Last Fall’s Efforts against Russia: Influence versus Tamper

NYT has a story — citing “former government officials” and eventually citing Harry Reid — that’s attracting a lot of attention. It explains the CIA had evidence in August that Russia was affirmatively trying to elect Trump, rather than just hurt Hillary.

In an Aug. 25 briefing for Harry Reid, then the top Democrat in the Senate, Mr. Brennan indicated that Russia’s hackings appeared aimed at helping Mr. Trump win the November election, according to two former officials with knowledge of the briefing.

The officials said Mr. Brennan also indicated that unnamed advisers to Mr. Trump might be working with the Russians to interfere in the election. The F.B.I. and two congressional committees are now investigating that claim, focusing on possible communications and financial dealings between Russian affiliates and a handful of former advisers to Mr. Trump. So far, no proof of collusion has emerged publicly.

[snip]

In the August briefing for Mr. Reid, the two former officials said, Mr. Brennan indicated that the C.I.A., focused on foreign intelligence, was limited in its legal ability to investigate possible connections to Mr. Trump. The officials said Mr. Brennan told Mr. Reid that the F.B.I., in charge of domestic intelligence, would have to lead the way.

Given Jim Comey’s description of the FBI assessment Russia wanted to elect Trump — which he described as an “enemy of my enemy” approach, rooting against the Pats at all times because he’s a Giants fan — and given the NSA’s continued moderate confidence in this claim, I don’t make too much of the CIA claim. Furthermore, given Roger Stone’s public exchanges with Guccifer 2 in the weeks leading up to this briefing (and CIA’s purported prohibition on involvement in domestic affairs), I also don’t put too much stock in CIA’s evidence of Russian coordination. In precisely this period, after all, Brennan continued to publicly brief that Putin was out of his depth, which seemed then and seems even more now to underestimate Putin’s ability to play the United States.

The line about Brennan saying FBI would have to investigate the ties between Trump and Putin also reminds me of the recent complaint, laundered through BBC’s Paul Wood, that FBI is fucking up the investigation and CIA should take the lead.

The rest of the article includes partisan details that have attracted a lot of attention but that — in light of this Lisa Monaco interview — seem to miss some distinction. The NYT describes a conflict between a bipartisan statement about the integrity of the election and a more assertive statement implicating Russia with influencing the outcome of the election.

In the briefings, the C.I.A. said there was intelligence indicating not only that the Russians were trying to get Mr. Trump elected but that they had gained computer access to multiple state and local election boards in the United States since 2014, officials said.

Although the breached systems were not involved in actual vote-tallying operations, Obama administration officials proposed that the eight senior lawmakers write a letter to state election officials warning them of the possible threat posed by Russian hacking, officials said.

But Senator Mitch McConnell of Kentucky, the Republican majority leader, resisted, questioning the underpinnings of the intelligence, according to officials with knowledge of the discussions. Mr. McConnell ultimately agreed to a softer version of the letter, which did not mention the Russians but warned of unnamed “malefactors” who might seek to disrupt the elections through online intrusion. The letter, dated Sept. 28, was signed by Mr. McConnell, Mr. Reid, Speaker Paul D. Ryan and Representative Nancy Pelosi, the ranking Democrat.

On Sept. 22, two other members of the Gang of Eight — Senator Dianne Feinstein and Representative Adam B. Schiff, both of California and the ranking Democrats on the Senate and House intelligence committees — released their own statement about the Russian interference that did not mention Mr. Trump or his campaign by name.

Here’s the full statement from Feinstein and Schiff:

Based on briefings we have received, we have concluded that the Russian intelligence agencies are making a serious and concerted effort to influence the U.S. election.

At the least, this effort is intended to sow doubt about the security of our election and may well be intended to influence the outcomes of the election—we can see no other rationale for the behavior of the Russians.

We believe that orders for the Russian intelligence agencies to conduct such actions could come only from very senior levels of the Russian government.

We call on President Putin to immediately order a halt to this activity. Americans will not stand for any foreign government trying to influence our election. We hope all Americans will stand together and reject the Russian effort.

Note the difference in emphasis: the letter from Congressional leaders emphasizes voting apparatus. Also note (and I suspect this is far more important than any report has yet made out) the letter Mitch McConnell was willing to sign states clearly that voting systems are not being designated critical infrastructure (which Jeh Johnson tried to do in early January, to much resistance from the states).

We urge the states to take full advantage of the robust public and private sector resources available to them to ensure that their network is secure from attack. In addition, the Department of Homeland Security stands ready to provide cybersecurity assistance to those states that choose to request it. Such assistance does not entail federal regulation or binding federal directives of any kind, and we would oppose any effort by the federal government to exercise any degree of control over the states’ administration of elections by designating these systems as critical infrastructure.

In other words, the Democrats wanted this to be about Russian influence, whereas the government was primarily worried about Russia affecting the outcome of the election at the polls.

Here’s how Monaco described the effort, which she describes as largely successful.

[M]y own view on that is we did not want to do anything to do the Russians’ work for them by engaging in partisan discussion about this, which is why we were so intent upon getting bipartisan support, and ultimately, we did so from the House and Senate leadership, in trying to get the state and local governments to work with us to shore up their cybersecurity.

We made a specific effort to go to Congress, to say we want bipartisan support for state governments to take us up on our offer to shore up their cybersecurity in their election systems, because there was a tremendous amount of resistance. This is an election year, I think there was a view that we—if we came to state and municipal governments and said, “We want to help you shore up your cybersecurity for your election system,” they viewed it as a big federal takeover.

We really needed bipartisan support for the efforts we were making, largely out of the Department of Homeland Security. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it. Ultimately, that turned out to be a smart way of doing business, and we ended up having 48 of 50 states take us up on our offer, but we needed bipartisan support to do it.

For Monaco, the effort was entirely about convincing states to accept help from DHS to ensure the machines counting the vote would not be compromised in a way that would affect the vote, not about the theft of emails from the DNC.

Incidentally, one of the two states that refused DHS help was Georgia, which of course is conducting an election to replace Tom Price as we speak, and which accused DHS of trying to hack its systems in the weeks after the election.

Two more comments on this. First, Mitch McConnell appears to have been in the right on this. Public discussion of the probes at the time noted that such hacks had happened in the past and generally sought credentials, not voting information. DHS released a warning on the polling probes on September 20, a week before the Leaders’ statement was released, and it still discussed the probes in terms of stealing PII.

(U//FOUO) DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.

(U//FOUO) We judge cybercriminals and criminal hackers are likely to continue to target personally identifiable information (PII), such as that available in voter registration databases. We have no indication, however, that criminals are planning theft of voter information to disrupt or alter US computer-enabled election infrastructure.

And the October 7 joint DHS/ODNI statement –released after the Leaders’ statement — still stopped short of blaming Russia for those probes.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In other words, McConnell’s resistance to blaming Russia in that September 28 letter was completely consistent with the public intelligence at the time.

Finally, now how the role of Richard Burr and Devin Nunes always gets glossed over in these descriptions? I get that people want to blame Mitch for refusing to take a tougher line. But what were Trump’s campaign surrogates doing at the time?

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

16 replies
  1. jerryy says:

    From the article:

    Unknown to Mr. Reid, the F.B.I. had already opened a counterintelligence inquiry a month before, in late July, to examine possible links between Russia and people tied to the Trump campaign. But its existence was kept secret even from members of Congress.

    So why no Congressional hearings excoriating the agency? Nary a hand slap for not even casually mentioning ‘oh, by the way, we are checking into the possibility there might be something going on here’?

    Also, in listening to today reports of the air strike on Syria by that war mongering President Hilary Clinton, who it was foretold would drag us into a war in Syria if she was elected, oops, strike that, by President Trump, many sources are coming forward to say that 1.) 59 missiles were used in the attack. 2.) The Russians and Syrians were warned beforehand, far enough in advance that equipment and people were evacuated. 3) There were some casualties and some buildings and a few aircraft are destroyed. it does not seem like a stretch to conclude that the equipment that was destroyed was left behind because it was of little value — already broken aircraft that cost too much to fix anyway, and possibly the casualties were prisoners. Do we somehow have a lot of extra missiles with a use-by-date set to expire lying around, that that many had to be used?

    • lefty665 says:

      “Do we somehow have a lot of extra missiles with a use-by-date set to expire lying around, that that many had to be used?”

      We can’t resupply with the newest, latest and greatest models while the old ones are still cluttering up the magazines. Starting with the first gulf war our military has periodically “used up” old cruise missile stocks to clear the way for new.

      • jerryy says:

        Now there are reports that Raytheon’s stock shares value jumped tremendously after the news about the attack were made public. Raytheon makes those kinds of missile. President Trump owns stock in Raytheon.

  2. PeasantParty says:

    Whatever war game they are playing has just taken a dive to the SERIOUS section on the board.  Last night Putin rescinded the Russia Safe Skies agreement.  People have been saying this rush to war resembles the Iraq war beginnings.  So now anything that flies over Syria is on Russia’s radar to shoot at, and just like before Iraq the NYTimes is at it again with Judith Miller’s old side kick penning another frightful article for the masses to fall over:

     

    https://consortiumnews.com/2017/04/05/another-dangerous-rush-to-judgment-in-syria/

     

  3. klynn says:

    OT but maybe not…I’m confused by some “in print” details from the last few days…the 59 count Tomahawk air strike was suppose to be a surprise but only 6 were killed because most of the personnel and equipment were evacuated and a Russian drone just happened to be flying around to capture the bombing? Who gave the advanced warning to evacuate? Add in that I read the investigation into the use of chemical weapons has haulted…Amazing what a distraction from the Russia investigation the moment created. Another shiney object? Some things do not add up.

  4. RickR says:

    @klynn
    I think a lot of us are on the same page.
    To push the thinking further upstream: Why would al-Assad use chemical weapons at this particular moment? We might call him an arrogant, egotistical, inhuman ass but we don’t call him stupid. The military value, even the psychological impact, hardly seems worth the international hate and discontent. And without Russian approval? Hardly.
    Add the Bannon “demotion”, Nunes recusal, Kushner to Iraq, Gorsuch filibuster/nuclear option debacle, etc., etc., and we’ve got what appears to be a choreographed media overload intended to kick the Russia/election investigation down the road while creating a faux conflict with Russia.
    All of which has many of us convinced that the Russia/election “cooperation” was very, very real.

    • SpaceLifeForm says:

      You do not bomb the runways if you are planning on taking over the site for future ops.

      • SpaceLifeForm says:

        Apparently, his president in tweet and I do not agree:

        2h
        Donald J. Trump‏ @realDonaldTrump
        The reason you don’t generally hit runways is that they are easy and inexpensive to quickly fix (fill in and top)!

        [Well, sure. Especially if you have stock In those companies that will do the repairs! He is clueless, runway not usable during repair]

  5. SpaceLifeForm says:

    TheShadowBrokers dump anyway (sans money).

    https://motherboard.vice.com/en_us/article/theyre-back-the-shadow-brokers-release-more-alleged-exploits

    On Saturday, The Shadow Brokers, a hacker or group of hackers that has previously dumped NSA hacking tools, released more alleged exploits. The group published a password for an encrypted cache of files they distributed last year.

     

    The Shadow Brokers’ posts have clearly become more political since the group first emerged. This time, they pointed specifically to President Trump.

    [ES confirms dump is legit, but not complete]

    https://mobile.twitter.com/Snowden/

    much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it’s a scandal.

    [Or, moles.  Spy vs Spy]

    They’ve written several statements, all like this. They’re either foreign, or pretending to be in order to frustrate authorship analysis.

    [See CIA]

     

     

     

     

     

     

     

    • SpaceLifeForm says:

      http://www.newsweek.com/privacy-experts-cia-americans-open-cyber-attacks-580659

      The government enacted the Vulnerabilities Equities Process to reduce the unnecessary stockpiling of exploits. The procedure was meant to provide guidelines for agencies like the C.I.A. for notifying companies when dangerous issues are discovered in their devices. The measure was put in place during the Obama administration to prevent cyber attacks from terrorist networks and foreign governments, including Russia and China. But the C.I.A. completely ignored the Vulnerabilities Equity Process, instead exploring ways to use exploits for their own purposes, according to the Electronic Frontier Foundation, an international nonprofit digital rights group that reviewed a copy of the practice after filing a Freedom of Information Act request.

      “It appears the CIA didn’t even use the [Vulnerabilities Equity Process],” said Cindy Cohn, executive director of the Electronic Frontier Foundation. “That’s worrisome, because we know these agencies overvalue their offensive capabilities and undervalue the risk to the rest of us.”

      [Or maybe because CIA operates under False Flag all of the time?]

  6. SpaceLifeForm says:

    OT: Security theatre and why you can not trust the internet.

    https://sockpuppet.org/blog/2015/01/15/against-dnssec/

    A casual look at the last 20 years of security history backs this up: effective security is almost invariably application-level and receives no real support from the network itself.

    There’s a simple reason for this: security is about policy, and policy is about choices. DNSSEC tries to make a single set of choices for the entire Internet. We all know what to expect: a frankensystem that decisively solves no problems while imposing painful tradeoffs and concessions on everyone. How could US government IT not love it?

    [s:/US government IT/ US government TLA/
    It is all ‘broken by design’. RSA is dead.
    If you are using TLS with RSA, consider yourself pwned. All the primes are known, and with larger keys, there are less primes. It is security theatre if you believe that using a larger RSA keysize such as 2048 or 4096 makes you more secure. All TLS must go ECC]

  7. SpaceLifeForm says:

    As I expected, even if a dump of hacking tools is ‘old’, there will be signatures that will be exposed, even if the code trys to obfuscate it’s original origin.

    https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7

    Spying tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec calls Longhorn. Symantec has been protecting its customers from Longhorn’s tools for the past three years and has continued to track the group in order to learn more about its tools, tactics, and procedures.

    The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.

    [There are folks on net trying to spin the Vault7 leak as if it did not come from CIA.
    My question: Did CIA hack NSA and do the ShadowBrokers dump, and then NSA hacked back the CIA to do the Vault7 dump? Would not surprise me. Spy vs Spy]

  8. harpie says:

    Marcy,

    o/t Thanks for Retweeting this thread:

    Patrick BlanchfieldVerified account @PatBlanchfield 

     RE United but also much more: our nation’s airports, transit systems = petri dish for cultivating compliance, indifference to state violence

     

Comments are closed.