Facebook Failed to Protect 30 Million Users From Having Their Data Harvested by Trump Campaign Affiliate

In 2014, traces of an unusual survey, connected to Facebook, began appearing on internet message boards. The boards were frequented by remote freelance workers who bid on “human intelligence tasks” in an online marketplace, called Mechanical Turk, controlled by Amazon. The “turkers,” as they’re known, tend to perform work that is rote and repetitive, like flagging pornographic images or digging through search engine results for email addresses. Most jobs pay between 1 and 15 cents. “Turking makes us our rent money and helps pay off debt,” one turker told The Intercept. Another turker has called the work “voluntarily slave labor.”

The task posted by “Global Science Research” appeared ordinary, at least on the surface. The company offered turkers $1 or $2 to complete an online survey. But there were a couple of additional requirements as well. First, Global Science Research was only interested in American turkers. Second, the turkers had to download a Facebook app before they could collect payment. Global Science Research said the app would “download some information about you and your network … basic demographics and likes of categories, places, famous people, etc. from you and your friends.”

“Our terms of service clearly prohibit misuse,” said a spokesperson for Amazon Web Services, by email. “When we learned of this activity back in 2015, we suspended the requester for violating our terms of service.”

Although Facebook’s early growth was driven by closed, exclusive networks at college and universities, it has gradually herded users to agree to increasingly permissive terms of service. By 2014, anything a user’s friends could see was also potentially visible to the developers of any app that they chose to download. Some of the turkers noticed that the Global Science Research app appeared to be taking advantage of Facebook’s porousness. “Someone can learn everything about you by looking at hundreds of pics, messages, friends, and likes,” warned one, writing on a message board. “More than you realize.” Others were more blasé. “I don’t put any info on FB,” one wrote. “Not even my real name … it’s backwards that people put sooo much info on Facebook, and then complain when their privacy is violated.”

In late 2015, the turkers began reporting that the Global Science Research survey had abruptly shut down. The Guardian had published a report that exposed exactly who the turkers were working for. Their data was being collected by Aleksandr Kogan, a young lecturer at Cambridge University. Kogan founded Global Science Research in 2014, after the university’s psychology department refused to allow him to use its own pool of data for commercial purposes. The data collection that Kogan undertook independent of the university was done on behalf of a military contractor called Strategic Communications Laboratories, or SCL. The company’s election division claims to use “data-driven messaging” as part of “delivering electoral success.”

SCL has a growing U.S. spin-off, called Cambridge Analytica, which was paid millions of dollars by Donald Trump’s campaign. Much of the money came from committees funded by the hedge fund billionaire Robert Mercer, who reportedly has a large stake in Cambridge Analytica. For a time, one of Cambridge Analytica’s officers was Stephen K. Bannon, Trump’s senior adviser. Months after Bannon claimed to have severed ties with the company, checks from the Trump campaign for Cambridge Analytica’s services continued to show up at one of Bannon’s addresses in Los Angeles.

“You can say Mr. Mercer declined to comment,” said Jonathan Gasthalter, a spokesperson for Robert Mercer, by email.

FaceBook Elections signs stand in the media area at Quicken Loans Arena in Cleveland, Thursday, Aug. 6, 2015, before the first Republican presidential debate. (AP Photo/John Minchillo)

Facebook Elections signs in the media area at Quicken Loans Arena in Cleveland, Aug. 6, 2015, before the first Republican presidential debate of the 2016 election.

Photo: John Minchillo/AP

The Intercept interviewed five individuals familiar with Kogan’s work for SCL. All declined to be identified, citing concerns about an ongoing inquiry at Cambridge and fears of possible litigation. Two sources familiar with the SCL project told The Intercept that Kogan had arranged for more than 100,000 people to complete the Facebook survey and download an app. A third source with direct knowledge of the project said that Global Science Research obtained data from 185,000 survey participants as well as their Facebook friends. The source said that this group of 185,000 was recruited through a data company, not Mechanical Turk, and that it yielded 30 million usable profiles. No one in this larger group of 30 million knew that “likes” and demographic data from their Facebook profiles were being harvested by political operatives hired to influence American voters.

Kogan declined to comment. In late 2014, he gave a talk in Singapore in which he claimed to have “a sample of 50+ million individuals about whom we have the capacity to predict virtually any trait.” Global Science Research’s public filings for 2015 show the company holding 145,111 British pounds in its bank account. Kogan has since changed his name to Spectre. Writing online, he has said that he changed his name to Spectre after getting married. “My wife and I are both scientists and quite religious, and light is a strong symbol of both,” he explained.

The purpose of Kogan’s work was to develop an algorithm for the “national profiling capacity of American citizens” as part of SCL’s work on U.S. elections, according to an internal document signed by an SCL employee describing the research.

“We do not do any work with Facebook likes,” wrote Lindsey Platts, a spokesperson for Cambridge Analytica, in an email. The company currently “has no relationship with GSR,” Platts said.

“Cambridge Analytica does not comment on specific clients or projects,” she added when asked whether the company was involved with Global Science Research’s work in 2014 and 2015.

The Guardian, which was was the first to report on Cambridge Analytica’s work on U.S. elections, in late 2015, noted that the company drew on research “spanning tens of millions of Facebook users, harvested largely without their permission.” Kogan disputed this at the time, telling The Guardian that his turker surveys had collected no more than “a couple of thousand responses” for any one client. While it is unclear how many responses Global Science Research obtained through Mechanical Turk and how many it recruited through a data company, all five of the sources interviewed by The Intercept confirmed that Kogan’s work on behalf of SCL involved collecting data from survey participants’ networks of Facebook friends, individuals who had not themselves consented to give their data to Global Science Research and were not aware that they were the objects of Kogan’s study. In September 2016, Alexander Nix, Cambridge Analytica’s CEO, said that the company built a model based on “hundreds and hundreds of thousands of Americans” filling out personality surveys, generating a “model to predict the personality of every single adult in the United States of America.”

Shortly after The Guardian published its 2015 article, Facebook contacted Global Science Research and requested that it delete the data it had taken from Facebook users. Facebook’s policies give Facebook the right to delete data gathered by any app deemed to be “negatively impacting the Platform.” The company believes that Kogan and SCL complied with the request, which was made during the Republican primary, before Cambridge Analytica switched over from Ted Cruz’s campaign to Donald Trump’s. It remains unclear what was ultimately done with the Facebook data, or whether any models or algorithms derived from it wound up being used by the Trump campaign.

In public, Facebook continues to maintain that whatever happened during the run-up to the election was business as usual. “Our investigation to date has not uncovered anything that suggests wrongdoing,” a Facebook spokesperson told The Intercept.

Facebook appears not to have considered Global Science Research’s data collection to have been a serious ethical lapse. Joseph Chancellor, Kogan’s main collaborator on the SCL project and a former co-owner of Global Science Research, is now employed by Facebook Research. “The work that he did previously has no bearing on the work that he does at Facebook,” a Facebook spokesperson told The Intercept.

Chancellor declined to comment.

Cambridge Analytica has marketed itself as classifying voters using five personality traits known as OCEAN — Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism — the same model used by University of Cambridge researchers for in-house, non-commercial research. The question of whether OCEAN made a difference in the presidential election remains unanswered. Some have argued that big data analytics is a magic bullet for drilling into the psychology of individual voters; others are more skeptical. The predictive power of Facebook likes is not in dispute. A 2013 study by three of Kogan’s former colleagues at the University of Cambridge showed that likes alone could predict race with 95 percent accuracy and political party with 85 percent accuracy. Less clear is their power as a tool for targeted persuasion; Cambridge Analytica has claimed that OCEAN scores can be used to drive voter and consumer behavior through “microtargeting,” meaning narrowly tailored messages. Nix has said that neurotic voters tend to be moved by “rational and fear-based” arguments, while introverted, agreeable voters are more susceptible to “tradition and habits and family and community.”

Dan Gillmor, director of the Knight Center at Arizona State University, said he was skeptical of the idea that the Trump campaign got a decisive edge from data analytics. But, he added, such techniques will likely become more effective in the future. “It’s reasonable to believe that sooner or later, we’re going to see widespread manipulation of people’s decision-making, including in elections, in ways that are more widespread and granular, but even less detectable than today,” he wrote in an email.

LOS ANGELES, CA - SEPTEMBER 15: Republican presidential candidate Donald Trump (L) throws a hat to supporters during a campaign rally aboard the USS Iowa on September 15, 2015 in Los Angeles, California. Donald Trump is campaigning in Los Angeles a day ahead of the CNN GOP debate that will be broadcast from the Ronald Reagan Presidential Library in Simi Valley. (Photo by Justin Sullivan/Getty Images)

Donald Trump throws a hat to supporters during a campaign rally on Sept. 15, 2015, in Los Angeles.

Photo: Justin Sullivan/Getty Images

Trump’s circle has been open about its use of Facebook to influence the vote. Joel Pollak, an editor at Breitbart, writes in his campaign memoir about Trump’s “armies of Facebook ‘friends,’ … bypassing the gatekeepers in the traditional media.” Roger Stone, a longtime Trump adviser, has written in his own campaign memoir about “geo-targeting” cities to deliver a debunked claim that Bill Clinton had fathered a child out of wedlock, and narrowing down the audience “based on preferences in music, age range, black culture, and other urban interests.”

Clinton, of course, had her own analytics effort, and digital market research is a normal part of any political campaign. But the quantity of data compiled on individuals during the run-up to the election is striking. Alexander Nix, head of Cambridge Analytica, has claimed to “have a massive database of 4-5,000 data points on every adult in America.” Immediately after the election, the company tried to take credit for the win, claiming that its data helped the Trump campaign set the candidate’s travel schedule and place online ads that were viewed 1.5 billion times. Since then, the company has been de-emphasizing its reliance on psychological profiling.

The Information Commissioner’s Office, an official privacy watchdog within the British government, is now looking into whether Cambridge Analytica and similar companies might pose a risk to voters’ rights. The British inquiry was triggered by reports in The Observer of ties between Robert Mercer, Cambridge Analytica, and the Leave.EU campaign, which worked to persuade British voters to leave the European Union. While Nix has previously talked about the firm’s work for Leave.EU, Cambridge Analytica now denies that it had any paid role in the campaign.

Twickenham, members of Leave EU and UKIP hand out leaflets<br /><br /><br /><br /> Grassroots Out action day on EU membership, London, Britain - 05 Mar 2016</p><br /><br /><br /> <p> (Rex Features via AP Images)

Leave.EU signage is displayed in London on March 5, 2016.

Photo: Rex Features/AP Images

In the U.S., where privacy laws are looser, there is no investigation. Cambridge Analytica is said to be pitching its products to several federal agencies, including the Joint Chiefs of Staff. SCL, its parent company, has new offices near the White House and has reportedly been advised by Gen. Michael Flynn, Trump’s former national security adviser, on how to increase its federal business. (A spokesperson for Flynn denied that he had done any work for SCL.)

Years before the arrival of Kogan’s turkers, Facebook founder Mark Zuckerberg tried to address privacy concerns around the company’s controversial Beacon program, which quietly funneled data from outside websites into Facebook, often without Facebook users being aware of the process. Reflecting on Beacon, Zuckerberg attributed part of Facebook’s success to giving “people control over what and how they share information.” He said that he regretted making Beacon an “opt-out system instead of opt-in … if someone forgot to decline to share something, Beacon went ahead and still shared it with their friends.”

Seven years later, Facebook appears to have made the same mistake, but with far greater consequences. In mid-2014, however, Facebook announced a new review process, where the company would make sure that new apps asked only for data they would actually use. “People want more control,” the company said at that time. “It’s going to make a huge difference with building trust with your app’s audience.” Existing apps were given a full year to switch over to have Facebook review how they handled user data. By that time, Global Science Research already had what it needed.

Top photo: A collage of profile pictures makes up the Facebook logo on a wall at a Facebook Data Center in Forest City, N.C., in 2012.

The post Facebook Failed to Protect 30 Million Users From Having Their Data Harvested by Trump Campaign Affiliate appeared first on The Intercept.

Uptick in US pedestrian deaths could be linked to cellphone use, researchers say

Pedestrian deaths are climbing faster than those of motorists, data shows, with increase in drivers and walkers, cellphone distractions and alcohol as factors

Pedestrian deaths in the US are climbing faster than motorist fatalities, reaching nearly 6,000 deaths last year – the highest total in more than two decades, according to an analysis of preliminary state data released on Thursday.

Increased driving due to an improved economy, lower gas prices and more walking for exercise and environmental factors are some of the likely reasons behind the estimated 11% spike in pedestrian fatalities in 2016. The figures were prepared for the Governors Highway Safety Association, which represents state highway safety offices.

Continue reading…

Trump to have first in-person talks with Chinese president Xi Jinping next week

  • US president to host meeting with Xi at Mar-a-Lago retreat in Florida
  • Trade, North Korea and South China Sea dispute on agenda, US officials say

Donald Trump and his Chinese counterpart, Xi Jinping, will hold their first face-to-face talks next week in Florida, a highly anticipated meeting between leaders at odds over trade, China’s strategic ambitions and how to deal with North Korea’s weapons programs.

Related: Climate change: China calls US ‘selfish’ after Trump seeks to bring back coal

Continue reading…

Angry Trump tells Freedom Caucus to ‘get on the team’ after healthcare failure

Trump initially blamed Democrats after his attempt to repeal and replace Obamacare crumbled, but has since shifted aim to the divided Republican party

Donald Trump has issued an ultimatum to the hard right of the Republican party, warning them to “get on the team” or face consequences at the ballot box.

The US president tweeted on Thursday: “The Freedom Caucus will hurt the entire Republican agenda if they don’t get on the team, & fast. We must fight them, & Dems, in 2018!”

Continue reading…

House Republicans Launch a New Assault on the EPA

A Russian loomed over the House of Representatives Wednesday. And it wasn’t Putin. Instead, the figure who came up in two different discussions among House members was Trofim Lysenko, a Soviet agronomist who manipulated data in ways that fit perfectly with the political agenda of Joseph Stalin. Lysenko’s theories, which rejected the now accepted ideas of genes and genetic inheritance, were so appealing to the Soviet dictator they became the only ones taught in the country in the 1940s as Soviet scientists were forbidden from contradicting his teachings. Yet the actual research behind Lysenko’s conclusions was so off-base that the decision to exempt him from the standard scientific process ultimately helped lead to a famine.

The story of the man who imperiled his country with pseudoscience designed to please a politician seemed particularly relevant during a day filled with Republican efforts to provide scientific cover for a range of unscientific policies. The House Committee on Science, Space and Technology began the day with a hearing called Climate Science: Assumptions, Policy Implications, and the Scientific Method. Held just two days after a Trump executive order killed federal efforts to address climate change, the hearing included testimony from three experts far out of the scientific mainstream whose careers have been boosted by promoting theories that benefit Republicans and the fossil fuel industry.

Expert witnesses Judith Curry, John Christy, and Roger Pielke Jr., who are frequently called on to present the Republican case for inaction on climate in Congress, all underscored the point that whatever is happening with the climate has been exaggerated and doesn’t warrant serious action, a message that may be particularly welcome to administration officials who have already decided to take just that path.

Christy, a climatologist at the University of Alabama who insists that extreme weather events are not related to climate change, asserted that while the earth may be warming it’s not due to human activity. “Mother nature can cause such temperature changes on her own,” he said. Pielke, a science policy writer at the University of Colorado, said that he believes in climate change and suggested that a carbon tax might be a good idea, but stuck by his idea that there is no evidence to suggest that hurricanes, floods, tornadoes, or droughts are increasing. And Judith Curry, a former professor at the Georgia Institute of Technology, insisted that humans might be responsible for less than 50 percent of climate change, a possibility that the Intergovernmental Panel on Climate Change has given a less than one in 10,000 chance of being true.

The focus on the convenient untruths of Curry, Pielke, and Christy were an after-the-fact attempt to justify the about-face by turning scientific reality on its head. Although 97 percent of actively publishing climate scientists agree that climate warming trends are “extremely likely due to human activity,” only one of four witnesses represented that point of view.

Michael Mann, a professor at Pennsylvania State University, pointed to a study he published earlier this week linking climate change to droughts, heat waves, and floods, and noted that the fires that recently devastated the Midwest are evidence of the need to respond to the phenomenon. Mann has been widely attacked for such mainstream views before. His email has been hacked. He’s received hate mail, death threats, and has been the subject of hostile Congressional hearings. At Wednesday’s hearing, he invoked Lysinko to explain the current enthusiasm for climate denial and then withstood condemnation from Republicans who chastised him for referring to the other panelists as deniers. Rep. Dana Rohrabacher told him he should be “ashamed.”

In the upside-down world of the House Science committee, Mann is the aggressor and those who have attacked his widely supported views are the aggrieved ones. “As a result of my analyses, I have been called a serial climate disinformer,” said Curry. “There is enormous pressure for climate scientists to confirm to the so-called consensus.”

In this Oct. 16, 2014 photo, fog hovers over a mountaintop as a cut out of a coal miner stands at a memorial to local miners killed on the job in Cumberland, Ky. For over a century, life in Central Appalachia has been largely defined by the ups and downs of the coal industry. Through all the bust years, there was always the promise of another boom. Until now. There is a growing sense in these mountains that this downturn is different, deeper. That for a variety of reasons, economic, environmental, political, coal mining will not rebound this time. As recently as the late 1970s, there were more than 350 mines operating at any given time in Harlan County. Today, it's around 40. (AP Photo/David Goldman)

Fog hovers over a mountaintop near a cut out of a coal miner at a memorial in Cumberland, Ky. in 2014.

Photo: David Goldman/AP

Lamar Smith, the Texas Republican who chairs the committee, similarly flipped the script. Rather than admitting that the hearing had anything to do with protecting the fossil fuel industry, which has made more contributions to his campaigns than any other sector, he insisted the bitter back and forth between Mann and climate skeptics was meant as an investigation of scientific principles. “Far too often, alarmist theories on climate science originate with scientists who operate outside of principals of the scientific method,” said Smith. “Before we impose costly government regulations, we should evaluate uncertainties.”

Since has was named chair of the House Science committee in 2013, a position in which he has at least partial jurisdiction over the Environmental Protection Agency, the National Oceanic and Atmospheric Administration, the Agency for Toxic Substances and Disease Registry, and the U.S. Geological Survey, among other federal agencies, Smith’s scientific interests seem focused on attacking researchers whose work demonstrates the need to restrict the fossil fuel industry. Smith has particularly singled out scientists who have studied the dangers of air pollution and the contribution of fossil fuel burning to climate change and has tweeted out a Breitbart story about a nonexistent plunge in global temperatures.

After the Science Committee hearing ended, Smith moved on to another effort to roll back environmental regulations. After a brief discussion, the House passed a bill called the “Secret Science Reform Act” when it was first introduced in 2014 that has since been renamed the HONESTY Act. According to Smith, the bill, which would limit the EPA to using only data that can be replicated or made available for independent analysis, is an effort to make the EPA more transparent. “Why would anyone want to hide this information from the American people?” the chairman asked.

The dozens of health and environmental organizations that oppose the bill, including the American Public Health Association, the American Lung Association, and the Natural Resources Defense Council, have an answer: Many studies are based on confidential health information, and the legislation would unreasonably limit the studies the EPA can use — and thus its ability to regulate. According to an analysis by the Environmental Data & Governance Initiative, had it been in place, the law would have prevented drinking water regulations, the identification of dangerous lead levels, risk management programs under the Clean Air Act, and the setting of certain air and water quality standards among other life-saving public protections.

Before the day was done, the House was involved in yet another effort to swap out independent environmental science with something more to industry’s liking. The EPA Science Advisory Bill Reform Act, which was introduced on Tuesday night and was passed by the House this morning, would limit the number of independent scientists who can serve on that body and allow people who have financial ties to the matters being discussed to serve on the board as long as they disclose their conflicts of interest.

The proposal got Democratic Representative Gerald Connolly thinking once again about Lysinko in Soviet Russia: “The last time a great power decided to deny science-based policy and to actually dictate politically what was science and what wasn’t was Stalin’s Soviet Russia. Famous scientist named Lysinko, who turned out to be a fraud and a con artist. But for 30 years, his thinking dominated soviet science.” That folly led to millions of deaths, said Connolly, who predicted that the U.S. government’s departure from established science would not end well.

Top photo: Firefighters from across Kansas and Oklahoma battle a wildfire near Protection, Kan., on March 6, 2017.

The post House Republicans Launch a New Assault on the EPA appeared first on The Intercept.

Trump said he’d stop dragging us into war. That’s yet another fat lie | Medea Benjamin

President Trump has escalated US intervention in Syria. American strikes there now kill or injure more civilians than Russian strikes, says one report

President Trump told a group of senators this week that the US military was “doing very well” in Iraq. “The results are very, very good,” Trump said. The families of the hundreds of innocents who have been killed in US airstrikes since Trump became president might disagree.

Remember when presidential candidate Donald Trump blasted former president George Bush for dragging the United States into the Iraq war, calling the invasion a “big, fat mistake”? How, then, does that square with now President Donald Trump stepping up US military involvement in Iraq, as well as in Syria and Yemen, and quite literally blasting hundreds of innocent civilians in the process?

Continue reading…

Meet the Midwestern Contractor That Appears Hundreds of Times in the CIA WikiLeaks Dump

In a suburb of Cincinnati about 30 minutes north of the Ohio River, right down the street from the local Hooters, a little known subsidiary of defense giant Northrop Grumman works on contracts for the Central Intelligence Agency.

Xetron Corporation, whose products range from military sensors to communications systems to information security software, shows up in nearly 400 documents published earlier this month by WikiLeaks. Those documents describe some of the tools the CIA uses to hack phones, smart TVs, and other digital products to conduct espionage overseas — and some of the partners that help them do it, like Xetron.

Now Xetron employees are facing additional scrutiny in the wake of the WikiLeaks dump, according to one source familiar with the matter, with some of them suddenly pulled in to polygraph examinations. It’s unclear if the government is conducting an active investigation into the company as a potential source of the leaks or if the firm is simply responding to stepped-up security requirements on some of its projects.

According to the source, it typically takes months for contractors to schedule the polygraph examinations required on certain sensitive government contracts — sometimes up to a year. “But if it was really important for a mission it would happen immediately … or [if there’s] concern about the project,” the person said. Another source familiar with Xetron’s operations said being suddenly asked to sit for a polygraph in the context of normal project requirements is unusual. The sources requested anonymity to preserve their employability in the buttoned-up world of defense contracting.

The FBI, Xetron, and Northrop Grumman all declined to comment. “Thank you for reaching out to us.  At this time we’re not able to provide a comment on this matter,” Northrop Grumman spokesperson Matt McQueen wrote.

“We have no comment on the authenticity of purported intelligence documents released by WikiLeaks or on the status of any investigation into the source of the documents,” Heather Fritz Horniak, spokesperson for the CIA wrote in an email to The Intercept.

The material released by WikiLeaks show that Xetron provided the CIA with tools to gain unauthorized access to Cisco routers. In one document, Xetron engineers are shown working with “The Bakery” — an unidentified group, possibly a codename for a unit within the CIA — to create “Cinnamon”: a malicious implant for Cisco devices. Another document says that Xetron developed software that routes communications back and forth between computers compromised by the CIA and command servers also controlled by the agency.

Xetron has been sharing hacking techniques with the intelligence community going back to at least 2010, according to documents from NSA whistleblower Edward Snowden. In that year, according to a top-secret schedule, a Xetron representative was slated to present malicious Windows software named “Orca” at one of the CIA’s annual “Jamboree” technology conferences for agency staff and contractors. Orca was designed to circumvent a security feature of Windows that prevented anyone from tampering with programs on a computer hard drive. Orca instead tampered with programs after they had been loaded from the drive into memory.

In a follow-on presentation at the 2011 Jamboree, another Xetron representative was scheduled to detail research into techniques to obscure the origins of malicious software like Orca. In 2012, a Xetron representative was slated to outline a technique for reverse engineering — that is, essentially re-creating — the “embedded” software used to operate real-world machines, according to a Jamboree conference schedule.

It’s not clear whether the CIA ever adopted any of the methods outlined in Xetron’s presentations. Asked about the Snowden documents, the agency wrote that “it is CIA’s job to be innovative, cutting-edge, and the first line of defense in protecting this country from enemies abroad.  America deserves nothing less.  It is also important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so.” The NSA did not comment.

Xetron’s proximity to the intelligence community has become particularly noteworthy in the wake of reports that federal investigators are focused on CIA contractors as the most likely sources of the documents published by WikiLeaks — although there is no evidence linking the company to that breach. The documents exposed details on many CIA capabilities, including a library of hacks against smartphones deemed “impressive” by digital security experts. Intelligence officials are taking the breach seriously; the CIA in a statement said the document release would “not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm.” According to two sources working at major defense contractors, such employers are taking extra steps to remind employees about company ethics — giving speeches and posting fliers in the halls about appropriate data transfer procedures.

It’s highly likely the government knows where the leak came from, or has a good idea, said Nick Weaver, a senior staff researcher at the International Computer Science Institute in Berkeley.

“I would be shocked if the investigators don’t already know when and by whom the data was accessed, by combining access logs on the server with the very narrow time range when this leak could have occurred,” he wrote in a text message. “If they don’t know this by now, it indicates that a huge amount of effort dealing with insider threats was wasted. Google was able to do this analysis for the data allegedly stolen from their autonomous car project. Why couldn’t the CIA?”

Despite claiming some 68,000 employees as of 2013, Xetron has maintained a relatively low profile over the years. One exception came in 2011, when the hacker collective Anonymous released email purloined from digital security firm HBGary; in one such email, HBGary reportedly discussed negotiating with Xetron to provide Xetron computer malware it could repurpose or re-sell.

Xetron began as a smaller “defense electronics” firm in 1972 and was purchased by Westinghouse Electric Corporation in 1986. Both companies were acquired by Northrop Grumman in 1996. Xetron’s Ohio plant endured an expensive fire, which inflicted $15 million in damage, in the early 1990s.


This image shows a Google Maps street view of Xetron Corporation’s offices located in Cincinnati in July, 2016.

Photo: Google Maps

“Xetron specializes in providing solutions that meet operational needs or fill technology gaps,” reads a recent description of the company written by Northrop Grumman for potential government customers. One specialty includes “computer network operations” — expertise in encryption and intrusion detection as well as “reverse engineering and computer assault.”

“Our many repeat Government customers can attest to the reliability of the products we provide,” the description reads. “Click the links below to learn more about just some of the products and services we offer. Even if you don’t see it here, tell us what you need. Chances are we can help.”

The company draws a large number of students from nearby engineering schools; it has a partnership on “cyber informatics” with the University of Cincinnati where employees of the company can take classes alongside students. In September 2016, representatives of Xetron went to the University of Dayton to recruit engineers “to join their highly skilled Cyber and Intelligence, Surveillance, and Reconnaissance development teams,” according to a public Facebook post.

Multiple former employees described an office environment focused on beating rivals like Lockheed Martin for government contracts, but where it was not unusual to spend years on a proof-of-concept only to see it left unused.

“Morale was weak, to say the least,” one former employee said. Even so, few former employees were willing to discuss even banal details about working at Xetron; it’s not at all clear that the environment would push someone to leak sensitive work product. “I think a lot of them still believe in the mission, they were just overworked and underappreciated.”

Documents published with this article:

Top photo: Xetron Corporation appears in documents released by WikiLeaks that links them to tools the CIA uses to hack digital products to conduct espionage overseas.

The post Meet the Midwestern Contractor That Appears Hundreds of Times in the CIA WikiLeaks Dump appeared first on The Intercept.