Today is ODNI day on Paste. Check back later for more analysis on the intelligence report that came out late last week, and what it says about state-sponsored Russian hackers influencing the 2016 election.
Wait, what? That’s it? I printed the “Assessing Russian Activities and Intentions in Recent Elections” report out, and placed it on a stack of papers, so I couldn’t really tell how long it was as I was reading. As soon as I flipped over the last page, I laughed and exclaimed “no shit” to no one as I sat alone in my office.
Calling this a Russian “hacking” campaign is the clearest demonstration of America’s lack of technical acumen and unfamiliarity with foreign relations. This was largely a disinformation campaign, and the hacking of the DNC and a smaller hack of the RNC served as one portion of a larger operation. If you don’t want to read the full report, here is the tl;dr version in a joint statement from the Department of Homeland Security:
Russian cyber operations targeted government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations often using spearphishing campaigns. In foreign countries, Russian actors conducted damaging and/or disruptive cyberattacks, including attacks on critical infrastructure networks. In some cases Russian intelligence actors have masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack (emphasis added). We assess that only Russia’s senior-most officials could have authorized the recent election-focused data thefts and disclosures, based on the scope and sensitivity of the targets.
The Office of the Director of National Intelligence’s assertion that this Russian plan was authorized at the highest levels is provided with zero supporting evidence in the declassified document. Unless you are privy to top secret material, none of us can say for certain how high this operation went. That said, Russia is functionally a dictatorship, and a campaign this large is pretty difficult to hide from a despot.
When it comes to espionage and the actions of our spy agencies, much of what we know for certain usually comes out long after the fact, and holding sagas like this one to the same journalistic standard that we hold the rest of the news to is far too idealistic. If you take the position that we cannot draw a firm conclusion until we are 100% certain that Russia directed these hacks, then you will likely die from old age before you make up your mind; people like Edward Snowden aren’t always going to be in the right place at the right time to uncover inconvenient truths. In order to ascertain the facts in these areas, we must lean on our knowledge of history. The report is mostly fluff, but there was one important word in that fluff that the CIA, NSA, and FBI stressed repeatedly: tradecraft.
Tradecraft is history, but within the intelligence community. It defines the techniques, methods, and technology that a state uses in espionage. In essence, it is the fingerprint of a country operating in the shadows. This is where America’s deplorable unfamiliarity with its own history, let alone any other nation, has dramatically hampered this debate. Most of what we know about counter-intelligence comes from movies like Jason Bourne, and we are woefully unequipped to understand or even recognize the nuances of this highly complex problem.
By design, Russia has always used intermediaries loosely connected to the Kremlin, so that if the operation ever went south, it was easy to detach themselves from it. All the intermediaries named in this ODNI report were almost certainly not created inside the Kremlin, but eventually became something of a contractor. America has Blackwater. Russia has Wikileaks.
Wikileaks is clearly compromised by the FSB, and even though it may have been committed to the flow of free information at one point, that has not been the case for some time. Their commitment to building their own Big Brother over the weekend should have removed any last shred of doubt in your mind.
Wikileaks was likely compromised around 2010, as I wrote this past summer in a column about Edward Snowden potentially being an unwitting Russian agent:
Wikileaks is a mysterious organization, seemingly constructed around the ego of Julian Assange, who according to former employee James Ball, would do things like “privately promise several thousand Australian dollars to fund Juice News, the makers of humorous pro-WikiLeaks YouTube videos” in 2010 when Wikileaks was struggling to get many donations itself.
Towards the end of that year, Wikileaks threatened that they would release documents on powerful individuals in Russia, and according to their spokesperson, Kristinn Hrafnsson “Russian readers will learn a lot about their country.” An official from the FSB (the successor to the KGB) responded “It’s essential to remember that given the will and the relevant orders, [WikiLeaks] can be made inaccessible forever.”
The documents never came out. Two years later, Julian Assange had his own show on Russia Today, the Kremlin’s West-facing propaganda outlet. Wikileaks even sent a delegation to meet Bashar al-Assad, a President only two major countries support (Russia and Iran). While stuck in in the Ecuadorian embassy in London, Assange stated in a press release that he requested Russian security:
”[H]abría sido la elección de su propio Servicio de Seguridad en el interior de la embajada, llegando a proponer la participación de operadores de nacionalidad rusa.”
We will likely never get definitive proof unless someone leaks Wikileaks documents, but the natural chain of events described above isn’t the writing on the wall—the writing IS the wall.
Wikileaks isn’t the only well-known Russian intermediary, as the greatest codenames of all time—Fancy Bear and Cozy Bear, are hacker collectives consistently connected to the Kremlin. There are a litany of examples provided by the NSA and those connected to it, but this past year brought more legitimacy to the argument in the form of Crowdstrike, a cyber-security company. The DNC hired them to investigate the hack, and Crowdstrike immediately identified the two groups, writing on their blog:
We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and ‘access management’ tradecraft – both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected.
Guccifer 2.0 is also named in the ODNI report, as he promoted leaked e-mails. He has been accused of not being an individual, but an online persona that serves as a front for Russian intelligence. Again, we have evidence this may be true from sources other than the government. Guccifer 2.0 tells people he is a Romanian hacker, yet when Motherboard pressed him to speak Romanian in an online interview, “he used such clunky grammar and terminology that experts believed he was using an online translator.” Guccifer 2.0 claims to not speak any Russian, but The Hill shared metadata generated from his VPN with cybersecurity firm ThreatConnect, and per the article linked above:
Elite VPN’s website is written in Russian, with links to English translations. Parts of the site, including graphics, are only written in Russian, and when ThreatConnect went through the process of signing up for an account, they found the signup process written entirely in Russian.
There are more blatant and obvious examples of Russian meddling in Western operations, as one of the biggest stories of the decade was completely swept under the rug, and I’d be willing to bet that 99% of casual news observers never heard of this betrayal thanks to the near universal media blackout on this saga.
Jeffrey Delisle, a former Sub-Lieutenant in the Canadian Navy, essentially handed the entire store to the GRU in 2012 (the Russian military intelligence agency). “Five Eyes” was established after World War II, and it is codenamed STONEGHOST—this is the intelligence apparatus shared by the United States, United Kingdom, Canada, Australia, and New Zeeland, and it contains a link into every spy agency in each country. This operation got very little play in any media, even though it bears resemblance to so many Soviet-fueled deceptions of the 20th century. The (alleged) 1.7 million documents stolen by Edward Snowden were likely already in Russian hands long before his plane touched down at Sheremetyevo airport in 2013.
Delisle walked into the Russian embassy in Ottawa the day he found out his wife was having an affair, and volunteered his services. Disgruntled employees in any shape or form are the prime tools for any intelligence agency looking for a spy on the inside, but the Russians seem to almost exclusively utilize them, with the most famous example being Phillip Agee. He ran Covert Information Bulletin, a newsletter that became famous for doing good things like uncovering CIA foul play in foreign countries, and bad things like naming undercover CIA agents. He wrote a book in 1975 called “Inside the Company: CIA Diary” which named about 250 officers, front companies, and foreign agents working for the United States. Oleg Kalugin, the former head of the foreign counterintelligence office of the KGB’s elite First Chief Directorate, and current U.S. resident and fierce Putin critic, told the New York Times that Agee approached the Soviets in Mexico in the 1970s, but they did not believe he was for real until he passed along information to the Cubans, who then sent it to Moscow.
Phillip Agee was confirmed to be a Russian agent by both sides, and his model has played out to various degrees over the past hundred years. Now, it has simply been adapted to fit the internet age. Instead of a disgruntled military officer, you just need one doofus at the DNC who gets tricked by a simple phishing e-mail, and boom—there’s your plant on the inside. The thing to keep in mind is that just because the tactics observed are reminiscent of Cold War-era espionage, the goals are not the same.
Russia has always worked harder to discredit the Western order as opposed to promoting their worldview. In the 20th Century, they waged the titanic battle of capitalism versus communism. Once the Soviet state collapsed under the weight of its own mismanagement, their goals changed from global domination to regional dominion. The breakup of the Soviet Union clearly pains the former head of the KGB, as Vladimir Putin told the Russian Federal Assembly in 2005:
“Above all, we should acknowledge that the collapse of the Soviet Union was a major geopolitical disaster of the century. As for the Russian nation, it became a genuine drama. Tens of millions of our co-citizens and co-patriots found themselves outside Russian territory. Moreover, the epidemic of disintegration infected Russia itself,
From the 2008 invasion of Georgia, to the current events in Ukraine, all the way up to the Arctic Ocean, it is clear that Vladimir Putin would like to expand Russia’s current borders to reflect the former Soviet Union and encompass any future energy needs for his new nation. That is his primary goal, yet too many Americans continue to operate within the Cold War mindset that a clash of civilizations is at risk, and we consistently hear about another “red scare” forming.
It’s not. This fight is much closer to an internet trolling campaign than a philosophical battle, and we need to moderate our rhetoric before we drive ourselves into hysteria. Being tough doesn’t automatically translate to war, and doubting the assertions of the United States government doesn’t make you a Russian stooge. There is plenty of middle ground to be had, and this saga has proven to be something of a healing period for conservatives and liberals who are beginning to realize that we may not be so different after all.
The hysteric response on Twitter to my column asserting that in order to curb these rising attacks, the United States must make Russia believe that full-scale war is at least a possibility, was reflective of this Cold War mindset (to be fair, I did not do a good enough job describing that what I was proposing was not an escalation). My motion to match the Russian’s casualty-less bombing of a US/UK Syrian military outpost from July was met with a frenzy asserting that I advocated escalating a simple cyber scuffle into World War III.
Bombing an abandoned outpost not located inside Russian borders will not lead us to World War III—and besides, that’s the last thing they want, since it would take nearly every resource away from their central goal of rebuilding the Soviet Union. Russia is not the super power that threatens nuclear war at the drop of a hat to the American public like its Soviet predecessor. Hell, they don’t even have an independent economy, as the ruble moves in tandem with the price of oil.
Their economy wouldn’t last a week under a full-scale war with Germany, let alone the United States. That is enough of a deterrent before you get to the fact that they have an outdated and under-equipped military by American standards. Russia only wants to fight small battles in the dark or bully smaller nations, and they have been winning with that strategy. Bigly.
Anyone relying solely on this declassified report to provide a clear connection from the Kremlin to this disinformation campaign will be disappointed, as we simply must rely on the words of the globe’s foremost clandestine agencies. However, there has been enough independent reporting done on this topic to corroborate their larger conclusion that these intermediaries are clearly appendages of the Kremlin.
This much is clear:
1. The DNC was hacked by Fancy Bear and Cozy Bear, hacker collectives that have been identified as Russian intelligence outlets by investigators from both the public and private sectors.
2. The information from this hack was used in a larger disinformation campaign waged through other well-known Kremlin intermediaries like Wikileaks.
3. This campaign was larger in its size and scope than similar ones the Russians ran in Europe this century.
4. This effort was predominantly directed against Hillary Clinton and the US two-party system.
5. By the very definition of our two-party hegemony, to be against one candidate in effect, is to be for another.
After that, it’s a lot of conjecture, and this is the problem this meddling is intended to cause. The blockbuster movie plot of Vladimir Putin personally installing Donald Trump in the Oval Office seems unlikely, and that assumed drama is reflective of our lack of nuance in this area. Besides, the report states that when it seemed like Trump would lose, the Russian campaign pivoted to undermining Hillary Clinton’s presidency. If the central goal of this massive effort was to make Trump president, it seems unlikely that they would abandon it so close to Super Tuesday. This was about sowing doubt in the American project by revealing valuable information like the DNC trying to squash democratic processes, and we are then given a choice of siding with information unearthed by the Russian government or the narrative put out by our own.
We are in a no-win situation. Publicly delegitimizing our democracy is doing the Kremlin’s work—even if its actions were in fact, delegitimizing. In light of this, it then becomes natural for many of us to lean on the work of our citizens in the intelligence community who are risking their lives to keep us safe, creating a deeper rift between libertarian and authoritarian-minded Americans. Historically, the Russians have included forgeries in these data dumps to sow even more confusion; however, the ODNI’s report states that “disclosures through Wikileaks did not contain any evident forgeries,” which seems to cut into its credibility one way or the other. Arguing that this campaign followed traditional Russian tradecraft, yet did not include any counterfeit documents, is a real tight needle to thread.
Simply put, the more our government lies to us, the more opportunities exist for Russian nefariousness. This has always been the case, and it will continue to be. There is more than enough circumstantial evidence to connect what we know about 21st century Russian espionage to the 2016 election, and as it played in the background, I realized that my feelings on the underwhelming ODNI report can perfectly be summed up by the hook from The Weeknd’s song Losers:
So what can you show me
That my heart don’t know already
We make our own sense
And you’re qualified to me