YotaPhone, the Dictator's Choice (Part 4)
Joffe's Silliest Trick, Part IV
The white paper can be found here.
After a long weekend of monk like contemplation (beer and football), lets get back to work on dissecting the Yotaphone White Paper. Things will go much fast now, as the rest of the paper is full of filler.
Nothing controversial here, at least to my eye. YotaPhone made a big push for expansion into foreign markets in the mid 2010s, largely on the strength of their dual screen feature. It didn’t end well and the US release was canceled. It certainly makes sense that Russian yota domains would largely be resolve for YotaPhone owners.
And apropos of nothing, Russian dictator Vladimir Putin once gave one of their indigenous Russian cell phones as a gift to another world leader (not Donald Trump).
Barack Obama once gave the Queen of England an Ipod with all his speeches on it. I’m not saying that it killed her, but hey she’s dead. Others may infer these things are related.
I don’t think we have to speculate that this is a hamfisted attempt to insinuate that YotaPhones are Putin’s personal brand, all based on one instance of gifting a phone to the dictator of China. Maybe that’s true, Russia doesn’t have much in the way of tech brands. World leaders promoting their nations products is hardly unusual. But this is an attempt to paint Yotaphones as Putins pet project based on basically zero evidence. But its labeled ‘speculation’, just so no-one is confused.
Grizzly Steppe is the US government’s code name for (assumed) Russian malicious cyber activity That includes Fancy Bear and the DNC hack. DHS released technical reports laying out their findings and listing domains attributed to this activity.
WiMAX is a broadband delivery system (a competitor to 4G more or less1). DHS is claiming a cell phone network based in Moscow has activity related to Russian cyber mischief. Not surprising, there were thousands upon thousands of users on that network.
What is somewhat interesting is that the author(s) tucked this detail in here in the Background section. This is what we’re here for after all. So whats going on?
We believe the author(s) were researchers at Georgia Tech specializing in DNS attribution research under contract with DARPA, and were tasked by Rodney Joffe to ‘find’ connections between Russia and Donald Trumps circle. There are indications that some of these attributions were, in fact, fabricated.
UndeadFOIA and Margot Cleveland have produced evidence that this Georgia Tech team worked on the DNC Hack and Guccifer 2.0 attribution as well. So its very possible that the writer(s) of this white paper contributed to the DHS JAR that they are referencing.
Now were are back to, in my opinion, the central conceit of this paper. It is not in dispute that there were few YotaPhone sales in the United States, and to their credit they point out that users are likely to use Wifi extensively since the network coverage is poor.
But the authors again fail to define what they consider ‘rare’. If there were only one YotaPhone on the planet (perhaps the critically important one Putin gifted to Xi), it would indeed be notable if it were showing up in Trump related networks. However, there are hundreds of thousands of YotaPhones, undoubtedly some of which would be brought to the US by travelers, business people, or even diplomats.
So the important question that they fail to address is, rare compared to what?
Thats the central, really the only answer this paper needs to provide.
Here is Table 1 that they referenced “the numbers of Yota-related domains resolved globally, for a three week sample period (Sept 28, 2016 to Oct 10, 2016).”
So is that rare? Rare compared to what? Since the authors haven’t told us what they consider ‘global’, we don’t know anything about the dataset they’re making comparisons to.
“Although YotaPhones are rare in the US, the Trump Tower network resolved Yota-related related domains at least as early as 2016-09-05”
Wait a minute- what do they mean by ‘at least’? They didn’t check to see how far back these hits went? It appears they did not. Or perhaps they did, and the answers they got created problems for their narrative. For instance, if Yota related domains were being resolved for years, wouldn’t that suggest that maybe this is just normal traffic?
We don’t know, because they didn’t offer up that data. Again, you can’t tell if something is ‘rare’ if you don’t give us anything to compare it against.
“The last resolution took place on December 15, 2016”. Ok, stop the bus. What do they mean the last resolution? They seem to be insinuating that the resolutions stopped on December 15th, 2016. But they aren’t exactly saying that. Lets not forget that this paper was delivered to the CIA in February of 2017. Its unlikely they pulled it together at the last second.
Why is December 15th notable? Trump left Trump Tower for Mar-a-Lago no later than the 16th and from there moved to DC for the inauguration.
So do they mean, ‘the last resolution recorded in the timeframe of our analysis was recorded December 15’? Had they told us what dates they were examining, we might have a definitive answer to that question. If their query ended December 15th, I guarantee you there were no records after that date. Sadly, we have no way of knowing.
There is a strong indication there was at least one YotaPhone in the Trump Tower. Quite possibly more. It is very likely there were YotaPhones in Trump Tower before July 23rd. And after December 15th. Its a skyscraper in Manhattan. And again, this “up until December 15” business is deeply troubling, as they haven’t told us what timeframe they examined.
There are other lookups in other places the authors consider Trump related. All of which have the same problems as the Trump Towers- they were cherry picked because they were Trump related. The locations didn’t bubble up from the data, they were selected, at the command of Rodney Joffe.
“it may be that these lookups come from a common set of devices.” It may be. And it may well not be. Its back to assuming their conclusions. The only argument they have made that these lookups are related in any way is their assertion that YotaPhones are so rare, its impossible this could just be normal traffic. And they haven’t given us the methodology necessary to examine this claim.
We’re in the home stretch, stay tuned.
Don’t start with me nerds.