Argument: The DNC Hack Attribution Was A Response to Brick and Mortar Events

Last week, ODNI and DHS released a statement widely viewed as attributing the hack and leak of DNC and other Democratic materials to Russia. The statement was actually a bit more nuanced than that:

Assertion 1: Russia compromised DNC and other political organizations

The statement starts with a comment that is spook speak for “we’ve proven this.”

The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.

Mind you, this is the bit the IC has been confident of all along: they found hackers at the DNC and the hackers have all the attributes of two different Russian hacking groups.

Assertion 2: The leaking is consistent with stuff Russia has done elsewhere

The next move is the most interesting, in my opinion. The IC strongly suggests the leaking of those hacked files is Russia, but doesn’t use the same spook speak confidence language.

The recent disclosures of alleged hacked e-mails on sites like and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Here, the IC is not saying “we are confident Russia then handed all these files to WikiLeaks, as well as created two cover identities through which to leak them.” Instead, they are saying Russia has done similar things before and has the motivation to do so here. As they have for months, the spooks still appear not to have the same level of proof tying the hacking to the leaking that would allow them to say “we are confident” for this assertion, at least not that they’re willing to admit, which I find incredibly interesting.

Assertion 3: Russia is trying to interfere with the election

Having stated very confidently Russia did the hack and less confidently that it did the leak, the statement brings the nugget language: basically accusing Putin of masterminding the whole thing.

These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.

For my purposes here, I’m not interested in testing the truth of this statement — though I am a bit interested in how “influencing public opinion” is deemed to be “interfering with the US election,” because it’s something many people don’t seem to have thought through (nor have they thought through how it differs from the US’ own information operations or PR involvement of other foreign powers in our elections).

Especially given this bit:

Assertion 4: Hackers operating through a Russian server hacked some state election websites, but that may not be the Russian state

The statement goes out of its way to note that the Russian-attributed activity most directly connected to the election, the voter rolls, may not actually be the Russian state, but instead just servers operated by a Russian company.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

Remember, identity thieves have in the past stolen far more voter registration records for identity theft. It’s certainly possible that’s what went on here. More importantly, the IC appears to have nothing from collection on Russia they’re willing to share to claim that this hacking is part of Putin’s mastermind plot.

The rest of the statement goes on to talk about the ways (which I’ve talked about as well) that our localized system of elections makes it really hard to hack an election (though that also makes it really easy to botch an election or even to tamper with elections by disenfranchising select voters, which is what people should be far more concerned about, given that we know such efforts are effective and ongoing).

The IC has long known this but chose to release this statement now

The reason I’ve broken this out into four parts — 1) we know Russia hacked the DNC, 2) the leaks of hacked material is consistent with stuff Russia has done in the past, 3) Putin is in charge, 4) Russia may not have hacked the state websites — is to call attention to the fact that the IC has been leaking assertions 1, 2, and 4 for months. The stated (leaked) reason to hold off on a formal attribution was the uncertain status of assertion 2: the IC doesn’t yet know how the files got from the DNC hackers into Julian Assange’s hands.

But the IC chose to release this statement without growing any more certain about assertion 2 and without solving assertion 4.

In my opinion, that means the IC released this statement to get to assertion 3. Putin is trying to “interfere” in our election by “influencing public opinion.”

The release timing is more about kinetic events elsewhere than it is about IC certainty

So why release this statement now, when the IC doesn’t seem to have gotten any more certain about assertion 2 or 4?

At the end of what I think is an overly pessimistic piece on America’s inability to deter hacking, Jack Goldsmith considers the possibility that undeterred cyberattacks may be a response to brick and mortar conflict.

Without robust defenses or effective deterrence, the United States can expect many more, and more harmful, cyber intrusions by adversaries who are asymmetrically empowered by the rise of digital networks.  There is no end to the ways that they might spy in, steal from, or disrupt U.S. networks, public and private.  That sounds bad, buts the implications are worse.  Asymmetric offensive cyber operations by our adversaries can be an effective response to every element of U.S. foreign and military power.  For all we know the Russian DNC hack is a response to sanctions for Ukraine and an attempt to win leverage in Syria.  Imagine the United States wanted to do more—via sanctions, or through military operations, or in cyber—to slow Russian operations in Eastern Europe or Syria.  The Russians could easily respond via cyber, where it appears to have an asymmetrical advantage.  Indeed, the relatively tepid USG response to Russian aggression in Eastern Europe and Syria may be a result of USG worries about the implications of the DNC hack.  In other words, the Russians may already be using cyber to deter the United States from seemingly unrelated foreign policy actions it might otherwise take.

Aside from his totally inappropriate use of “asymmetric” here — there’s no lack of potential symmetry between the cyber capabilities of the US and Russia, just an emphasis of one tool over another — I agree with this passage. Indeed, I’ve been saying for a long time that the most obvious explanation for why Putin would do all this so blatantly is because in his view the US carried out a coup in Ukraine and is attempting regime change in Syria to choke Russia strategically.

And as Goldsmith argues, the US’ weak spot is its vulnerability to cyber attacks, absolutely. That weakness is made worse, too, by continued  US insistence on retaining access to all potential offensive tools, even if they can be most dangerous against US targets if they ever, say, show up on an online sale (Goldsmith was curiously silent about the Shadow Brokers release here).

I suspect China, in particular, has done the same kind of mapping we have with Treasure Map, with a focus on having cyberattacks ready to launch that would neutralize us if we ever got into a hot war.

But Goldsmith doesn’t consider the possibility that things may also work in the reverse way.

The US released this statement at a time when it was also making a big diplomatic push against Russia — proposing a ceasefire at the UN it knew Russia would veto, after having failed to negotiate a ceasefire with Russia directly because it asked for things (a no fly zone, basically) that Russia has neither the interest nor the legal necessity to agree to, because Russia is in Syria at the behest of the still-recognized government of the state, we’re not. As it happens, the US is ratcheting up this effort at a time when our Saudi allies’ activities in Yemen make it hard to make a principled stance against Russia, because we’re implicated in Yemen in the same way Russia is in Syria.

More importantly, things are getting very very hot, with Russia moving missiles to Kaliningrad and threatening retaliation for any strikes on Syrian controlled territory.

So I would suggest the timing of this announcement — basically confirming the same certainty and uncertainty the IC has had for months, then using it to accuse Putin of trying to intervene directly in our country — is actually our response to more concrete events elsewhere, not the reverse (though there admittedly may be some chicken-and-egg stuff here, in that we may have held off on attribution in hope we could negotiate directly with Russia).

That is, both sides seem intent on ratcheting up the conflict between Russia and the US, and blaming Putin for interfering in our elections is one tool to do that.

If I’m right, the statement may have nothing to do with deterrence. Rather, it may have everything to do with escalation of other conflicts, providing a reason to pitch Russia’s strategic moves elsewhere as a direct threat to the US. I’m not saying Russia isn’t a dangerous adversary. I’m saying that the release of this statement will do nothing to prevent more hacks, but it will provide cause to claim the increasingly hot conflict with Russia directly threatens the US.

22 replies
  1. mla1396 says:

    I want to state upfront that I agree with your observations. An unoriginal observation is the current Cold War 2.0 theory. However, as a “Cold War” participant, my view over the past few months has evolved solidly into the corner of hacking and data leaks rapidly moving or already in the categories of both a weapon and a propaganda tool. Hacking can be used precisely the same way a military aircraft, as an example can be used for an intentional “near miss encounters” as propaganda or a weapon to kill civilians (also “propaganda” in extreme cases) or against other combatants in outright war.

    Personally, I learned a hard lesson in the last 48 hours when a normally reliable “hacking” source had information which prima facie appeared to be real as well as valid.

    Unfortunately, I supported the theory extracted from the information too soon and the data from this particular “hack” is at least partly and may well be completely invalid.

    Bottom Line: Information operations are as old as warfare itself. As Marcy points out, the reasons for the ODNI release may well have zero to do with hacking and more to do with “brick and mortar” or alternatively, as a part of the overall “2.0” campaign we now appear to engaged in with Russia and other nation-states.

    At the end of the day, while some of the tools may have changed, the strategies and tactics of war really never do, they simply adapt. Follow the example set here and analyze before you jump to conclusions.

    While information may seem harmless, today’s environment has enabled information into an extraordinarily effective tool.

    “The most dangerous untruths are truths slightly distorted”

    • emptywheel says:

      I don’t disagree with your point that hacking can be as powerful as an airplane.

      But it’s time for a more mature vocabulary about that, particularly as people call for norms. It may well be that theft and leaking (the WikiLeaks model) is worse than just theft (traditional espionage, but even there disinfo is as old as spying). But where are the lines? And how does one distinguish the bad theft and leak stuff from info ops we do (albeit usually incompetently) ourselves?

      I don’t know the answers to that. I do know the discussion has been very immature because people are unable or unwilling to discuss what the US wants to continue to be able to do within these imagined new norms and what it will foreswear.

      • bmaz says:

        Probably this is  terribly shallow, but at this point, hard to see the US diverting from the same analogous posture it takes on everything else in global relations: The rules for the rest of the world are not the rules for the US. It is only a question of exactly how hypocritical we will be and project.

        • emptywheel says:

          Not shallow at all. It’s why I keep bringing it up. By all appearances we were happy to have FBI-run Anon hackers leak Syria stuff to Assange. We definitely hack foreign candidates prior to elections. We probably engage in some far more interesting hack and dump operations. All that one top of our incompetent but almost acknowledged regular info ops and disinformation. I don’t think the IC will give any of that up. So maybe they just need to defend against Putin better, or least if they’re not going to give up their toys they sure as hell need to be better at defense.

          The big difference with this stuff, IMO, is that we are vulnerable (as we are on IP theft), so we scream like squealed pigs when it’s not all that different from what we do to others.

      • PeasantParty says:

        We do need to have that conversation in a mature manner.  When what we have as news services for the masses is nothing more than a propaganda machine; I more and more people search out the leaks/whistleblowers.   I have recently seen the psyops in action when certain headlines read such things as Wikileaks said this or that.  I go directly to their site and see what their updates are only to find out that it was a complete fake out.  You have the spooks, and Propaganda teams trying to sabatoge what I think is a good venue for us to know what our Governments are doing.


        When the Russia war drums started, I did some research and found out what the US is pushing is lies.  I also feel it would be funny as hell to eventually find out that the Russian server is owned by one of George Soro’s NGO groups in Russia, or that used to be there before Putin threw them out.

        In another group that I frequent someone posted something that Assange said.  I replied, if it is not on YouTube with his actual face and voice, or on his site I will never believe it.   Turns out I was right.  Just like the Podesta Files Part-2.  It may be there now, but when people were saying it is released the web site still only had Part-1.

        I wholeheartedly agree.  We need to have that conversation.  Seriously!  Thank you, for all you do.



  2. Peterr says:

    For my purposes here, I’m not interested in testing the truth of this statement — though I am a bit interested in how “influencing public opinion” is deemed to be “interfering with the US election,” because it’s something many people don’t seem to have thought through (nor have they thought through how it differs from the US’ own information operations or PR involvement of other foreign powers in our elections).

    Let me take a stab at it.

    US presidential candidates cannot accept contributions to their campaigns from non-US citizens. To borrow the language here, could such financial contributions be seen as interfering with the election? If so, then leaking these statements might be seen as an in-kind contribution to a candidate’s campaign, and similarly fall on the “interfering” side of things.

    This does nothing, though, to address the potential parallels with US conduct abroad relative to their elections.

    • emptywheel says:

      US presidential candidates campaign funds cannot accept foreign contributions to their campaigns (though there are ways for substantially foreign corporate people, or corporate people owned by foreigners, to do so — Murdoch has had more influence over elections in the US and UK than just about anyone else). But US POTUS candidates do accept $$ from foreign entities, especially when they run large corporations (Russian funding for Trump projects) or multinational foundations (Saudi funding of the Clinton Foundation).

      So where is that line drawn, and if so is it drawn in the appropriate spot.

      And how should we respond to the leak of a Trump video of unknown provenance? If it was stolen by a foreigner, should we not publicize it?

  3. Peterr says:

    Re the difference between Assertions 1 and 2:

    Total WAG here, but I suspect the US knows damn well how the hackers got the docs to Wikileaks, but does not want to explicitly reveal that they know this. It would tell the Russians something about sources and methods, and perhaps lead the Russians down a path that would shut down a US intelligence asset – either a person or a hack of the Russians or other tech asset used by the US. The Russians may suspect the US knows, but they don’t want to throw away or shut down their own folks unless they know for sure. This looks to me like the US is trying to play with the heads of the Russians, to turn the game around on them. “We know your hackers did this, Putin, and so do you. How much are you willing to bet that we’ve got sources of our own that tell us know how you leaked it as well?”

    If we don’t know for sure, this might bait the Russians into shutting down a productive intelligence asset that we only guess that they have.

    If we do know but are trolling them by leaving the door open to not knowing, it might bait the Russians into leaving the asset in place where we can exploit ourselves since we know it is there.

    Call it the Vizzini Dilemma.

    How many times will the conspiracy-minded spooks in Moscow go around with the “I know that you know that I know that you know . . .” game before deciding how to respond?

    • emptywheel says:

      The problem with that assumption is 1) the statement used very formal spook speak; the phrasing here is not an accident 2) one problem with the argument — that this is Russia bc Russia has done the same before is a) the attribution for some but not all of those underlying cases is not solid and b) there are some different aspects of this case that no one really wants to delve into.

      • Peterr says:

        Re 1) . . . Of course the statement used very formal spook speak. To make a Vizzini Dilemma trap work, it has to be baited with formal spook speak, so that the Russian spooks go round and round wondering exactly how far to trust what was said.

        Re 2) . . . I got nothing.

      • earlofhuntingdon says:

        The US argument is that because actor A did X before, and we have X again now, then its cause must be A.  It’s not an argument that would earn a passing grade in logic.  EW drives an SUV; she once had a speeding ticket.  The SUV in front of me is now speeding.  Its driver must be EW.  The universe of other actors guilty of the same behavior is ignored.  That’s a dangerous assumption if one wants to reach a correct answer by using a reliable method, an answer that will determine further state action that may lead to violence.

        The US may have other reasons it believes Russia to be a bad actor here.  It may simply have other reasons to want to accuse Russia of bad acts.  But the argument used here does not support its case.  It more readily supports a case of bad faith on the part of the Us.

        • Peterr says:

          “The US may have other reasons it believes Russia to be a bad actor here.”

          Yes. They laid out some of why they believe this, but obviously not all of it. Whether that’s to hide that they have bad logic here, or because they want to shield what they know and how they came to know it, remains an open question.

          As Marcy notes above under assertion #4, “More importantly, the IC appears to have nothing from collection on Russia they’re willing to share to claim that this hacking is part of Putin’s mastermind plot.” It’s the “they’re willing to share” part that I think is important here. If they had nothing to bolster the claim, I don’t think they’d make the claim in public like this. See “Powell, Colin, UN speech about weapons of mass destruction in Iraq by.” If they had nothing, I suspect there’d be a lot more wiggle room — “we suspect . . . we have reason to believe . . . signs point toward . . .” in their allegations.

          Whatever the US knows (or thinks it knows), they believe that naming Russia as the instigator is enough of a statement at this point. They may or may not be able to firmly prove that inside the US intelligence community, and may or may not be willing to put that proof out in public.

          Which brings me to Marcy’s closing statement about timing. I think this is spot on, and that with the deterioration of talks over Syria, this was a way of pushing back on Russia more generally, and not specifically about this or that hack.

  4. wayoutwest says:

    It’s amazing that anyone would have any ‘confidence’ in the Newspeak generated by our Department of Homeland Propaganda.  One of these statements began with ‘we believe the Russians are responsible’ which begs the reader to join in this almost religious belief in the government as a reliable source of information while no facts or evidence was offered to turn the weak belief into actual knowledge. Any questioning of this subterfuge leads to the immediate paternalistic belief that the USG knows best what to tell the rubes and what must be withheld for their or sources protection.

    I have to admire how they spun a hack and release of documents into a ‘compromise of emails’ which turns apparently valid documents into questionable and possibly altered tainted more easily dismissed information.  This along with the media mostly ignoring the content of these emails and a near universal fixation by the pundit class on the diversionary Russian factor is the real interference in our election, suppressing damning information about HRC’s private positions  and denying voters the information needed to make an informed choice.

  5. lefty665 says:

    “it may have everything to do with escalation of other conflicts”  Bingo, it is another piece of the escalation of US neocon warmongering. We have been on an aggressive overt and covert rampage for years, but especially since 2001.  The pitch is reaching a crescendo, apparently in preparation for a Hillary administration.

    Very nice deconstruction of the IC statement. It’s the kind of analysis that keeps me coming back.

  6. bloopie2 says:

    Speaking of brick and mortar.  Some well-known, old-time tools of the trade on a battlefield (an actual physical conflict place) include disruption of communications (jamming), impersonation of data, etc.  I assume this is getting more important with the increasing reliance, by ground troops aircraft and ships, on satellite communication and computer data.  Is it safe to assume that the US military is doing a better job on hardening its comms than other government agencies, such as OPM?  I assume that all players are working on ways to actively hack their opponents’ comms; would a demonstration of such skill be an extraordinary step up from piddly-ass election tinkering?  (I assume we would never admit being hacked thusly.)

      • bloopie2 says:

        I hope that Odysseus is not one of the stars who are training them (sorry, you left yourself open for that one, grammatically); he was actually pretty good at getting lost–or, at least, distracted.  Still, some wonderful adventures there, and a spouse who stayed faithful for twenty years of his absence; not bad these days, eh?  Our Presidential gentlemen could take heed.

  7. Evangelista says:

    Your first difficulty, Marcy, (and that of the “spook-speakers”‘ who released a half-ass accusation in cutsie language) is here, where you begin:

    “The statement starts with a comment that is spook speak for “we’ve proven this.”
    “”The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations.”
    “Mind you, this is the bit the IC has been confident of all along: they found hackers at the DNC and the hackers have all the attributes of two different Russian hacking groups.”

    The difficulty is that in the case you cite, the “spook-speak” cannot mean anything is proven. It cannot assign real or real world, connection between what are noted as “attributes of two different Russian hacking groups” and “the Russian Government”.

    Without that essential-to-the-validity-of-the-accusation connection, the spook-speakers are just blowing “spook-smoke”, and any credibility their “spook-speak” may have previously had.

    This does not discredit your analysis, it makes your analysis analysis of spook hyperbolé, instead of anything credibly real (except a potential real propaganda bleat).

    Spook-speak evasions based on “we don’t want to compromise our sources” foundation are traditional faux-info qualification, and the most hoary standby in the propaganda biz.

    The accusation, in this case, is made all the more fundamentally suspect by the logical questions, why the Russian government would want to do what is accused, if it would be that stupid if it did, if it would have to, itself, officially, if it did, and the more fundamental, how many others would be, or have been, more likely, and had more, and more logical, reason, or “reason” to want to (like the Bernie Sanders Campaign)?

    Adding skepticism to deepen the quagmire of distrust the spook-speak has to navigate, is the original over-haste of the initial accusation, and the original “The Russians!” accusation having been by persons with no but prejudice-based supposition from hearsay to ground any kind of attribution.

    All of this biases the base accusation deeply to bullshit and makes any kind of spook-speak couched assertion automatically insufficient. The need is for real evidence weight, which no spook-speak can provide in this case at this point.

  8. witters says:

    It is simply untrue that the US in Yemen is the same as Russia in Syria. You must know this. Being american clearly makes it very hard to think straight or consistently. The question is how hard you are trying.

Comments are closed.