A filing in FTX’s bankruptcy proceedings is shedding light on the true extent of the crypto-trading powerhouse’s influence peddling operation. Last week, FTX filed its creditor matrix, a document that lists former vendors and investors to the company.

The list includes nearly a dozen public relations experts — specialists who generate positive spin in the media on behalf of clients — as well as political consultants, think tanks, and trade groups.

Sometimes, the money went directly to political operations; Majority Forward, a dark-money group designed to elect Senate Democrats, received cash. In some cases, the hired guns, such as PR firms, were paid directly for their services. In others, the groups that received donations maintain that they are independent, but had interests aligned with FTX.

The filing, for instance, listed a donation to the Center for a New American Security, a prominent national security-focused think tank in Washington, D.C., that has worked to shape crypto regulations.

The filing offered a look under the hood of FTX’s intricate maze of influence. On the heels of its meteoric rise as a crypto exchange, FTX quickly began to spend extraordinary amounts of money to buy prestige and friends in high places. Now that the firm stands accused of siphoning off billions of its investors’ dollars — with its disgraced founder Sam Bankman-Fried charged with fraud in the matter — increased scrutiny is falling on powerbrokers’ dealings with FTX.

The relationships of many of the entities listed in the bankruptcy filing and FTX were already known — the company complied with lobbying disclosures for some of its consultants — but the creditor matrix shows the crypto giant also retained several previously undisclosed professional influence peddlers.

One seasoned political hand tied to FTX without any disclosures is former New York City Council Speaker Corey Johnson. His firm, Cojo Strategies, is featured in the FTX vendor list. Another is Susan McCue, a former aide to Sen. Harry Reid, D-Nev., who has advised many Senate Democrats and played a role in the leadership of several Democratic super PACs and dark-money outfits. Her firm, Message Global, is in the filing.

Other consulting firms with a finger on the pulse of power are sprawled through the creditor matrix, which runs over 116 pages. Another creditor, Patomak Global Partners, a firm that specializes in influencing financial regulators, is led by Paul Atkins, a former Securities and Exchange commissioner. Atkins’s company touts its roster of former government officials as providing “a telescope to anticipate trends on the horizon to help position our clients for long-term success.” (Neither Johnson, McCue, nor Patomak responded to requests for comment.)

Think Tank Crypto Regulations

The donation to CNAS — a powerful think tank with ties to both political parties but known for staffing national security roles in Democratic administrations — came at a time when the organization advocated for crypto regulations with a light touch.

“To compete in the digital-economy race with China, the United States must foster a more innovative fintech environment,” CNAS fellow Yaya J. Fanusie said in testimony to the Senate Finance Committee on July 14, 2021. “If U.S. securities regulation does not evolve to account for the new technical and entrepreneurial capabilities offered by blockchain technology and broadcast data transmission, the United States could be hamstrung in a data revolution that is only just beginning.”

CNAS also maintains a task force on crypto , on which FTX formerly served as a member. The task force corresponded with national security-focused government officials, offering policy advice that reflected the crypto industry’s contention that digital tokens on the blockchain pose a low risk for terror financing.

A readout of a CNAS meeting with the Treasury Department’s Brian Nelson, the undersecretary for terrorism and financial intelligence, included a summary of the discussion and noted that the official “recognized the work of many in industry to engage in constructive dialogue and support government efforts to mitigate the misuse of virtual assets for money laundering.” The use of crypto for “illicit activities remains below the scale of traditional finance,” Nelson said.

CNAS’s task force is co-chaired by Sigal Mandelker, who used to hold Nelson’s position at the Treasury before resigning in 2019 to enter the private sector. Mandelker now serves as general partner of Ribbit Capital, an investor in FTX. Mandelker spoke at SALT’s Crypto Bahamas conference last summer. The invite-only conference for “leading players in the crypto and traditional finance industry” also featured talks from Bankman-Fried, former President Bill Clinton, and ex-British Prime Minister Tony Blair.

Mandelker’s talk at Crypto Bahamas was on maintaining permissive crypto regulations.

“The instinct of government is often to focus on risk and not to put as much emphasis on opportunity,” she said. The true risk regulators should be wary of, Mandelker continued, was “shutting down [crypto] innovation.” (Mandelker did not respond to a request for comment.)

“CNAS received a $25,000 donation from FTX in 2022 in general support of CNAS’s independent research on national security,” Shai Korman, CNAS’s director of communications, told The Intercept. “FTX was also a member of the Task Force on Fintech, Crypto, and National Security. FTX is no longer a member of the task force, and CNAS has returned the donation in full.”

PR, Law Firms, and Video Games

FTX once enjoyed a near-mythical status in the media, with splashy cover stories and gushing news articles lauding the crypto powerhouse and Bankman-Fried, its youthful leader. Such coverage rarely emerges organically, and FTX hired an army of public relations firms to burnish its image.

Among them was M Group, a New York-based public relations powerhouse known for its Rolodex of elite journalists. Others under the employ of FTX included TSD Communications and Full Court Press Communications.

The creditor list includes Rational 360, a public relations firm led in part by former White House Press Secretary Joe Lockhart. Emails obtained by Matt Stoller, the director of research at the American Economic Liberties Project, show that Rational 360 pressured activists and political influencers to speak out in favor of a bill that would move crypto regulatory authority to the Commodity Futures Trading Commission. While the Securities and Exchange Commission handles many enforcement actions against crypto firms, the CFTC is seen as more friendly to crypto interests and has fewer disclosure requirements.

Powerhouse law firms also feature heavily in the most recent bankruptcy disclosure. One firm listed is Cleary Gottlieb Steen & Hamilton, which represented Russia in a $3 billion bond dispute against Ukraine before it shuttered its Moscow office last year. Buckley LLP, another large law firm based in Washington that appeared on the FTX creditor list, announced earlier this month that it would merge with the San Francisco-based Orrick to create a combined firm with a total of nearly $1.5 billion focused on “ forward-looking regulatory and enforcement advice” in the fields of finance and tech.

Among FTX’s listed creditors were a handful of nations — though the contours of the financial relationships remain unknown. Nevertheless, the list of countries reads like a who’s who of nations with lax financial regulations: The British Virgin Islands, Bermuda, the Cayman Islands, Isle of Man, Liechtenstein, Luxembourg, the United Arab Emirates, Seychelles, and Switzerland all appear in the filing.

In addition to national banks and powerful firms in the corporate PR world, the creditor matrix also details luxury restaurants like Carbone in Miami and the luxury Margaritaville resort in Nassau.

The North America League of Legends Championship Series, a property of a premier video game event franchise, is also listed in the creditor matrix. Bankman-Fried, notorious for playing the video game “League of Legends” during pitch meetings with investors, arranged a $96 million sponsorship deal with Riot Games. In December , as the extent of FTX’s deception unfolded, Riot announced it would attempt to cut ties with Bankman-Fried.

The entertainment relationships provided, in some cases, an additional channel for political access. The creditor list includes the talent agency WME, with a memo mentioning actor Larry David, a celebrity endorser of FTX who appeared in a now-infamous Super Bowl commercial promoting the crypto exchange.

WME itself is owned by Endeavor, an investor in FTX that owns 38,000 shares of the company. Endeavor is also run by Ari Emanuel, the brother of Rahm Emanuel , President Joe Biden’s ambassador to Japan.

Editor’s Note: In September 2022, The Intercept received $500,000 from Sam Bankman-Fried’s foundation, Building a Stronger Future, as part of a $4 million grant to fund our pandemic prevention and biosafety coverage. That grant has been suspended. In keeping with our general practice, The Intercept disclosed the funding in subsequent reporting on Bankman-Fried’s political activities.

The post New FTX Filing Pulls Back the Curtain on Sam Bankman-Fried’s Massive Influence Peddling Operation appeared first on The Intercept .

When Safari users in Hong Kong recently tried to load the popular code-sharing website GitLab, they received a strange warning instead: Apple’s browser was blocking the site for their own safety. The access was temporarily cut off thanks to Apple’s use of a Chinese corporate website blacklist, which resulted in the innocuous site being flagged as a purveyor of misinformation. Neither Tencent, the massive Chinese firm behind the web filter, nor Apple will say how or why the site was censored.

The outage was publicized just ahead of the new year. On December 30, 2022, Hong Kong-based software engineer and former Apple employee Chu Ka-cheong tweeted that his web browser had blocked access to GitLab, a popular repository for open-source code. Safari’s “safe browsing” feature greeted him with a full-page “deceptive website warning,” advising that because GitLab contained dangerous “unverified information,” it was inaccessible. Access to GitLab was restored several days later, after the situation was brought to the company’s attention.

The warning screen itself came courtesy of Tencent, the mammoth Chinese internet conglomerate behind WeChat and League of Legends. The company operates the safe browsing filter for Safari users in China on Apple’s behalf — and now, as the Chinese government increasingly asserts control of the territory, in Hong Kong as well.

Apple spokesperson Nadine Haija would not answer questions about the GitLab incident, suggesting they be directed at Tencent, which also declined to offer responses.

The episode raises thorny questions about privatized censorship done in the name of “safety” — questions that neither company seems interested in answering: How does Tencent decide what’s blocked? Does Apple have any role? Does Apple condone Tencent’s blacklist practices?

“They should be responsible to their customers in Hong Kong and need to describe how they will respond to demands from the Chinese authorities to limit access to information,” wrote Charlie Smith, the pseudonymous founder of GreatFire, a Chinese web censorship advocacy and watchdog group. “Presumably people purchase Apple devices because they believe the company when they say that ‘privacy is a fundamental human right’. What they fail to add is *except if you are Chinese.”

Ka-cheong tweeted that other Hong Kong residents had reported GitLab similarly blocked on their devices thanks to Tencent. “We will look into it,” Apple engineer Maciej Stachowiak tweeted in response. “Thanks for the heads-up.” But Ka-cheong, who also serves as vice president of Internet Society Hong Kong Chapter, an online rights group, said he received no further information from Apple.

“Presumably people purchase Apple devices because they believe the company when they say that ‘privacy is a fundamental human right’. What they fail to add is *except if you are Chinese.”

The block came as a particular surprise to Ka-cheong and other Hong Kong residents because Apple originally said the Tencent blocklist would be used only for Safari users inside mainland China. According to a review of the Internet Archive, however, sometime after November 24, 2022, Apple quietly edited its Safari privacy policy to note that the Tencent blacklist would be used for devices in Hong Kong as well. (Haija, the Apple spokesperson, did not respond when asked when or why Apple expanded the use of Tencent’s filter to Hong Kong.)

Though mainland China has heavily censored internet access for decades, Hong Kong typically enjoyed unfettered access to the web, a freedom only recently threatened by the passage of a sweeping, repressive national security law in 2020 .

Silently expanding the scope of the Tencent list not only allows Apple to remain in the good graces of China — whose industrial capacity remains existentially vital to the California-based company — but also provides plausible deniability about how or why such site blocks happen.

“While unfortunately many tech companies proactively apply political and religious censorship to their mainland Chinese users, Apple may be unique among North American tech companies in proactively applying such speech restrictions to users in Hong Kong,” said Jeffrey Knockel, a researcher with Citizen Lab, a digital security watchdog group at the University of Toronto.

Knockel pointed out that while a company like Tencent should expected to comply with Chinese law as a matter of course, Apple has gone out of its way to do so.

“The aspect which we should be surprised by and concerned about is Apple’s decision to work with Tencent in the first place to filter URLs for Apple’s Hong Kong users,” he said, “when other North American tech companies have resisted Hong Kong’s demands to subject Hong Kong users to China-based filtering.”

The block on GitLab would not be the first time Tencent deemed a foreign website “dangerous” for apparently ideological reasons. In 2020, attempts to visit the official website of Notepad++, a text editor app whose French developer had previously issued a statement of solidarity with Hong Kong dissidents, were blocked for users of Tencent web browsers, again citing safety.

The GitLab block also wouldn’t be the first time Apple, which purports to hold deep commitments to human rights, has bent the company’s products to align with Chinese national pressure. In 2019, Apple was caught delisting an app Hong Kong political dissidents were using to organize; in November, users noticed the company had pushed a software update to Chinese iPhone users that significantly weakened the AirDrop feature, which protesters throughout the country had been using to spread messages on the ground.

“All companies have a responsibility to respect human rights, including freedom of expression, no matter where in the world they operate,” Michael Kleinman, head of Amnesty International’s Silicon Valley Initiative, wrote to The Intercept. “Any steps by Apple to limit freedom of expression for internet users in Hong Kong would contravene Apple’s responsibility to respect human rights under the UN Guiding Principles.”

In 2019 , Apple publicly acknowledged that it had begun using a “safe browsing” database maintained by Tencent to filter the web activity of its users in China, instead of an equivalent list operated by Google. Safe browsing filters ostensibly protect users from malicious pages containing malware or spear-phishing attacks by checking the website they’re trying to load against a master list of blacklisted domains.

In order to make such a list work, however, at least some personal information needs to be transmitted to the company operating the filter, be it Google or Tencent. When news of Apple’s use of the Tencent safe browsing list first broke, Matthew Green, a professor of cryptography at Johns Hopkins University, described it as “another example of Apple making significant modifications to its privacy infrastructure, largely without publicity or announcement.”

“I suppose the nature of having a ‘misinformation’ category is that China is going to have its own views on what that means.”

While important questions remain about exactly what information from Safari users in Hong Kong and China is ultimately transmitted to Tencent and beyond, the GitLab incident shows another troubling aspect of safe browsing: It gives a single company the ability to unilaterally censor the web under the aegis of public safety.

“Our concern was that outsourcing this stuff to Chinese firms seemed problematic for Apple,” Green explained in an interview with The Intercept, “and I suppose the nature of having a ‘misinformation’ category is that China is going to have its own views on what that means.”

Indeed, it’s impossible to know in what sense GitLab could have possibly been considered a source of dangerous “unverified information.” The site is essentially an empty vessel where software developers, including corporate clients like T-Mobile and Goldman Sachs, can safely store and edit code. The Chinese government has recently cracked down on some open-source code sites similar to GitLab, where engineers from around the world are able to freely interact, collaborate, and share information. (GitLab did not respond to a request for comment.)

Notably, the censorship-evasion and anonymity web browser Tor has turned to GitLab to catalog instances of Chinese state internet censorship, though there’s no indication it was this activity that led to GitLab’s addition to the Tencent list.

While Tencent provides some public explanation of its criteria for blocking a website, its decision-making process is completely opaque, and the published censorship standards are extremely vague, including offenses like “endangering national security” and “undermining national unity.”

Tencent has long been scrutinized for its ties to the Chinese government, which frequently leverages state power to more closely influence or outright control nominally private firms.

Earlier this month, the Financial Times reported that the Chinese government was acquiring so-called golden shares of Tencent, a privileged form of equity that’s become “a common tool used by the state to exert influence over private news and content companies.” A 2021 New York Times report on Tencent noted the company’s eagerness to cooperate with Chinese government mandates, quoting the company’s president during an earnings call that year: “Now I think it’s important for us to understand even more about what the government is concerned about, what the society is concerned about, and be even more compliant.”

While Tencent’s compliance with the Chinese national security agenda ought not to come as a surprise, Knockel of Citizen Lab says Apple’s should.

“Ultimately I don’t think it really matters exactly how GitLab came to be blocked by Tencent’s Safe Browsing,” he said. “Tencent’s blocking of GitLab for Safari users underscores that Apple’s subjection of Hong Kong users to screening via a China-based company is problematic not only in principle but also in practice.”

The post Apple Brings Mainland Chinese Web Censorship to Hong Kong appeared first on The Intercept .

Twitter and YouTube censored a report critical of Indian Prime Minister Narendra Modi in coordination with the government of India. Officials called for the Big Tech companies to take action against a BBC documentary exploring Modi’s role in a genocidal 2002 massacre in the Indian state of Gujarat, which the officials deemed a “propaganda piece.”

In a series of posts, Kanchan Gupta, senior adviser at the Indian government’s Ministry of Information and Broadcasting, denounced the BBC documentary as “hostile propaganda and anti-India garbage.” He said that both Twitter and YouTube had been ordered block links to the film, before adding that the platforms “have complied with the directions.” Gupta’s statements coincided with posts from Twitter users in India who claimed to have shared links to the documentary but whose posts were later removed and replaced with a legal notice.

“The government has sent hundreds of requests to different social media platforms, especially YouTube and Twitter, to take down the posts that share snippets or links to the documentary,” Indian journalist Raqib Hameed Naik told The Intercept. “And shamefully, the companies are complying with their demands and have taken down numerous videos and posts.”

“The government has sent hundreds of requests to different social media platforms, especially YouTube and Twitter, to take down the posts that share snippets or links to the documentary.”

This act of censorship — wiping away allegations of crimes against humanity committed by a foreign leader — sets a worrying tone for Twitter, especially in light of its new management.

Elon Musk’s self-identification as a “free-speech absolutist” has been a primary talking point for the billionaire as he has sought to explain why he took ownership of the platform last year. Much of his criticism of Twitter revolved around its decision to censor reporting around Hunter Biden, the son of then-presidential candidate Joe Biden.

While Musk has been glad to stand up to suppression of speech against conservatives in the United States — something that he has described as nothing less than “a battle for the future of civilization” — he appears to be failing at the far graver challenge of standing up to the authoritarian demands of foreign governments. (Twitter’s communications effort is now helmed by Musk, who did not immediately respond to a request for comment.)

Pushing back against censorship of the BBC documentary, members of Parliament from the opposition All India Trinamool Congress party Mahua Moitra and Derek O’Brien defiantly posted links to it online.

“Sorry, Haven’t been elected to represent world’s largest democracy to accept censorship,” Moitra posted . “Here’s the link. Watch it while you can.” Moitra’s post is still up, but the link to the documentary no longer works. Moitra had posted a link to the Internet Archive, presumably hoping to get around the block of the BBC, but the Internet Archive subsequently took the link down. She has since posted the audio version on Telegram.

O’Brien’s post was itself taken down.

CENSORSHIP @Twitter @TwitterIndia HAS TAKEN DOWN MY TWEET of the #BBCDocumentary , it received lakhs of views

The 1 hr @BBC docu exposes how PM @narendramodi HATES MINORITIES

Here’s?the mail I recieved. Also see flimsy reason given. Oppn will continue to fight the good fight pic.twitter.com/8lfR0XPViJ

— Derek O'Brien | ????? ?'???????? (@derekobrienmp) January 21, 2023

Twitter even blocked Indian audiences from seeing two posts by actor John Cusack linking to the documentary. (They remain visible to American audiences.) Cusack said he “pushed out the links and got immediate blowback.” He told The Intercept, “I received two notices that I’m banned in India.” The actor wrote a book, “Things That Can and Cannot Be Said,” with celebrated Indian scholar Arundhati Roy , a fierce critic of the Modi government.

The Gujarat riots, as the violence is sometimes known, occurred in 2002, when Modi was the chief minister of the state. A group of militants aligned with the Hindu nationalist movement, which encompasses Modi’s Bharatiya Janata Party, launched a violent campaign against local Muslims. Modi, who has been accused of personally encouraging the violence, reportedly told police forces to stand down in the face of the ongoing violence, which killed about 1,000 people.

“The documentary has unnerved Mr. Modi as he continues to evade accountability for his complicity in the violence,” Naik, the journalist, said. “He sees the documentary as a threat to his image internationally and has launched an unprecedented crackdown in India.”

Modi’s government in India regularly applied pressure to Twitter in an attempt to bend the social media platform to its will. At one point, the government threatened to arrest Twitter staff in the country over their refusal to ban accounts run by critics.

When Musk took over, Twitter had just a 20 percent compliance rate when it came to Indian government takedown requests. When the billionaire took the company private, some 90 percent of Twitter India’s 200 staffers were laid off . Now, the Indian government’s pressure on Twitter appears to be gaining traction.

A key difference may be Musk’s other business entanglements. Musk himself has his own business interests in India, where Tesla has been lobbying, so far without luck , to win tax breaks to enter the Indian market.

Whatever the reason for the apparent change, Twitter’s moves at the behest of Modi’s government bode ill for Musk’s claims to be running the company with an aim of protecting free speech. While Musk has felt fine wading into U.S. culture wars on behalf of conservatives, he has been far more reticent to take a stand about the far direr threats to free speech from autocratic governments.

One of the initial strengths of Twitter, and social media broadly, was the threat it posed to autocratic governments, as witnessed by its use during the 2009 protests in Iran and later the Arab Spring. Dictators across the region railed at the company for allowing what they considered to be forbidden speech.

Musk, however, has said he defers to local laws on speech issues. “Like I said, my preference is to hew close to the laws of countries in which Twitter operates,” Musk tweeted last year. “If the citizens want something banned, then pass a law to do so, otherwise it should be allowed.”

Google, which owns YouTube, has also come under intense pressure from the Indian government. The company’s public transparency reports show the Indian government has been a prodigious source of content takedowns, sending over 15,000 censorship demands since 2011, compared to under 5,000 from Germany and nearly 11,000 from the U.S. in the same time frame.

These reports show a varying level of compliance on Google’s part: Between January and June 2022, Google censored nearly 9 percent of items submitted by the Indian government but almost 44 percent during that span in 2020. YouTube did not immediately respond to a request for comment.

Akshay Marathe, a former spokesperson for the opposition party in control of the Delhi and Punjab government, told The Intercept that the social media takedown requests were part of a broader program of suppression. Modi “quite brazenly used India’s law enforcement apparatus to jail political opponents, journalists, and activists on a regular basis,” Marathe said. “His directive to Twitter to take down all links of the documentary (and Twitter’s shocking compliance after Elon’s commitment to free speech) also follows on the heels of the Modi government’s announcement that it will soon implement a regulatory regime in which it will have the right to determine what is fake news and order Big Tech platforms to delete the content.”

The post Elon Musk Caves to Pressure From India to Remove BBC Doc Critical of Modi appeared first on The Intercept .

Less than two weeks ago, Supreme Court investigators looking into the leak of the Dobbs v. Jackson Women’s Health Organization draft opinion had reportedly “narrowed their inquiry to a small number of suspects.” Ten days after that news, the Supreme Court issued a report stating that the investigation had in fact failed to determine who was behind the draft opinion leak.

The public report provides insights into the investigative process undertaken by the court, identifies a number of inadequate security controls, and provides recommendations to remedy the problems. That means the report is doubly instructive for would-be future leakers: It provides both a list of successful operational security techniques leakers may have employed to evade detection, as well as, thanks to the recommendations, forward-looking lessons on pitfalls to avoid in the future.

Investigative Dead Ends

The investigation team used a number of techniques to attempt to identify the leaker, all of which proved to be dead ends.

They examined all available printer logs but found that Court printers have limited logging capabilities. The team also investigated email logs to determine if anyone had emailed the opinion draft to a third party; while staff had emailed copies of the draft to others on staff, there was no evidence that the opinion draft was emailed to anyone else.

The investigation looked not just at court-issued devices, but also at call and text records as well as billing statements of employees’ personal devices. Though the team reported that the court’s logging was rudimentary and thus did not yield any results that could identify a leaker, the key takeaway for future leakers is that much like organization-provided devices, personal devices should likewise not be used in the service of leaking. Instead, the principle of one-time use should be adopted: Temporary devices should be safely acquired and used for acquisition and dissemination of leak materials, after which the device should promptly be disposed of by secure means.

Court investigators paid particular attention to reviewing the legal search histories conducted by staff, aiming to “determine whether an employee might have researched the legality of disclosing confidential case-related information.” Notably, the investigation team obtained this legal search history “directly from the service providers.” Though it’s not clear which search providers were examined, the report could be referring to subscription databases like LexisNexis, highlighting the fact that leakers should be careful to avoid using third-party services, as a leak investigation may seek to obtain records from them. The report doesn’t state whether the investigative team subpoenaed the service providers, whether the providers shared the search histories without a subpoena, or whether investigators were able to view the histories through internal means like staff or administrative accounts, or invoices from the search providers that could include itemized search terms.

The report said investigators reviewed “the statements and conduct of personnel who displayed attributes associated with insider-threat behavior — violation of confidentiality rules, disgruntled attitude, claimed stressed, anger at the Court’s decision, etc.” In other words, as I predicted when the investigation was launched , the team deployed “sentiment analysis” tactics to attempt to identify disaffected staff (though this line of inquiry ignores the possibility that the draft may have been leaked by someone who supported the opinion). It is thus important for leakers to not display discontentment, either publicly or privately (including via “private messages,” which may not be particularly private).

The investigators sought to determine whether they could identify any connections between court staff and journalists, particularly anyone affiliated with Politico, which first published the draft opinion. This is why it’s important not to have visible contact with reporters; avoid following them on social media and access their contact information ideally using a separate disposable device, or at least not using organization-supplied hardware.

Though investigators analyzed the digital images of the opinion draft published by Politico, comparing it to copies obtained from court photocopiers and printers, they were unable to find anything of “evidentiary value.” In addition to not using company-provided or otherwise trackable devices when producing copies, would-be leakers should consider even going so far as to introduce errant stray markings that may lead investigators down dead ends.

The report mentions that the team analyzed an unspecified “item relevant to the investigation” for fingerprints. While they did find fingerprints with outside assistance, they were unable to match them to “any fingerprints of interest.” The report is curiously vague as to what the item of interest was; it could, for instance, be a rogue USB stick that was found to contain a copy of the opinion. Given that it’s not entirely unusual for leak investigations to sweep for physical prints as well as digital ones — Elon Musk, in his leak investigations at Tesla , also reportedly lifted fingerprints from printouts found near a photocopier — leakers should be careful not to leave any fingerprints when accessing or handling any sensitive materials.

Future Measures

The report makes it a point to state that the detailed recommendations on how to improve court policies and practices will only be shared with the justices and court officers in a private annex, because releasing them to the public “could unwisely expose Court operations and information to potential bad actors.” Nonetheless, the public report does provide a broad list of recommendations that are instructive for future leakers.

The team’s primary finding is that “too many personnel have access to certain Court-sensitive documents” and that there is an “inability to actively track who is handling and accessing these documents.” Though the recommendations from this finding are likely in the private annex, we can assume that the team may suggest the court implement more stringent access controls and tracking mechanisms.

The tracking mechanisms may involve detailed audit logs of which users viewed, copied, printed, or otherwise interacted with a given file, as well as uniquely watermarking versions of files to identify the owner of a given copy of a document, should it be leaked. There are a variety of ways to uniquely fingerprint a document, ranging from modifying the spacing of paragraphs, words, or characters to making slight modifications to the syntactic or semantic structure.

The report also found that “there are inadequate safeguards in place to track the printing and copying of sensitive documents” and that the court should “institute tracking mechanisms using technology that is currently available for this purpose.” Such technologies could include everything from detailed print histories, which log document name and size as well as username and IP address, to a Machine Identification Code embedded as a series of microdots or other watermarks on a printed page, which can identify the source printer as well as the date and time a document was printed.

With those tracking mechanisms in place, a leaker would need to avoid printing or photocopying documents using organization-provided hardware. To err still further on the side of safety, if physical copies need to be made, a device that can be linked to the leaker, like a home printer, should be avoided, and instead a device should only be used for the purposes of producing the leaked document (whether via printing or taking a photo) and then promptly and safely disposed of.

The court investigators may have failed to identify the source of the leaked opinion draft, but their report does help future leakers better protect their own identities.

The post How to Leak From the Supreme Court appeared first on The Intercept .

M arcel Lehel Lazar walked out of Federal Correctional Institute Schuylkill, a Pennsylvania prison, in August 2021. The 51-year-old formerly known only as Guccifer had spent over four years incarcerated for an email hacking spree against America’s elite. Though these inbox disclosures arguably changed the course of the nation’s recent history, Lazar himself remains an obscure figure. This month, in a series of phone interviews with The Intercept, Lazar opened up for the first time about his new life and strange legacy.

Lazar is not a household name by unauthorized access standards — no Edward Snowden nor Chelsea Manning — but people will be familiar with his work. Throughout 2013, Lazar stole the private correspondence of everyone from a former member of the Joint Chiefs of Staff to “Sex and the City” author Candace Bushnell.

There’s an irony to his present obscurity: Guccifer’s prolific career often seemed motivated as much by an appetite for global media fame than any ideology or principle. He acted as an agent of chaos, not a whistleblower, and his exploits provided as much entertainment as anything else. It’s thanks to Guccifer’s infiltration of Dorothy Bush Koch’s AOL account that the world knows that her brother — George W. Bush — is fond of fine bathroom self-portraiture .

“Right now, having this time on my hands, I’m just trying to understand what this other me was making 10 years ago.”

“I knew all the time what these guys are talking about,” Lazar told me with a degree of satisfaction. “I used to know more than they knew about each other.”

Ten years after his email rampage, Lazar said that, back then, he’d hoped not for celebrity but to find some hidden explanation for America’s 21st century slump — a skeleton key buried within the emails of the rich and famous, something that might expose those causing our national rot and reverse it. Instead, he might have inadvertently put Donald Trump in the White House.

When Guccifer — a portmanteau of Lucifer and Gucci, pronounced with the Italian word’s “tch” sound — breached longtime Clinton family confidant Sidney Blumenthal’s email account, it changed the world almost by accident. Buried among the thousands of messages in Blumenthal’s AOL account he stole and leaked in 2013 were emails to HDR22@clintonemail.com, Hillary Clinton’s previously unknown private address . The account’s existence, and later revelations that she had improperly used it to conduct official government business and transmit sensitive intelligence data, led to something like a national panic attack: nonstop political acrimony, federal investigations, and depending on who you ask, Trump’s 2016 victory.

In the end, the way Guccifer might be best remembered was in the cooptation of his wildly catchy name for a Russian hacker persona: Guccifer 2.0 . The latter Guccifer would hack troves of information from Democratic National Committee servers, a plunder released on WikiLeaks.

Eventually, a federal indictment accused a cadre of Russian intelligence operatives of using the persona Guccifer 2.0 to conduct a political propaganda campaign and cover for Russian involvement. As the Guccifer 2.0 version grew in infamy, becoming a central figure in Americans’ wrangling over Russian interference in the 2016 election, the namesake hacker’s exploits faded from memory.

When I reached Lazar by phone, he was at home in Romania. He had returned to a family that had grown up and apart from him since he was arrested by Romanian police in 2014.

“I am still trying to connect back with my family, with my daughter, my wife,” Lazar said. “I’ve been away more than eight years, so this is a big gap, which I’m trying to fill with everything that takes.”

He spends most of his time alone at home, reading about American politics and working on a memoir. His wife supports the family as a low-paid worker at a nearby factory. Revisiting his past life for the book has been an odd undertaking, Lazar told me.

“It’s like an out-of-body experience, like this Guccifer guy is another guy,” he said. “Right now, having this time on my hands, I’m just trying to understand what this other me was making 10 years ago.”

L azar has little to say of the two American prisons where he was sentenced to do time after extradition from Romania. Both were in Pennsylvania — a minimum-security facility and then a stint at the medium-security Schuylkill, which he described simply and solemnly as “a bad place.” He claimed he was routinely denied medical care, and says he lost many of his teeth during his four-year term.

On matters of his crime and punishment, Lazar contradicted himself, something he did often during our conversations. He wants to be both the righteous crusader and the steamrolled patsy. He repeatedly brought up what he considers a fundamental injustice: He revealed Clinton’s rule-breaking email setup and then cooperated with the Department of Justice probe, only to wind up in federal prison.

“Hillary Clinton swam away with the ‘reckless negligence’ or whatever Jim Comey called her ,” Lazar said. “I did the time.”

Lazar was quick to rattle off a list of other high-profile officials who either knew about the secret Clinton email account all along or were later revealed to have used their own . “So much hypocrisy, come on man,” he said. “So much hypocrisy.”

And yet he pled guilty to all charges he faced and today fully admits what he did was wrong — sort of.

“To read somebody else’s emails is not OK,” he said. “And I paid for this, you know. People have to have privacy. But, you see, it’s not like I wanted to know what my neighbors are talking about. But I wanted to know what these guys in the United States are speaking about, and this is the reason why. I was sure that, over there, bad stuff is happening. This is the reason why I did it, not some other shady reason. What I did is OK.”

“I was inspired with the name, at least, because my whole Guccifer project was, after all, a failure.”

Though he takes pride in outing Clinton’s private email arrangement, Lazar said he found none of what he thought he’d uncover. The inbox-fishing expedition for the darkest secrets of American power instead mostly revealed their mediocre oil paintings and poorly lit family snapshots. He conceded that Guccifer’s legacy may be that Russian intelligence cribbed his name.

“I was inspired with the name, at least,” Lazar said, “because my whole Guccifer project was, after all, a failure.”

I t can be difficult to tell where the Guccifer mythology ends and Lazar’s biography begins. Back in his hometown of Arad, a Transylvanian city roughly the size of Syracuse, New York, Lazar seems ambivalent about the magnitude of his role in American electoral history. “I don’t feel comfortable talking about me,” he told me. When I pressed in a later phone call, Lazar described 2016 as something of an inevitability: “Trump was the bullet in the barrel of the gun. He was already lingering around.”

While Lazar says James Comey’s October surprise memo to Congress — that Clinton’s emailing habits were still under investigation — was what “killed Hillary Clinton,” he didn’t deny his indirect role in that twist.

“Everything started with this mumbo jumbo email server, with this bullshit of email server,” he said. “So, if it was not for me, it was not for [Hillary’s] email server to start an investigation.”

Lazar now claims he very nearly breached the Trump inner circle in October 2013. “I was about to hack the Trump guys, Ivanka and stuff,” he told me. “And my computer just broke.”

How does it feel to have boosted, even accidentally, Donald Trump, a bona fide American elite? Though he described the former president as mentally unstable, a hero of Confederate sympathizers, and deeply selfish, Lazar is unbothered by his indirect role in 2016: “I feel like a regular guy. I don’t feel anything special about myself.”

At times, the retired hacker clearly still relishes his brief global notoriety. I asked him what it felt like to see his hacker persona usurped by Russian intelligence using the “Guccifer 2.0” cutout: Was it a shameless rip-off, or a flattering homage? Lazar said he first learned that Russia had cribbed his persona from inside a detention center outside D.C. He perked up.

“I was feeling good, it was like a recognition,” he said. “It made me feel good, because in all these 10 years, I was all the time alone in this fight.”

L azar described his fight — a term he used repeatedly — as a personal crusade against the corrupt and corrupting American elite, based on his own broad understanding of the idea pieced together from reading about it online. It’s hard to dismiss out of hand.

“Look at the last 20 years of politics of United States,” Lazar explained. “It’s all lies, and it went so low in the mud. You know what I’m saying? It stinks.”

The quest to find and expose some smoking gun that could explain American decline became an obsession, one he said kept him in front of a computer for 16 hours a day, guessing Yahoo Mail passwords, scouring his roughly 100 victims’ contact books, and plotting his next account takeover. He understood that it might seem odd passion for a Romanian ex-cabbie.

“I am Romanian, I am living in this godforsaken place. Why I’m interested in this? Why? This is a good question,” he told me. “For us, for guys from a Communist country, for example Romania which was one of the worst Communist countries, United States was a beacon of light.”

George W. Bush changed all that for him. “In the time after 2000, you come to realize it’s all a humbug,” he said. “It’s all a lie, right? So, you feel the need, which I felt myself, to do something, to put things right, for the American people but for my soul too.”

It’s funny, Lazar told me, that his greatest admirers seemed to have been Russian intelligence, not the American people he now claims to have been working to inform. “We have somehow the same mindset,” Lazar mused. “Romania was a Communist country; they were Communists too.”

Hackers are still playing a game Guccifer mastered.

Since Lazar began this fight, the playbook he popularized — break into an email account, grab as many personal files as you can, dump them on the web, and seed the juiciest bits with eager journalists like myself — has become a go-to tactic around the world. Whether it’s North Korean agents pillaging Sony Pictures’ salacious email exchanges or an alleged Qatari hack of Trump ally Elliott Broidy exposing his foreign entanglements , hackers are still playing a game Guccifer mastered.

Despite having essentially zero technical skills — he gained access to accounts largely by guessing their password security questions — Lazar knew the fundamental truth that people love reading the private thoughts of powerful strangers. Sometimes these are deeply newsworthy, and sometimes it’s just a perverse thrill, though there’s a very fine line between the two. Even the disclosure of an innocuous email can be damaging for a person or organization presumed by the public to be impenetrable. When I brought this up to Lazar, his modesty slipped ever so slightly.

He said, “I am sure, in my humble way, I was a new-roads opener.”

T he Lazar I’ve met on the phone was very different from the Guccifer of a decade ago. Back then he would send rambling emails to Gawker, my former employer, largely consisting of fragmented screeds against the Illuminati. The word, which he said he’s retired, nods to a conspiracy of global elites that wield unfathomable power.

“I’d like to call them, right now, ‘deep state,’” he said. “But Illuminati was back then a handy word. Of course, it has bad connotations, it’s like a bad B movie from Hollywood.”

Unfortunately for Lazar, the “deep state” — a term of Turkish origin, referring to an unaccountable security state that acts largely in secret — has in the years since his arrest come to connote paranoid delusion nearly as much as the word “Illuminati” does. Whatever one thinks of the deep state, though, the notion is as contentious and popular among internet-dwelling cranks — especially, and ironically for Lazar, Trump followers. Whatever you want to call it, Lazar believed he’d find it in someone else’s inbox.

“My ultimate goal was to find the blueprints of bad behavior,” he said.

Some would argue that, in Blumenthal’s inbox, he did. Still, after a full term of the Trump administration, the idea of bad behavior at the highest levels of power being something kept hidden in secret emails almost feels quaint.

While Lazar’s past comments to the media have included outright fabrications, racist remarks, and a reliance on paranoid tropes, he seemed calmer now. On the phone, he was entirely lucid, and thoughtful more often than not, even on topics that clearly anguish him. Prison may have cost him his teeth, but it seems to have given him a softer edge than he had a decade ago. He is still a conspiratorially minded man, but not necessarily a delusional one. He plans to remain engaged with American politics in his own way.

“I don’t care about myself,” he told me, “but I care about all the stuff I was talking about, you know, politics and stuff.” He said, “I’m gonna keep keeping one eye on American politics and react to this. I’m not gonna let the water just flow. I’m gonna intervene.”

This time, he says he’ll fight the powers that be by writing, not guessing passwords. “I am more subtle than I was before,” he tried to assure me.

“I’m gonna keep keeping one eye on American politics and react to this. I’m not gonna let the water just flow. I’m gonna intervene.”

At one point in our conversations, Lazar rattled off a sample of the 400 books he said he read in prison, sounding as much like a #Resistance Twitter addict as anything else: “James Comey, Andrew McCabe, Michael Hayden , James Clapper, all their biographies, which nobody reads, you know?”

While he still makes references to the deep state and “shadow governments” and malign influence of the Rockefeller family, he’s also quick to reference obscure FBI brass like Peter Strzok and Bill Priestap, paraphrase counterintelligence reports, or cite “Midyear Exam,” the Department of Justice probe into Clinton’s email practices.

It’s difficult to know if this more polished, better-read Lazar has become less conspiratorial, or whether the country that imprisoned him has become so much more so that it’s impossible to tell the difference. Lazar is a conspiracy theorist, it seems, in the same way everyone became after 2016.

Lazar, the free man, alluded to knowing that Guccifer was in over his head. He admitted candidly that he lied in an NBC News interview about having gained access to Clinton’s private email server, a claim he recanted during a later FBI interview, because he naively hoped the lie would grant him leverage to cut a better deal after his extradition. It didn’t, nor did his full cooperation with the FBI’s Clinton email probe.

When I asked Lazar whether he worried about the consequences of stealing the emails of the most famous people he could possibly reach, he said he believed creating celebrity for himself, anathema to most veteran hackers, would protect him from being disappeared by the state. In the end, it did not.

“At some point,” he said, “I lost control.”

The post Guccifer, the Hacker Who Launched Clinton Email Flap, Speaks Out After Nearly a Decade Behind Bars appeared first on The Intercept .

Highway surveillance footage from Thanksgiving Day shows a Tesla Model S vehicle changing lanes and then abruptly braking in the far-left lane of the San Francisco Bay Bridge, resulting in an eight-vehicle crash. The crash injured nine people, including a 2-year-old child, and blocked traffic on the bridge for over an hour.

The video and new photographs of the crash, which were obtained by The Intercept via a California Public Records Act request, provides the first direct look at what happened, confirming witness accounts of what happened at the time. The driver told police that he had been using Tesla’s new “Full Self-Driving” feature, the report notes , before the Tesla’s “left signal activated” and its “brakes activated,” and it moved into the left lane, “slowing to a stop directly in [the second vehicle’s] path of travel.”

Just hours before the crash, Tesla CEO Elon Musk had triumphantly announced that Tesla’s Full Self-Driving capability was available in North America, congratulating Tesla employees on a “major milestone.” By the end of last year, Tesla had rolled out the feature to over 285,000 people in North America, according to the company.

Tesla Full Self-Driving Beta is now available to anyone in North America who requests it from the car screen, assuming you have bought this option.

Congrats to Tesla Autopilot/AI team on achieving a major milestone!

— Elon Musk (@elonmusk) November 24, 2022

The National Highway Traffic Safety Administration, or NHTSA, has said that it is launching an investigation into the incident. Tesla vehicles using its Autopilot driver assistance system — Full Self-Driving mode has an expanded set of features atop Autopilot — were involved in 273 known crashes from July 2021 to June of last year, according to NHTSA data. Teslas accounted for almost 70 percent of 329 crashes in which advanced driver assistance systems were involved, as well as a majority of fatalities and serious injuries associated with them, the data shows. Since 2016, the federal agency has investigated a total of 35 crashes in which Tesla’s “Full Self-Driving” or “Autopilot” systems were likely in use. Together, these accidents have killed 19 people.

In recent months, a surge of reports have emerged in which Tesla drivers complained of sudden “ phantom braking ,” causing the vehicle to slam on its brakes at high speeds. More than 100 such complaints were filed with NHTSA in a three-month period, according to the Washington Post.

The child injured in the crash was a 2-year-old who suffered an abrasion to the rear left side of his head as well as a bruise, according to the incident detail report obtained by The Intercept. In one photograph of the crash, a stroller is parked in front of the car in which the child was injured.

As traditional car manufacturers enter the electric vehicle market, Tesla is increasingly under pressure to differentiate itself. Last year, Musk said that full self-driving was an “essential” feature for Tesla to develop, going as far as saying, “It’s really the difference between Tesla being worth a lot of money or worth basically zero.”

The term “Full Self-Driving” has been criticized by other manufacturers and industry groups as misleading and even dangerous. Last year, the autonomous driving technology company Waymo, owned by Google’s parent company, announced that it would no longer be using the term.

“Unfortunately, we see that some automakers use the term ‘self-driving’ in an inaccurate way, giving consumers and the general public a false impression of the capabilities of driver assist (not fully autonomous) technology,” Waymo wrote in a blog post . “That false impression can lead someone to unknowingly take risks (like taking their hands off the steering wheel) that could jeopardize not only their own safety but the safety of people around them.”

Though Waymo doesn’t name any names, the statement was “clearly motivated by Musk’s controversial decision to use the term ‘Full Self Driving,’” according to The Verge.

Along the same lines, the premier lobbying group for self-driving cars recently rebranded from the “Self-Driving Coalition for Safer Streets” to the “Autonomous Vehicle Industry Association.” The change, the industry group said, reflected its “commitment to precision and consistency in how the industry, policymakers, journalists and the public talk about autonomous driving technology.”

Secretary of Transportation Pete Buttigieg has also been critical of the emerging driver assistance technologies, which he stresses have not replaced the need for an alert human driver. “I keep saying this until I’m blue in the face: anything on the market today that you can buy is a driver assistance technology, not a driver replacement technology,” Buttigieg said . “I don’t care what it’s called. We need to make sure that we’re crystal clear about that — even if companies are not.”

Though the language may be evolving, there are still no federal restrictions on the testing of autonomous vehicles on public roads, though states have imposed limits in certain cases. Tesla has not announced any changes to the program or its branding, but the crash was one of multiple that month. Several days prior to the Bay Bridge accident, on November 18 in Ohio, a Tesla Model 3 crashed into a stopped Ohio State Highway Patrol SUV which had its hazard lights flashing. The Tesla is likewise suspected of having been in self-driving mode and is also being investigated by NHTSA.

NHTSA is also investigating a tweet by Musk in which he said that Full Self-Driving users would soon be given the option to turn off reminder notifications for drivers to keep their hands on the steering wheel. “Users with more than 10,000 miles on FSD Beta should be given the option to turn off the steering nag,” a Twitter user posted on New Year’s Eve, tagging Musk.

“Agreed, update coming in Jan,” Musk replied.

The post Exclusive: Surveillance Footage of Tesla Crash on SF’s Bay Bridge Hours After Elon Musk Announces “Self-Driving” Feature appeared first on The Intercept .

Since the 2016 presidential election, the notion that the Russian government somehow “weaponized” social media to push voters to Donald Trump has been widely taken as a gospel in liberal circles. A groundbreaking recent New York University study, however, says there’s no evidence Russian tweets had any meaningful effect at all.

“We demonstrate, first, that exposure to Russian disinformation accounts was heavily concentrated: only 1% of users accounted for 70% of exposures,” the scholars wrote in the journal Nature Communications . “Second, exposure was concentrated among users who strongly identified as Republicans. Third, exposure to the Russian influence campaign was eclipsed by content from domestic news media and politicians. Finally, we find no evidence of a meaningful relationship between exposure to the Russian foreign influence campaign and changes in attitudes, polarization, or voting behavior.”

The research, conducted by NYU’s Center for Social Media and Politics , is a rare counter to what’s become the prevailing media narrative of the post-2016 era: that social platforms like Twitter were and will continue to be wielded by malicious foreign actors to interfere with American political outcomes.

Most importantly, according to the study, based on a longitudinal survey of roughly 1,500 Americans and an analysis of their Twitter timelines, “the relationship between the number of posts from Russian foreign influence accounts that users are exposed to and voting for Donald Trump is near zero (and not statistically significant).”

That Russian intelligence attempted to influence the 2016 election, broadly speaking, is by now well documented ; the idea that the propagandizing amounted to anything other than headlines and congressional hearings, however, is little more than an article of faith. While their impact remains debated among scholars, the specter of “Russian bots” wreaking havoc across the web has become a byword of liberal anxiety and a go-to explanation for Democrats flummoxed by Trump’s unlikely victory.

The NYU study found that Russia’s Twitter campaign had no effect in part because barely anyone saw it. Moreover, to the extent anyone ever saw the Russian tweets, it was people who weren’t going to be easily influenced anyway: “[T]hose who identified as ‘Strong Republicans’ were exposed to roughly nine times as many posts from Russian foreign influence accounts than were those who identified as Democrats or Independents.”

After 2016, as platforms like Twitter rushed to scrub networks of Russian accounts based on the premise they were inherently harmful, Sen. Mark Warner, D-Va., characterized Russian tweets as a full-blown national security crisis. Following a September 2017 congressional hearing on Russian social media meddling, Warner described Twitter’s testimony as “deeply disappointing,” and decried an “enormous lack of understanding from the Twitter team of how serious this issue is, the threat it poses to democratic institutions, and again begs many more questions than they offered.”

This stance became a popular stance among Russia hawks and Trump foes. A year later, Rep. Adam Schiff, D-Calif., tweeted , “Russian troll accounts were still active on Twitter as recently as this year, interfering in our politics. We will continue to expose this malign online activity so Americans can see first-hand the tools Russia uses to divide us.”

Panic over Russian tweets and the belief they might swing elections spread throughout Congress , academia, business, and the U.S. intelligence community . A cottage industry spouted up to combat what Facebook termed “Coordinated Inauthentic Behavior” — an industry that lives on today.

Crucially, the report focused only on tweets, so the possible effect of Facebook groups, Instagram posts, or, say, the spread of materials hacked from the Democratic National Committee was left unassessed. The report nonetheless serves as a gentle evidence-based corrective to societal fears of low-effort social media propagandizing as some diabolical tool of adversarial regimes.

Russian tweets, the authors note, were a small speck when compared to homegrown posters. “Despite the seemingly large number of posts from Internet Research Agency accounts in respondents’ timelines,” the report says, “they are overshadowed—by an order of magnitude—by posts from national news media and politicians.”

The post Those Russian Twitter Bots Didn’t Do $#!% in 2016, Says New Study appeared first on The Intercept .