Cyber

The Russians Are Hacking, The Russians Are Hacking

I'm a child of the Cold War and I grew up deeply concerned about the menace of the Soviet Union and so when the 1966 movie, The Russians Are Coming, The Russians Are Coming, came out I wasn't sure what to make of it.  For me this was no laughing matter. The Soviet Union is gone now, but a child of that, uh, "Empire", is running Russia now, and some bad habits of the former regime appear not to have changed, including efforts to influence the outcome of and undermine the public's confidence in our electoral process through hacking.  So although I've used a blog post headline that smacks of misplaced humor be assured that for me this is still no laughing matter.  I just wanted to grab your attention.

A Government Report You Should Read

I haven't kept up with the details of all the news coverage of the Russian hacking scandal ("Hackgate"? How can we have a scandal with a "gate"?), but I have pored over the information contained in the Intelligence Community's offering - "Background to 'Assessing Russian Activities and Intentions in Recent US Elections': The Analytic Process and Cyber Incident Attribution" - and I have a few observations on it that I'd like to share with you.

First, I encourage you, if you haven't already done so, to download a copy of the report using this link or one of the two previous links in this post.  Second, I encourage you to read it.

Declassified Version of a Highly Classified Assessment

The report is a "declassified version of a highly classified assessment that has been provided to the President and to recipients approved by the President".  That's how the report begins on page two (all page references are to the pages as denominated by the PDF file, not those contained on the pages themselves) - the description is reiterated beginning on page four and every page thereafter as follows:

This report is a declassified version of a highly classified assessment; its conclusions are identical to those in the highly classified assessment but this version does not include the full supporting information on key elements of the influence campaign.

This is important information for the reader to have.  Even though the report doesn't include the full supporting information, the conclusions with which we are provided are identical to those in the classified version.  Bear this important information in mind as we explore the report's conclusions regarding the impact of "hacking" in 2016.

What the Media Furor Led Me to Believe

If you're like me, you've listened to all of the furor on the subject of the Russian hacking scandal and you've been led to believe two things:

  1. The Russians used advanced tools to gain access through "backdoors" or exploited other vulnerabilities in software or hardware to "hack into" government or political databases; and

  2. The Russians used information gained through this "hacking" activity to influence the outcome of the 2016 Presidential Election.

The report doesn't support either of those conclusions.  That's not to say the report doesn't reveal some very serious bad actions on the part of the Russian government, traceable to the very top of that government.  It's just that this isn't a real-life version of Sneakers or Blackhat.

Russia's Efforts to Influence U.S. Politics Involved Hacking

Russia has been trying to influence public opinion and politics in the U.S. and the western democracies since the beginning. The cyber aspect of Russia's attempts to influence the election is a significant, but small part of the overall effort, and it didn't involve software or machine vulnerabilities.  At least none that the report mentioned.

You might ask how the government was able to reach an assessment that Russia was behind any hacking attempts or successes at all.  If you've seen the movie Takedown, or better yet read the book, then you'll know that even the best hackers leave traces.  Sometimes those traces involve physical evidence that manifests itself in a trail of physical nodes on the Internet used to reach a target.  Sometimes the traces are more in the form of a hacker's "M.O." or other identifying "fingerprint".

The report has this to say on assessments regarding cyber:

The nature of cyberspace makes attribution of cyber operations difficult but not impossible.  Every kind of cyber operation—malicious or not—leaves a trail.  US Intelligence Community analysts use this information, their constantly growing knowledge base of previous events and known malicious actors, and their knowledge of how these malicious actors work and the tools that they use, to attempt to trace these operations back to their source.  In every case, they apply the same tradecraft standards described in the Analytic Process above.  

DNI Report Contains Some Interesting Information

So what did the report actually say about cyber or "hacking"?  Well, a few things that are pretty interesting:

  • "Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties." (Page seven).  The Russians didn't just target the Democrats.
  • "Russian intelligence obtained and maintained access to elements of multiple US state or local electoral boards." (Page eight).  From my standpoint, this didn't seem to make the headlines or talking points for the pundits, maybe because of the next assessment, but I grade it as pretty high up on the "be concerned" index.
  • "DHS assesses that the types of [state and local electoral] systems Russian actors targeted or compromised were not involved in vote tallying." (Page eight again).  The good news - the Russians didn't target or compromise the machinery we use to record or count votes.  The bad news - they "obtained and maintained" access to "elements" (surely this refers to people) of electoral boards. My own conclusion of why this is really, really worrisome:
    • It is evidence of malicious intent with regard to future attempts to possibly compromise systems involved with recording and counting votes; or more likely
    • It is evidence of malicious intent with regard to future attempts to use just enough inform ation or knowledge to cast doubt in the public's mind with regard to the validity of election results.

In support of the latter conclusion, consider this assessment from page twelve of the report:

Before the election, Russian diplomats had publicly denounced the US electoral process and were prepared to publicly call into question the validity of the results.  Pro-Kremlin bloggers had prepared a Twitter campaign, #DemocracyRIP, on election night in anticipation of Secretary Clinton’s victory, judging from their social media activity.

Russia's Focus on Clinton and Trump

Just a couple of more interesting points about the cyber or "hacking" aspect of the report as it pertains to Hillary Clinton and Donald Trump:

  • Timing. "In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016." and "The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016." (Page 12).  My own conclusion drawn from these statements is that the Russians had in a place a long-term strategy of collecting information from "US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies" without any specific goal of influencing the 2016 election until March of 2016, when it became apparent to many that Donald Trump and Hillary Clinton would secure the respective parties' nominations.
  • Targeting.  Much of the report consists of assessments and judgments that the Russian efforts in 2016 were specifically directed against Hillary Clinton, at the express direction of Vladimir Putin, who felt that Donald Trump would be more amenable to improving U.S.-Russia relations.  However, the report makes clear that Putin was primarily concerned with Clinton because of his past experiences with her.
  • Shifting.  "When it appeared to Moscow that Secretary Clinton was likely to win the election,  the Russianinfluence campaign then focused on undermining her expected presidency." (Page eleven).  The Russians were just as fooled as the rest of the country with regard to the likely outcomeof the election.

How the Russians Hacked the DNC and Others

The report never explicitly states how or by what means the Russians were able to gain access to the DNC, RNC, think-tanks, lobbying groups, etc., but if it followed the patterns of most hacks, it involved "social engineering" or taking advantage of "people" rather than software or hardware.  Specific reference is made in the report to "spearphishing" efforts following the election (Page fifteen), and I strongly suspect that most of the access was gained through such spear-phishing or similar tactics.  That suspicion is supported by a joint report of the FBI and Homeland Security released December 29, 2016.

The Intelligence Community also makes it clear from the outset that it draws no conclusions as to whether the election was influenced or not.  Here's the statement on that issue from page six:

We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election.  The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion.

The Extent of Hacking's Influence in 2016

I submit that we'll never know the answer to that question for the same reasons that so many failed to predict the outcome of the election. People aren't any more likely now to candidly answer a pollster's questions than they were prior to the election.  Exit polling was virtually useless in 2016 and there's no reason to think that's likely to change.  And the desire for change is what this election will likely be evaluated by in the future.  People wanted change.

My personal opinion is that the hacked information leaked through various sources didn't affect the ultimate outcome of the election.  Some have made a case that it could have, but you really need to look at what the hacked information consisted of before you can argue one way or the other and we just don't have room in this post to do so.  Maybe in a future post. 

The report contains a lot of other information about how the Russian effort to use the data mined through its cyber operations was implemented, including its use of Guccifer 2.0 persona, WikiLeaks and and RT.  This information is disturbing not so much with regard to influencing the outcome of the 2016 Presidential election as it is with regard to future efforts to influence elections, government policy and the public confidence in our democratic institutions.  It should not be ignored, but neither should it be politicized - the DNC and some other organizations were hacked - the election wasn't hacked

An Intriguing Postscript

One closing tidbit that I found intriguing.  It's found on page fifteen and it reads:

In the 1970s, the KGB recruited a Democratic Party activist who reported information about then-presidential hopeful Jimmy Carter’s campaign and foreign policy plans, according to a former KGB archivist.

Who was this "Democratic Party activist" and who did he or she work for?  I've always felt that, in addition to being President who had the misfortune to be in the wrong place at the wrong time, Jimmy Carter was hamstrung by Washington insiders from both sides of the aisle.  This just seems like one more piece of the puzzle in that regard.

Again - I encourage you to download and read the both the DNI's report and the FBI/Homeland Security joint report.  It's important that we stay informed in a world of dangers.