A common cry in Anonymous circles is ‘Free Jeremy Hammond; Fuck Sabu’. Jeremy Hammond is currently serving a ten-year prison sentence for his involvement in the Stratfor hack. Sabu (real name Hector Xavier Monsegur) will be sentenced tomorrow for his role in Lulzsec and many other hacks. He is expected, on FBI request, to walk free. The judge, in both cases, was and is judge Loretta Preska. Comparing and contrasting the behaviour of Hammond and Monsegur explains the Anonymous cry.
Monsegur was the original founder of the original LulzSec hacking group, (in)famous for its ’50 days of lulz’ during the summer of 2011. Sabu was ‘outed’ and subsequently interviewed by the FBI. He rapidly (by the next day) agreed to cooperate; and has been cooperating ever since. There is some suggestion that the FBI pointed out that his two young nieces, for whom he is a foster parent, would have an uncertain future if he was incarcerated.
The extent of that cooperation is only just becoming clear, although it was always known to be extensive. Some of it borders on illegality, but is certainly immoral. The Stratfor hack was organized by Sabu at the behest of the FBI in order to entrap Jeremy Hammond – a member of Anonymous rather than Lulzsec but high, on the list of the FBI’s most wanted. It worked. It also, incidentally, ensnared Barret Brown who was arrested effectively for publishing a link to stolen Stratfor information; although his charges have now largely been dropped.
Sabu’s cooperation also led to the unmasking and arrest of the other members of LulzSec: 2 in the UK, 2 in Ireland and one in the US. It seems clear that he also tried to implicate and entrap many others; including, for example, Jacob Appelbaum.
He also cooperated with the government, using Hammond, to enable it to hack foreign websites. Hammond’s attorneys wrote to judge Preska last month:
Hammond’s own behaviour has been in direct contrast. After his arrest he decided to fight the charges. Eventually, however, he gave up and accepted a plea deal with the government. Almost exactly one year ago he announced,
Today I pleaded guilty to one count of violating the Computer Fraud and Abuse Act. This was a very difficult decision. I hope this statement will explain my reasoning. I believe in the power of the truth. In keeping with that, I do not want to hide what I did or to shy away from my actions. This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline.
Statement from Jeremy Hammond regarding his plea
His reasoning was not that he thought he would lose the case, but that the FBI would simply press similar charges elsewhere. “The process might have repeated indefinitely,” he said.
I have already spent 15 months in prison. For several weeks of that time I have been held in solitary confinement. I have been denied visits and phone calls with my family and friends. This plea agreement spares me, my family, and my community a repeat of this grinding process.
The key sentence in this announcement is, “This non-cooperating plea agreement frees me to tell the world what I did and why, without exposing any tactics or information to the government and without jeopardizing the lives and well-being of other activists on and offline.” So while Sabu cooperated with the FBI and will most likely walk free tomorrow, Hammond refused to cooperate and took a ten-year sentence. That, basically, is why the call is ‘Free Jeremy Hammond; Fuck Sabu.’
Tomorrow, 27th May 2014 at 11 am, Judge Preska will pronounce sentence on Sabu. In theory he faces a sentence of between 259 and 317 months for the crimes he as admitted. But, says the FBI in its pre-sentencing submission to Judge Preska,
Probation recommends a sentence of time served. As set forth in more detail below, Monsegur was an extremely valuable and productive cooperator.
Government’s notice of intent reference sentencing
He has, during the three years of his cooperation with the FBI, served seven months in prison. Judge Preska is expected to follow the FBI request and sentence him to seven months – allowing him to walk free.
We will update this post tomorrow with details of judge Preska’s sentence.
The much delayed sentencing of former LulzSec hacker-turned-FBI informant Hector “Sabu” Monsegur finally took place on Tuesday, when he received time served plus one year of supervised release with computer logging.
Eric Holder yesterday announced: “Today, we are announcing an indictment against five officers of the Chinese People’s Liberation Army for serious cybersecurity breaches against six American victim entities.”
The five officers are known by the aliases UglyGorilla, Jack Sun, Lao Wen, hzy_1hx and KandyGoo. They are members of the PLA’s military unit 61398 (you may recall that this is the unit accused by Mandiant last year as being the source of the APT1 hacking group). They stand accused of using spearphishing to penetrate six US companies (Westinghouse Electric, Alcoa, Allegheny Technologies Incorporated, U.S. Steel, the United Steelworkers Union and SolarWorld) to conduct economic espionage.
“This is a tactic that the U.S. government categorically denounces,” said Holder. “As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to U.S. companies, or U.S. commercial sectors.” This is from the man who lied to Congress.
It is also inaccurate. The Snowden files have shown that the NSA has bugged trade negotiations; and trade negotiations are quite plainly ‘economic’ – with US industry likely to benefit. And of course the NSA’s hacking of Chinese servers, and excluding Huawei over fears that it might be backdoored while it proceeded to backdoor Cisco equipment has sort of ceded the moral high ground.
I asked FireEye, which now owns Mandiant, if it had supplied any of the information used by the FBI in its indictment. A spokesperson told me, “The US government just used information from the APT1 report which was published. We did not actively provide information. We believe this was a natural escalation after the revelation – the PLA group went quiet but now are very active again so was only a matter of time.”
But there may be another reason for the delay between Mandiant’s initial report and this indictment… Generally speaking, law enforcement needs a victim complaint over intelligence of a crime before it can take action against the suspected criminal; so it has had to wait for the hacked companies to investigate and complain before it could commence the indictment proceedings.
Luis Corrons, technical director at PandaLabs, finds this a frequent problem. “This year I have handed LEA information about 3 different criminal cases; and all 3 of them have real evidence of who is behind them. But if there is no official complaint from the victims, nothing happens. One of the cases is multinational – the local LE tried to convince a Spanish company who was victim to present a complaint, but it didn’t want to. Now the LEA is trying in different countries trying to convince victims to present a complaint.
“But this is not the only problem,” he continued.” Some investigations are really complex, and while for me it can be ‘easy’ to gather evidences, for an LEA to do it in the proper and legal way can take months or even years.”
If that’s the case here, this indictment is actually quite speedy.
But is it wise?
Much of the security industry is in favour of the US action. “This really could be a landmark moment that has the potential to change the way in which we respond to the growing threat presented by digital criminality,” said Martin Sutherland, managing director of BAE Systems Applied Intelligence, in an emailed statement. “This current case is encouraging and sets an interesting precedent for other countries combating digital crime.”
“The US government is toughening up its language against nation-state and industrial cyber-espionage,” said Bob West, chief trust officer at CipherCloud in another email. “We’re calling out the Chinese government for its role fostering theft of American intellectual property and doing it by naming specific hackers with military ties.”
“While I doubt that foreign military commanders who are prosecuted by the Department of Justice will be successfully apprehended and brought to justice,” said Tom Cross, director of security research at Lancope, “these prosecutions do send a clear message regarding what sort of behavior the United States views as unacceptable.”
In each case I asked a few questions. Most pertinent was this:
Is it not pure hypocrisy? We know from the Snowden files that the NSA has hacked Chinese servers. Holder says ‘we do not do it for economic advantage’. Leaving aside any cynicism over such a statement, isn’t it irrelevant? Holder is saying that the accused have broken US laws; but the US breaks Chinese laws. So what is the legal difference?
I have not had a reply. In fairness, it probably has as much to do with trans-Atlantic time zones as a disinclination to respond; and I will update this post with any replies that I get.
However, it is the problem I have with the US action. It is a nation that claims to uphold the rule of law – but only the rule of US law. This action says to the world, you must all abide by our laws, but our laws are the only ones that we need abide by.
First official indications emerged at the Reuters Cybersecurity Summit (although there have been rumblings in hacker circles for a couple of weeks now). This was last Wednesday. The FBI executive assistant director Robert Anderson, appointed in March to oversee ‘all FBI criminal and cyber investigations worldwide, international operations, critical incident response, and victim assistance’, announced:
There is a philosophy change. If you are going to attack Americans, we are going to hold you accountable. If we can reach out and touch you, we are going to reach out and touch you.
Within days it emerged that the FBI is reaching out to touch buyers and users of the BlackShades remote access trojan — not just the FBI, but law enforcement agencies around the world. It was officially a two-day operation involving the law enforcement and judicial agencies of more ten different countries, coordinated in Europe out of Eurojust with representatives from Eurojust, Europol’s EC3 and the FBI present.
To put the size of the operation in context, action took place in the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, USA, Canada, Chile, Croatia and Italy. 359 house searches were undertaken; over 1,100 data storage devices were seized; and 97 arrests have been made. Seventeen arrests were in the UK.
BlackShades is a remote administration tool; but coupled with malware it becomes a remote access trojan. It can be bought on the internet for anything between £40 and £100 depending on the variant purchased. Although there is (at the time of writing this) no official confirmation of any arrests in the US, the FBI’s influence is clear throughout. Indeed, the UK’s National Crime Agency (NCA) specifically describes the operation as ‘initiated by the FBI’. And noticeably, the bshades.eu website has been seized by the FBI.
There is little doubt that BlackShades is a serious threat. The NCA suspects that its UK users may have stolen 200,000 user names and passwords around the world. Nevertheless, it is simply not as well known, nor has done the same amount of damage, as some of the other well-known malwares. So why chose BlackShades rather than, for example, Zeus?
“I suspect,” David Harley, senior research fellow with ESET told me, “that BlackShades – and, maybe more to the point, its users – constituted a relatively easy target because it had operated within an area seen as legally ‘grey’. It looks to me as if those involved were often less scrupulous about covering their tracks than the career criminals associated with more heavyweight malware. It could be that they see themselves as borderline legal or at any rate of less interest to law enforcement, despite their association with the somewhat notorious Cool Exploit kit.”
The ‘grey area’ is that a remote administration tool is not illegal; it is only when it is used as a remote access trojan that it becomes so. Consider this, for example, from a German BlackShades user highlighted by Rickey Gevers:
Click it for full size. The author writes, “Hey guys, guess what happened today.” He had a visit from the German police who took away his computer because it contains BlackShades.
But he’s not worried because he only used it for testing purposes on his own computers — that is, as a remote administration tool.
But the other point to note is the date and his reference to rumours going on for days or weeks. It would seem that this operation has been going on for longer — and is probably a lot wider — than the official announcements so far. And remember also that we have not yet heard of any US arrests.
Last word goes to Rickey Gevers:
If all the above is true we are just seeing the tip of the iceberg. And are probably being witness of one of the biggest international raids ever related to cybercrime.
The precarious balance between law enforcement and personal privacy is highlighted by a new proposal from the Department of Justice — it wants greater leeway in its ability to place malware on multiple computers.
It can do this already, but not easily — it requires a judicial warrant that is only valid in the judge’s home district. Those warrants are not always automatic. In April 2013 magistrate judge Stephen Smith rejected such an application in Houston:
The Government has applied for a Rule 41 search and seizure warrant targeting a computer allegedly used to violate federal bank fraud, identity theft, and computer security laws. Unknown persons are said to have committed these crimes using a particular email account via an unknown computer at an unknown location. The search would be accomplished by surreptitiously installing software designed not only to extract certain stored electronic records but also to generate user photographs and location information over a 30 day period. In other words, the Government seeks a warrant to hack a computer suspected of criminal use. For various reasons explained below, the application is denied.
But even if it had been allowed, the warrant would only have been valid for the named computer within the judge’s district — the Southern District of Texas, Houston Division.
The FBI is now seeking a change in judicial rules to allow multiple searches on a single warrant, and for a single warrant to be valid for all 94 judicial districts. Its arguments are reasonable. Firstly, it may know the IP of a suspect computer, but not the precise geographic location. Secondly, modern organized crime can use hundreds if not thousands of computers in a crime — a botnet delivering a DDoS attack to disguise financial fraud for example. Obtaining individual warrants in all possible districts is difficult, time-consuming and expensive.
But there are huge privacy and security issues here. Firstly, the use of 0-day exploits by law enforcement will weaken the security of the internet itself. Secondly, placing spyware on the computer of an innocent person who ‘might’ be unknowingly harboring a bot (and thereby providing access to every intimate and confidential piece of data on that computer) is a dangerous attack on liberty and privacy.
But even more worrying, it is an attempt by the DoJ to make its surveillance desires easier to accomplish. The FBI could and would cherry pick its districts. Ninety-three of the districts might reject an application for a warrant as over broad and in conflict with the Fourth Amendment — but if there was just one sympathetic judge, the warrant would apply to the whole United States.
The FBI already cherry picks where it thinks it might get away with it. In the prosecution of Andrew Auernheimer it chose to prosecute in a district entirely unrelated to the case, but in which it could levy further charges and gain a longer sentence.
Now consider if the FBI had access to the NSA’s TAO catalogue of hacking tools (which it probably already has): no computer would ultimately be safe from the FBI, and the FBI would be acting entirely legally. We have seen over the last year that law enforcement and intelligence agencies have the attitude, if we can do it, we must do it. If the DoJ gets its way on this, the process will escalate until it is able to hack any computer, any time, on any whim.
The FBI announced yesterday “additional attempted computer hacking charges and 18 counts of cyberstalking” for Fidel Salinas. That now brings the total charges to 44 – each of which carries a maximum of 10 years in prison. This alleged hacker is now facing 440 years in prison.
According to the allegations, between December 23-29, 2011, Salinas had the intent to harass and intimidate a female victim. Allegedly, he repeatedly e-mailed her, attempted to gain unauthorized access to her website, made submissions through a contact form on that site, and tried to open user accounts without her consent.
Alleged ‘Anonymous’ Computer Hacker Charged with 18 Counts of Cyberstalking
440 years? Really?
The clue, perhaps, lies in the title of the announcement: “alleged ‘Anonymous’ hacker…”.
It is not illegal to be a member of Anonymous – so why describe him that way? Why not simply say, “Fidel Salinas Charged with 18 Counts of Cyberstalking”?
The FBI announcement goes on to say,
Salinas allegedly participated in an online chat room for the Operation Anti-Security faction of Anonymous and attempted to enter the IRC Operations server for Anonymous. According to the charges, after his alleged attempt to hack his way into the Hidalgo County web server, he posted a profanity-laced rant on his Facebook page that ended with a quote used by Anonymous members: “We do not forgive, we do not forget, divide by zero we fall, expect us.”
Again, I’m not sure what is illegal here, apart from the attempted (alleged) hack “into the Hidalgo County web server”. It is possible that he posted something illegal in the ‘profanity-laced rant’ (if, for example, it falls foul of ‘hate’ laws); but profanity itself and the freedom to say ‘We do not forgive, we do not forget, divide by zero we fall, expect us’ is, I believe, protected by the US constitution and therefore perfectly legal.
So why bring it up?
There can be only one reason. The FBI is continuing with its nuclear option against hackers in general and Anonymous in particular. This is a terror campaign designed to terrify existing and potential hackers, and turn public opinion against Anonymous.
Now don’t get me wrong. I do not condone hacking in any way whatsoever – except of course when conducted by the FBI, NSA and/or GCHQ in pursuit of our national interests; in which case it is perfectly legal, laudable and a Good Thing. Obviously.
Is the anti-virus industry in bed with the NSA – why do CIPAV, FinFisher and DaVinci still defeat AV?
September 2013 is the month in which the extent of direct government hacking – as opposed to traffic surveillance – became known.
4 September – WikiLeaks releases Spy Files 3, demonstrating increasing use of third-party hacking tools, such as FinFisher.
6 September – Bruce Schneier writes in the Guardian
The NSA also devotes considerable resources to attacking endpoint computers. This kind of thing is done by its TAO – Tailored Access Operations – group. TAO has a menu of exploits it can serve up against your computer – whether you’re running Windows, Mac OS, Linux, iOS, or something else – and a variety of tricks to get them on to your computer. Your anti-virus software won’t detect them, and you’d have trouble finding them even if you knew where to look. These are hacker tools designed by hackers with an essentially unlimited budget. What I took away from reading the Snowden documents was that if the NSA wants in to your computer, it’s in. Period.
7 September – details of an NSA MITM operation against Google users in Brazil revealed.
12 September – FBI admits that it hacked Freedom Hosting. The implications are that it inserted the malware that monitored visitors, and the almost certainty that the malware was CIPAV.
FinFisher and CIPAV stand out as government operated spyware; but there are others: RCS (DaVinci), Bundestrojaner etcetera – and, of course, Stuxnet and Flame. We’ve known about them for a long time: see
- CIPAV: FBI, CIPAV spyware, and the anti-virus companies (this site, May 2011)
- RCS: Hacking Team’s RCS: hype or horror; fear or FUD? (this site, Nov 2011)
- FinFisher: Use of FinFisher spy kit in Bahrain exposed (Infosecurity Mag, August 2012)
- Bundestrojaner: Chaos Computer Club warns on “German government” communications trojan (Infosecurity Mag, Oct 2011)
This leaves a major question begging: if we’ve known about this malware for such a long time, how come it can still be used? Why doesn’t anti-malware software stop it?
There are two possible reasons that we’ll explore:
- the AV industry, like so many others, is in bed with the NSA
- the AV industry is not as good as the ‘stops 100% of known malware’ claims that it makes – or put another way, virus writers are generally one-step ahead of the AV industry
In bed with the NSA
This has been vehemently denied by every AV company I have spoken to (see the articles on CIPAV and RCS for examples). Bruce Schneier doesn’t believe it is:
I actually believe that AV is less likely to be compromised, because there are different companies in mutually antagonistic countries competing with each other in the marketplace. While the U.S. might be able to convince Symantec to ignore its secret malware, they wouldn’t be able to convince the Russian company Kaspersky to do the same. And likewise, Kaspersky might be convinced to ignore Russian malware but Symantec would not. These differences are likely to show up in product comparisons, which gives both companies an incentive to be honest. But I don’t know.
Explaining the latest NSA revelations – Q&A with internet privacy experts
And yet the possibility lingers. When Flame was ‘discovered’, Mikko Hypponen issued a mea culpa for the industry. Admitting that F-Secure had Flame samples on record for two years, he said,
Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.
What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.
It wasn’t the first time this has happened, either. Stuxnet went undetected for more than a year after it was unleashed in the wild…
Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet
Forget the ‘hand on heart’ for a moment, and consider… That’s the two major government-sponsored malware samples known about and ignored by multiple AV companies for several years. Coincidence? Maybe. But to echo Schneier’s last sentence, I don’t know.
Malware writers are one step ahead of the AV industry
If you listen to the AV marketers, this cannot be true. Every month we hear claims that AV products stop 99.9% to 100% of all known viruses (remember that they ‘knew’ about Stuxnet and Flame, but did nothing). I’ve written on my dismay at this sort of advertising elsewhere (for example, Anti Malware Testing Standards Organization: a dissenting view).
However, if you listen to the foot soldier researchers – and sometimes even higher –within the individual companies, you realise that it is absolutely, inherently, and unavoidably true. Luis Corrons, the technical director at PandaLabs, puts it like this:
The effectiveness of any malware sample is directly proportional at the resources spent. When we talk about targeted attacks (and [CIPAV and FinFisher] are developed to perform targeted attacks) the most important part is the ability to be undetected. Bypassing signature detection is trivial, although it is almost useless too, as most anti-malware programs have several different layers of protection which do not rely on signatures.
The attackers probably know which security solution(s) the potential victim is using. Then it is as ‘simple’ as replicating the same scenario (operating system, security solution, etc.) and verifying that the malware is not being detected. As soon as it is flagged they will change it to avoid detection, until they have the final version.
Once they are done, they will infect the victim and will be spying / stealing information out of him until they are detected. This could be a matter of days, months or even years.
Claudio Guarnieri of Rapid7 said very similar:
Since FinFisher, just as any other commercial spyware, is a very targeted and sophisticated (besides expensive) malware, it’s part of Gamma’s development lifecycle to make sure that they tweaked all the different components to avoid antiviruses before shipping the new FinFisher out to the customers.
The developers likely have their own internal systems to do these testings: think of something as a private VirusTotal. Every time they develop a new feature or a new release, they’ll test it against as many antiviruses as possible and if something gets detected, they debug and try to understand why and find a way around it.
The ‘problem’ with this approach is that they rely on the AV industry not knowing and not having access to their malware: whenever that happens AV vendors react pretty effectively and in fact if you look at FinFisher samples discovered 1 year ago they are now largely detected by most antivirus products.
Is the AV industry in bed with the NSA? The simple fact is that we just do not know. The industry itself denies it – but, well, it would, wouldn’t it? Statistically, since almost every other aspect of the security industry collaborates with or has been subverted by the NSA, my suspicion is that it is. At the very least, I suspect it engages in ‘tacit connivance’.
Are malware developers one step ahead of the AV industry? That depends. As Corrons says, it depends on the resources available to the bad guys, whether that’s NSA, FBI, GCHQ or the Russian Business Network. Well-resourced bad guys will always get in. As Schneier puts it, “if the NSA wants in to your computer, it’s in. Period.” But that probably applies to all governments and all seriously organized criminal gangs engaged in targeted hacking.
But one final comment: nothing said here should be taken to suggest that we don’t need the AV industry. It may not be able to stop the NSA, but it can and does stop a million script kiddie wannabe hackers every day.
In the UK we used to have this wonderful process called ‘stop and search’, which allowed the police to stop, search, and subsequently arrest a ‘suspected person’ without warrant. In 1984 it was repealed by the PACE Act. The police would no longer be allowed to stop and search someone because he looked Irish and was probably an IRA terrorist, nor a coloured person because he was black and obviously a gun-toting rapist. Instead, a constable in uniform would need to provide his name and his police station, the reason for the search, the legal justification for the search, and subsequently make a copy of the search form available for 12 months.
Why doesn’t this principle apply to the internet? In the UK, the government still has designs on getting the Communications Data Bill onto the statute books one way or another. This allows unwarranted search of all of our communications data – the who, what, where, when and how long of our communications. Based on who we speak to and where we go on the internet, the government will know if we’re gay when we have told no-one, pregnant before we tell our parents, ill (and possibly how) depending on which specialist we visit, whether we’re looking for a loan, our ethnic, political and sexual leanings, and a whole host of other deductions based on the who, what, where, when and how long of our communications.
That Bill has been stalled, not prevented, by the opposition of deputy prime minister Nick Clegg. But the reality is that it probably isn’t necessary. Edward Snowden – who should be lauded as a folk hero rather than condemned as a criminal – has leaked US documents showing firstly that the NSA already operates its own version of the Communications Data Bill as a secret enactment of a secret interpretation of a US law; and secondly that a second secret project (PRISM) provides NSA access to the servers of major corporations such as Google, Yahoo, Microsoft, Apple, Facebook and others. That access will include content as well as meta data. In both cases it will include data on UK citizens: meta phone data when speaking to someone in the US; and full content data whenever you have an account with any of the participating corporations.
Now, given the close relationship and standard exchange of data between the British intelligence services and the US secret services, it defies credibility that GCHQ and MI5 are unable to get whatever online information on UK citizens they want whenever they want it.
This afternoon in a ministerial statement in the House of Commons, home secretary William Hague gave out the most unbearable guff and waffle trying to say the British citizens have nothing to worry about. But British citizens have everything to worry about. He avoided saying that any attempt by MI5 to get data from the NSA would require judicial oversight, saying only that ministerial oversight was involved – the fox is in charge of the hen-house.
He stressed that British laws apply in the UK and US laws apply in the USA. He made no attempt to suggest that the US should not be collecting data on UK citizens, and gave no indication of whether any oversight at all is required if the NSA provides, unasked, personal data on UK citizens to the UK intelligence services.
It is, in effect, the return of the ‘sus law’ in a cyber guise. But this time we are all searched – not just the terrorist-looking Irishman (and Muslim today) and the obvious rapist black man but all of us. We are all assumed to be guilty and searched in order to find the proof to prove the suspicion. It is a total reversal of the ‘innocent until proven guilty’ premise of natural justice; and it applies directly to all UK and US citizens (and everyone else in the world who has an account with a US company).
Explaining his action, Edward Snowden said, “I can’t in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”
He deserves our support. It is time for us all to stand up and say “Shame on you, USA and UK. Shame on you for your deceit. Shame on you for criminalizing principled people who tell the truth. Shame on you for your lies. And shame on you for turning us all into suspects.” You are creating a society that is hardly worth defending against the real enemies. With you in power, they have already won.