Adam Adler: Paul Manafort's Failure in the Cyber Defense of confidential communications
Adam Adler ( Miami, Florida): PAUL MANAFORT has a horrible track record when it comes to digital security. His defense lawyers failed to sufficiently redact portions of a court filing submitted on Tuesday, responding to Robert Mueller’s claims that Manafort violated his plea agreement with the special counsel by lying to prosecutors. The redacted portions of the filing are “hidden” by black bars but can easily be revealed by simply highlighting those bars and copying and pasting the text into a new document. (The error is especially troubling given that it’s relatively easy to properly redact documents, though lawyers in high-profile corporate and even government cases have made similar mistakes in recent years.)
In this redacting fail, Manafort’s lawyers revealed that Mueller alleges the former Trump campaign chair shared polling data “related to the 2016 presidential campaign” with Konstantin Kilimnik, a political consultant the FBI says is connected to Russian intelligence. The “hidden” paragraphs also indicate that the government believes Manafort initially lied to the special counsel and investigators about discussing a Ukraine peace plan with Kilimnik and meeting with him in Spain.
At this point, Manafort’s complicated legal battle with Mueller’s office has dragged on for over a year. But this latest wrinkle is evidence of a problem that has plagued the former lobbyist even longer than that: He appears to be very bad at using technology, at least according to evidence that has been made public in court and in leaked documents.
He Reused His Password
In October 2017, we learned Manafort’s password practices are apparently subpar. That month, special counsel Robert Mueller first charged Manafort with committing a series of financial crimes. After he turned himself into the FBI, security researchers discovered that Manafort allegedly used variations of the phrase “Bond007” for both his former Adobe and Dropbox accounts. The researchers connected him to the accounts using hacked text messages belonging to Manafort’s daughter, Andrea, which had been released on the dark web earlier that year. (At the time, Manafort confirmed that his daughter experienced a breach and that at least some of the messages were authentic.) The correspondence contained what is believed to be Manafort’s former email address. By searching for it in caches of data from past breaches—Adobe was hacked in 2013 and Dropbox in 2012— the researchers discovered that Manafort allegedly used a James Bond–themed password for both accounts. Security experts strongly advise using a complicated, unique password for every account you have.
He Forgot Track Changes Don't Lie
In a court filing from December 2017, Mueller accused Manafort of ghostwriting an op-ed by Ukrainian operative Oleg Voloshyn that was published in the Kyiv Post that month. The article painted Manafort's lobbying work in the country in a flattering light. According to the filing, the FBI learned of Manafort's involvement after obtaining an email he sent to his associate Kilimnik. Attached to the email was a Microsoft Word draft of the op-ed, which included track changes, or edits, made by "paul manafort." The file contained data showing he had spent over 30 minutes altering portions of the article on the night of November 29.
After finding out about the op-ed, the FBI requested the judge in Manafort's case revisit a bond agreement it had reached with Manafort's lawyers. Mueller's team argued the op-ed was part of a public relations campaign Manafort was attempting to orchestrate, which violated the judge's order to refrain from discussing his case in the press. Manafort's lawyers said he was simply exercising his right to free speech and Voloshyn denied that anyone helped him write the article.
He Had Trouble Converting Documents
In February 2018, federal prosecutors unsealed a new indictment against Manafort, accusing him and his associate Richard Gates of committing tax and bank fraud. Mueller’s team detected the scheme in part because Manafort needed Gates’ help in converting a PDF to the Microsoft Word format.
According to the indictment, in October 2016 Manafort created a fake financial statement for his company in order to obtain a loan. He first emailed Gates the real document, which showed $600,000 in losses, and asked Gates to convert the PDF to Word so he could edit it. He then added more than $3.5 million in income and emailed the file back to Gates, requesting he convert it again into a PDF. The emails made it easy for Mueller’s team to tell how and when the financial statement was doctored.
He Stored Incriminating Messages in the Cloud
Manafort apparently didn’t know that encryption is useless if you’re backing up your files to iCloud. In a court filing in June, Mueller accused Manafort of attempting to tamper with witnesses in his case by contacting them over the phone, through an intermediary, and using chat apps including Telegram and WhatsApp. The latter Facebook-owned messaging app is end-to-end encrypted but has a setting that can automatically back up messages to users’ iCloud accounts on iPhone. While the messages Manafort sent were encrypted, the backups he apparently kept were not. The FBI simply needed to serve Apple with a search warrant to access them. If Manafort had turned off iCloud backups on WhatsApp, he may not have run into this exact issue. He also could have used Signal, another encrypted messaging app that doesn’t back up any message history to iCloud. But Signal wouldn’t have solved all of his woes: Two witnesses turned over messages to the US government themselves.
He Tried to Use an Old Email Trick but Failed
At a court hearing that same month, a federal attorney from Mueller’s office accused Manafort of using a technique called “folding” to contact witnesses without getting caught. Essentially, he created an email account but never sent anything. Instead, he wrote his correspondence in the drafts and shared the account password with the intended recipients. They could sign in, read the messages, and delete them. The problem is the technique, favored by the terrorist group al Qaeda, is already familiar to federal prosecutors. Former CIA director David Petraeus and his biographer, Paula Broadwell, also used folding to send secret messages, which the FBI uncovered in 2012. The correspondence indicated the pair were having an affair.
Of course, Manafort could have avoided this whole mess by not committing crimes in the first place. However, he also really struggled to cover them up.
Adam Adler (Miami, Florida) is a Cyber Defense & Cyber Warfare Advisor, as well as Chairman of the Board for Digital Bank Vault. A long time entrepreneur with over 18 years of experience all at top-level management and ownership, Mr. Adler has focused his recent years on Cyber Security and defending our youth online. DBV has developed a proprietary encryption method that continues Adam’s mantra of “Privacy is Priceless”. DigitalBank Vault provides impenetrable defensive cyber solutions for Keyless End to End Encrypted, Peer to Peer, mobile, and computer communications. Adam and DigitalBank Vault have constructed new & disruptive cyber defense technologies to solve many privacy issues commonly found online and defend against unwanted intrusion.
Adam Adler (Miami, Florida) received a scholarship to play tennis at the University of South Carolina and graduated in 2007 Magna Cum Laude from USC, double majoring in Sports & Entertainment Management and Business. In 2005, Adam became an All American with his teammates at USC. Mr. Adler participated in the NCAA Indoor Championships in Seattle, WA as well as the NCAA Championships every year of his college career at USC. He and his team achieved a team high ranking of #8. Prior to attending USC, Adam was a highly-ranked junior tennis player from the age of 10 to 18. Adam began playing poker in his free time and quickly became entrenched in the game, studying hours a day. Adam traveled around the country playing in some of the highest stakes No Limit and Pot Limit Omaha cash games in the world. Adam has made multiple World Series of Poker Final Tables, with his most notable finish coming in 2018 with a runner-up finish in the $10,000 Turbo Event. Adam has won millions of dollars in both cash game and tournament poker over the last 15 years.
Adam Adler (Miami, Florida) is currently managing The Adler Fund, investing in cybersecurity, real-estate, emerging growth companies, cannabis, and biotechnology. Adam has recently started the Adler Agency, a sports management company with several of the world’s top, mid and lower-tier tennis players and select athletes across multiple sports. The Adler Agency focuses on bringing its clients revolutionary and out-of-the-box opportunities other agencies simply do not have access to. The Adler Agency is launching a world-class tennis academy and training facility in Charleston, SC at the beginning of 2021 to provide its players and others from around the world the opportunity to train and play with the sport’s best.