBI’s ongoing investigation into Russian election interference. Trump himself has launched personal attacks against the two FBI officials, including a Wednesday tweet that asked “how can the Rigged Witch Hunt proceed when it was started, influenced and worked on, for an extended period of time” by Strzok. Strzok acknowledged that while his text message criticism was “blunt,” it was not directed at one person or political party and included jabs not only at Trump but also at Clinton as well as Sen. Bernie Sanders. Strzok said there was “simply no evidence of bias in my professional actions,” adding, “Let me be clear, unequivocally and under oath: not once in my 26 years of defending my nation did my personal opinions impact any official action I took.”

from https://thecrimereport.org

FBI’s Strzok Was Removed from Bureau Headquarters

Peter Strzok, an FBI agent who has been pilloried by President Trump and was sharply criticized in a new Justice Department watchdog report, was escorted from the FBI building Friday as part of his disciplinary process.

Peter Strzok, an FBI agent who has been pilloried by President Trump and was sharply criticized in a new Justice Department watchdog report, was escorted from the FBI building Friday as a disciplinary process plays out, reports Politico. Strzok was removed last August from special counsel Robert Mueller’s investigation into Russian contacts with the Trump campaign after the DOJ inspector general found stridently anti-Trump text messages Strzok exchanged with FBI attorney Lisa Page. Strzok, a veteran agent who served as deputy assistant director of the counterintelligence division, was reassigned to the FBI’s human resources division.

Strzok’s attorney, Aitan Goelman, said the incident was just the latest in a string of humiliating episodes the long-serving civil servant has had to endure. “Despite being put through a highly questionable process, Pete has complied with every FBI procedure, including being escorted from the building as part of the ongoing internal proceedings,” Goelman said. “Pete has steadfastly played by the rules and respected the process, and yet he continues to be the target of unfounded personal attacks, political games and inappropriate information leaks.” Goelman said. Strzok’s removal occurred one day after the inspector general released a report that examined whether the agent’s political opinions affected his work on the investigation into Hillary Clinton’s private email use as secretary of state. While the report cited Strzok’s “biased state of mind,” it concluded that his views did not affect the conclusions in the Clinton probe. The IG is looking at whether Strzok’s beliefs played an unwarranted role in launching the Trump-Russia probe.

from https://thecrimereport.org

FBI Agent Charged With Assault in Denver Gun Case

An FBI agent who shot a man in the leg after dropping his gun while doing a backflip on a dance floor has been charged with second-degree assault, and more charges could be filed based on the results of blood alcohol tests.

An FBI agent who shot a man in the leg after dropping his gun while doing a backflip on a dance floor has been charged with second-degree assault, and more charges could be filed based on the results of blood alcohol tests, the Denver Post reports. Chase Bishop, 29,  has been charged with one count of second-degree assault in connection with the June 2 nightclub shooting. Bishop turned himself in on Tuesday morning. Bishop made international news when a video of the shooting became public.

Bishop was partying off duty at Mile High Spirits, a distillery and dance club. Bishop danced in the center of a circle of people and then performed a backflip. During the flip, his gun fell from its holster and when Bishop picked it up, the gun fired. Bishop then placed the gun in his waistband and walked off the dance floor with his hands in the air. The bullet hit the victim in an artery in his leg. The injury was serious but the man will recover. FBI officials refused to release Bishop’s name although he had been identified by media outlets. The FBI has not released any information about its policy for agents carrying weapons while off duty and in establishments serving alcohol.

from https://thecrimereport.org

Router Vulnerability and the VPNFilter Botnet

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it’s a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming years. VPNFilter is a sophisticated piece of malware that infects mostly…

On May 25, the FBI asked us all to reboot our routers. The story behind this request is one of sophisticated malware and unsophisticated home-network security, and it's a harbinger of the sorts of pervasive threats ­ from nation-states, criminals and hackers ­ that we should expect in coming years.

VPNFilter is a sophisticated piece of malware that infects mostly older home and small-office routers made by Linksys, MikroTik, Netgear, QNAP and TP-Link. (For a list of specific models, click here.) It's an impressive piece of work. It can eavesdrop on traffic passing through the router ­ specifically, log-in credentials and SCADA traffic, which is a networking protocol that controls power plants, chemical plants and industrial systems ­ attack other targets on the Internet and destructively "kill" its infected device. It is one of a very few pieces of malware that can survive a reboot, even though that's what the FBI has requested. It has a number of other capabilities, and it can be remotely updated to provide still others. More than 500,000 routers in at least 54 countries have been infected since 2016.

Because of the malware's sophistication, VPNFilter is believed to be the work of a government. The FBI suggested the Russian government was involved for two circumstantial reasons. One, a piece of the code is identical to one found in another piece of malware, called BlackEnergy, that was used in the December 2015 attack against Ukraine's power grid. Russia is believed to be behind that attack. And two, the majority of those 500,000 infections are in Ukraine and controlled by a separate command-and-control server. There might also be classified evidence, as an FBI affidavit in this matter identifies the group behind VPNFilter as Sofacy, also known as APT28 and Fancy Bear. That's the group behind a long list of attacks, including the 2016 hack of the Democratic National Committee.

Two companies, Cisco and Symantec, seem to have been working with the FBI during the past two years to track this malware as it infected ever more routers. The infection mechanism isn't known, but we believe it targets known vulnerabilities in these older routers. Pretty much no one patches their routers, so the vulnerabilities have remained, even if they were fixed in new models from the same manufacturers.

On May 30, the FBI seized control of toknowall.com, a critical VPNFilter command-and-control server. This is called "sinkholing," and serves to disrupt a critical part of this system. When infected routers contact toknowall.com, they will no longer be contacting a server owned by the malware's creators; instead, they'll be contacting a server owned by the FBI. This doesn't entirely neutralize the malware, though. It will stay on the infected routers through reboot, and the underlying vulnerabilities remain, making the routers susceptible to reinfection with a variant controlled by a different server.

If you want to make sure your router is no longer infected, you need to do more than reboot it, the FBI's warning notwithstanding. You need to reset the router to its factory settings. That means you need to reconfigure it for your network, which can be a pain if you're not sophisticated in these matters. If you want to make sure your router cannot be reinfected, you need to update the firmware with any security patches from the manufacturer. This is harder to do and may strain your technical capabilities, though it's ridiculous that routers don't automatically download and install firmware updates on their own. Some of these models probably do not even have security patches available. Honestly, the best thing to do if you have one of the vulnerable models is to throw it away and get a new one. (Your ISP will probably send you a new one free if you claim that it's not working properly. And you should have a new one, because if your current one is on the list, it's at least 10 years old.)

So if it won't clear out the malware, why is the FBI asking us to reboot our routers? It's mostly just to get a sense of how bad the problem is. The FBI now controls toknowall.com. When an infected router gets rebooted, it connects to that server to get fully reinfected, and when it does, the FBI will know. Rebooting will give it a better idea of how many devices out there are infected.

Should you do it? It can't hurt.

Internet of Things malware isn't new. The 2016 Mirai botnet, for example, created by a lone hacker and not a government, targeted vulnerabilities in Internet-connected digital video recorders and webcams. Other malware has targeted Internet-connected thermostats. Lots of malware targets home routers. These devices are particularly vulnerable because they are often designed by ad hoc teams without a lot of security expertise, stay around in networks far longer than our computers and phones, and have no easy way to patch them.

It wouldn't be surprising if the Russians targeted routers to build a network of infected computers for follow-on cyber operations. I'm sure many governments are doing the same. As long as we allow these insecure devices on the Internet ­ and short of security regulations, there's no way to stop them ­ we're going to be vulnerable to this kind of malware.

And next time, the command-and-control server won't be so easy to disrupt.

This essay previously appeared in the Washington Post

EDITED TO ADD: The malware is more capable than we previously thought.

from https://www.schneier.com/blog/

DOJ To Brief Congress Again on Trump’s Alleged ‘Spygate’

The Justice Department will offer another briefing to a select group of senior Congress members who have pressed for details about the FBI’s use of an informant to make contact with associates of President Trump’s 2016 campaign, House Speaker Paul Ryan said he has seen “no evidence” to back Trump’s claim that there was improper spying.

The Justice Department will offer another briefing to a select group of senior Congress members who have pressed for details about the FBI’s use of an informant to make contact with associates of President Trump’s 2016 campaign, reports Politico. A DOJ official said members of the Gang of Eight — a group that includes Speaker Paul Ryan (R-WI), Senate Majority Leader Mitch McConnell (R-KY), House Democratic Leader Nancy Pelosi (D-CA) and Senate Democratic Leader Chuck Schumer (D-NY) — will have an opportunity to review documents that they didn’t see during a high-level classified briefing last month. The briefing is expected to occur next Monday or Tuesday.

The new briefing comes as some GOP lawmakers say the Justice Department still has answers to provide about the FBI’s decision to deploy an informant to glean information from Trump campaign officials. Trump has railed against the FBI and accused it of planting a spy within his ranks for political purpose, though he’s presented no evidence to support the claim, which he’s labeled “spygate.” Ryan said Wednesday he’s seen “no evidence” to back up Trump’s claim and endorsed the “initial assessment” of another Rep. Trey Gowdy (R-SC), who said the FBI appropriately used an informant to follow leads about suspect contact between Trump campaign associates and Russia. Ryan also said the Justice Department still owed lawmakers information before they reached “final answers” on the episode, and he faulted DOJ for what he described as the slow-walking of congressional document requests. “There is no defense today for Paul Ryan siding with the FBI and Department of Justice against those of us in the Congress fighting for transparency and accountability,” Rep. Matt Gaetz (R-FL), told Fox News.

from https://thecrimereport.org

McCabe Drafted Memo on Firing of Comey

Former FBI Deputy Director Andrew McCabe wrote about the circumstances leading up to the firing of his onetime boss, James Comey. The memo says Deputy Attorney General Rod Rosenstein first was asked to mention Comey’s handling of the investigation of Russian interference in the 2016 election but ended up citing only Hillary Clinton’s email.

Former FBI Deputy Director Andrew McCabe drafted a memo on circumstances leading up to the firing of his onetime boss, James Comey, reports the Associated Press. The memo, which has been turned over to special counsel Robert Mueller, concerns a conversation that McCabe had with Deputy Attorney General Rod Rosenstein about Rosenstein’s preparations for Comey’s firing. Rosenstein wrote a memo faulting Comey for his handling of the Hillary Clinton email investigation, a document that the White House held up as justification for President Trump’s decision to fire the FBI director.

Rosenstein has said he wrote a memo laying out his concerns with Comey after learning that the White House intended to fire the director. According to McCabe’s memo, Rosenstein indicated to him that he was initially asked to reference the Russia investigation in his own memo on Comey. The final version didn’t include discussion of Russia and focused instead on the Clinton email case. Rosenstein appointed Mueller as special counsel one week after Comey was fired. He has said he would recuse himself if his actions became relevant to Mueller’s investigation. McCabe became FBI acting director following Comey’s firing last May. He was fired as deputy director in March, just days before his scheduled retirement, amid an inspector general finding that he had misled internal investigators about his role in an October 2016 disclosure to the Wall Street Journal.

from https://thecrimereport.org

Gowdy: FBI Acted Properly With Campaign Informant

Rep. Trey Gowdy (R-SC), a senior Republican who was part of a classified Justice Department briefing last week, says the FBI was correct to use an informant to gather information from advisers to President Trump’s campaign in 2016.

Rep. Trey Gowdy (R-SC), a senior Republican who was part of a classified Justice Department briefing last week, says the FBI acted properly when it deployed an informant to gather information from advisers to President Trump’s campaign in 2016, Politico reports. Gowdy said the briefing, convened by the Justice Department under pressure from Trump, convinced him that the FBI’s information-gathering steps were appropriate.

An FBI informant — a former academic who worked in several presidential administrations — apparently approached multiple members of Trump’s foreign policy team, including advisers Carter Page and George Papadopoulos. Trump has seized on that news to suggest nefarious surveillance, but Justice Department officials say informants are a staple of counterintelligence investigations like the one the FBI had launched to investigate Russian attempts to interfere in the 2016 election. Gowdy’s comments are a significant pushback against the president and his allies who have contended that the FBI’s use of an informant amounted to  proof that the Obama administration embedded a spy in his campaign — an accusation that hasn’t been backed up by any available evidence. “It looks to me like the FBI was doing what President Trump said: ‘I want you to do, find it out,’” Gowdy said. He added: “President Trump himself …said, ‘If anyone connected with my campaign was working with Russia, I want you to investigate it.’ Sounds to me like that was exactly what the FBI did.”

from https://thecrimereport.org

FBI Inflated Data on Encrypted Cellphone Woes

The FBI  repeatedly gave grossly inflated data to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, perhaps only 1,200.

The FBI  repeatedly gave grossly inflated data to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, between 1,000 and 2,000, the Washington Post reportsOver seven months, FBI director Christopher Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls “Going Dark” — the spread of encrypted software that can block investigators’ access to digital data even with a court order. The FBI became aware of the miscount a month ago and still does not have an accurate count of how many encrypted phones it received as part of criminal investigations last year, officials. An internal estimate put the correct number of locked phones at 1,200; that number should change under a new audit.

“The FBI’s initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,’’ the FBI said. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. The acknowledgment comes at a perilous time for the FBI, whose credibility is being challenged by President Trump and his supporters over the ongoing investigation into whether any Trump associates helped Russia interfere with the 2016 election. The bureau has been under pressure for other mistakes, including its failure to act on a tip that a Florida teen was likely to carry out a school shooting which police said he did weeks later, killing 17.

from https://thecrimereport.org