I’ve been asked repeatedly how it can be that everyone outside the White House disagrees with abandoning U.S. allies in Syria, and yet the White House is proceeding with an abrupt cut-and-run away. What is in it for them?

It’s a fair question. Given everyone across the political spectrum thinks quitting is a bad idea, including those apolitical who think most about national security, what possibly could motivate such an epic bad decision?

While tempting to link the move to personal profit and greed of the cabal in the White House, such as real-estate deals, there’s a larger international relations angle on this that fits into what we’ve seen over the last few years.

First, Putin has been said to want to destabilize Europe by tactically capitalizing on refugees:

Russia has been accused of “weaponising” the refugee crisis as a way of destabilising Europe – a claim recently reinforced by Nato’s top commander in Europe. That assertion may well be disputed. What is beyond doubt is the continuing need to know what Russia is thinking, and what goals it might pursue as it watches the EU confront multiple crises.

Second, that is an expected outcome from the U.S. diminishing its own power and abruptly abandoning its allies, encouraging Turkey to intervene and stir conflict.

Turkey’s offensive is likely not only to damage America’s diplomatic credibility and create a humanitarian crisis; it could lead to the escape of thousands of ISIS prisoners currently being held by Kurdish forces. In one of his more galling statements in a week that was full of them, Trump said this wouldn’t be America’s problem since they would likely be “escaping to Europe. That’s where they want to go.” With northeastern Syria once again an active battlefield, and Iraq engulfed in a new round of political chaos, conditions are certainly ripe for a new resurgence of ISIS or a new organization that takes up its mantle.

Those two points together suggest the U.S. withdrawal hands Turkey more leverage over the democratic nations (Kurds) and states (EU) that threaten an Erdoğan anti-democratic regime. Furthermore it serve Putin’s doctrine of destabilization so he may capitalize on human suffering for political objectives.

In security circles the U.S. abandonment of allies could be called a penny-wise pound-foolish strategy that degrades American foreign policy and its own security. The U.S. administration covers the loss with claims of providing immediate gratification domestically. Clearly however it will cause far wider suffering and higher cost in the near future. Here is why even those immediate gratification claims don’t make any sense:

Given there are so few American soldiers in this draw-down, it can’t be said to be in the name of a troop withdrawal from conflict or ending a war. This is especially true because thousands of troops were just deployed to Saudi Arabia, so the balance stands at greater and less-efficient deployments to the region.

Inversely it can be said while there are so few American troops, Syria was a cost-center that produced a high return on investment primarily in terms of regional and national safety. Yet regional stability no longer is valued as before, as the administration has sought personal alignment with dictators not to mention kick-backs and pocket-linings. Thus troops are being sent to Saudi Arabia as an alignment gesture, whether they stabilize or not.

Saudis regularly pay billions for old American cluster bombs to kill children and disrupt food production with campaigns that cause long-term regional destabilization.

In 2008 an international treaty called the convention on cluster munitions severely limiting the use, transfer and stockpiling of cluster bombs was adopted by 30 countries. By 2018 it had been signed by 120 states. The US, which sells arms to Saudi-led forces fighting in Yemen, was not one of them.

“Cluster munitions went through a proportionality test to measure military advantages gained versus civilian harm of their use,” said Rawan Shaif, the lead Yemen researcher at the open source investigative organisation Bellingcat, of the Geneva conventions relating to the protection of victims of armed conflict. “There’s no military advantage in using a cluster munition in a farm, unless your aim is to make that area uninhabitable for generations of civilians and military alike.”

The cluster bomb that killed Raja was manufactured at the Milan Army Ammunition Plant in 1977. The large site, just north of Jackson in west Tennessee, encompasses 231 miles (372km) of roads and 88 miles (142km) of railways and is nicknamed Bullet Town by residents.

And in terms of national safety, the administration has exhibited a harm externality mindset, where threats of ISIS are foolishly downplayed because harms to self (U.S.) are factored as longer-term and therefore ignored compared with harm being publicly wished as an immediate threat (as promised by Putin) to others (EU).

In conclusion, while there are elements of a White House chasing personal profits and even putting money in pockets of some other Americans, overall this ill-conceived abandonment of allies is to serve the anti-EU policy of Russia that cruelly capitalizes on humanitarian crisis and undermines stability, as directed in this region by Turkey.

One last thought on this is the significance of women in the Kurdish forces and how values that traditionally would be consistent with the U.S. are now bizarrely misaligned. Given both Putin and Trump repeatedly have stated in the open how they disrespect and dislike women, it should not be overlooked how misogyny factors into a decision to suddenly divorce the U.S. from its long-time allies.

Kurdish history is replete with cases of women assuming leadership roles in the realm of religion, politics and even in the military sphere.

Data in a new LA Times report (and posted to github) reveals that despite whites being found with contraband more often, blacks and latinos are stopped far more often to be searched.

…a black person in a vehicle was more than four times as likely to be searched by police as a white person, and a Latino was three times as likely.

Yet whites were found with drugs, weapons or other contraband in 20% of searches, compared with 17% for blacks and 16% for Latinos. The totals include both searches of the vehicles and pat-down searches of the occupants.

The analysis in the report indicates less evidence was used to prompt a search of latinos and blacks than whites. On top of that, after being stopped and searched, whites also saw better treatment and lower arrest rates.

Blacks and Latinos were more than three times as likely as whites to be removed from the vehicle and twice as likely to either be handcuffed or detained at the curb, the Times analysis found.

About 3% of blacks and Latinos stopped by the LAPD were arrested, compared with 2% of whites.

To put it another way, the city is 9% black yet 27% of people being searched are black; the city is 28% white, yet 18% of those being searched are white.

The U.S. already has a reputation for its lax approach to infrastructure regulation that “encouraged the spread of disinformation and supported a powerful forum for harassment and bullying”.

Current occupants of the White House are taking that even further.

American infrastructure is said to be getting legal protections against accountability pushed on foreign trade deals, known as adding in Section 230.

Last year, Congress overwhelmingly approved a bill making it possible to sue online platforms for knowingly facilitating sex trafficking. Lawmakers have raised the prospect of creating additional carve-outs for the online sale of opioids. Critics of Section 230 say they are alarmed by the inclusion of its provisions in trade deals.

In other words despite representatives in U.S. government working to protect the world from clear and documented harms, the White House is headed in an opposite direction by trying to instead protect criminal behavior such as child trafficking operating in the U.S..

This relates directly to other recent news that the American cloud service providers often are abused by men operating them to victimize women and children around the world.

Studies repeatedly show “it’s disproportionately women who are targeted” using cloud services and enslaved.

Seventy-six percent of trafficked persons are girls and women and the Internet is now a major sales platform.

Epstein no longer being protected by powerful American men, found dead in his cell and quickly forgotten, may actually mean he was replaced by technology…and that’s why now it is being made untouchable instead of him.

By allowing lawsuits to proceed as one would normally expect, a court would be able to deliberate and find the right balance between freedoms of expression and clear cases of harm.

“The use of Twitter by the defendants to post allegedly defamatory statements cannot subject the plaintiff to the terms of use agreement and the forum selection clause as it would not subject a plaintiff who did not have a Twitter account to the terms of use agreement,” the ruling states.

Once again, cloud services very predictably show why they can be less secure than running your own.

We’ve warned for many years of cloud insider abuse like this, using examples from Uber, Google and Facebook.

In many of these cases it’s male engineers in American technology companies using their power and privilege to stalk and abuse women.

The US Department of Justice has posted details of a 34 year old man who is said to have worked at Yahoo.

In pleading guilty, Ruiz, a former Yahoo software engineer, admitted to using his access through his work at the company to hack into about 6,000 Yahoo accounts. Ruiz cracked user passwords, and accessed internal Yahoo systems to compromise the Yahoo accounts. Ruiz admitted to targeting accounts belonging to younger women, including his personal friends and work colleagues. He made copies of images and videos that he found in the personal accounts without permission, and stored the data at his home. Once he had access to the Yahoo accounts, Ruiz admitted to compromising the iCloud, Facebook, Gmail, DropBox, and other online accounts of the Yahoo users in search of more private images and videos. After his employer observed the suspicious account activity, Ruiz admitted to destroying the computer and hard drive on which he stored the images.

That last sentence is concerning for anyone who has done digital forensics. How was Ruiz tipped off that he was being observed by an internal investigations team?

He wasn’t just a software engineer, he was a Site Reliability Engineer (SRE). And he wasn’t just a Yahoo engineer…

That career path reveals a far worse story than what is being reported right now.

A SRE is a person with deep access inside the cloud provider. They are trusted with the most sensitive data because, in theory, without giving them access a system could become unreliable or go offline.

For example, here’s a single line command in virtual (VMware) environments that exports a copy of an entire server. In a disaster (planning) scenario it could be essential to keeping services running:

Copy-DatastoreItem vmstore:\Datacenter01\StorageArray01\DBNodes\* C:\SREisGod\StolenUserSecrets

Imagine instead, as you can see from the destination path name at the end of that line, any evil SRE just wants to steal ALL the data. SRE staff literally have keys to any kingdom trusting their employer. Even if the data was stored encrypted, using this command it’s decrypted by design.

I’ve repeatedly designed systems to protect against exactly this kind of insider threat and customers need to explicitly ask for proof that one exists. This is a disaster for both Okta and Yahoo if they cannot account for SRE access on their systems, particularly during the hours Ruiz was working.

His eight months at Okta, a widely used identity management company, could be an even bigger problem than Yahoo. Although to be fair the timing is interesting for both cases. Yahoo in 2007 when he joined was the biggest identity provider in the world. In 2018 Okta was claiming to be the leader in this space.

It looks like Okta apparently fired him as soon as the indictments were unsealed that detailed his long-term abuse of being a privileged SRE to game identity management. What Okta hasn’t said is whether they’ve concluded an internal investigation of all his access to identity as an SRE.

This is huge. I can’t overstate enough that an identity management cloud provider, holding the secrets of millions of people, hired an identity thief. It’s like saying a bank hired a bank robber to guard their safe.

Given inside knowledge and access at the service provider he allegedly cracked passwords of thousands of young women, including those he knew and worked with, in order to steal their images. Then he used their identity information to pivot through their cloud accounts that shared the same password to steal more images.

Two lessons here:

One. Okta is a core identity management company that hired a predator who clearly joined companies to commit crimes. Anyone using Okta or a similar service needs to be prepared for this level of insider threat being reported. Although we can pressure Okta on reasons screening didn’t block this hire, we can’t assume screens will be perfect and instead should demand they prove his actions were limited and detected.

Two. Re-use of passwords is what made one evil cloud staff member able to access so many other cloud accounts. Impersonation was possible by Ruiz because users didn’t setup different passwords on each cloud service. Password managers are free and a baseline requirement for users today. Also multi-factor authentication (MFA) would have made SRE theft of user secrets less effective and should be considered another baseline requirement (caveat: nothing is perfect. see new FBI warning on MFA bypass).

There’s a third point about avoiding tipping off suspects during investigations, and preserving evidence, but we don’t have enough details yet on why or how badly that security team at Yahoo was compromised.

AINonline offers numbers on drones in battles over Syria. Russia has recorded 23,000 flights of their own and claims 118 opposition drones shot-down, with the vast majority this year.

The following section on “gaps in electronic warfare shield” was particularly interesting as it emphasizes Russia’s current dependence (pun not intended) on primitive jamming systems and kinetic counter-measures.

Russian official, deputy defense minister for military technical cooperation with foreign countries General Aleksandr Fomin, accused U.S. forces of assisting the Syrian rebels in carrying out drone attacks on the Khmeimeem airbase. Speaking at the Xiangshan security forum in Beijing last fall, he said that, “a group of 13 drones moved according to a common plan of combat deployment, under control of a single crew team. That time, a U.S. Navy P-8 Poseidon ASW aircraft was on an eight-hour patrol mission over the Mediterranean Sea. Upon reaching out our electronic warfare shield, the drones retreated somewhat to receive correcting instructions and began using satellite communications channels to receive outside assistance to find and explore gaps in that shield. Then the drones attempted to penetrate through, only to be destroyed.”

Apparently, Fomin was referring to January 6, when Russian forces shot down seven drones with anti-aircraft missiles and crash-landed seven by jamming the drones’ flight control systems.

Unclear why seven and seven was reported as a group of 13 drones.

The rising scale of drone operations by Russia is part of a tale (pun intended) of their newfound ability to turn the U.S. into a dog they hope to wag around.

Go to the Google store and look at their calculator carefully.

Under permissions for their calculator, we see this list:

• view network connections
• full network access
• prevent device from sleeping
• read Google service configuration
• measure app storage space

Full network access? For a calculator?

Unfortunately you can’t filter apps in the store by level of permission requested.

A simple filter could get rid of calculators that inexplicably demand full network access, let alone other strange levels (some require access to both local storage and removable storage). Imagine setting a preference in your profile that allows the most private apps to be ranked highest…

Calculators without network privileges do exist, which begs the question why Google’s gigantic security team lacks the ability to remove network access from an app that quite obviously has no need for it.

Here are a couple counter-examples:

Calculator Free

• This app has access to: control vibration
• That’s it

Caclulator E Plus

• This application requires no special permissions to run.
• That’s it