Russian Hack-Related Excerpts from President Obama’s Press Conference

Just to have all this in one place, I’ve pulled all the comments from President Obama’s December 16 press conference.


Josh Lederman, of AP.

Q Thank you, Mr. President. There’s a perception that you’re letting President Putin get away with interfering in the U.S. election, and that a response that nobody knows about or a lookback review just won’t cut it. Are you prepared to call out President Putin by name for ordering this hacking? And do you agree with what Hillary Clinton now says, that the hacking was actually partly responsible for her loss? And is your administration’s open quarreling with Trump and his team on this issue tarnishing the smooth transition of power that you have promised?

THE PRESIDENT: Well, first of all, with respect to the transition, I think they would be the first to acknowledge that we have done everything we can to make sure that they are successful as I promised. And that will continue. And it’s just been a few days since I last talked to the President-elect about a whole range of transition issues. That cooperation is going to continue.

There hasn’t been a lot of squabbling. What we’ve simply said is the facts, which are that, based on uniform intelligence assessments, the Russians were responsible for hacking the DNC, and that, as a consequence, it is important for us to review all elements of that and make sure that we are preventing that kind of interference through cyberattacks in the future.

That should be a bipartisan issue; that shouldn’t be a partisan issue. And my hope is that the President-elect is going to similarly be concerned with making sure that we don’t have potential foreign influence in our election process. I don’t think any American wants that. And that shouldn’t be a source of an argument.

I think that part of the challenge is that it gets caught up in the carryover from election season. And I think it is very important for us to distinguish between the politics of the election and the need for us, as a country, both from a national security perspective but also in terms of the integrity of our election system and our democracy, to make sure that we don’t create a political football here.

Now, with respect to how this thing unfolded last year, let’s just go through the facts pretty quickly. At the beginning of the summer, we’re alerted to the possibility that the DNC has been hacked, and I immediately order law enforcement as well as our intelligence teams to find out everything about it, investigate it thoroughly, to brief the potential victims of this hacking, to brief on a bipartisan basis the leaders of both the House and the Senate and the relevant intelligence committees. And once we had clarity and certainty around what, in fact, had happened, we publicly announced that, in fact, Russia had hacked into the DNC.

And at that time, we did not attribute motives or any interpretations of why they had done so. We didn’t discuss what the effects of it might be. We simply let people know — the public know, just as we had let members of Congress know — that this had happened.

And as a consequence, all of you wrote a lot of stories about both what had happened, and then you interpreted why that might have happened and what effect it was going to have on the election outcomes. We did not. And the reason we did not was because in this hyper-partisan atmosphere, at a time when my primary concern was making sure that the integrity of the election process was not in any way damaged, at a time when anything that was said by me or anybody in the White House would immediately be seen through a partisan lens, I wanted to make sure that everybody understood we were playing this thing straight — that we weren’t trying to advantage one side or another, but what we were trying to do was let people know that this had taken place, and so if you started seeing effects on the election, if you were trying to measure why this was happening and how you should consume the information that was being leaked, that you might want to take this into account.

And that’s exactly how we should have handled it. Imagine if we had done the opposite. It would have become immediately just one more political scrum. And part of the goal here was to make sure that we did not do the work of the leakers for them by raising more and more questions about the integrity of the election right before the election was taking place — at a time, by the way, when the President-elect himself was raising questions about the integrity of the election.

And, finally, I think it’s worth pointing out that the information was already out. It was in the hands of WikiLeaks, so that was going to come out no matter what. What I was concerned about, in particular, was making sure that that wasn’t compounded by potential hacking that could hamper vote counting, affect the actual election process itself.

And so in early September, when I saw President Putin in China, I felt that the most effective way to ensure that that didn’t happen was to talk to him directly and tell him to cut it out, and there were going to be some serious consequences if he didn’t. And, in fact, we did not see further tampering of the election process. But the leaks through WikiLeaks had already occurred.

So when I look back in terms of how we handled it, I think we handled it the way it should have been handled. We allowed law enforcement and the intelligence community to do its job without political influence. We briefed all relevant parties involved in terms of what was taking place. When we had a consensus around what had happened, we announced it — not through the White House, not through me, but rather through the intelligence communities that had actually carried out these investigations. And then we allowed you and the American public to make an assessment as to how to weigh that going into the election.

And the truth is, is that there was nobody here who didn’t have some sense of what kind of effect it might have. I’m finding it a little curious that everybody is suddenly acting surprised that this looked like it was disadvantaging Hillary Clinton because you guys wrote about it every day. Every single leak. About every little juicy tidbit of political gossip — including John Podesta’s risotto recipe. This was an obsession that dominated the news coverage.

So I do think it’s worth us reflecting how it is that a presidential election of such importance, of such moment, with so many big issues at stake and such a contrast between the candidates, came to be dominated by a bunch of these leaks. What is it about our political system that made us vulnerable to these kinds of potential manipulations — which, as I’ve said publicly before, were not particularly sophisticated.

This was not some elaborate, complicated espionage scheme. They hacked into some Democratic Party emails that contained pretty routine stuff, some of it embarrassing or uncomfortable, because I suspect that if any of us got our emails hacked into, there might be some things that we wouldn’t want suddenly appearing on the front page of a newspaper or a telecast, even if there wasn’t anything particularly illegal or controversial about it. And then it just took off.

And that concerns me. And it should concern all of us. But the truth of the matter is, is that everybody had the information. It was out there. And we handled it the way we should have.

Now, moving forward, I think there are a couple of issues that this raises. Number one is just the constant challenge that we are going to have with cybersecurity throughout our economy and throughout our society. We are a digitalized culture, and there is hacking going on every single day. There’s not a company, there’s not a major organization, there’s not a financial institution, there’s not a branch of our government where somebody is not going to be phishing for something or trying to penetrate, or put in a virus or malware. And this is why for the last eight years, I’ve been obsessed with how do we continually upgrade our cybersecurity systems.

And this particular concern around Russian hacking is part of a broader set of concerns about how do we deal with cyber issues being used in ways that can affect our infrastructure, affect the stability of our financial systems, and affect the integrity of our institutions, like our election process.

I just received a couple weeks back — it wasn’t widely reported on — a report from our cybersecurity commission that outlines a whole range of strategies to do a better job on this. But it’s difficult, because it’s not all housed — the target of cyberattacks is not one entity but it’s widely dispersed, and a lot of it is private, like the DNC. It’s not a branch of government. We can’t tell people what to do. What we can do is inform them, get best practices.

What we can also do is to, on a bilateral basis, warn other countries against these kinds of attacks. And we’ve done that in the past. So just as I told Russia to stop it, and indicated there will be consequences when they do it, the Chinese have, in the past, engaged in cyberattacks directed at our companies to steal trade secrets and proprietary technology. And I had to have the same conversation with Prime Minister — or with President Xi, and what we’ve seen is some evidence that they have reduced — but not completely eliminated — these activities, partly because they can use cutouts.

One of the problems with the Internet and cyber issues is that there’s not always a return address, and by the time you catch up to it, attributing what happened to a particular government can be difficult, not always provable in court even though our intelligence communities can make an assessment.

What we’ve also tried to do is to start creating some international norms about this to prevent some sort of cyber arms race, because we obviously have offensive capabilities as well as defensive capabilities. And my approach is not a situation in which everybody is worse off because folks are constantly attacking each other back and forth, but putting some guardrails around the behavior of nation-states, including our adversaries, just so that they understand that whatever they do to us we can potentially do to them.

We do have some special challenges, because oftentimes our economy is more digitalized, it is more vulnerable, partly because we’re a wealthier nation and we’re more wired than some of these other countries. And we have a more open society, and engage in less control and censorship over what happens over the Internet, which is also part of what makes us special.

Last point — and the reason I’m going on here is because I know that you guys have a lot of questions about this, and I haven’t addressed all of you directly about it. With respect to response, my principal goal leading up to the election was making sure that the election itself went off without a hitch, that it was not tarnished, and that it did not feed any sense in the public that somehow tampering had taken place with the actual process of voting. And we accomplished that.

That does not mean that we are not going to respond. It simply meant that we had a set of priorities leading up to the election that were of the utmost importance. Our goal continues to be to send a clear message to Russia or others not to do this to us, because we can do stuff to you.

But it is also important for us to do that in a thoughtful, methodical way. Some of it we do publicly. Some of it we will do in a way that they know, but not everybody will. And I know that there have been folks out there who suggest somehow that if we went out there and made big announcements, and thumped our chests about a bunch of stuff, that somehow that would potentially spook the Russians. But keep in mind that we already have enormous numbers of sanctions against the Russians. The relationship between us and Russia has deteriorated, sadly, significantly over the last several years. And so how we approach an appropriate response that increases costs for them for behavior like this in the future, but does not create problems for us, is something that’s worth taking the time to think through and figure out. And that’s exactly what we’ve done.

So at a point in time where we’ve taken certain actions that we can divulge publically, we will do so. There are times where the message will go — will be directly received by the Russians and not publicized. And I should point out, by the way, part of why the Russians have been effective on this is because they don’t go around announcing what they’re doing. It’s not like Putin is going around the world publically saying, look what we did, wasn’t that clever? He denies it. So the idea that somehow public shaming is going to be effective I think doesn’t read the thought process in Russia very well.

Okay?


Q Did Clinton lose because of the hacking?

THE PRESIDENT: I’m going to let all the political pundits in this town have a long discussion about what happened in the election. It was a fascinating election, so I’m sure there are going to be a lot of books written about it.


Peter Alexander.

Q Mr. President, thank you very much. Can you, given all the intelligence that we have now heard, assure the public that this was, once and for all, a free and fair election? And specifically on Russia, do you feel any obligation now, as they’ve been insisting that this isn’t the case, to show the proof, as it were — they say put your money where your mouth is and declassify some of the intelligence, some of the evidence that exists? And more broadly, as it relates to Donald Trump on this very topic, are you concerned about his relationship with Vladimir Putin, especially given some of the recent Cabinet picks, including his selection for Secretary of State, Rex Tillerson, who toasted Putin with champagne over oil deals together? Thank you.

THE PRESIDENT: I may be getting older, because these multipart questions, I start losing track. (Laughter.)

I can assure the public that there was not the kind of tampering with the voting process that was of concern and will continue to be of concern going forward; that the votes that were cast were counted, they were counted appropriately. We have not seen evidence of machines being tampered with. So that assurance I can provide.

That doesn’t mean that we find every single potential probe of every single voting machine all across the country, but we paid a lot of attention to it. We worked with state officials, et cetera, and we feel confident that that didn’t occur and that the votes were cast and they were counted.

So that’s on that point. What was the second one?

Q The second one was about declassification.

THE PRESIDENT: Declassification. Look, we will provide evidence that we can safely provide that does not compromise sources and methods. But I’ll be honest with you, when you’re talking about cybersecurity, a lot of it is classified. And we’re not going to provide it because the way we catch folks is by knowing certain things about them that they may not want us to know, and if we’re going to monitor this stuff effectively going forward, we don’t want them to know that we know.

So this is one of those situations where unless the American people genuinely think that the professionals in the CIA, the FBI, our entire intelligence infrastructure — many of whom, by the way, served in previous administrations and who are Republicans — are less trustworthy than the Russians, then people should pay attention to what our intelligence agencies have to say.

This is part of what I meant when I said that we’ve got to think about what’s happening to our political culture here. The Russians can’t change us or significantly weaken us. They are a smaller country. They are a weaker country. Their economy doesn’t produce anything that anybody wants to buy, except oil and gas and arms. They don’t innovate.

But they can impact us if we lose track of who we are. They can impact us if we abandon our values. Mr. Putin can weaken us, just like he’s trying to weaken Europe, if we start buying into notions that it’s okay to intimidate the press, or lock up dissidents, or discriminate against people because of their faith or what they look like.

And what I worry about more than anything is the degree to which, because of the fierceness of the partisan battle, you start to see certain folks in the Republican Party and Republican voters suddenly finding a government and individuals who stand contrary to everything that we stand for as being okay because that’s how much we dislike Democrats.

I mean, think about it. Some of the people who historically have been very critical of me for engaging with the Russians and having conversations with them also endorsed the President-elect, even as he was saying that we should stop sanctioning Russia and being tough on them, and work together with them against our common enemies. He was very complimentary of Mr. Putin personally.

That wasn’t news. The President-elect during the campaign said so. And some folks who had made a career out of being anti-Russian didn’t say anything about it. And then after the election, suddenly they’re asking, well, why didn’t you tell us that maybe the Russians were trying to help our candidate? Well, come on. There was a survey, some of you saw, where — now, this is just one poll, but a pretty credible source — 37 percent of Republican voters approve of Putin. Over a third of Republican voters approve of Vladimir Putin, the former head of the KGB. Ronald Reagan would roll over in his grave.

And how did that happen? It happened in part because, for too long, everything that happens in this town, everything that’s said is seen through the lens of “does this help or hurt us relative to Democrats, or relative to President Obama?” And unless that changes, we’re going to continue to be vulnerable to foreign influence, because we’ve lost track of what it is that we’re about and what we stand for.


Martha Raddatz.

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

What was your second question?

Q Do the tweets and do the statements by Donald Trump embolden Russia?

THE PRESIDENT: As I said before, I think that the President-elect is still in transition mode from campaign to governance. I think he hasn’t gotten his whole team together yet. He still has campaign spokespersons sort of filling in and appearing on cable shows. And there’s just a whole different attitude and vibe when you’re not in power as when you’re in power.

So rather than me sort of characterize the appropriateness or inappropriateness of what he’s doing at the moment, I think what we have to see is how will the President-elect operate, and how will his team operate, when they’ve been fully briefed on all these issues, they have their hands on all the levers of government, and they’ve got to start making decisions.

One way I do believe that the President-elect can approach this that would be unifying is to say that we welcome a bipartisan, independent process that gives the American people an assurance not only that votes are counted properly, that the elections are fair and free, but that we have learned lessons about how Internet propaganda from foreign countries can be released into the political bloodstream and that we’ve got strategies to deal with it for the future.

The more this can be nonpartisan, the better served the American people are going to be, which is why I made the point earlier — and I’m going to keep on repeating this point: Our vulnerability to Russia or any other foreign power is directly related to how divided, partisan, dysfunctional our political process is. That’s the thing that makes us vulnerable.

If fake news that’s being released by some foreign government is almost identical to reports that are being issued through partisan news venues, then it’s not surprising that that foreign propaganda will have a greater effect, because it doesn’t seem that far-fetched compared to some of the other stuff that folks are hearing from domestic propagandists.

To the extent that our political dialogue is such where everything is under suspicion, everybody is corrupt and everybody is doing things for partisan reasons, and all of our institutions are full of malevolent actors — if that’s the storyline that’s being put out there by whatever party is out of power, then when a foreign government introduces that same argument with facts that are made up, voters who have been listening to that stuff for years, who have been getting that stuff every day from talk radio or other venues, they’re going to believe it.

So if we want to really reduce foreign influence on our elections, then we better think about how to make sure that our political process, our political dialogue is stronger than it’s been.


Isaac Dovere of Politico.

[snip]

Q    Well, what do you say to the electors who are going to meet on Monday and are thinking of changing their votes?  Do you think that they should be given an intelligence briefing about the Russian activity?  Or should they bear in mind everything you’ve said and is out already?  Should they — should votes be bound by the state votes as they’ve gone?  And long term, do you think that there is a need for Electoral College reform that would tie it to the popular vote?

[snip]

So with respect to the electors, I’m not going to wade into that issue because, again, it’s the American people’s job, and now the electors’ job to decide my successor. It is not my job to decide my successor. And I have provided people with a lot of information about what happened during the course of the election. But more importantly, the candidates themselves, I think, talked about their beliefs and their vision for America. The President-elect, I think, has been very explicit about what he cares about and what he believes in. So it’s not in my hands now; it’s up to them.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Just Before Obama Weighs in on the Russian Hack, John Brennan Tells Everyone What He Says Others Said

At 2:20, WaPo published a story basically saying, “Anonymous source says CIA Director Wrote a Letter Claiming FBI Director and Director of National Intelligence Agree with Him,” but you wouldn’t know that from the headline.

At 2:40, President Obama entered the White House briefing room to give his last press conference of the year, which was scheduled to start at 2:15. Everyone anticipated, correctly, the presser would be dominated by questions about Russia’s role in the election.

So:

2:15: scheduled start for the President to comment on Russia’s hacking and what the intelligence says.

2:20: WaPo tells you what an anonymous leaker says CIA’s Director says FBI’s Director and Director of National Intelligence say, which differs somewhat from what Obama says.

2:40: Obama walks to the podium as, presumably, everyone waiting is reading WaPo’s scoop.

Who says only Vladimir Putin is good at information ops?

Mind you, once you get into the body of the article, there’s a significant difference between what WaPo says CIA says today and what its anonymous sources said CIA said a week ago, the last time it stomped on Obama’s efforts to introduce some deliberation into the claims about Russia’s hacks. Last week, WaPo said the CIA view was this:

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

[snip]

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters. [my emphasis]

Goal, singular.

Here’s what the lead says in today’s article.

FBI Director James B. Comey and Director of National Intelligence James R. Clapper Jr. are in agreement with a CIA assessment that Russia intervened in the 2016 election in part to help Donald Trump win the presidency, according to U.S. officials.

With this further elaboration below.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill about two weeks ago in which agency officials cited a growing body of intelligence from multiple sources. Specifically, CIA briefers told the senators it was now “quite clear” that electing Trump was one of Russia’s goals, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

CIA and FBI officials do not think Russia had a “single purpose” by intervening during the presidential campaign. In addition to helping Trump, intelligence officials have told lawmakers that Moscow’s other goal included undermining confidence in the U.S. electoral system. [my emphasis]

WaPo still makes no mention of the most obvious goal, that Russia hacked Hillary to retaliate for real and perceived slights covertly carried out by Hillary and CIA, something that Hillary claimed just before the WaPo story and the Obama presser.

In any case, if you look at CNN’s far more sober version of this, it appears that there is still some difference in emphasis about whether Russia was trying to elect Trump (and Brennan’s statement appears not to lay out what the consensus view is).

The nuance lay in a stronger view by the CIA that the hacking was intended to help elect Trump, and the CIA leans more strongly in that view than the FBI does.

Ah well, in the waning days of a great empire, who cares about deference to the outgoing President?

Update: This exchange between Obama and Martha Raddatz most directly addresses what Obama wants to say about the hack (elsewhere he says there was no evidence Russia hacked any polls).

Q Mr. President, I want to talk about Vladimir Putin again. Just to be clear, do you believe Vladimir Putin himself authorized the hack? And do you believe he authorized that to help Donald Trump? And on the intelligence, one of the things Donald Trump cites is Saddam Hussein and the weapons of mass destruction, and that they were never found. Can you say, unequivocally, that this was not China, that this was not a 400-pound guy sitting on his bed, as Donald Trump says? And do these types of tweets and kinds of statements from Donald Trump embolden the Russians?

THE PRESIDENT: When the report comes out, before I leave office, that will have drawn together all the threads. And so I don’t want to step on their work ahead of time.

What I can tell you is that the intelligence that I have seen gives me great confidence in their assessment that the Russians carried out this hack.

Q Which hack?

THE PRESIDENT: The hack of the DNC and the hack of John Podesta.

Now, the — but again, I think this is exactly why I want the report out, so that everybody can review it. And this has been briefed, and the evidence in closed session has been provided on a bipartisan basis — not just to me, it’s been provided to the leaders of the House and the Senate, and the chairman and ranking members of the relevant committees. And I think that what you’ve already seen is, at least some of the folks who have seen the evidence don’t dispute, I think, the basic assessment that the Russians carried this out.

Q But specifically, can you not say that —

THE PRESIDENT: Well, Martha, I think what I want to make sure of is that I give the intelligence community the chance to gather all the information. But I’d make a larger point, which is, not much happens in Russia without Vladimir Putin. This is a pretty hierarchical operation. Last I checked, there’s not a lot of debate and democratic deliberation, particularly when it comes to policies directed at the United States.

We have said, and I will confirm, that this happened at the highest levels of the Russian government. And I will let you make that determination as to whether there are high-level Russian officials who go off rogue and decide to tamper with the U.S. election process without Vladimir Putin knowing about it.

Q So I wouldn’t be wrong in saying the President thinks Vladimir Putin authorized the hack?

THE PRESIDENT: Martha, I’ve given you what I’m going to give you.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Craig Murray’s Description of WikiLeaks’ Sources

One of the weaknesses of my post on the evidence needed to prove the Russian DNC hack (one I’ll fix when I move it into a page) is that I didn’t include a step where the intelligence community had to dismiss alternative theories. It is not enough to prove that tools associated with Russian intelligence hacked the DNC (whether or not you’re convinced they necessarily are used exclusively by GRU), but you also have to prove that no one else either hacked the known sources of leaked documents or otherwise obtained them. That was particularly important given early reports that FBI wasn’t sure that the documents stolen by hackers presumed to be GRU were the same documents dealt to WikiLeaks.

One alternative theory I know some researchers tested, for example, is whether hackers could have gotten into the accounts of DNC staffers by testing passwords made available by past hacks (of LinkedIn and MySpace, in particular) for reuse. For a while, that definitely seemed like a plausible alternative theory, but ultimately I don’t think it could explain the known evidence.

The most important alternative theory, however, comes from Julian Assange, who has been first intimating and more recently asserting directly that Russians were not his source (even while showing immediate concern that Obama’s hacking review targeted Wikileaks directly). Former UK Ambassador to Uzbekistan Craig Murray has also made such a claim, first in a series of posts on his blog, and at more length in an interview with Scott Horton.

Murray’s interview is well worth the listen, as he has nowhere near the same personal stakes in this story as Assange and — as he makes clear in the interview — because he seems to have had a role in handing over the second batch of emails. Ultimately, his description is unconvincing. But it is an important indication of what he claims to believe (which must reflect what Assange has told him, whether Assange believes it or not). Importantly, Murray admits that “It’s perfectly possible that WikiLeaks themselves don’t know what is going on,” which admits one possibility I’ve always suspected: that whoever dealt the documents did so in a way that credibly obscured their source.

Murray explained that the two sets of documents handed over to Wikileaks came via two different American sources, both of whom had legal access to them.

He describes a lot more about the Podesta emails, of which he said he had “first hand knowledge,” because of something he did or learned on a trip to DC in September. In this interview, he says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary. That means the intermediary may have made false claims about the provenance.

And even the claims about the provenance don’t make sense. Murray claimed the documents came from someone in the national security establishment, and implied they had come from legal monitoring of John Podesta because he (meaning John) is a lobbyist for Saudi Arabia.

Again, the key point to remember, in answering that question, is that the DNC leak and the Podesta leak are two different things and the answer is very probably not going to be the same in both cases. I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As a threshold matter, no national security agency is going to monitor an American registered to work as an agent for the Saudis. That’s all the more true if the agent has the last name Podesta.

But that brings us to another problem. John Podesta isn’t the lobbyist here. His brother Tony is. So even assuming the FBI was collecting all the emails of registered agent for the Saudis, Tony Podesta, even assuming someone in national security wanted to blow that collection by revealing it via Wikileaks, they would pick up just a tiny fraction of John Podesta’s emails. So this doesn’t explain the source of the emails at all.

But if we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

Horton and Murray go on to discuss how WikiLeaks got the first batch of emails, the ones from DNC. That’s specifically the context where Murray talks about the possibility Assange doesn’t actually know. Though he suggests the leaker is a DNC insider angry about Bernie Sanders’ treatment.

There’s a section on the murdered DNC staffer, which I’m not going to focus on because I find it distasteful. But Murray explains that Assange offered a reward pertaining to his murder because he thought the staffer might be mistaken for the real source, but was not the real source. Which suggests Assange implied to Murray that the documents were directly leaked by someone in a similar position. Again, someone who could pose as a DNC staffer.

Here, Murray states clearly that “Guccifer is not the source for WikiLeaks.” He explains that claim based primarily off the assumption that the Russians would never employ such as buffoon as Guccifer, not direct knowledge. Remember Guccifer stated publicly he had given the documents to WikiLeaks, with no rebuttal from Assange I know of.

In other words, that doesn’t seem to make sense either. And with Assange you are by necessity dealing with documents passed through at least one and in the Podesta email case, perhaps two or more intermediaries. So even assuming the best effort to vet people on Assange’s side, he does have limited resources to do so himself.

One more comment. Murray ends with a description of the reception of the emails that doesn’t make sense at all. He suggests the “mainstream media” ignored concerns about the Clinton foundation (he doesn’t even mention that this coverage might come from the legally FOIAed emails). He says they ignored other details, such as that Donna Brazile gave Hillary a debate question and that the DNC conspired against Bernie. He claims members of the media “colluded” with the Hillary campaign.

I know some people believe these topics should have gotten more attention. Even if you believe these things, though, believing the traditional media didn’t cover them requires a blind spot about the massive Trump corruption they might have been covering instead.

All that neither proves or disproves that Murray believes he got documents from someone in the national security establishment that were legally obtained. It just might explain why he’d believe something that, in this case, makes no sense.

Update: Now Assange is saying his source wasn’t Guccifer. He also snipes about Murray’s comments.

“Craig Murray is not authorized to talk on behalf of WikiLeaks,” Assange said sternly.

 

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The NYT’s Legitimate Email Detail

The NYT has a long story describing the hack of the Democrats in the most favorable light to the party, one that blames “socialist” Bernie Sanders for the months-long delay before the DNC tech person responded to FBI warnings about being hacked, one that makes no mention of the widely reported detail that Democrats were happy to have an excuse to fire Debbie Wasserman Schultz.

Given that it puts things in a light so favorable to the Democrats, I wanted to look more closely at this passage, which has gotten a lot of attention.

Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta, chairman of the Clinton campaign. Given how many emails Mr. Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.

“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. “John needs to change his password immediately.”

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.

It points to a detail that has always struck me about the stories about the hack of John Podesta. They note — as I did — that we can look at the email reportedly used to hack Podesta. Here’s the entirety of what Delavan sent to a woman named Sara Latham, who forwarded it to a woman named Milia Fisher:

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.

If you or he has any questions, please reach out to me at [phone].

It may be that he mistyped legitimate for illegitimate. But he also said that Podesta should change his email password and added two-factor authentication. Perhaps the mistake was in forwarding the email with the link, rather than just responding by saying Podesta was being phished.

The part that has always puzzled me about this email — and the likely reason why he’s now telling a story that doesn’t entirely make sense — is that he also did the safe thing. He provided the real GMail address at which staffers could have changed the password and added 2FA. Had those staffers used that link, they could have avoided a whole lot of trouble and made any subsequent hack less likely.

I even, at one point, doubted whether this really could have been the email used to hack Podesta, because it shouldn’t have worked, given that he took the right steps (though the timing of the emails does correlate with the dates of what got released).

What is more likely to have happened is that one of the women used the bad URL to change the password (which would have appeared all shiny in the original), rather than the correct URL that Delavan provided. That is, it may be that Delavan is covering for one of the women.

Update; I realized after posting how the typo thing might make sense, and changed that part, but there’s still the point that he did the right thing here.

Update: Slate interviewed Delavan, who said the NYT got the phrasing wrong. The story still doesn’t seem to make sense entirely.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Why Is CIA Avoiding the Conclusion that Putin Hacked Hillary to Retaliate for Its Covert Actions?

The most logical explanation for the parade of leaks since Friday about why Russia hacked the Democrats is that the CIA has been avoiding admitting — perhaps even considering — the conclusion that Russia hacked Hillary in retaliation for the covert actions the CIA itself has taken against Russian interests.

Based on WaPo’s big story Friday, I guessed that there was more disagreement about Russia’s hack than its sources — who seemed to be close to Senate Democrats — let on. I was right. Whereas on Friday WaPo reported that it was the consensus view that Russia hacked Hillary to get Trump elected, on Saturday the same journalists reported that CIA and FBI were giving dramatically different briefings to Intelligence Committees.

The question the Republicans and Democrats in attendance wanted answered was whether the bureau concurred with the conclusions the CIA had just shared with senators that Russia “quite” clearly intended to help Republican Donald Trump defeat Democrat Hillary Clinton and clinch the White House.

For the Democrats in the room, the FBI’s response was frustrating — even shocking.

During a similar Senate Intelligence Committee briefing held the previous week, the CIA’s statements, as reflected in the letter the lawmakers now held in their hands, were “direct and bald and unqualified” about Russia’s intentions to help Trump, according to one of the officials who attended the House briefing.

[snip]

“The FBI briefers think in terms of criminal standards — can we prove this in court,” one of the officials said. “The CIA briefers weigh the preponderance of intelligence and then make judgment calls to help policymakers make informed decisions. High confidence for them means ‘we’re pretty damn sure.’ It doesn’t mean they can prove it in court.”

The FBI is not sold on the idea that Russia had a particular aim in its meddling. “There’s no question that [the Russians’] efforts went one way, but it’s not clear that they have a specific goal or mix of related goals,” said one U.S. official.

Subsequent leaks have continued to make it clear there’s a dispute both about what motive Russia had to target Hillary (to destabilize the US? to get Trump elected?) and how much evidence there is (the FBI thinks it is circumstantial, the CIA thinks it a  smoking gun). In addition, there have been unanswered questions about why CIA only briefed that Russia affirmatively supported Hillary this week, when reportedly they have had the evidence that conclusion is based on for months.

Remarkably, only secondary commenters (including me, in point 13 here) have suggested the most obvious explanation: The likelihood that Russia targeted the former Secretary of State for a series of covert actions, all impacting key Russian interests, that at least started while she was Secretary of State. Those are:

  • Misleadingly getting the UN to sanction the Libya intervention based off the claim that it was about protecting civilians as opposed to regime change
  • Generating protests targeting Putin in response to 2011 parliamentary elections
  • Sponsoring “moderate rebels” to defeat Bashar al-Assad
  • Removing Viktor Yanukovych to install a pro-NATO government

Importantly, the first three of these happened on Hillary’s watch, with her active involvement. And Putin blamed Hillary, personally, for the protests in 2011.

Never mind the relative merit of these covert operations. Never mind that Putin has not, yet, released any evidence to support his claim that Hillary (or CIA) supported the 2011 protests targeting him personally; there is no doubt he believes it. During the primary Hillary as much as confirmed that when her diplomats negotiated the UN voted in 2011, they had regime change in mind the whole time. The US has acknowledged its covert operations against Assad in Congressional testimony. And hackers released a call from Victoria Nuland acting like she was in charge of deciding what post-Yanukovych Ukraine would look like.

In other words, whatever the merits and evidence behind these four events, there is no doubt Putin sees them as a threat to Russian interests and blames the US for all of them, with merit in at least some of the cases.

And yet, this most obvious motive has not been leaked to the press, creating the impression that it has never been considered by the people who carried out these covert actions.

To admit this possible motive publicly, of course, would require admitting that the US still tampers in other governments, including some that are elected (even if in elections of dubious fairness). It would also require admitting that our own government got targeted as a response to these covert interventions, which would make concerns about how novel this intervention was a lot less convincing.

Finally, if this motive were the real reason Putin tampered in our election, it might explain why Obama has been reluctant to respond. Perhaps the US believes that Putin has evidence that might prove — or at least create a convincing case that — that the US did intervene to try to weaken him in 2011. And again, the US has already stated on the record they’ve got a covert operation to topple Assad.

Update: I’ll add that DC Leaks, which has always been conflated with Guccifer 2 (which released only Democratic files) and the DNC and Podesta leaks to Wikileaks, started by releasing documents with very clear ties to Ukraine, including a great many targeted at George Soros. If DC Leaks is considered part of the same operation, it is all the more unbelievable that CIA has not considered this explanation.

Update: At an October 18 event, Michael Hayden said (after 20:30) Putin did this because he believes that we do this to him all the time, citing the Rose Revolution, 2011 protests, and Maidan, but not mentioning Libya and Syria. Hayden did claim that the US doesn’t actually do those things (again, not mentioning Libya and Syria), but earlier he said he had done similar things to the actual hack while Director of NSA.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Not-Majority Leader Promises Bipartisan Investigations in Russian Cyberhackery

Chuck Schumer, Lindsey Graham, John McCain, and Jack Reed released a statement this morning, stating (in part),

While protecting classified material, we have an obligation to inform the public about the recent cyberattacks that have cut to the heart of our free society. Democrats and Republicans must work together, and across the jurisdictional lines of Congress, to examine these recent thoroughly and devise comprehensive solutions to deter and defend against further cyberattacks.

If you don’t look too closely, it appears to be a mature promise that the Senate will work in nonpartisan fashion to defend the nation.

But let’s look closely, shall we?

First, note who is on the statement: the rising Minority Leader, the Chair and Ranking Member of the Senate Armed Services Committee, and … some other guy. Lindsey Graham here is just filling in for the guy who should be on the statement if this were really bipartisan, Mitch McConnell. Furthermore, while it’s great the leaders of the SASC agree on this front, they only have partial jurisdiction over NSA, and none over FBI or CIA, the agencies having a public spat over this. Richard Burr, whose committee does have jurisdiction over the CIA and over counterintelligence (and who often avoids doing any oversight by invoking classification), is also conspicuously absent.

In other words, it’s not so much a statement of bipartisanship, as an effort to pressure those who should be on the statement to join in.

It’s also not a statement with enough GOP signers — three is the new magic number, absent Trump convincing Joe Manchin or Heidi Heitkamp to give up their seat for a cabinet post, in which case it will be four — to be able to sway votes in the Senate.

The statement suggests Congress has been working hard to protect cybersecurity. They must be doing so in secret, because the main thing they’ve done recently is pass a law immunizing corporations for sharing information.

Ah well. It’s a start. Schumer is very effective at making bold statements, and if that puts some heat on Mitch McConnell, so be it.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Evidence to Prove the Russian Hack

In this post, I’m going to lay out the evidence needed to fully explain the Russian hack. I think it will help to explain some of the timing around the story that the CIA believes Russia hacked the DNC to help win Trump win the election, as well as what is new in Friday’s story. I will do rolling updates on this and eventually turn it into a set of pages on Russia’s hacking.

As I see it, intelligence on all the following are necessary to substantiate some of the claims about Russia tampering in this year’s election.

  1. FSB-related hackers hacked the DNC
  2. GRU-related hackers hacked the DNC
  3. Russian state actors hacked John Podesta’s emails
  4. Russian state actors hacked related targets, including Colin Powell and some Republican sites
  5. Russian state actors hacked the RNC
  6. Russian state actors released information from DNC and DCCC via Guccifer 2
  7. Russian state actors released information via DC Leaks
  8. Russian state actors or someone acting on its behest passed information to Wikileaks
  9. The motive explaining why Wikileaks released the DNC and Podesta emails
  10. Russian state actors probed voter registration databases
  11. Russian state actors used bots and fake stories to make information more damaging and magnify its effects
  12. The level at which all Russian state actors’ actions were directed and approved
  13. The motive behind the actions of Russian state actors
  14. The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

I explain all of these in more detail below. For what it’s worth, I think there was strong publicly available information to prove 3, 4, 7, 11. I think there is weaker though still substantial information to support 2. It has always been the case that the evidence is weakest at point 6 and 8.

At a minimum, to blame Russia for tampering with the election, you need high degree of confidence that GRU hacked the DNC (item 2), and shared those documents via some means with Wikileaks (item 8). What is new about Friday’s story is that, after months of not knowing how the hacked documents got from Russian hackers to Wikileaks, CIA now appears to know that people close to the Russian government transferred the documents (item 8). In addition, CIA now appears confident that all this happened to help Trump win the presidency (item 13).

1) FSB-related hackers hacked the DNC

The original report from Crowdstrike on the DNC hack actually said two separate Russian-linked entities hacked the DNC: one tied to the FSB, which it calls “Cozy Bear” or APT 29, and one tied to GRU, which it calls “Fancy Bear” or APT 28. Crowdstrike says Cozy Bear was also responsible for hacks of unclassified networks at the White House, State Department, and US Joint Chiefs of Staff.

I’m not going to assess the strength of the FSB evidence here. As I’ll lay out, the necessary hack to attribute to the Russians is the GRU one, because that’s the one believed to be the source of the DNC and Podesta emails. The FSB one is important to keep in mind, as it suggests part of the Russian government may have been hacking US sites solely for intelligence collection, something our own intelligence agencies believe is firmly within acceptable norms of spying. In the months leading up to the 2012 election, for example, CIA and NSA hacked the messaging accounts of a bunch of Enrique Peña Nieto associates, pretty nearly the equivalent of the Podesta hack, though we don’t know what they did with that intelligence. The other reason to keep the FSB hack in mind is because, to the extent FSB hacked other sites, they also may be deemed part of normal spying.

2) GRU-related hackers hacked the DNC

As noted, Crowdstrike reported that GRU also hacked the DNC. As it explains, GRU does this by sending someone something that looks like an email password update, but which instead is a fake site designed to get someone to hand over their password. The reason this claim is strong is because people at the DNC say this happened to them.

Note that there are people who raise questions of whether this method is legitimately tied to GRU and/or that the method couldn’t be stolen and replicated. I will deal with those questions at length elsewhere. But for the purposes of this post, I will accept that this method is a clear sign of GRU involvement. There are also reports that deal with GRU hacking that note high confidence GRU hacked other entities, but less direct evidence they hacked the DNC.

Finally, there is the real possibility that other people hacked the DNC, in addition to FSB and GRU. That possibility is heightened because a DNC staffer was hacked via what may have been another method, and because DNC emails show a lot of password changes off services for which DNC staffers had had their accounts exposed in other hacks.

All of which is a way of saying, there is some confidence that DNC got hacked at least twice, with those two revealed efforts being done by hackers with ties to the Russian state.

3) Russian state actors (GRU) hacked John Podesta’s emails

Again, assuming that the fake Gmail phish is GRU’s handiwork, there is probably the best evidence that GRU hacked John Podesta and therefore that Russia, via some means, supplied Wikileaks, because we have a copy of the actual email used to hack him. The Smoking Gun has an accessible story describing how all this works. So in the case of Podesta, we know he got a malicious phish email, we know that someone clicked the link in the email, and we know that emails from precisely that time period were among the documents shared with Wikileaks. We just have no idea how they got there.

4) Russian state actors hacked related targets, including some other Democratic staffers, Colin Powell and some Republican sites

That same Gmail phish was used with victims — including at a minimum William Rinehart and Colin Powell — that got exposed in a site called DC Leaks. We can have the same high degree of confidence that GRU conducted this hack as we do with Podesta. As I note below, that’s more interesting for what it tells us about motive than anything else.

5) Russian state actors hacked the RNC

The allegation that Russia also hacked the RNC, but didn’t leak those documents — which the CIA seems to rely on in part to argue that Russia must have wanted to elect Trump — has been floating around for some time. I’ll return to what we know of this. RNC spox Sean Spicer is denying it, though so did Hillary’s people at one point deny that they had been hacked.

There are several points about this. First, hackers presumed to be GRU did hack and release emails from Colin Powell and an Republican-related server. The Powell emails (including some that weren’t picked up in the press), in particular, were detrimental to both candidates. The Republican ones were, like a great deal of the Democratic ones, utterly meaningless from a news standpoint.

So I don’t find this argument persuasive in its current form. But the details on it are still sketchy precisely because we don’t know about that hack.

6) Russian state actors released information from DNC and DCCC via Guccifer 2

Some entity going by the name Guccifer 2 started a website in the wake of the announcement that the DNC got hacked. The site is a crucial part of this assessment, both because it released DNC and DCCC documents directly (though sometimes misattributing what it was releasing) and because Guccifer 2 stated clearly that he had shared the DNC documents with Wikileaks. The claim has always been that Guccifer 2 was just a front for Russia — a way for them to adopt plausible deniability about the DNC hack.

That may be the case (and obvious falsehoods in Guccifer’s statements make it clear deception was part of the point), but there was always less conclusive (and sometimes downright contradictory) evidence to support this argument (this post summarizes what it claims are good arguments that Guccifer 2 was a front for Russia; on the most part I disagree and hope to return to it in the future). Moreover, this step has been one that past reporting said the FBI couldn’t confirm. Then there are other oddities about Guccifer’s behavior, such as his “appearance” at a security conference in London, or the way his own production seemed to fizzle as Wikileaks started releasing the Podesta emails. Those details of Guccifer’s behavior are, in my opinion, worth probing for a sense of how all this was orchestrated.

Yesterday’s story seems to suggest that the spooks have finally figured out this step, though we don’t have any idea what it entails.

7) Russian state actors released information via DC Leaks

Well before many people realized that DC Leaks existed, I suspected that it was a Russian operation. That’s because two of its main targets — SACEUR Philip Breedlove and George Soros — are targets Russia would obviously hit to retaliate for what it treats as a US-backed coup in Ukraine.

DC Leaks is also where the publicly released (and boring) GOP emails got released.

Perhaps most importantly, that’s where the Colin Powell emails got released (this post covers some of those stories). That’s significant because Powell’s emails were derogatory towards both candidates (though he ultimately endorsed Hillary).

It’s interesting for its haphazard targeting (if someone wants to pay me $$ I would do an assessment of all that’s there, because some just don’t make any clear sense from a Russian perspective, and some of the people most actively discussing the Russian hacks have clearly not even read all of it), but also because a number of the victims have been affirmatively tied to the GRU phishing methods.

So DC Leaks is where you get obvious Russian targets and Russian methods all packaged together. But of the documents it released, the Powell emails were the most interesting for electoral purposes, and they didn’t target Hillary as asymmetrically as the Wikileaks released documents did.

8) Russian state actors or someone acting on its behest passed information to Wikileaks

The basis for arguing that all these hacks were meant to affect the election is that they were released via Wikileaks. That is what was supposed to be new, beyond just spying (though we have almost certainly hacked documents and leaked them, most probably in the Syria Leaks case, but I suspect also in some others).

And as noted, how Wikileaks got two separate sets of emails has always been the big question. With the DNC emails, Guccifer 2 clearly said he had given them to WL, but the Guccifer 2 ties to Russia was relatively weak. And with the Podesta emails, I’m not aware of any known interim step between the GRU hack and Wikileaks.

A late July report said the FBI was still trying to determine how Russia got the emails to Wikileaks or even if they were the same emails.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

An even earlier report suggested that the IC wasn’t certain the files had been passed electronically.

And the joint DHS/ODNI statement largely attributed its confidence that Russia was involved in the the leaking (lumping Guccifer 2, DC Leaks, and Wikileaks all together) not because it had high confidence in that per se (a term of art saying, effectively, “we have seen the evidence”), but instead because leaking such files is consistent with what Russia has done elsewhere.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Importantly, that statement came out on October 7, so well after the September briefing at which CIA claimed to have further proof of all this.

Now, Julian Assange has repeatedly denied that Russia was his source. Craig Murray asserted, after having meeting with Assange, that the source is not the Russian state or a proxy. Wikileaks’ tweet in the wake of yesterday’s announcement — concluding that an inquiry directed at Russia in this election cycle is targeted at Wikileaks — suggests some doubt. Also, immediately after the election, Sergei Markov, in a statement deemed to be consistent with Putin’s views, suggested that “maybe we helped a bit with WikiLeaks,” even while denying Russia carried out the hacks.

That’s what’s new in yesterday’s story. It stated that “individuals with connections to the Russian government” handed the documents to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees. Moscow has in the past used middlemen to participate in sensitive intelligence operations so it has plausible deniability.

I suspect we’ll hear more leaked about these individuals in the coming days; obviously, the IC says it doesn’t have evidence of the Russian government ordering these people to share the documents with Wikileaks.

Nevertheless, the IC now has what it didn’t have in July: a clear idea of who gave Wikileaks the emails.

9) The motive explaining why Wikileaks released the DNC and Podesta emails

There has been a lot of focus on why Wikileaks did what it did, which notably includes timing the DNC documents to hit for maximum impact before the Democratic Convention and timing the Podesta emails to be a steady release leading up to the election.

I don’t rule out Russian involvement with all of that, but it is entirely unnecessary in this case. Wikileaks has long proven an ability to hype its releases as much as possible. More importantly, Assange has reason to have a personal gripe against Hillary, going back to State’s response to the cable release in 2010 and the subsequent prosecution of Chelsea Manning.

In other words, absent really good evidence to the contrary, I assume that Russia’s interests and Wikileaks’ coincided perfectly for this operation.

10) Russian state actors probed voter registration databases

Back in October, a slew of stories reported that “Russians” had breached voter related databases in a number of states. The evidence actually showed that hackers using a IP tied to Russia had done these hacks. Even if the hackers were Russian (about which there was no evidence in the first reports), there was also no evidence the hackers were tied to the Russian state. Furthermore, as I understand it, these hacks used a variety of methods, some or all of which aren’t known to be GRU related. A September DHS bulletin suggested these hacks were committed by cybercriminals (in the past, identity thieves have gone after voter registration lists). And the October 7 DHS/ODNI statement affirmatively said the government was not attributing the probes to the Russians.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In late November, an anonymous White House statement said there was no increased malicious hacking aimed at the electoral process, though remains agnostic about whether Russia ever planned on such a thing.

The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day. As we have noted before, we remained confident in the overall integrity of electoral infrastructure, a confidence that was borne out on election day. As a result, we believe our elections were free and fair from a cybersecurity perspective.

That said, since we do not know if the Russians had planned any malicious cyber activity for election day, we don’t know if they were deterred from further activity by the various warnings the U.S. government conveyed.

Absent further evidence, this suggests that reports about Russian trying to tamper with the actual election infrastructure were at most suspicions and possibly just a result of shoddy reporting conflating Russian IP with Russian people with Russian state.

11) Russian state actors used bots and fake stories to make information more damaging and magnify its effects

Russia has used bots and fake stories in the past to distort or magnify compromising information. There is definitely evidence some pro-Trump bots were based out of Russia. RT and Sputnik ran with inflammatory stories. Samantha Bee famously did an interview with some Russians who were spreading fake news. But there were also people spreading fake news from elsewhere, including Macedonia and Surburban LA. A somewhat spooky guy even sent out fake news in an attempt to discredit Wikileaks.

As I have argued, the real culprit in this economy of clickbait driven outrage is closer to home, in the algorithms that Silicon Valley companies use that are exploited by a whole range of people. So while Russian directed efforts may have magnified inflammatory stories, that was not a necessary part of any intervention in the election, because it was happening elsewhere.

12) The level at which all Russian state actors’ actions were directed and approved

The DHS/ODNI statement said clearly that “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.” But the WaPo story suggests they still don’t have proof of Russia directing even the go-between who gave WL the cables, much less the go-between directing how Wikileaks released these documents.

Mind you, this would be among the most sensitive information, if the NSA did have proof, because it would be collection targeted at Putin and his top advisors.

13) The motive behind the actions of Russian state actors

The motive behind all of this has varied. The joint DHS/ODNI statement said it was “These thefts and disclosures are intended to interfere with the US election process.” It didn’t provide a model for what that meant though.

Interim reporting — including the White House’s anonymous post-election statement — had suggested that spooks believed Russia was doing it to discredit American democracy.

The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect.

At one level, that made a lot of sense — the biggest reason to release the DNC and Podesta emails, it seems to me, was to confirm the beliefs a lot of people already had about how power works. I think one of the biggest mistakes of journalists who have political backgrounds was to avoid discussing how the sausage of politics gets made, because this material looks worse if you’ve never worked in a system where power is about winning support. All that said, there’s nothing in the emails (especially given the constant release of FOIAed emails) that uniquely exposed American democracy as corrupt.

All of which is to say that this explanation never made any sense to me; it was mostly advanced by people who live far away from people who already distrust US election systems, who ignored polls showing there was already a lot of distrust.

Which brings us to the other thing that is new in the WaPo story: the assertion that CIA now believes this was all intended to elect Trump, not just make us distrust elections.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

[snip]

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

For what it’s worth, there’s still some ambiguity in this. Did Putin really want Trump? Or did he want Hillary to be beat up and weak for an expected victory? Did he, like Assange, want to retaliate for specific things he perceived Hillary to have done, in both Libya, Syria, and Ukraine? That’s unclear.

14) The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

Finally, there’s the question that may explain Obama’s reticence about this issue, particularly in the anonymous post-election statement from the White House, which stated that the “election results … accurately reflect the will of the American people.” It’s not clear that Putin’s intervention, whatever it was, had anywhere near the effect as (for example) Jim Comey’s letters and Bret Baier’s false report that Hillary would be indicted shortly. There are a lot of other factors (including Hillary’s decision to ignore Jake Sullivan’s lonely advice to pay some attention to the Rust Belt).

And, as I’ve noted repeatedly, it is no way the case that Vladimir Putin had to teach Donald Trump about kompromat, the leaking of compromising information for political gain. Close Trump associates, including Roger Stone (who, by the way, may have had conversations with Julian Assange), have been rat-fucking US elections since the time Putin was in law school.

But because of the way this has rolled out (and particularly given the cabinet picks Trump has already made), it will remain a focus going forward, perhaps to the detriment of other issues that need attention.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

Unpacking the New CIA Leak: Don’t Ignore the Aluminum Tube Footnote

This post will unpack the leak from the CIA published in the WaPo tonight.

Before I start with the substance of the story, consider this background. First, if Trump comes into office on the current trajectory, the US will let Russia help Bashar al-Assad stay in power, thwarting a 4-year effort on the part of the Saudis to remove him from power. It will also restructure the hierarchy of horrible human rights abusing allies the US has, with the Saudis losing out to other human rights abusers, potentially up to and including that other petrostate, Russia. It will also install a ton of people with ties to the US oil industry in the cabinet, meaning the US will effectively subsidize oil production in this country, which will have the perhaps inadvertent result of ensuring the US remains oil-independent even though the market can’t justify fracking right now.

The CIA is institutionally quite close with the Saudis right now, and has been in charge of their covert war against Assad.

This story came 24 days after the White House released an anonymous statement asserting, among other things, “the Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day,” suggesting that the Russians may have been deterred.

This story was leaked within hours of the time the White House announced it was calling for an all-intelligence community review of the Russia intelligence, offered without much detail. Indeed, this story was leaked and published as an update to that story.

Which is to say, the CIA and/or people in Congress (this story seems primarily to come from Democratic Senators) leaked this, apparently in response to President Obama’s not terribly urgent call to have all intelligence agencies weigh in on the subject of Russian influence, after weeks of Democrats pressuring him to release more information. It was designed to both make the White House-ordered review more urgent and influence the outcome.

So here’s what that story says.

In September, the spooks briefed “congressional leaders” (which for a variety of reasons I wildarseguess is either a Gang of Four briefing including Paul Ryan, Nancy Pelosi, Mitch McConnell, and Harry Reid or a briefing to SSCI plus McConnell, Reid, Jack Reed, and John McCain). Apparently, the substance of the briefing was that Russia’s intent in hacking Democratic entities was not to increase distrust of institutions, but instead to elect Trump.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

The difference between this story and other public assessments is that it seems to identify the people — who sound like people with ties to the Russian government but not necessarily part of it — who funneled documents from Russia’s GRU to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees.

This is the part that has always been missing in the past: how the documents got from GRU, which hacked the DNC and John Podesta, to Wikileaks, which released them. It appears that CIA now thinks they know the answer: some people one step removed from the Russian government, funneling the documents from GRU hackers (presumably) to Wikileaks to be leaked, with the intent of electing Trump.

Not everyone buys this story. Mitch McConnell doesn’t buy the intelligence.

In September, during a secret briefing for congressional leaders, Senate Republican Leader Mitch McConnell (Ky.) voiced doubts about the veracity of the intelligence, according to officials present.

That’s one doubt raised about CIA’s claim — though like you all, I assume Mitch McConnell shouldn’t be trusted on this front.

But McConnell wasn’t the only one. One source for this story — which sounds like someone like Harry Reid or Dianne Feinstein — claimed that this CIA judgment is the “consensus” view of all the intelligence agencies, a term of art.

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

Except that in a briefing this week (which may have been what impressed John McCain and Lindsey Graham to do their own investigation), that’s not what this represented.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

The CIA presentation to senators about Russia’s intentions fell short of a formal U.S. assessment produced by all 17 intelligence agencies. A senior U.S. official said there were minor disagreements among intelligence officials about the agency’s assessment, in part because some questions remain unanswered. [my emphasis]

That’s a conflict. Some senior US official (often code for senior member of Congress) says this is the consensus view. Another senior US official (or maybe the very same one) says there are “minor disagreements.”

Remember: we went to war against Iraq, which turned out to have no WMD, in part because no one read the “minor disagreements” from a few agencies about some aluminum tubes. A number of Senators who didn’t read that footnote closely (and at least one that did) are involved in this story. What we’re being told is there are some aluminum tube type disagreements.

Let’s hear about those disagreements this time, shall we?

Here’s the big takeaway. The language “a formal US assessment produced by all 17 intelligence agencies” is, like “a consensus view,” a term of art. It’s an opportunity for agencies which may have differing theories of what happened here to submit their footnotes.

That may be what Obama called for today: the formal assessment from all agencies (though admittedly, the White House purposely left the scope and intent of it vague).

Whatever that review is intended to be, what happened as soon as Obama announced it is that the CIA and/or Democratic Senators started leaking their conclusion. That’s what this story is.

Update: One other really critical detail. When the White House announced the Obama review today, Wikileaks made what was a bizarre statement. Linking to a CNN story on the Obama ordered review that erred on the side of blaming Russia for everything, it said, “CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency.” Even though none of the statements on the review focused on what this story does — that is, on the way that the DNC and Podesta emails got to Wikileaks — Wikileaks nevertheless interpreted it as an inquiry targeted at it.

Update: And now David Sanger (whose story on the Obama-ordered review was particularly bad) and Scott Shane reveal the RNC also got hacked, and it is the differential leaking that leads the spooks to believe the Russians wanted Trump to win.

They based that conclusion, in part, on another finding — which they say was also reached with high confidence — that the Russians hacked the Republican National Committee’s computer systems in addition to their attacks on Democratic organizations, but did not release whatever information they gleaned from the Republican networks.

In the months before the election, it was largely documents from Democratic Party systems that were leaked to the public.

This may be a fair assessment. But you would have to account for two things before making it. First, you’d need to know the timing and hacker behind the RNC hack. That’s because two entities are believed to have hacked the DNC: an FSB appearing hacking group, and a GRU one. The FSB is not believed to have leaked. GRU is believed to have. So if the FSB hacked the RNC but didn’t leak it, it would be completely consistent with what FSB did with DNC.

NYT now says the RNC hack was by GRU in the spring, so it is a fair question why the DNC things got leaked but RNC did not.

Also, Sanger and Shane say “largely documents” from Dems were leaked. That’s false. There were two streams of non-Wikileaks releases, Guccifer, which did leak all-Dem stuff, and DC Leaks, which leaked stuff that might be better qualified as Ukrainian related. The most publicized of documents from the latter were from Colin Powell, which didn’t help Trump at all.

Update: It’s clear that Harry Reid (who of course is retiring and so can leak speech and debate protected classified information without worrying he’ll be shut off in the future) is one key driver of this story. Last night he was saying, “”I was right. Comey was wrong. I hope he can look in the mirror and see what he did to this country.” This morning he is on the TV saying he believes Comey had information on this before the election.

Update, 12/10: This follow-up from WaPo is instructive, as it compares what CIA briefed the Senate Intelligence Committee about the current state of evidence with what FBI briefed the House Intelligence Committee about the current state of evidence. While the focus is on different Republican and Democratic understandings of both, the story also makes it clear that FBI definitely doesn’t back what WaPo’s sources from yesterday said was a consensus view.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.

The Game of Telephone about the Election Hacking Review

This morning, the White House announced that Obama has ordered a review of election-related hacking, to be completed before Donald Trump takes over. I want to capture the varying descriptions of what the review will entail.

Politico: The review will look at the hacks blamed on the Russians this year and malicious cyber activity (publicly understood to be China in 2008 and someone else in 2012) going back to 2008

The review will put the spate of hacks — which officials have blamed on Russia — “in a greater context” by framing them against the “malicious cyber activity” that may have occurred around the edges of the 2008 and 2012 president elections, said White House principal deputy press secretary Eric Schultz at a briefing.

“This will be a review that is broad and deep at the same time,” he added.

[snip]

In 2008, the campaigns for both Sen. John McCain (R-Ariz.) and Obama were bombarded by suspected Chinese hackers, according to U.S. intelligence officials. The digital intruders were reportedly after internal policy papers and the emails of top advisers.

And in 2012, Gawker reported that hackers had broken into Republican presidential candidate Mitt Romney’s personal Hotmail account after correctly answering his backup security question: “What is your favorite pet?”

“We will be looking at all foreign actors and any attempt to interfere with the elections,” Schultz said.

WaPo: The review will be a “full review” of Russian hacking during the November election

President Obama has ordered a “full review” of Russian hacking during the November election, as pressure from Congress has grown for greater public understanding of exactly what Moscow did to interfere in the electoral process.

[snip]

U.S. intelligence and law enforcement agencies had already been probing what they see as a broad covert Russian operation to sow distrust in the presidential election process. It was their briefings of senior lawmakers that led a number of them to press for more information to be made public.

[snip]

Though Russia has long conducted cyberspying on U.S. agencies, companies and organizations, this presidential campaign marks the first time Russia has attempted through cyber means to interfere in, if not actively influence, the outcome of an election, the officials said.

CNN: The review will look at “hacking by the Russians aimed at influencing US elections going back to 2008” (CNN notes that the IC “never said there was strong evidence that [hacks of voter registration systems were] tied to the Russian government”)

President Barack Obama has ordered a full review into hacking by the Russians aimed at influencing US elections going back to 2008, the White House said Friday.

“The President has directed the Intelligence Community to conduct a full review of what happened during the 2016 election process. It is to capture lessons learned from that and to report to a range of stakeholders,” White House Homeland Security and Counterterrorism Adviser Lisa Monaco said at a Christian Science Monitor breakfast with reporters Friday. “This is consistent with the work that we did over the summer to engage Congress on the threats that we were seeing.”
White House spokesman Eric Schultz added later that the review would encompass malicious cyber activity related to US elections going back to 2008. [my emphasis]

Wikileaks (relying on the CNN story): The review will look at Wikileaks

CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency

NYT: The review will look at all Russian efforts to influence the 2016 election, including publishing email contents and probing the “vote-counting system” (presumably a reference to voter lists that have nothing to do with vote counting)

President Obama has ordered American intelligence agencies to produce a full report on Russian efforts to influence the 2016 presidential election, his homeland security adviser said on Friday. He also directed them to develop a list of “lessons learned” from the broad campaign the United States has accused Russia of carrying out to steal emails, publish their contents and probe the vote-counting system.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including Vice, Motherboard, the Nation, the Atlantic, Al Jazeera, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse in Grand Rapids, MI.