Software developer at a big library, cyclist, photographer, hiker, reader. Email: chris@improbable.org
19626 stories
·
182 followers

Trump is rushing to hire seasoned lawyers — but he keeps hearing ‘No’ - The Washington Post

2 Comments

Former president Donald Trump and close aides have spent the eight days since the FBI searched his Florida home rushing to assemble a team of respected defense lawyers. But the answer they keep hearing is “no.”

The struggle to find expert legal advice puts Trump in a bind as he faces potential criminal exposure from a records dispute with the National Archives that escalated into a federal investigation into possible violations of the Espionage Act and other statutes.

“Everyone is saying no,” said a prominent Republican lawyer, who like some others spoke on the condition of anonymity to discuss confidential conversations.

Trump is no stranger to legal proceedings, and his scramble to hire lawyers in the face of an ominous federal probe recalls his predicament in the summer of 2017, when he was under scrutiny from special counsel Robert S. Mueller III in the Russia probe. Once again, Trump is struggling to find a veteran criminal defense lawyer with a strong track record of dealing with the Justice Department in a sprawling, multipronged investigation.

Longtime confidants and advisers of Trump have grown extremely worried about Trump’s current stable of lawyers, noting that most of them have little to no experience in cases of this type, according to two people familiar with the internal discussions.

Taylor Budovich, a Trump spokesman, defended the quality of the former president’s legal team in a statement Tuesday night, singling out former federal prosecutors Evan Corcoran and James Trusty.

“The President’s lead counsel in relation to the raid of his home, Jim Trusty and Evan Corcoran, have decades of prosecutorial experience and have litigated some of the most complex cases in American history," Budovich said. “President Trump is represented by some of the strongest attorneys in the country, and any suggestion otherwise is only driven by envy."

“The Trump team needs a first-rate, highly experienced federal criminal practitioner,” said Jon Sale, a prominent Florida defense attorney who worked on the Watergate prosecution team and said he turned down representing Trump last week because he did not have enough time to devote to the case. “You have to evaluate whether you want to take it. It’s not like a DUI. It’s representing the former president of the United States — and maybe the next one — in what’s one of the highest-visibility cases ever.”

Ordinarily, the prestige and publicity of representing a former president, as well as the new and complex legal issues at stake in this case, would attract high-powered attorneys. But Trump’s search is being hampered by his divisiveness, as well as his reputation for stiffing vendors and ignoring advice.

“In olden days, he would tell firms representing him was a benefit because they could advertise off it. Today it’s not the same,” said Michael Cohen, a former lawyer for Trump who was convicted of tax evasion, false statements, campaign finance violations and lying to Congress in 2018. “He’s also a very difficult client in that he’s always pushing the envelope, he rarely listens to sound legal advice, and he wants you to do things that are not appropriate, ethically or legally.”

One lawyer told a story from early in Trump’s presidency of his legal team urging him against tweeting about the Mueller probe, only to find he’d tweeted about it before they got to the end of the West Wing driveway. Several people said Trump was nearly impossible to represent and that it would be unclear if they would ever get paid.

People familiar with the search for legal help said the effort includes Susie Wiles, a close adviser to Trump, and attorney Christina Bobb, who was present at Mar-a-Lago during the search and signed for the list of documents taken. Former campaign adviser Boris Epshteyn is taking a prominent role, and former White House aide Kash Patel is advising informally. Patel is raising money for a “legal offense” fund by selling merchandise such as tank tops and beanies emblazoned with the logo “K$H.”

“You get these guys who just live to be around him, and mistakes get made,” a lawyer who isn’t part of the team said. “These guys just want to make him happy.”

Bobb was previously a host on the far-right, pro-Trump television network One America News. At OAN, Bobb covered the Arizona Republican Party’s review of 2020 ballots — which ultimately confirmed Joe Biden’s win in the state — while also raising money for the effort and conferring with Trump advisers, The Washington Post has reported.

Bobb’s prior legal experience at the federal level consists mainly of a handful of trademark infringement cases on behalf of CrossFit during a stint at a San Diego law firm. She did not respond to requests for comment.

Trump’s other lawyer currently based in Florida is Lindsey Halligan, whose practice, according to a professional biography, focuses on insurance claims at residential and commercial properties. She was admitted to the Florida bar in 2014. A search of federal court records found no filings under her name. She did not respond to requests for comment.

Trump is also being represented in the records dispute by Alina Habba, who leads a three-attorney firm with an office near Trump’s golf club in Bedminster, N.J. Her professional experience includes serving as general counsel to a parking garage company. Last year, Habba started representing Trump in several cases including defending him from a defamation claim by the writer E. Jean Carroll, who accused him of a decades-old sexual assault; suing the New York Times and Trump’s niece, Mary L. Trump; and suing 2016 opponent Hillary Clinton, the Democratic National Committee and other perceived enemies, alleging a conspiracy to harm Donald Trump through the Russia scandal. Habba did not respond to requests for comment.

Others on the team have relatively more experience with federal criminal probes.Trusty formerly served in the Justice Department’s criminal division and headed the organized crime and gang section. He has recently represented clients accused of financial fraud, defrauding the U.S. Department of Agriculture and trading in counterfeit military uniforms. He referred questions to Trump’s spokesman.

Corcoran is a former federal prosecutor viewed by Trump aides as a serious and experienced attorney. His recent clients include a former Capitol Police officer accused of obstructing the Jan. 6 investigation by telling a riot suspect to remove Facebook posts, and a Pennsylvania man who pleaded guilty to participating in the riot and was sentenced to 60 days in prison. Corcoran also represented former Trump adviser Stephen K. Bannon in his contempt trial for defying a House subpoena in the Jan. 6 probe. Bannon was convicted in July.

Some of Trump’s interactions with the Justice Department have also been handled by John Rowley, another former federal prosecutor now at his own firm, Politico has reported. Rowley didn’t respond to requests for comment.

In another potential complication, any lawyer who made assurances to the FBI on Trump’s behalf could have their own legal exposure or become a witness in the case. One letter signed by a lawyer on Trump’s team was sent to the Justice Department in June suggesting that all classified material had been turned over, according to a person with direct knowledge of the matter. The existence of the letter was first reported by the New York Times.

“Either the attorney acted in good faith on what turned out to be false factual representations made by Mr. Trump or someone else communicating on his behalf, in which case Mr. Trump or his proxy would have criminal jeopardy for false statements or obstruction of justice, or the attorney knowingly gave false assurances to the government,” said David Laufman, the former Justice Department chief of the counterintelligence division, which is now investigating the classified records kept at Trump’s home. “And it’s hard to believe that a lawyer knowingly would have lied to the government about the continued presence of classified documents.”

The universe of experienced federal practitioners is not actually that extensive, and the case would likely monopolize their time to the exclusion of all other clients. Possible candidates and their firms may be further deterred by the controversy that would attach to defending Trump.

“Good lawyers should have been working on this case for months,” said Alan Dershowitz, the former Harvard Law School professor who has advised Trump in the past and said he hasn’t been asked to get involved now. “He needs a big and good and very experienced defense team with experience trying cases.”

Dershowitz said he recommended Harvard colleague Ronald S. Sullivan Jr., the faculty director of the Harvard Criminal Justice Institute and the Harvard Trial Advocacy Workshop. Sullivan said he hasn’t heard from Trump’s team.

“They clearly need someone with federal trial experience, and someone familiar with high-profile cases who can stay on task and not be distracted by the media glare,” Sullivan said. “The case itself presents a range of issues that would be of interest to a lot of good lawyers. Some lawyers may reasonably feel as though the public will conflate Mr. Trump’s policy aims and positions with the lawyer’s. In that way, many lawyers may be disinclined to expose themselves to the public opprobrium that would follow that sort of representation.”

Trump has long been a notoriously high-maintenance client. When he was trying to make his mark in Manhattan real estate as a young man, Trump had an especially demanding cadence with his lawyer, the late Roy Cohn. “Donald calls me 15 to 20 times a day. He is always asking, ‘What is the status of this ... and that?’” Cohn was quoted as saying in a Vanity Fair story about their attorney-client relationship.

Many of the president’s former lawyers, such as Pat Cipollone, Pat Philbin and Justin Clark are not expected to be involved in the investigation’s defense, people familiar with the matter said. Cipollone has been interviewed already, one of these people said, a detail first reported by the New York Times.

Two longtime Trump top legal advisers during the Mueller investigation, Jay Sekulow and Jane Raskin, are still close to the former president but not involved in his current legal team. Among other alumni of the defense to the Mueller investigation, Ty Cobb has become publicly critical of Trump, and former White House counsel Donald McGahn is no longer close with the former president. McGahn represented Sen. Lindsey O. Graham (R-S.C.), who is fighting a subpoena in a separate investigation into Trump and his allies in Georgia. Another former Trump lawyer, Emmet Flood, is now representing Marc Short, adviser to former vice president Mark Pence.

“This is not good,” one Trump confidant said of the president’s lack of a high-profile white-collar defense lawyer. “Something big is going to pop. Somebody needs to be in charge.”

Ellen Nakashima contributed to this report.

Read the whole story
Share this story
Delete
2 public comments
fxer
15 minutes ago
reply
Retainerrrrrrr

https://youtu.be/OHSYWIAAY2o
Bend, Oregon
acdha
56 minutes ago
reply
This would be funnier if ⅔ of the Supreme Court weren’t going to bend over backwards trying to find a way to decide in favor of whatever theory these clowns come up with.
Washington, DC
HarlandCorbin
22 minutes ago
Funny how nobody wants to defend the crackpot who doesn't pay his lawyers...

In rare move, school librarian fights back in court against conservative activists

1 Share

A Louisiana school librarian is suing two men for defamation after they accused her of advocating to keep "pornographic" materials in the parish library's kids' section. It's a rare example of an educator taking legal action against conservatives who use extreme rhetoric in their battle against LGBTQ-themed books.

Amanda Jones, a librarian at a middle school in Denham Springs, Louisiana, filed a defamation lawsuit Wednesday, arguing that Facebook pages run by Michael Lunsford and Ryan Thames falsely labeled her a pedophile who wants to teach 11-year-olds about anal sex.

Jones, the president of the Louisiana Association of School Librarians, was alarmed and outraged by the verbal attacks, which came after she spoke against censorship at a Livingston Parish Library Board of Control meeting. She said she’s suing the two men because she’s exhausted with the insults hurled at educators and librarians over LGBTQ materials.

“I’ve had enough for everybody,” Jones said in an interview. “Nobody stands up to these people. They just say what they want and there are no repercussions and they ruin people’s reputations and there’s no consequences.” 

Lunsford did not respond to requests for comment. Thames declined to comment.

Nationwide, school districts have been bombarded by conservative activists and parents over the past year demanding that books with sexual references or that discuss racial conflict, often by authors of color or those who are LGBTQ, be purged from campuses. Those demands have slowly moved toward public libraries in recent months.  

Many conservative activists have referred to people who defend the books as “groomers,” comparing them to child molesters. The Proud Boys, an extremist hate group, has barged into LGBTQ-themed reading events in several libraries, insisting they need to protect children. Some librarians have said they no longer feel safe serving in their roles.

Jones, the 2021 Louisiana Association of Computer Using Educators Middle School Teacher of the Year and the 2021 School Library Journal’s Librarian of the Year, said more than 200 librarians have reached out to her as the insults on Facebook spread. Many claimed they had been victims of similar verbal and online abuse in the past two years. More than 600 people donated a combined $20,000 for Jones on GoFundMe so she could respond with legal action.

The defamation suit seeks damages and asks a judge to issue a restraining order to prevent the two activists from speaking about Jones publicly. She also filed criminal complaints with the Livingston Parish Sheriff’s Office against the men. The sheriff’s office said the case is under investigation. 

Jones spoke against censorship at the Livingston Parish public library’s board meeting on July 19 when the board had been set to consider a motion to evaluate the content of certain books. Posts on Facebook in the days leading up to the meeting expressed outrage about sexual references in sex education books available at the public library. Jones and many other local citizens feared the board would respond by banning or restricting literature with LGBTQ content and themes, which they’d seen happen elsewhere.

At the start of the meeting, board member Erin Sandefur said an unnamed state official brought some “inappropriate” books available at the library to her attention 

“The citizens of our parish consist of taxpayers who are white, Black, brown, gay, straight, Christian, non-Christian — people from all backgrounds and walks of life, and no one portion of the community should dictate what the rest of the citizens have access to,” Jones said at the meeting. “Just because you don’t want to read it or see it, it doesn’t give you the right to deny others or demand its relocation.”

Jones did not mention any specific title in her remarks, but said it’s a “false narrative” that librarians are putting pornography in children’s sections. She also conceded that “book challenges are often done with the best intentions, and in the name of age appropriateness.”

Lunsford, who runs a conservative activist group called Citizens for a New Louisiana, spoke at the meeting in favor of restrictions on books with sexual content. 

Three days after the meeting, Citizens for a New Louisiana posted Jones’ picture on Facebook and asked, “Why is she fighting so hard to keep sexually erotic and pornographic materials in the kid’s section?” Lunsford also submitted records requests to Jones’ school, demanding access to her personnel file and her emails and said he planned to visit her workplace, according to the suit.

Over the next two weeks, the organization’s page posted several more times about Jones, at one point stating she believes “that sharing erotica and instructing juveniles on sex acts is progressive.”

At the same time, another Facebook page called “Bayou State of Mind” posted memes with Jones' photo and said she is “advocating teaching anal sex to 11-year-olds.” The page, which has 6,300 followers, regularly posts anti-abortion comments, misinformation about Covid vaccines and memes insulting the LGBTQ community. It later mocked her and other librarians fighting censorship. According to the lawsuit, Thames runs the “Bayou State of Mind” page.

People commented on some of the posts with calls that she be physically assaulted, and they circulated where she worked, screenshots show.

“It’s awful, it’s humiliating,” Jones said. 

She added that she was overwhelmed and didn’t leave her house for two weeks, instead she had groceries delivered. She sat down with her teenage daughter to explain the memes and Facebook posts, and worried what her classmates would say to her about them. Even when people told her they were rooting for her, she said it still felt embarrassing. 

But she felt compelled to fight back, she said, because she’s well-known in the library world and  if she didn’t speak out, other targeted librarians would not either.

“If this takes four or five years, I’m going to fight these people on this,” she said. “Even if I lose, I could say I stood up to them.”

Read the whole story
Share this story
Delete

Trump-Backed Bo Hines Thinks 'Banana Republic' Means a Store

1 Comment and 2 Shares

Trump-endorsed Republican congressional candidate Bo Hines made a cringeworthy gaffe while trying to deride President Joe Biden’s mental sharpness, misusing the popular political expression “banana republic.”

Hines is the former football player who was endorsed by former President Donald Trump in March, and defeated his next-closest competitor by ten points in the North Carolina 13th district Republican primary.

“Bo Hines is an unwavering America First patriot and he has my Complete and Total Endorsement!” Trump wrote in his endorsement message.

He’s also a viral sensation now, thanks to an appearance on the John Fredericks Radio Show that was flagged by Carolina Forward and circulated widely on Twitter. The trouble started when host John Fredericks asked Hines if he’d actually follow through with defunding the FBI:

JOHN FREDERICKS: You get the Congress, is it going to be real? Are we actually going to be willing to defund IRS, FBI and things of that nature?

BO HINES: I mean, we have to. I mean, we’re at a point in our country now where we have a unregulated fourth branch of government that’s targeting middle class Americans on a daily basis. I mean, it’s unbelievable, what we’re seeing. A lot of people have likened the situation that’s going on right now is, you know, they say we’re in a Banana Republic. I think that’s an insult to Banana Republics across the country. I mean, at least the manager of Banana Republic, unlike our president, knows where he is and why he’s there and what he’s doing.

The term “Banana republic” dates back to a 1901 story by O. Henry, and is used as political shorthand for corrupt, unstable, authoritarian governments like the tropical country described in the story. The clothing company of the same name was founded in 1978.

Fredericks did not circle back to the reference during the rest of the half-hour interview, at least not the portion that aired. The live feed also shows the conversation during the commercial breaks, but in the break following the gaffe, Fredericks muted the hot mic about halfway through his goodbyes to Hines and his press rep.

Watch above via The John Fredericks Radio Show.

Have a tip we should know? tips@mediaite.com

Read the whole story
Share this story
Delete
1 public comment
christophersw
11 hours ago
reply
I'm really hoping this was a failed attempt at humor...

Personally, I think our country's becoming a real Forever 21.
Baltimore, MD

CDC to regain control of US hospital data after Trump-era seizure, chaos | Ars Technica

3 Shares

This December, the US Centers for Disease Control and Prevention will finally regain control of national COVID-19 hospital data—which the agency abruptly lost early in the pandemic to an inexperienced private company with ties to then-President Donald Trump.

As SARS-CoV-2 raged in the summer of 2020, the Trump administration was busy sabotaging the once-premier public health agency. The administration's meddling included stripping the CDC of its power to collect critical data on COVID-19 patients and pandemic resources in hospitals around the country.

According to multiple investigative reports at the time, then-White House Coronavirus Task Force Coordinator Deborah Birx was frustrated by the CDC's slow and somewhat messy process of collecting and tidying the data submitted by thousands of hospitals. The data included stats on admissions, patient demographics, bed availability, ventilator use, discharges, and personal protective equipment (PPE) supplies.

The switch

In July 2020, the Trump administration abruptly directed hospitals to stop reporting all that data to the CDC and instead submit it to a new database run by the Pittsburgh-based software company TeleTracking Technologies. The little-known company had won a $10.2 million, six-month contract with the federal government, despite having no previous experience with setting up such a data-collection system. Before the award, the company had won only small contracts with the Department of Veteran Affairs for software that tracked the status of patients. The $10.2 million pandemic-era grant was over twenty times larger than all of the company's previous government grants combined.

The move quickly drew questions and concern from journalists and lawmakers. An investigation by NPR detailed irregularities in how TeleTracking won the contract. For instance, the Department of Health and Human Services initially said it was a no-bid contract—meaning that companies did not provide competing proposals to do the work—only to backpedal and say there was competition. The department clarified that the contract was won through a low-stakes competitive process called a "Broad Agency Announcement," which is a process usually used for innovative research, not setting up a database.

Meanwhile, a spokesperson for TeleTracking co-CEO Michael Zamagias told NPR that the company won the contract after the HHS reached out to it directly over the phone. NPR also noted that Zamagias was a long-time Republican donor who was previously in the real-estate business. Notably, he had personal ties to a Manhattan-based real estate financing company, Cooper-Horowitz, which worked extensively with the Trump Organization. Neal Cooper, whose father was a partner in the company, was closely mentored by Zamagias. Cooper told NPR that "we did tons of business with [Trump], billions of dollars of business."

End of an era

When officials for the Trump administration delivered the news to the CDC that TeleTracking was taking over, staffers immediately knew that the transfer would be a disaster, according to an investigative report by Science. One CDC staff member left the announcement meeting to sob. Others were outraged. "Birx has been on a monthslong rampage against our data," one CDC employee texted to a colleague shortly after the meeting. "Good fucking luck getting the hospitals to clean up their data and update daily."

The CDC staffers were right to be pessimistic. The transition to the new system was chaotic due to technical and administrative problems. Hospitals complained that they didn't have enough time to prepare and that they faced frustrating technical problems requiring intensive resources at a time when they were overwhelmed with patients. The result was unreliable data amid a public health crisis.

"We went dark at the same time we were getting close to what our previous peak was," Dave Dillon, vice president of media and public relations for the Missouri Hospital Association, told Healthcare IT News at the time. "Moving from a known platform that all of the individuals could easily manipulate… has harmed our ability to have that situational awareness."

Nevertheless, TeleTracking's contract has been continually renewed since then, and the company has earned more than $50 million. Now, that's coming to an end. The latest contract expires on December 31 and will not be renewed. Hospitals will once again submit their data to the CDC starting in mid-December, according to a leaked email seen by Bloomberg News.

“This change is both a surprise and a disappointment for us,” Christopher Johnson​, TeleTracking's president and co‑CEO told Bloomberg. Johnson added that the company will work to make the transition smooth.

The move follows emphasis by current CDC Director Rochelle Walensky to modernize the CDC's data collection. On August 1, the federal government issued a final rule that outlined new measures for the data collection system. Some hospitals have called the switch back "disruptive," Bloomberg noted, but it generally appears to be a rare win for the CDC, which has faced extensive criticism amid the pandemic.

Read the whole story
iridesce
9 hours ago
reply
DC
Share this story
Delete

breaking all macOS security layers with a single vulnerability · Sector 7

1 Share

If you have created a new macOS app with Xcode 13.2, you may noticed this new method in the template:

- (BOOL)applicationSupportsSecureRestorableState:(NSApplication *)app {
	return YES;
}

This was added to the Xcode template to address a process injection vulnerability we reported!

In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP. In this post, we will first describe what process injection is, then the details of this vulnerability and finally how we abused it.

Process injection is the ability for one process to execute code in a different process. In Windows, one reason this is used is to evade detection by antivirus scanners, for example by a technique known as DLL hijacking. This allows malicious code to pretend to be part of a different executable. In macOS, this technique can have significantly more impact than that due to the difference in permissions two applications can have.

In the classic Unix security model, each process runs as a specific user. Each file has an owner, group and flags that determine which users are allowed to read, write or execute that file. Two processes running as the same user have the same permissions: it is assumed there is no security boundary between them. Users are security boundaries, processes are not. If two processes are running as the same user, then one process could attach to the other as a debugger, allowing it to read or write the memory and registers of that other process. The root user is an exception, as it has access to all files and processes. Thus, root can always access all data on the computer, whether on disk or in RAM.

This was, in essence, the same security model as macOS until the introduction of SIP, also known as “rootless”. This name doesn’t mean that there is no root user anymore, but it is now less powerful on its own. For example, certain files can no longer be read by the root user unless the process also has specific entitlements. Entitlements are metadata that is included when generating the code signature for an executable. Checking if a process has a certain entitlement is an essential part of many security measures in macOS. The Unix ownership rules are still present, this is an additional layer of permission checks on top of them. Certain sensitive files (e.g. the Mail.app database) and features (e.g. the webcam) are no longer possible with only root privileges but require an additional entitlement. In other words, privilege escalation is not enough to fully compromise the sensitive data on a Mac.

For example, using the following command we can see the entitlements of Mail.app:

$ codesign -dvvv --entitlements - /System/Applications/Mail.app

In the output, we see the following entitlement:

...
	[Key] com.apple.rootless.storage.Mail
	[Value]
		[Bool] true
...

This is what grants Mail.app the permission to read the SIP protected mail database, while other malware will not be able to read it.

Aside from entitlements, there are also the permissions handled by Trust, Transparency and Control (TCC). This is the mechanism by which applications can request access to, for example, the webcam, microphone and (in recent macOS versions) also files such as those in the Documents and Download folders. This means that even applications that do not use the Mac Application sandbox might not have access to certain features or files.

Of course entitlements and TCC permissions would be useless if any process can just attach as a debugger to another process of the same user. If one application has access to the webcam, but the other doesn’t, then one process could attach as a debugger to the other process and inject some code to steal the webcam video. To fix this, the ability to debug other applications has been heavily restricted.

Changing a security model that has been used for decades to a more restrictive model is difficult, especially in something as complicated as macOS. Attaching debuggers is just one example, there are many similar techniques that could be used to inject code into a different process. Apple has squashed many of these techniques, but many other ones are likely still undiscovered.

Aside from Apple’s own code, these vulnerabilities could also occur in third-party software. It’s quite common to find a process injection vulnerability in a specific application, which means that the permissions (TCC permissions and entitlements) of that application are up for grabs for all other processes. Getting those fixed is a difficult process, because many third-party developers are not familiar with this new security model. Reporting these vulnerabilities often requires fully explaining this new model! Especially Electron applications are infamous for being easy to inject into, as it is possible to replace their JavaScript files without invalidating the code signature.

More dangerous than a process injection vulnerability in one application is a process injection technique that affects multiple, or even all, applications. This would give access to a large number of different entitlements and TCC permissions. A generic process injection vulnerability affecting all applications is a very powerful tool, as we’ll demonstrate in this post.

When shutting down a Mac, it will prompt you to ask if the currently open windows should be reopened the next time you log in. This is a part of functionally called “saved state” or “persistent UI”.

When reopening the windows, it can even restore new documents that were not yet saved in some applications.

It is used in more places than just at shutdown. For example, it is also used for a feature called App Nap. When application has been inactive for a while (has not been the focused application, not playing audio, etc.), then the system can tell it to save its state and terminates the process. macOS keeps showing a static image of the application’s windows and in the Dock it still appears to be running, while it is not. When the user switches back to the application, it is quickly launched and resumes its state. Internally, this also uses the same saved state functionality.

When building an application using AppKit, support for saving the state is for a large part automatic. In some cases the application needs to include its own objects in the saved state to ensure the full state can be recovered, for example in a document-based application.

Each time an application loses focus, it writes to the files:

~/Library/Saved Application State/<Bundle ID>.savedState/windows.plist
~/Library/Saved Application State/<Bundle ID>.savedState/data.data

The windows.plist file contains a list of all of the application’s open windows. (And some other things that don’t look like windows, such as the menu bar and the Dock menu.)

For example, a windows.plist for TextEdit.app could look like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<dict>
		<key>MenuBar AvailableSpace</key>
		<real>1248</real>
		<key>NSDataKey</key>
		<data>
		Ay1IqBriwup4bKAanpWcEw==
		</data>
		<key>NSIsMainMenuBar</key>
		<true/>
		<key>NSWindowID</key>
		<integer>1</integer>
		<key>NSWindowNumber</key>
		<integer>5978</integer>
	</dict>
	<dict>
		<key>NSDataKey</key>
		<data>
		5lyzOSsKF24yEcwAKTBSVw==
		</data>
		<key>NSDragRegion</key>
		<data>
		AAAAgAIAAADAAQAABAAAAAMAAABHAgAAxgEAAAoAAAADAAAABwAAABUAAAAb
		AAAAKQAAAC8AAAA9AAAARwIAAMcBAAAMAAAAAwAAAAcAAAAVAAAAGwAAACkA
		AAAvAAAAPQAAAAkBAABLAQAARwIAANABAAAKAAAAFQAAABsAAAApAAAALwAA
		AD0AAAAJAQAASwEAAD4CAADWAQAABgAAAAwAAAAJAQAASwEAAD4CAADXAQAA
		BAAAAAwAAAA+AgAA2QEAAAIAAAD///9/
		</data>
		<key>NSTitle</key>
		<string>Untitled</string>
		<key>NSUIID</key>
		<string>_NS:34</string>
		<key>NSWindowCloseButtonFrame</key>
		<string>{{7, 454}, {14, 16}}</string>
		<key>NSWindowFrame</key>
		<string>177 501 586 476 0 0 1680 1025 </string>
		<key>NSWindowID</key>
		<integer>2</integer>
		<key>NSWindowLevel</key>
		<integer>0</integer>
		<key>NSWindowMiniaturizeButtonFrame</key>
		<string>{{27, 454}, {14, 16}}</string>
		<key>NSWindowNumber</key>
		<integer>5982</integer>
		<key>NSWindowWorkspaceID</key>
		<string></string>
		<key>NSWindowZoomButtonFrame</key>
		<string>{{47, 454}, {14, 16}}</string>
	</dict>
	<dict>
		<key>CFBundleVersion</key>
		<string>378</string>
		<key>NSDataKey</key>
		<data>
		P7BYxMryj6Gae9Q76wpqVw==
		</data>
		<key>NSDockMenu</key>
		<array>
			<dict>
				<key>command</key>
				<integer>1</integer>
				<key>mark</key>
				<integer>2</integer>
				<key>name</key>
				<string>Untitled</string>
				<key>system-icon</key>
				<integer>1735879022</integer>
				<key>tag</key>
				<integer>2</integer>
			</dict>
			<dict>
				<key>separator</key>
				<true/>
			</dict>
			<dict>
				<key>command</key>
				<integer>2</integer>
				<key>indent</key>
				<integer>0</integer>
				<key>name</key>
				<string>New Document</string>
				<key>tag</key>
				<integer>0</integer>
			</dict>
		</array>
		<key>NSExecutableInode</key>
		<integer>1152921500311961010</integer>
		<key>NSIsGlobal</key>
		<true/>
		<key>NSSystemAppearance</key>
		<data>
		YnBsaXN0MDDUAQIDBAUGBwpYJHZlcnNpb25ZJGFyY2hpdmVyVCR0b3BYJG9i
		amVjdHMSAAGGoF8QD05TS2V5ZWRBcmNoaXZlctEICVRyb290gAGkCwwRElUk
		bnVsbNINDg8QViRjbGFzc18QEE5TQXBwZWFyYW5jZU5hbWWAA4ACXxAUTlNB
		cHBlYXJhbmNlTmFtZUFxdWHSExQVFlokY2xhc3NuYW1lWCRjbGFzc2VzXE5T
		QXBwZWFyYW5jZaIVF1hOU09iamVjdAgRGiQpMjdJTFFTWF5jan1/gZidqLG+
		wQAAAAAAAAEBAAAAAAAAABgAAAAAAAAAAAAAAAAAAADK
		</data>
		<key>NSSystemVersion</key>
		<array>
			<integer>12</integer>
			<integer>2</integer>
			<integer>1</integer>
		</array>
		<key>NSWindowID</key>
		<integer>4294967295</integer>
		<key>NSWindowZOrder</key>
		<array>
			<integer>5982</integer>
		</array>
	</dict>
</array>
</plist>

The data.data file contains a custom binary format. It consists of a list of records, each record contains an AES-CBC encrypted serialized object. The windows.plist file contains the key (NSDataKey) and a ID (NSWindowID) for the record from data.data it corresponds to.

For example:

00000000  4e 53 43 52 31 30 30 30  00 00 00 01 00 00 01 b0  |NSCR1000........|
00000010  ec f2 26 b9 8b 06 c8 d0  41 5d 73 7a 0e cc 59 74  |..&.....A]sz..Yt|
00000020  89 ac 3d b3 b6 7a ab 1b  bb f7 84 0c 05 57 4d 70  |..=..z.......WMp|
00000030  cb 55 7f ee 71 f8 8b bb  d4 fd b0 c6 28 14 78 23  |.U..q.......(.x#|
00000040  ed 89 30 29 92 8c 80 bf  47 75 28 50 d7 1c 9a 8a  |..0)....Gu(P....|
00000050  94 b4 d1 c1 5d 9e 1a e0  46 62 f5 16 76 f5 6f df  |....]...Fb..v.o.|
00000060  43 a5 fa 7a dd d3 2f 25  43 04 ba e2 7c 59 f9 e8  |C..z../%C...|Y..|
00000070  a4 0e 11 5d 8e 86 16 f0  c5 1d ac fb 5c 71 fd 9d  |...]........\q..|
00000080  81 90 c8 e7 2d 53 75 43  6d eb b6 aa c7 15 8b 1a  |....-SuCm.......|
00000090  9c 58 8f 19 02 1a 73 99  ed 66 d1 91 8a 84 32 7f  |.X....s..f....2.|
000000a0  1f 5a 1e e8 ae b3 39 a8  cf 6b 96 ef d8 7b d1 46  |.Z....9..k...{.F|
000000b0  0c e2 97 d5 db d4 9d eb  d6 13 05 7d e0 4a 89 a4  |...........}.J..|
000000c0  d0 aa 40 16 81 fc b9 a5  f5 88 2b 70 cd 1a 48 94  |..@.......+p..H.|
000000d0  47 3d 4f 92 76 3a ee 34  79 05 3f 5d 68 57 7d b0  |G=O.v:.4y.?]hW}.|
000000e0  54 6f 80 4e 5b 3d 53 2a  6d 35 a3 c9 6c 96 5f a5  |To.N[=S*m5..l._.|
000000f0  06 ec 4c d3 51 b9 15 b8  29 f0 25 48 2b 6a 74 9f  |..L.Q...).%H+jt.|
00000100  1a 5b 5e f1 14 db aa 8d  13 9c ef d6 f5 53 f1 49  |.[^..........S.I|
00000110  4d 78 5a 89 79 f8 bd 68  3f 51 a2 a4 04 ee d1 45  |MxZ.y..h?Q.....E|
00000120  65 ba c4 40 ad db e3 62  55 59 9a 29 46 2e 6c 07  |e..@...bUY.)F.l.|
00000130  34 68 e9 00 89 15 37 1c  ff c8 a5 d8 7c 8d b2 f0  |4h....7.....|...|
00000140  4b c3 26 f9 91 f8 c4 2d  12 4a 09 ba 26 1d 00 13  |K.&....-.J..&...|
00000150  65 ac e7 66 80 c0 e2 55  ec 9a 8e 09 cb 39 26 d4  |e..f...U.....9&.|
00000160  c8 15 94 d8 2c 8b fa 79  5f 62 18 39 f0 a5 df 0b  |....,..y_b.9....|
00000170  3d a4 5c bc 30 d5 2b cc  08 88 c8 49 d6 ab c0 e1  |=.\.0.+....I....|
00000180  c1 e5 41 eb 3e 2b 17 80  c4 01 64 3d 79 be 82 aa  |..A.>+....d=y...|
00000190  3d 56 8d bb e5 7a ea 89  0f 4c dc 16 03 e9 2a d8  |=V...z...L....*.|
000001a0  c5 3e 25 ed c2 4b 65 da  8a d9 0d d9 23 92 fd 06  |.>%..Ke.....#...|
[...]

Whenever an application is launched, AppKit will read these files and restore the windows of the application. This happens automatically, without the app needing to implement anything. The code for reading these files is quite careful: if the application crashed, then maybe the state is corrupted too. If the application crashes while restoring the state, then the next time the state is discarded and it does a fresh start.

The vulnerability we found is that the encrypted serialized object stored in the data.data file was not using “secure coding”. To explain what that means, we’ll first explain serialization vulnerabilities, in particular on macOS.

Serialized objects

Many object-oriented programming languages have added support for binary serialization, which turns an object into a bytestring and back. Contrary to XML and JSON, these are custom, language specific formats. In some programming languages, serialization support for classes is automatic, in other languages classes can opt-in.

In many of those languages these features have lead to vulnerabilities. The problem in many implementations is that an object is created first, and then its type is checked. Methods may be called on these objects when creating or destroying them. By combining objects in unusual ways, it is sometimes possible to gain remote code execution when a malicious object is deserialized. It is, therefore, not a good idea to use these serialization functions for any data that might be received over the network from an untrusted party.

For Python pickle and Ruby Marshall.load remote code execution is straightforward. In Java ObjectInputStream.readObject and C#, RCE is possible if certain commonly used libraries are used. The ysoserial and ysoserial.net tools can be used to generate a payload depending on the libraries in use. In PHP, exploitability for RCE is rare.

Objective-C serialization

In Objective-C, classes can implement the NSCoding protocol to be serializable. Subclasses of NSCoder, such as NSKeyedArchiver and NSKeyedUnarchiver, can be used to serialize and deserialize these objects.

How this works in practice is as follows. A class that implements NSCoding must include a method:

- (id)initWithCoder:(NSCoder *)coder;

In this method, this object can use coder to decode its instance variables, using methods such as -decodeObjectForKey:, -decodeIntegerForKey:, -decodeDoubleForKey:, etc. When it uses -decodeObjectForKey:, the coder will recursively call -initWithCoder: on that object, eventually decoding the entire graph of objects.

Apple has also realized the risk of deserializing untrusted input, so in 10.8, the NSSecureCoding protocol was added. The documentation for this protocol states:

A protocol that enables encoding and decoding in a manner that is robust against object substitution attacks.

This means that instead of creating an object first and then checking its type, a set of allowed classes needs to be included when decoding an object.

So instead of the unsafe construction:

id obj = [decoder decodeObjectForKey:@"myKey"];
if (![obj isKindOfClass:[MyClass class]]) { /* ...fail... */ }

The following must be used:

id obj = [decoder decodeObjectOfClass:[MyClass class] forKey:@"myKey"];

This means that when a secure coder is created, -decodeObjectForKey: is no longer allowed, but -decodeObjectOfClass:forKey: must be used.

That makes exploitable vulnerabilities significantly harder, but it could still happen. One thing to note here is that subclasses of the specified class are allowed. If, for example, the NSObject class is specified, then all classes implementing NSCoding are still allowed. If only NSDictionary are expected and an imported framework contains a rarely used and vulnerable subclass of NSDictionary, then this could also create a vulnerability.

In all of Apple’s operating systems, these serialized objects are used all over the place, often for inter-process exchange of data. For example, NSXPCConnection heavily relies on secure serialization for implementing remote method calls. In iMessage, these serialized objects are even exchanged with other users over the network. In such cases it is very important that secure coding is always enabled.

Creating a malicious serialized object

In the data.data file for saved states, objects were stored using an NSKeyedArchiver without secure coding enabled. This means we could include objects of any class that implements the NSCoding protocol. The likely reason for this is that applications can extend the saved state with their own objects, and because the saved state functionality is older than NSSecureCoding, Apple couldn’t just upgrade this to secure coding, as this could break third-party applications.

To exploit this, we wanted a method for constructing a chain of objects that could allows us to execute arbitrary code. However, no project similar to ysoserial for Objective-C appears to exist and we could not find other examples of abusing insecure deserialization in macOS. In Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 Samuel Groß of Google Project Zero describes an attack against a secure coder by abusing a vulnerability in NSSharedKeyDictionary, an uncommon subclass of NSDictionary. As this vulnerability is now fixed, we couldn’t use this.

By decompiling a large number of -initWithCoder: methods in AppKit, we eventually found a combination of 2 objects that we could use to call arbitrary Objective-C methods on another deserialized object.

We start with NSRuleEditor. The -initWithCoder: method of this class creates a binding to an object from the same archive with a key path also obtained from the archive.

Bindings are a reactive programming technique in Cocoa. It makes it possible to directly bind a model to a view, without the need for the boilerplate code of a controller. Whenever a value in the model changes, or the user makes a change in the view, the changes are automatically propagated.

A binding is created calling the method:

- (void)bind:(NSBindingName)binding 
    toObject:(id)observable 
 withKeyPath:(NSString *)keyPath 
     options:(NSDictionary<NSBindingOption, id> *)options;

This binds the property binding of the receiver to the keyPath of observable. A keypath a string that can be used, for example, to access nested properties of the object. But the more common method for creating bindings is by creating them as part of a XIB file in Xcode.

For example, suppose the model is a class Person, which has a property @property (readwrite, copy) NSString *name;. Then you could bind the “value” of a text field to the “name” keypath of a Person to create a field that shows (and can edit) the person’s name.

In the XIB editor, this would be created as follows:

The different options for what a keypath can mean are actually quite complicated. For example, when binding with a keypath of “foo”, it would first check if one the methods getFoo, foo, isFoo and _foo exists. This would usually be used to access a property of the object, but this is not required. When a binding is created, the method will be called immediately when creating the binding, to provide an initial value. It does not matter if that method actually returns void. This means that by creating a binding during deserialization, we can use this to call zero-argument methods on other deserialized objects!

ID NSRuleEditor::initWithCoder:(ID param_1,SEL param_2,ID unarchiver)
{
	...

	id arrayOwner = [unarchiver decodeObjectForKey:@"NSRuleEditorBoundArrayOwner"];

	...

	if (arrayOwner) {
	  keyPath = [unarchiver decodeObjectForKey:@"NSRuleEditorBoundArrayKeyPath"];
	  [self bind:@"rows" toObject:arrayOwner withKeyPath:keyPath options:nil];
	}

	...
}

In this case we use it to call -draw on the next object.

The next object we use is an NSCustomImageRep object. This obtains a selector (a method name) as a string and an object from the archive. When the -draw method is called, it invokes the method from the selector on the object. It passes itself as the first argument:


ID NSCustomImageRep::initWithCoder:(ID param_1,SEL param_2,ID unarchiver)
{
	...
	id drawObject = [unarchiver decodeObjectForKey:@"NSDrawObject"];
	self.drawObject = drawObject;
	id drawMethod = [unarchiver decodeObjectForKey:@"NSDrawMethod"];
	SEL selector = NSSelectorFromString(drawMethod);
	self.drawMethod = selector;
	...
}

...

void ___24-[NSCustomImageRep_draw]_block_invoke(long param_1)
{
  ...
  [self.drawObject performSelector:self.drawMethod withObject:self];
  ...
}

By deserializing these two classes we can now call zero-argument methods and multiple argument methods, although the first argument will be an NSCustomImageRep object and the remaining arguments will be whatever happens to still be in those registers. Nevertheless, is a very powerful primitive. We’ll cover the rest of the chain we used in a future blog post.

Sandbox escape

First of all, we escaped the Mac Application sandbox with this vulnerability. To explain that, some more background on the saved state is necessary.

In a sandboxed application, many files that would be stored in ~/Library are stored in a separate container instead. So instead of saving its state in:

~/Library/Saved Application State/<Bundle ID>.savedState/

Sandboxed applications save their state to:

~/Library/Containers/<Bundle ID>/Data/Library/Saved Application State/<Bundle ID>.savedState/

Apparently, when the system is shut down while an application is still running (when the prompt is shown asking the user whether to reopen the windows the next time), the first location is symlinked to the second one by talagent. We are unsure of why, it might have something to do with upgrading an application to a new version which is sandboxed.

Secondly, most applications do not have access to all files. Sandboxed applications are very restricted of course, but with the addition of TCC even accessing the Downloads, Documents, etc. folders require user approval. If the application would open an open or save panel, it would be quite inconvenient if the user could only see the files that that application has access to. To solve this, a different process is launched when opening such a panel: com.apple.appkit.xpc.openAndSavePanelService. Even though the window itself is part of the application, its contents are drawn by openAndSavePanelService. This is an XPC service which has full access to all files. When the user selects a file in the panel, the application gains temporary access to that file. This way, users can still browse their entire disk even in applications that do not have permission to list those files.

As it is an XPC service with service type Application, it is launched separately for each app.

What we noticed is that this XPC Service reads its saved state, but using the bundle ID of the app that launched it! As this panel might be part of the saved state of multiple applications, it does make some sense that it would need to separate its state per application.

As it turns out, it reads its saved state from the location outside of the container, but with the application’s bundle ID:

~/Library/Saved Application State/<Bundle ID>.savedState/

But as we mentioned if the app was ever open when the user shut down their computer, then this will be a symlink to the container path.

Thus, we can escape the sandbox in the following way:

  1. Wait for the user to shut down while the app is open, if the symlink does not yet exist.
  2. Write malicious data.data and windows.plist files inside the app’s own container.
  3. Open an NSOpenPanel or NSSavePanel.

The com.apple.appkit.xpc.openAndSavePanelService process will now deserialize the malicious object, giving us code execution in a non-sandboxed process.

This was fixed earlier than the other issues, as CVE-2021-30659 in macOS 11.3. Apple addressed this by no longer loading the state from the same location in com.apple.appkit.xpc.openAndSavePanelService.

Privilege escalation

By injecting our code into an application with a specific entitlement, we can elevate our privileges to root. For this, we could apply the technique explained by A2nkF in Unauthd - Logic bugs FTW.

Some applications have an entitlement of com.apple.private.AuthorizationServices containing the value system.install.apple-software. This means that this application is allowed to install packages that have a signature generated by Apple without authorization from the user. For example, “Install Command Line Developer Tools.app” and “Bootcamp Assistant.app” have this entitlement. A2nkF also found a package signed by Apple that contains a vulnerability: macOSPublicBetaAccessUtility.pkg. When this package is installed to a specific disk, it will run (as root) a post-install script from that disk. The script assumes it is being installed to a disk containing macOS, but this is not checked. Therefore, by creating a malicious script at the same location it is possible to execute code as root by installing this package.

The exploitation steps are as follows:

  1. Create a RAM disk and copy a malicious script to the path that will be executed by macOSPublicBetaAccessUtility.pkg.
  2. Inject our code into an application with the com.apple.private.AuthorizationServices entitlement containing system.install.apple-software by creating the windows.plist and data.data files for that application and then launching it.
  3. Use the injected code to install the macOSPublicBetaAccessUtility.pkg package to the RAM disk.
  4. Wait for the post-install script to run.

In the writeup from A2nkF, the post-install script ran without the filesystem restrictions of SIP. It inherited this from the installation process, which needs it as package installation might need to write to SIP protected locations. This was fixed by Apple: post- and pre-install scripts are no longer SIP exempt. The package and its privilege escalation can still be used, however, as Apple still uses the same vulnerable installer package.

SIP filesystem bypass

Now that we have escaped the sandbox and elevated our privilages to root, we did want to bypass SIP as well. To do this, we looked around at all available applications to find one with a suitable entitlement. Eventually, we found something on the macOS Big Sur Beta installation disk image: “macOS Update Assistant.app” has the com.apple.rootless.install.heritable entitlement. This means that this process can write to all SIP protected locations (and it is heritable, which is convenient because we can just spawn a shell). Although it is supposed to be used only during the beta installation, we can just copy it to a normal macOS environment and run it there.

The exploitation for this is quite simple:

  1. Create malicious windows.plist and data.data files for “macOS Update Assistant.app”.
  2. Launch “macOS Update Assistant.app”.

When exempt from SIP’s filesystem restrictions, we can read all files from protected locations, such as the user’s Mail.app mailbox. We can also modify the TCC database, which means we can grant ourself permission to access the webcam, microphone, etc. We could also persist our malware on locations which are protected by SIP, making it very difficult to remove by anyone other than Apple. Finally, we can change the database of approved kernel extensions. This means that we could load a new kernel extension silently, without user approval. When combined with a vulnerable kernel extension (or a codesigning certificate that allows signing kernel extensions), we would have been able to gain kernel code execution, which would allow disabling all other restrictions too.

We recorded the following video to demonstrate the different steps. It first shows that the application “Sandbox” is sandboxed, then it escapes its sandbox and launches “Privesc”. This elevates privileges to root and launches “SIP Bypass”. Finally, this opens a reverse shell that is exempt from SIP’s filesystem restrictions, which is demonstrated by writing a file in /var/db/SystemPolicyConfiguration (the location where the database of approved kernel modules is stored):

Apple first fixed the sandbox escape in 11.3, by no longer reading the saved state of the application in com.apple.appkit.xpc.openAndSavePanelService (CVE-2021-30659).

Fixing the rest of the vulnerability was more complicated. Third-party applications may store their own objects in the saved state and these objects might not support secure coding. This brings us back to the method from the introduction: -applicationSupportsSecureRestorableState:. Applications can now opt-in to requiring secure coding for their saved state by returning TRUE from this method. Unless an app opts in, it will keep allowing non-secure coding, which means process injection might remain possible.

This does highlight one issue with the current design of these security measures: downgrade attacks. The code signature (and therefore entitlements) of an application will remain valid for a long time, and the TCC permissions of an application will still work if the application is downgraded. A non-sandboxed application could just silently download an older, vulnerable version of an application and exploit that. For the SIP bypass this would not work, as “macOS Update Assistant.app” does not run on macOS Monterey because certain private frameworks no longer contain the necessary symbols. But that is a coincidental fix, in many other cases older applications may still run fine. This vulnerability will therefore be present for as long as there is backwards compatibility with older macOS applications!

Nevertheless, if you write an Objective-C application, please make sure you add -applicationSupportsSecureRestorableState: to return TRUE and to adapt secure coding for all classes used for your saved states!

In the current security architecture of macOS, process injection is a powerful technique. A generic process injection vulnerability can be used to escape the sandbox, elevate privileges to root and to bypass SIP’s filesystem restrictions. We have demonstrated how we used the use of insecure deserialization in the loading of an application’s saved state to inject into any Cocoa process. This was addressed by Apple in the macOS Monterey update.

Read the whole story
Share this story
Delete

US sanctions Tornado Cash — and crypto shrieks in horror – Attack of the 50 Foot Blockchain

1 Share

Transactions on the Ethereum blockchain are completely traceable. Any transaction anyone ever made on Ethereum can be traced, all the way back to the launch of the project in 2015. Transactions are pseudonymous — but many users have been identified after the fact.

Tornado Cash is a mixer — an Ethereum smart contract program that you can use to break the traceability of transactions on Ethereum. This is for privacy.

Tornado Cash accepts deposits of ether (the currency on Ethereum) from one address and enables you to withdraw the ether from a different address. The smart contract works as a pool that mixes all deposits, using zero-knowledge proofs.

If the ether is proceeds from a crime, then this is literally just money laundering.

Tornado Cash was also used heavily by North Korea’s Lazarus Group to launder stolen ether and help the country get hard currency.

In what should come as no surprise to anyone whatsoever, Tornado Cash has been sanctioned by the US Office of Foreign Asset Control. [Treasury; Treasury]

This follows previous sanctions on Blender.io, another mixer, in May 2022 — also primarily because North Korea was using it. [Treasury]

OFAC posted a list of sanctioned Ethereum blockchain addresses — the addresses for the Tornado Cash smart contract.

All ether that’s touched Tornado Cash is now tainted. US-touching crypto exchanges, such as Coinbase, will be expected to block tainted ether. Infura, the ConsenSys API that almost all Ethereum transactions go through, is also blocking ether that touched these addresses. Alchemy, a similar API, is doing the same. [Crypto Briefing] Circle, which issues the USDC stablecoin, has blacklisted all Tornado Cash addresses, and frozen 75,000 USDC. [CoinTelegraph]

But what about all the good uses?

Privacy is a perfectly reasonable thing to want. Quite a lot of Ethereum users just used Tornado Cash to keep their non-sanctioned dealings private. Vitalik Buterin, the founder of Ethereum, donated ether to Ukraine’s defence against the Russian invasion via Tornado Cash. [Twitter]

The problem is that crypto mixing services are explicitly considered money transmitters by FinCEN. So making the transaction trail untraceable by any entity is a violation of anti-money-laundering (AML) law.

There’s also this weird delusion that if you put some dirty money in a box with clean money and shake it, then it all comes out as clean — and not that it all comes out as dirty.

Nobody worried too much when the money laundering was small-time and the really bad guys weren’t hammering it.

But Tornado Cash was the favoured mixer of North Korea’s state-sponsored hackers. For example, the “$620 million” in ether stolen from Axie Infinity by North Korea was run through Tornado Cash.

Crypto compliance firm TRM Labs estimates that North Korea funneled out “$1 billion” face value of ether via Tornado Cash. Small-time crooks are also fond of Tornado Cash — “over 41% of all funds deposited to Tornado Cash in June and July 2022 were tied to hacks and other thefts.” [TRM Labs]

How seriously does the US take sanctions?

Serious as a heart attack.

As Congress just straight-up told Mark Zuckerberg in the Libra hearings in 2019 (Libra Shrugged, chapter 13):

The US government is understandably fond of the US dollar — as Juan Vargas (D, CA-51) put it, “the dollar is very important to use as a tool of American power, and also a tool of American values. So we would much prefer to put sanctions on a country than send our soldiers there. So when something threatens the dollar, we get very nervous.”

Sanctions are seen as part of the national defense. If you write a program that tries to cleverly work around this, then you make yourself a target.

Tornado Cash was sanctioned precisely because it was North Korea’s favourite ether launderette, and couldn’t or wouldn’t stop North Korea from using it to cash out.

Tornado Cash did try to block sanctioned entities! In April, the Tornado Cash front-end was set up to use Chainalysis’ oracle that blocks sanctioned Ethereum addresses as listed by OFAC. [Twitter]

But the bar for sanctions compliance is not “you tried a bit” — sanctions violation is a strict liability offence. You have to be effective in blocking sanctioned entities. If North Korea can just keep pouring ether through your mixer, then you failed. And Tornado Cash did indeed fail.

The Tornado Cash code is open source, so it’s trivial to set up another copy — and there are plenty of other instances out there. What they lack is liquidity — there’s no volume of other transactions to hide yours in. It’s about liquidity — not code.

There are other mixers. Railgun attempts to be an Ethereum privacy system, also using zero-knowledge proofs — and has named principals. [Railgun]

If Railgun can’t keep sanctioned entities out, then it too is screwed.

If ether transactions touch the world of actual money — which they do — then your Ethereum mixer needs to deal effectively with sanctioned entities, or you too will be in trouble.

Honestly, there are so many laws (rugpulls DAO) that nobody can be expected to even know which ones they’ve broken (launders 100k ETH for North Korea), it’s a Kafkaesque bureaucratic nightmare (assaults Congress with an AR-15)

Just as nobody should have been surprised by the sanctions, nobody should have been surprised by the bad takes on the sanctions from the cryptocurrency world.

The bad takes were all variations of the fundamental fallacy of cryptocurrency: that you can code your way around the rules of society.

Sure you can, temporarily — but if you don’t achieve regulatory escape velocity (e.g., Uber or BitTorrent), it won’t end well for you.

Tornado Cash was a completely standalone program, with no human control — a truly decentralised autonomous entity. This, of course, makes it a sitting duck for attackers. But they seem to have coded it pretty solidly. (I mean, it hasn’t been hacked yet.)

Part of the outrage was at lead developer Roman Semenov’s GitHub account being disabled, along with the Tornado Cash code repository: [Twitter]

My @GitHub account was just suspended [shrug] Is writing an open source code illegal now?

Semenov’s question suggests that, despite his obvious intelligence and coding ability, the guy is an idiot in ways that just turned out to be critical. He was just “writing an open source code” in the same sense that Ross Ulbricht of the Silk Road was just running a website, or illegal pornography is just an innocent sequence of ones and zeroes.

For what it’s worth, GitHub specifically bars sanctioned entities in its terms of service: [GitHub]

You may not use GitHub in violation of export control or sanctions laws of the United States or any other applicable jurisdiction. You may not use GitHub if you are or are working on behalf of a Specially Designated National (SDN) or a person subject to similar blocking or denied party prohibitions administered by a U.S. government agency.

The reason is that sanctions law specifically targets vendors:

These prohibitions include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.

If you’re going to set up a money laundering system, perhaps the site run by defense contractor Microsoft isn’t the best place to host your code.

Some outraged crypto advocates have suggested that the action against Tornado Cash shows the need for a decentralised alternative to GitHub. This demonstrates the rule that you will never find anyone who knows less about technology than a crypto guy talking about technology — because that would literally just be git, the version control system that GitHub is named for, and which was created specifically not to require any central controlling entity. (Also, git would count as enterprise blockchain if you squint.) But centralisation is more economically efficient, so the Tornado Cash guys used GitHub when they absolutely didn’t have to.

The Tornado Cash website was served from Amazon AWS, and is also down. docs.tornado.cash is still up, served from gitbook.io.

What happens next

The shutdown of Tornado Cash was completely predictable. If you thought this would just be allowed to keep running, you have greatly misunderstood the world.

I’m not in fact a fan of the present anti-money-laundering regime — even if you think it’s a good idea, it doesn’t do its job very well at high levels, and it causes tremendous inconvenience to ordinary consumers.

But I do know that the AML regime exists, it’s powerful, and nerdy tech arguments about who touches which bit of code in what ways aren’t going to do a damn thing about it. This is a political problem.

In the meantime, I look forward to the defiant crypto libertarian guys furiously trying all the clever workarounds they can possibly think of to code around the Tornado Cash sanctions. Imagine four libertarians on the edge of a cliff, all queueing up to jump and become the next Virgil Griffith.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

Read the whole story
Share this story
Delete
Next Page of Stories