The DNC’s Evolving Story about When They Knew They Were Targeted by Russia

This week’s front page story about the Democrats getting hacked by Russia starts with a Keystone Kops anecdote explaining why the DNC didn’t respond more aggressively when FBI first warned them about being targeted in September. The explanation, per the contractor presumably covering his rear-end months later, was that the FBI Special Agent didn’t adequately identify himself.

When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

The F.B.I. knew it well: The bureau had spent the last few years trying to kick the Dukes out of the unclassified email systems of the White House, the State Department and even the Joint Chiefs of Staff, one of the government’s best-protected networks.

Yared Tamene, the tech-support contractor at the D.N.C. who fielded the call, was no expert in cyberattacks. His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion. By his own account, he did not look too hard even after Special Agent Hawkins called back repeatedly over the next several weeks — in part because he wasn’t certain the caller was a real F.B.I. agent and not an impostor.

This has led to (partially justified) complaints from John Podesta about why the FBI didn’t make the effort of driving over to the DNC to warn the higher-ups (who, the article admitted, had decided not to spend much money on cybersecurity).

This NYT version of the FBI Agent story comes from a memo that DNC’s contractor, Yared Tamene, wrote at some point after the fact. The NYT describes the memo repeatedly, though it never describes the recipients of the memo nor reveals precisely when it was written (it is clear it had to have been written after April 2016).

“I had no way of differentiating the call I just received from a prank call,” Mr. Tamene wrote in an internal memo, obtained by The New York Times, that detailed his contact with the F.B.I.

[snip]

“The F.B.I. thinks the D.N.C. has at least one compromised computer on its network and the F.B.I. wanted to know if the D.N.C. is aware, and if so, what the D.N.C. is doing about it,” Mr. Tamene wrote in an internal memo about his contacts with the F.B.I. He added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

[snip]

In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”

[DNC technology director Andrew] Brown knew that Mr. Tamene, who declined to comment, was fielding calls from the F.B.I. But he was tied up on a different problem: evidence suggesting that the campaign of Senator Bernie Sanders of Vermont, Mrs. Clinton’s main Democratic opponent, had improperly gained access to her campaign data.

[snip]

One bit of progress had finally been made by the middle of April: The D.N.C., seven months after it had first been warned, finally installed a “robust set of monitoring tools,” Mr. Tamene’s internal memo says. [my emphasis]

The NYT includes a screen cap of part of that memo (which reveals that the DNC had already been exposed to ransomware attacks by September 2015), but not the other metadata or a link to the full memo.

One reason I raise all this is because the evidence laid out in the story contradicts, in several ways, this August report, relying on three anonymous sources (at least some of whom are probably members of Congress, but then so was the DNC Chair at the time).

The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters.

And in months of follow-up conversations about the DNC’s network security, the FBI did not warn party officials that the attack was being investigated as Russian espionage, the sources said.

The lack of full disclosure by the FBI prevented DNC staffers from taking steps that could have reduced the number of confidential emails and documents stolen, one of the sources said. Instead, Russian hackers whom security experts believe are affiliated with the Russian government continued to have access to Democratic Party computers for months during a crucial phase in the U.S. presidential campaign, the source said.

[snip]

In its initial contact with the DNC last fall, the FBI instructed DNC personnel to look for signs of unusual activity on the group’s computer network, one person familiar with the matter said. DNC staff examined their logs and files without finding anything suspicious, that person said.

When DNC staffers requested further information from the FBI to help them track the incursion, they said the agency declined to provide it. In the months that followed, FBI officials spoke with DNC staffers on several other occasions but did not mention the suspicion of Russian involvement in an attack, sources said.

The DNC’s information technology team did not realize the seriousness of the incursion until late March, the sources said. It was unclear what prompted the IT team’s realization.

In August, anonymous sources told Reuters that FBI never told DNC they were being attacked by Russians until … well, Reuters doesn’t actually tell us when the FBI told DNC the Russians were behind the attack, just that Democrats started taking it seriously in March.

But in the pre-Trump Russian hack bonanza, the NYT has now revealed that an internal memo says that the DNC had been informed in November, not March.

And even that part of the explanation doesn’t make sense. As a number of people have noted, Brown is basically saying he didn’t respond to a warning — given in November — that a DNC server was calling home to Russia because he was dealing with a NGP-VAN breach that happened on December 18. He would have had over two weeks to respond to Russia hacking the DNC before the NGP-VAN issue, and that would have been significantly handled by NGP.

Moreover, even the September narrative invites some skepticism. Tamene admits the FBI Special Agent, “told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.” And he describes “His first moves were to check Google for “the Dukes” and conduct a cursory search of the D.N.C. computer system logs to look for hints of such a cyberintrusion.” Had Tamene Googled for “dukes malware” any time after September 17, 2015, this is what he would have found.

Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage group that has been working for the Russian government since at least 2008 to collect intelligence in support of foreign and security policy decision-making. [my emphasis]

So had this initial report taken place after September 17, Tamene would have learned, thanks to the second sentence of a top Google return, that he was facing a “highly dedicated, and organized cyber-espionage group that has been working for the Russian government. ” Had he done the Google search he said he did, that is, he would almost certainly have learned he was facing down Russian hackers.

Had he clicked through to the report — which is where he would have gone to find the malware signatures to look for — he would have seen a big pink graphic tying the Dukes to Russia.

It’s certainly possible the alert came before the white paper was released (though if it came after, it explains why the FBI would have thought simply mentioning the Dukes would be sufficient). But that would suggest Tamene remembered the call and his Google search for the Dukes in detail sometime in April but not in September when this report got a fair amount of attention.

None of this is to excuse the FBI (I’ve already started a post on that part of this). But it’s clear that Democrats have been — at a minimum — inconsistent in their story to the press about why they didn’t respond to warnings sooner. And given the multiple problems with their explanation about what happened last fall, it’s likely they did get some warning, but just didn’t heed it.

Update: When I wrote this this morning, I had read this tweet stream and this story but not the underlying Shadow Brokers related post, by someone writing under the pseudonym Boceffus Cleetus it relates to, which is basically a Medium post introducing the latest sale of Shadow Broker tools. It wasn’t until I read this post — and then the second Boceffus Cleetus post that I realized Boceffus Cleetus posted (his) original post — along with a reference to the name magnified back when this hack started — the day after the NYT wrote a story of the hack from DNC’s perspective.

As the tweet stream lays out, Boceffus Cleetus is a play on ventriloquism, (duh, speaking for others) and the Dukes of Hazard. Both analyses of this argue that the reference to “Dukes of Hazard” is, in turn, a reference to the name given to the FSB hacking efforts (the other I’ve used is “Cozy Bear”) in the report I linked above — that is, to the name F-Secure had given the FSB hackers, most notably in the report I linked above. I didn’t make too much of it until I read this second Boceffus Cleetus post, which in seemingly one sentence lays out Bill Binney’s theory of the DNC hack (that is, that NSA handed it on) with a country drawl and a lot of conspiracy theory added.

After my shadow brokers tweet I was contacted by an anonymous source claiming to be FBI. Yep I know prove it? I wasn’t able to get’em to verify their identity. But y’all don’t be runnin away yet, suspend yer disbelief and check out their claims. What if the Russian’s ain’t hacking nothin? What if the shadow brokers ain’t Russian? Whatcha got as the next best theory? What if its a deep state civil war tween CIA and ole NSA? A deep state civil war to see who really runs things. NSA is Department of Defense, military. The majority of the military are high school grads, coming from rural “Red States”, conservatives. The NSA has the global surveillance capabilities to intercept all the DNC and Podesta emails. CIA is college grads only and has the traditions of the urban yankee northeastern and east coast ivy leaguers, “Blue State”, liberals.

It’s all mostly gratuitous — an attempt to feed (as explicitly named “fake news”) some of the alternate explanations out there right now.

But I find the portrayal of an NSA-CIA feud notable, in part, because the mostly likely reason FBI (which is where Boceffus Cleetus’ fictional source came from) didn’t tell the DNC who was hacking them back in September 2015 is because the actual tip — that Russia was hacking the DNC — came from the NSA. But FBI had to hide that. So instead, they used the name for FSB that was current at the time.

I’ll add, too, that this plays on Craig Murray’s claim that a national security person leaked him the Podesta documents.

So what’s the point? Dunno. I defer to theGrugq’s third post, in which he argues this post is signaling to show NSA the Russian hackers must have access to NSA’s classified networks, because they’ve accessed a map of everything.

This dump has a bit of everything. In fact, it has too much of everything. The first drop was a firewall ops kit. It had everything that was supposed to be used against firewalls. This dump, on the other hand, has too much diversity and each tool is comprehensive.

The depth and breadth of the tooling they reveal can only possibly be explained by:

  1. an improbable sequence of hack backs which got, in sequence, massive depth of codenamed implants, exploits, manuals,
  2. access to high side data

[snip]

It is obvious that this data would never leave NSA classified networks except by some serious operator error (as I believe was the case with the first ShadowBrokers leak.) For this dump though, it is simply not plausible. There is no way that such diverse and comprehensive ops tooling was accidentally exposed. It beggars belief to think that any operator could be so careless that they’d expose this much tooling, on multiple diverse operations.

There are, based on my count, twenty one (21) scripts/manuals for operations contained in this dump. They cover too many operations for a mistake, and they are too comprehensive for a mistake.

Remember, Obama has been stating assuredly that the US has far more defensive and offensive capability than Russia. The latter might well be true. But the latter is nuts, if for no other reason than we have so much more to secure. The former might be true. But not if hackers can log into NSA’s fridge and steal their beer.

I’m not entirely sure what to make of this. But against the background of increasing dick-wagging, it’ll be interesting to see how it plays out.

Craig Murray’s Description of WikiLeaks’ Sources

One of the weaknesses of my post on the evidence needed to prove the Russian DNC hack (one I’ll fix when I move it into a page) is that I didn’t include a step where the intelligence community had to dismiss alternative theories. It is not enough to prove that tools associated with Russian intelligence hacked the DNC (whether or not you’re convinced they necessarily are used exclusively by GRU), but you also have to prove that no one else either hacked the known sources of leaked documents or otherwise obtained them. That was particularly important given early reports that FBI wasn’t sure that the documents stolen by hackers presumed to be GRU were the same documents dealt to WikiLeaks.

One alternative theory I know some researchers tested, for example, is whether hackers could have gotten into the accounts of DNC staffers by testing passwords made available by past hacks (of LinkedIn and MySpace, in particular) for reuse. For a while, that definitely seemed like a plausible alternative theory, but ultimately I don’t think it could explain the known evidence.

The most important alternative theory, however, comes from Julian Assange, who has been first intimating and more recently asserting directly that Russians were not his source (even while showing immediate concern that Obama’s hacking review targeted Wikileaks directly). Former UK Ambassador to Uzbekistan Craig Murray has also made such a claim, first in a series of posts on his blog, and at more length in an interview with Scott Horton.

Murray’s interview is well worth the listen, as he has nowhere near the same personal stakes in this story as Assange and — as he makes clear in the interview — because he seems to have had a role in handing over the second batch of emails. Ultimately, his description is unconvincing. But it is an important indication of what he claims to believe (which must reflect what Assange has told him, whether Assange believes it or not). Importantly, Murray admits that “It’s perfectly possible that WikiLeaks themselves don’t know what is going on,” which admits one possibility I’ve always suspected: that whoever dealt the documents did so in a way that credibly obscured their source.

Murray explained that the two sets of documents handed over to Wikileaks came via two different American sources, both of whom had legal access to them.

He describes a lot more about the Podesta emails, of which he said he had “first hand knowledge,” because of something he did or learned on a trip to DC in September. In this interview, he says “The material was already, I think, safely with WikiLeaks before I got there in September,” though other outlets have suggested (with maps included!) that’s when the hand-off happened. In that account, Murray admits he did not meet with the person with legal access; he instead met with an intermediary. That means the intermediary may have made false claims about the provenance.

And even the claims about the provenance don’t make sense. Murray claimed the documents came from someone in the national security establishment, and implied they had come from legal monitoring of John Podesta because he (meaning John) is a lobbyist for Saudi Arabia.

Again, the key point to remember, in answering that question, is that the DNC leak and the Podesta leak are two different things and the answer is very probably not going to be the same in both cases. I also want you to consider that John Podesta was a paid lobbyist for the Saudi government — that’s open and declared, it’s not secret or a leak in a sense. John Podesta was paid a very substantial sum every month by the Saudi government to lobby for their interests in Washington. And if the American security services were not watching the communications of the Saudi government paid lobbyist then the American intelligence services would not be doing their job. Of course it’s also true that the Saudis’ man, the Saudis’ lobbyist in Washington, his communications are going to be of interest to a great many other intelligence services as well.

As a threshold matter, no national security agency is going to monitor an American registered to work as an agent for the Saudis. That’s all the more true if the agent has the last name Podesta.

But that brings us to another problem. John Podesta isn’t the lobbyist here. His brother Tony is. So even assuming the FBI was collecting all the emails of registered agent for the Saudis, Tony Podesta, even assuming someone in national security wanted to blow that collection by revealing it via Wikileaks, they would pick up just a tiny fraction of John Podesta’s emails. So this doesn’t explain the source of the emails at all.

But if we believe that Murray believes this, we know that the intermediary can credibly claim to have ties to American national security.

Horton and Murray go on to discuss how WikiLeaks got the first batch of emails, the ones from DNC. That’s specifically the context where Murray talks about the possibility Assange doesn’t actually know. Though he suggests the leaker is a DNC insider angry about Bernie Sanders’ treatment.

There’s a section on the murdered DNC staffer, which I’m not going to focus on because I find it distasteful. But Murray explains that Assange offered a reward pertaining to his murder because he thought the staffer might be mistaken for the real source, but was not the real source. Which suggests Assange implied to Murray that the documents were directly leaked by someone in a similar position. Again, someone who could pose as a DNC staffer.

Here, Murray states clearly that “Guccifer is not the source for WikiLeaks.” He explains that claim based primarily off the assumption that the Russians would never employ such as buffoon as Guccifer, not direct knowledge. Remember Guccifer stated publicly he had given the documents to WikiLeaks, with no rebuttal from Assange I know of.

In other words, that doesn’t seem to make sense either. And with Assange you are by necessity dealing with documents passed through at least one and in the Podesta email case, perhaps two or more intermediaries. So even assuming the best effort to vet people on Assange’s side, he does have limited resources to do so himself.

One more comment. Murray ends with a description of the reception of the emails that doesn’t make sense at all. He suggests the “mainstream media” ignored concerns about the Clinton foundation (he doesn’t even mention that this coverage might come from the legally FOIAed emails). He says they ignored other details, such as that Donna Brazile gave Hillary a debate question and that the DNC conspired against Bernie. He claims members of the media “colluded” with the Hillary campaign.

I know some people believe these topics should have gotten more attention. Even if you believe these things, though, believing the traditional media didn’t cover them requires a blind spot about the massive Trump corruption they might have been covering instead.

All that neither proves or disproves that Murray believes he got documents from someone in the national security establishment that were legally obtained. It just might explain why he’d believe something that, in this case, makes no sense.

Update: Now Assange is saying his source wasn’t Guccifer. He also snipes about Murray’s comments.

“Craig Murray is not authorized to talk on behalf of WikiLeaks,” Assange said sternly.

 

The NYT’s Legitimate Email Detail

The NYT has a long story describing the hack of the Democrats in the most favorable light to the party, one that blames “socialist” Bernie Sanders for the months-long delay before the DNC tech person responded to FBI warnings about being hacked, one that makes no mention of the widely reported detail that Democrats were happy to have an excuse to fire Debbie Wasserman Schultz.

Given that it puts things in a light so favorable to the Democrats, I wanted to look more closely at this passage, which has gotten a lot of attention.

Hundreds of similar phishing emails were being sent to American political targets, including an identical email sent on March 19 to Mr. Podesta, chairman of the Clinton campaign. Given how many emails Mr. Podesta received through this personal email account, several aides also had access to it, and one of them noticed the warning email, sending it to a computer technician to make sure it was legitimate before anyone clicked on the “change password” button.

“This is a legitimate email,” Charles Delavan, a Clinton campaign aide, replied to another of Mr. Podesta’s aides, who had noticed the alert. “John needs to change his password immediately.”

With another click, a decade of emails that Mr. Podesta maintained in his Gmail account — a total of about 60,000 — were unlocked for the Russian hackers. Mr. Delavan, in an interview, said that his bad advice was a result of a typo: He knew this was a phishing attack, as the campaign was getting dozens of them. He said he had meant to type that it was an “illegitimate” email, an error that he said has plagued him ever since.

It points to a detail that has always struck me about the stories about the hack of John Podesta. They note — as I did — that we can look at the email reportedly used to hack Podesta. Here’s the entirety of what Delavan sent to a woman named Sara Latham, who forwarded it to a woman named Milia Fisher:

This is a legitimate email. John needs to change his password immediately, and ensure that two-factor authentication is turned on his account.

He can go to this link: https://myaccount.google.com/security to do both. It is absolutely imperative that this is done ASAP.

If you or he has any questions, please reach out to me at [phone].

It may be that he mistyped legitimate for illegitimate. But he also said that Podesta should change his email password and added two-factor authentication. Perhaps the mistake was in forwarding the email with the link, rather than just responding by saying Podesta was being phished.

The part that has always puzzled me about this email — and the likely reason why he’s now telling a story that doesn’t entirely make sense — is that he also did the safe thing. He provided the real GMail address at which staffers could have changed the password and added 2FA. Had those staffers used that link, they could have avoided a whole lot of trouble and made any subsequent hack less likely.

I even, at one point, doubted whether this really could have been the email used to hack Podesta, because it shouldn’t have worked, given that he took the right steps (though the timing of the emails does correlate with the dates of what got released).

What is more likely to have happened is that one of the women used the bad URL to change the password (which would have appeared all shiny in the original), rather than the correct URL that Delavan provided. That is, it may be that Delavan is covering for one of the women.

Update; I realized after posting how the typo thing might make sense, and changed that part, but there’s still the point that he did the right thing here.

Update: Slate interviewed Delavan, who said the NYT got the phrasing wrong. The story still doesn’t seem to make sense entirely.

Why Is CIA Avoiding the Conclusion that Putin Hacked Hillary to Retaliate for Its Covert Actions?

The most logical explanation for the parade of leaks since Friday about why Russia hacked the Democrats is that the CIA has been avoiding admitting — perhaps even considering — the conclusion that Russia hacked Hillary in retaliation for the covert actions the CIA itself has taken against Russian interests.

Based on WaPo’s big story Friday, I guessed that there was more disagreement about Russia’s hack than its sources — who seemed to be close to Senate Democrats — let on. I was right. Whereas on Friday WaPo reported that it was the consensus view that Russia hacked Hillary to get Trump elected, on Saturday the same journalists reported that CIA and FBI were giving dramatically different briefings to Intelligence Committees.

The question the Republicans and Democrats in attendance wanted answered was whether the bureau concurred with the conclusions the CIA had just shared with senators that Russia “quite” clearly intended to help Republican Donald Trump defeat Democrat Hillary Clinton and clinch the White House.

For the Democrats in the room, the FBI’s response was frustrating — even shocking.

During a similar Senate Intelligence Committee briefing held the previous week, the CIA’s statements, as reflected in the letter the lawmakers now held in their hands, were “direct and bald and unqualified” about Russia’s intentions to help Trump, according to one of the officials who attended the House briefing.

[snip]

“The FBI briefers think in terms of criminal standards — can we prove this in court,” one of the officials said. “The CIA briefers weigh the preponderance of intelligence and then make judgment calls to help policymakers make informed decisions. High confidence for them means ‘we’re pretty damn sure.’ It doesn’t mean they can prove it in court.”

The FBI is not sold on the idea that Russia had a particular aim in its meddling. “There’s no question that [the Russians’] efforts went one way, but it’s not clear that they have a specific goal or mix of related goals,” said one U.S. official.

Subsequent leaks have continued to make it clear there’s a dispute both about what motive Russia had to target Hillary (to destabilize the US? to get Trump elected?) and how much evidence there is (the FBI thinks it is circumstantial, the CIA thinks it a  smoking gun). In addition, there have been unanswered questions about why CIA only briefed that Russia affirmatively supported Hillary this week, when reportedly they have had the evidence that conclusion is based on for months.

Remarkably, only secondary commenters (including me, in point 13 here) have suggested the most obvious explanation: The likelihood that Russia targeted the former Secretary of State for a series of covert actions, all impacting key Russian interests, that at least started while she was Secretary of State. Those are:

  • Misleadingly getting the UN to sanction the Libya intervention based off the claim that it was about protecting civilians as opposed to regime change
  • Generating protests targeting Putin in response to 2011 parliamentary elections
  • Sponsoring “moderate rebels” to defeat Bashar al-Assad
  • Removing Viktor Yanukovych to install a pro-NATO government

Importantly, the first three of these happened on Hillary’s watch, with her active involvement. And Putin blamed Hillary, personally, for the protests in 2011.

Never mind the relative merit of these covert operations. Never mind that Putin has not, yet, released any evidence to support his claim that Hillary (or CIA) supported the 2011 protests targeting him personally; there is no doubt he believes it. During the primary Hillary as much as confirmed that when her diplomats negotiated the UN voted in 2011, they had regime change in mind the whole time. The US has acknowledged its covert operations against Assad in Congressional testimony. And hackers released a call from Victoria Nuland acting like she was in charge of deciding what post-Yanukovych Ukraine would look like.

In other words, whatever the merits and evidence behind these four events, there is no doubt Putin sees them as a threat to Russian interests and blames the US for all of them, with merit in at least some of the cases.

And yet, this most obvious motive has not been leaked to the press, creating the impression that it has never been considered by the people who carried out these covert actions.

To admit this possible motive publicly, of course, would require admitting that the US still tampers in other governments, including some that are elected (even if in elections of dubious fairness). It would also require admitting that our own government got targeted as a response to these covert interventions, which would make concerns about how novel this intervention was a lot less convincing.

Finally, if this motive were the real reason Putin tampered in our election, it might explain why Obama has been reluctant to respond. Perhaps the US believes that Putin has evidence that might prove — or at least create a convincing case that — that the US did intervene to try to weaken him in 2011. And again, the US has already stated on the record they’ve got a covert operation to topple Assad.

Update: I’ll add that DC Leaks, which has always been conflated with Guccifer 2 (which released only Democratic files) and the DNC and Podesta leaks to Wikileaks, started by releasing documents with very clear ties to Ukraine, including a great many targeted at George Soros. If DC Leaks is considered part of the same operation, it is all the more unbelievable that CIA has not considered this explanation.

Update: At an October 18 event, Michael Hayden said (after 20:30) Putin did this because he believes that we do this to him all the time, citing the Rose Revolution, 2011 protests, and Maidan, but not mentioning Libya and Syria. Hayden did claim that the US doesn’t actually do those things (again, not mentioning Libya and Syria), but earlier he said he had done similar things to the actual hack while Director of NSA.

The Not-Majority Leader Promises Bipartisan Investigations in Russian Cyberhackery

Chuck Schumer, Lindsey Graham, John McCain, and Jack Reed released a statement this morning, stating (in part),

While protecting classified material, we have an obligation to inform the public about the recent cyberattacks that have cut to the heart of our free society. Democrats and Republicans must work together, and across the jurisdictional lines of Congress, to examine these recent thoroughly and devise comprehensive solutions to deter and defend against further cyberattacks.

If you don’t look too closely, it appears to be a mature promise that the Senate will work in nonpartisan fashion to defend the nation.

But let’s look closely, shall we?

First, note who is on the statement: the rising Minority Leader, the Chair and Ranking Member of the Senate Armed Services Committee, and … some other guy. Lindsey Graham here is just filling in for the guy who should be on the statement if this were really bipartisan, Mitch McConnell. Furthermore, while it’s great the leaders of the SASC agree on this front, they only have partial jurisdiction over NSA, and none over FBI or CIA, the agencies having a public spat over this. Richard Burr, whose committee does have jurisdiction over the CIA and over counterintelligence (and who often avoids doing any oversight by invoking classification), is also conspicuously absent.

In other words, it’s not so much a statement of bipartisanship, as an effort to pressure those who should be on the statement to join in.

It’s also not a statement with enough GOP signers — three is the new magic number, absent Trump convincing Joe Manchin or Heidi Heitkamp to give up their seat for a cabinet post, in which case it will be four — to be able to sway votes in the Senate.

The statement suggests Congress has been working hard to protect cybersecurity. They must be doing so in secret, because the main thing they’ve done recently is pass a law immunizing corporations for sharing information.

Ah well. It’s a start. Schumer is very effective at making bold statements, and if that puts some heat on Mitch McConnell, so be it.

The Evidence to Prove the Russian Hack

In this post, I’m going to lay out the evidence needed to fully explain the Russian hack. I think it will help to explain some of the timing around the story that the CIA believes Russia hacked the DNC to help win Trump win the election, as well as what is new in Friday’s story. I will do rolling updates on this and eventually turn it into a set of pages on Russia’s hacking.

As I see it, intelligence on all the following are necessary to substantiate some of the claims about Russia tampering in this year’s election.

  1. FSB-related hackers hacked the DNC
  2. GRU-related hackers hacked the DNC
  3. Russian state actors hacked John Podesta’s emails
  4. Russian state actors hacked related targets, including Colin Powell and some Republican sites
  5. Russian state actors hacked the RNC
  6. Russian state actors released information from DNC and DCCC via Guccifer 2
  7. Russian state actors released information via DC Leaks
  8. Russian state actors or someone acting on its behest passed information to Wikileaks
  9. The motive explaining why Wikileaks released the DNC and Podesta emails
  10. Russian state actors probed voter registration databases
  11. Russian state actors used bots and fake stories to make information more damaging and magnify its effects
  12. The level at which all Russian state actors’ actions were directed and approved
  13. The motive behind the actions of Russian state actors
  14. The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

I explain all of these in more detail below. For what it’s worth, I think there was strong publicly available information to prove 3, 4, 7, 11. I think there is weaker though still substantial information to support 2. It has always been the case that the evidence is weakest at point 6 and 8.

At a minimum, to blame Russia for tampering with the election, you need high degree of confidence that GRU hacked the DNC (item 2), and shared those documents via some means with Wikileaks (item 8). What is new about Friday’s story is that, after months of not knowing how the hacked documents got from Russian hackers to Wikileaks, CIA now appears to know that people close to the Russian government transferred the documents (item 8). In addition, CIA now appears confident that all this happened to help Trump win the presidency (item 13).

1) FSB-related hackers hacked the DNC

The original report from Crowdstrike on the DNC hack actually said two separate Russian-linked entities hacked the DNC: one tied to the FSB, which it calls “Cozy Bear” or APT 29, and one tied to GRU, which it calls “Fancy Bear” or APT 28. Crowdstrike says Cozy Bear was also responsible for hacks of unclassified networks at the White House, State Department, and US Joint Chiefs of Staff.

I’m not going to assess the strength of the FSB evidence here. As I’ll lay out, the necessary hack to attribute to the Russians is the GRU one, because that’s the one believed to be the source of the DNC and Podesta emails. The FSB one is important to keep in mind, as it suggests part of the Russian government may have been hacking US sites solely for intelligence collection, something our own intelligence agencies believe is firmly within acceptable norms of spying. In the months leading up to the 2012 election, for example, CIA and NSA hacked the messaging accounts of a bunch of Enrique Peña Nieto associates, pretty nearly the equivalent of the Podesta hack, though we don’t know what they did with that intelligence. The other reason to keep the FSB hack in mind is because, to the extent FSB hacked other sites, they also may be deemed part of normal spying.

2) GRU-related hackers hacked the DNC

As noted, Crowdstrike reported that GRU also hacked the DNC. As it explains, GRU does this by sending someone something that looks like an email password update, but which instead is a fake site designed to get someone to hand over their password. The reason this claim is strong is because people at the DNC say this happened to them.

Note that there are people who raise questions of whether this method is legitimately tied to GRU and/or that the method couldn’t be stolen and replicated. I will deal with those questions at length elsewhere. But for the purposes of this post, I will accept that this method is a clear sign of GRU involvement. There are also reports that deal with GRU hacking that note high confidence GRU hacked other entities, but less direct evidence they hacked the DNC.

Finally, there is the real possibility that other people hacked the DNC, in addition to FSB and GRU. That possibility is heightened because a DNC staffer was hacked via what may have been another method, and because DNC emails show a lot of password changes off services for which DNC staffers had had their accounts exposed in other hacks.

All of which is a way of saying, there is some confidence that DNC got hacked at least twice, with those two revealed efforts being done by hackers with ties to the Russian state.

3) Russian state actors (GRU) hacked John Podesta’s emails

Again, assuming that the fake Gmail phish is GRU’s handiwork, there is probably the best evidence that GRU hacked John Podesta and therefore that Russia, via some means, supplied Wikileaks, because we have a copy of the actual email used to hack him. The Smoking Gun has an accessible story describing how all this works. So in the case of Podesta, we know he got a malicious phish email, we know that someone clicked the link in the email, and we know that emails from precisely that time period were among the documents shared with Wikileaks. We just have no idea how they got there.

4) Russian state actors hacked related targets, including some other Democratic staffers, Colin Powell and some Republican sites

That same Gmail phish was used with victims — including at a minimum William Rinehart and Colin Powell — that got exposed in a site called DC Leaks. We can have the same high degree of confidence that GRU conducted this hack as we do with Podesta. As I note below, that’s more interesting for what it tells us about motive than anything else.

5) Russian state actors hacked the RNC

The allegation that Russia also hacked the RNC, but didn’t leak those documents — which the CIA seems to rely on in part to argue that Russia must have wanted to elect Trump — has been floating around for some time. I’ll return to what we know of this. RNC spox Sean Spicer is denying it, though so did Hillary’s people at one point deny that they had been hacked.

There are several points about this. First, hackers presumed to be GRU did hack and release emails from Colin Powell and an Republican-related server. The Powell emails (including some that weren’t picked up in the press), in particular, were detrimental to both candidates. The Republican ones were, like a great deal of the Democratic ones, utterly meaningless from a news standpoint.

So I don’t find this argument persuasive in its current form. But the details on it are still sketchy precisely because we don’t know about that hack.

6) Russian state actors released information from DNC and DCCC via Guccifer 2

Some entity going by the name Guccifer 2 started a website in the wake of the announcement that the DNC got hacked. The site is a crucial part of this assessment, both because it released DNC and DCCC documents directly (though sometimes misattributing what it was releasing) and because Guccifer 2 stated clearly that he had shared the DNC documents with Wikileaks. The claim has always been that Guccifer 2 was just a front for Russia — a way for them to adopt plausible deniability about the DNC hack.

That may be the case (and obvious falsehoods in Guccifer’s statements make it clear deception was part of the point), but there was always less conclusive (and sometimes downright contradictory) evidence to support this argument (this post summarizes what it claims are good arguments that Guccifer 2 was a front for Russia; on the most part I disagree and hope to return to it in the future). Moreover, this step has been one that past reporting said the FBI couldn’t confirm. Then there are other oddities about Guccifer’s behavior, such as his “appearance” at a security conference in London, or the way his own production seemed to fizzle as Wikileaks started releasing the Podesta emails. Those details of Guccifer’s behavior are, in my opinion, worth probing for a sense of how all this was orchestrated.

Yesterday’s story seems to suggest that the spooks have finally figured out this step, though we don’t have any idea what it entails.

7) Russian state actors released information via DC Leaks

Well before many people realized that DC Leaks existed, I suspected that it was a Russian operation. That’s because two of its main targets — SACEUR Philip Breedlove and George Soros — are targets Russia would obviously hit to retaliate for what it treats as a US-backed coup in Ukraine.

DC Leaks is also where the publicly released (and boring) GOP emails got released.

Perhaps most importantly, that’s where the Colin Powell emails got released (this post covers some of those stories). That’s significant because Powell’s emails were derogatory towards both candidates (though he ultimately endorsed Hillary).

It’s interesting for its haphazard targeting (if someone wants to pay me $$ I would do an assessment of all that’s there, because some just don’t make any clear sense from a Russian perspective, and some of the people most actively discussing the Russian hacks have clearly not even read all of it), but also because a number of the victims have been affirmatively tied to the GRU phishing methods.

So DC Leaks is where you get obvious Russian targets and Russian methods all packaged together. But of the documents it released, the Powell emails were the most interesting for electoral purposes, and they didn’t target Hillary as asymmetrically as the Wikileaks released documents did.

8) Russian state actors or someone acting on its behest passed information to Wikileaks

The basis for arguing that all these hacks were meant to affect the election is that they were released via Wikileaks. That is what was supposed to be new, beyond just spying (though we have almost certainly hacked documents and leaked them, most probably in the Syria Leaks case, but I suspect also in some others).

And as noted, how Wikileaks got two separate sets of emails has always been the big question. With the DNC emails, Guccifer 2 clearly said he had given them to WL, but the Guccifer 2 ties to Russia was relatively weak. And with the Podesta emails, I’m not aware of any known interim step between the GRU hack and Wikileaks.

A late July report said the FBI was still trying to determine how Russia got the emails to Wikileaks or even if they were the same emails.

The FBI is still investigating the DNC hack. The bureau is trying to determine whether the emails obtained by the Russians are the same ones that appeared on the website of the anti-secrecy group WikiLeaks on Friday, setting off a firestorm that roiled the party in the lead-up to the convention.

The FBI is also examining whether APT 28 or an affiliated group passed those emails to WikiLeaks, law enforcement sources said.

An even earlier report suggested that the IC wasn’t certain the files had been passed electronically.

And the joint DHS/ODNI statement largely attributed its confidence that Russia was involved in the the leaking (lumping Guccifer 2, DC Leaks, and Wikileaks all together) not because it had high confidence in that per se (a term of art saying, effectively, “we have seen the evidence”), but instead because leaking such files is consistent with what Russia has done elsewhere.

The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts.

Importantly, that statement came out on October 7, so well after the September briefing at which CIA claimed to have further proof of all this.

Now, Julian Assange has repeatedly denied that Russia was his source. Craig Murray asserted, after having meeting with Assange, that the source is not the Russian state or a proxy. Wikileaks’ tweet in the wake of yesterday’s announcement — concluding that an inquiry directed at Russia in this election cycle is targeted at Wikileaks — suggests some doubt. Also, immediately after the election, Sergei Markov, in a statement deemed to be consistent with Putin’s views, suggested that “maybe we helped a bit with WikiLeaks,” even while denying Russia carried out the hacks.

That’s what’s new in yesterday’s story. It stated that “individuals with connections to the Russian government” handed the documents to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees. Moscow has in the past used middlemen to participate in sensitive intelligence operations so it has plausible deniability.

I suspect we’ll hear more leaked about these individuals in the coming days; obviously, the IC says it doesn’t have evidence of the Russian government ordering these people to share the documents with Wikileaks.

Nevertheless, the IC now has what it didn’t have in July: a clear idea of who gave Wikileaks the emails.

9) The motive explaining why Wikileaks released the DNC and Podesta emails

There has been a lot of focus on why Wikileaks did what it did, which notably includes timing the DNC documents to hit for maximum impact before the Democratic Convention and timing the Podesta emails to be a steady release leading up to the election.

I don’t rule out Russian involvement with all of that, but it is entirely unnecessary in this case. Wikileaks has long proven an ability to hype its releases as much as possible. More importantly, Assange has reason to have a personal gripe against Hillary, going back to State’s response to the cable release in 2010 and the subsequent prosecution of Chelsea Manning.

In other words, absent really good evidence to the contrary, I assume that Russia’s interests and Wikileaks’ coincided perfectly for this operation.

10) Russian state actors probed voter registration databases

Back in October, a slew of stories reported that “Russians” had breached voter related databases in a number of states. The evidence actually showed that hackers using a IP tied to Russia had done these hacks. Even if the hackers were Russian (about which there was no evidence in the first reports), there was also no evidence the hackers were tied to the Russian state. Furthermore, as I understand it, these hacks used a variety of methods, some or all of which aren’t known to be GRU related. A September DHS bulletin suggested these hacks were committed by cybercriminals (in the past, identity thieves have gone after voter registration lists). And the October 7 DHS/ODNI statement affirmatively said the government was not attributing the probes to the Russians.

Some states have also recently seen scanning and probing of their election-related systems, which in most cases originated from servers operated by a Russian company. However, we are not now in a position to attribute this activity to the Russian Government.

In late November, an anonymous White House statement said there was no increased malicious hacking aimed at the electoral process, though remains agnostic about whether Russia ever planned on such a thing.

The Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day. As we have noted before, we remained confident in the overall integrity of electoral infrastructure, a confidence that was borne out on election day. As a result, we believe our elections were free and fair from a cybersecurity perspective.

That said, since we do not know if the Russians had planned any malicious cyber activity for election day, we don’t know if they were deterred from further activity by the various warnings the U.S. government conveyed.

Absent further evidence, this suggests that reports about Russian trying to tamper with the actual election infrastructure were at most suspicions and possibly just a result of shoddy reporting conflating Russian IP with Russian people with Russian state.

11) Russian state actors used bots and fake stories to make information more damaging and magnify its effects

Russia has used bots and fake stories in the past to distort or magnify compromising information. There is definitely evidence some pro-Trump bots were based out of Russia. RT and Sputnik ran with inflammatory stories. Samantha Bee famously did an interview with some Russians who were spreading fake news. But there were also people spreading fake news from elsewhere, including Macedonia and Surburban LA. A somewhat spooky guy even sent out fake news in an attempt to discredit Wikileaks.

As I have argued, the real culprit in this economy of clickbait driven outrage is closer to home, in the algorithms that Silicon Valley companies use that are exploited by a whole range of people. So while Russian directed efforts may have magnified inflammatory stories, that was not a necessary part of any intervention in the election, because it was happening elsewhere.

12) The level at which all Russian state actors’ actions were directed and approved

The DHS/ODNI statement said clearly that “We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.” But the WaPo story suggests they still don’t have proof of Russia directing even the go-between who gave WL the cables, much less the go-between directing how Wikileaks released these documents.

Mind you, this would be among the most sensitive information, if the NSA did have proof, because it would be collection targeted at Putin and his top advisors.

13) The motive behind the actions of Russian state actors

The motive behind all of this has varied. The joint DHS/ODNI statement said it was “These thefts and disclosures are intended to interfere with the US election process.” It didn’t provide a model for what that meant though.

Interim reporting — including the White House’s anonymous post-election statement — had suggested that spooks believed Russia was doing it to discredit American democracy.

The Kremlin probably expected that publicity surrounding the disclosures that followed the Russian Government-directed compromises of e-mails from U.S. persons and institutions, including from U.S. political organizations, would raise questions about the integrity of the election process that could have undermined the legitimacy of the President-elect.

At one level, that made a lot of sense — the biggest reason to release the DNC and Podesta emails, it seems to me, was to confirm the beliefs a lot of people already had about how power works. I think one of the biggest mistakes of journalists who have political backgrounds was to avoid discussing how the sausage of politics gets made, because this material looks worse if you’ve never worked in a system where power is about winning support. All that said, there’s nothing in the emails (especially given the constant release of FOIAed emails) that uniquely exposed American democracy as corrupt.

All of which is to say that this explanation never made any sense to me; it was mostly advanced by people who live far away from people who already distrust US election systems, who ignored polls showing there was already a lot of distrust.

Which brings us to the other thing that is new in the WaPo story: the assertion that CIA now believes this was all intended to elect Trump, not just make us distrust elections.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

[snip]

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

For what it’s worth, there’s still some ambiguity in this. Did Putin really want Trump? Or did he want Hillary to be beat up and weak for an expected victory? Did he, like Assange, want to retaliate for specific things he perceived Hillary to have done, in both Libya, Syria, and Ukraine? That’s unclear.

14) The degree to which Russia’s efforts were successful and/or primary in leading to Hillary’s defeat

Finally, there’s the question that may explain Obama’s reticence about this issue, particularly in the anonymous post-election statement from the White House, which stated that the “election results … accurately reflect the will of the American people.” It’s not clear that Putin’s intervention, whatever it was, had anywhere near the effect as (for example) Jim Comey’s letters and Bret Baier’s false report that Hillary would be indicted shortly. There are a lot of other factors (including Hillary’s decision to ignore Jake Sullivan’s lonely advice to pay some attention to the Rust Belt).

And, as I’ve noted repeatedly, it is no way the case that Vladimir Putin had to teach Donald Trump about kompromat, the leaking of compromising information for political gain. Close Trump associates, including Roger Stone (who, by the way, may have had conversations with Julian Assange), have been rat-fucking US elections since the time Putin was in law school.

But because of the way this has rolled out (and particularly given the cabinet picks Trump has already made), it will remain a focus going forward, perhaps to the detriment of other issues that need attention.

Unpacking the New CIA Leak: Don’t Ignore the Aluminum Tube Footnote

This post will unpack the leak from the CIA published in the WaPo tonight.

Before I start with the substance of the story, consider this background. First, if Trump comes into office on the current trajectory, the US will let Russia help Bashar al-Assad stay in power, thwarting a 4-year effort on the part of the Saudis to remove him from power. It will also restructure the hierarchy of horrible human rights abusing allies the US has, with the Saudis losing out to other human rights abusers, potentially up to and including that other petrostate, Russia. It will also install a ton of people with ties to the US oil industry in the cabinet, meaning the US will effectively subsidize oil production in this country, which will have the perhaps inadvertent result of ensuring the US remains oil-independent even though the market can’t justify fracking right now.

The CIA is institutionally quite close with the Saudis right now, and has been in charge of their covert war against Assad.

This story came 24 days after the White House released an anonymous statement asserting, among other things, “the Federal government did not observe any increased level of malicious cyber activity aimed at disrupting our electoral process on election day,” suggesting that the Russians may have been deterred.

This story was leaked within hours of the time the White House announced it was calling for an all-intelligence community review of the Russia intelligence, offered without much detail. Indeed, this story was leaked and published as an update to that story.

Which is to say, the CIA and/or people in Congress (this story seems primarily to come from Democratic Senators) leaked this, apparently in response to President Obama’s not terribly urgent call to have all intelligence agencies weigh in on the subject of Russian influence, after weeks of Democrats pressuring him to release more information. It was designed to both make the White House-ordered review more urgent and influence the outcome.

So here’s what that story says.

In September, the spooks briefed “congressional leaders” (which for a variety of reasons I wildarseguess is either a Gang of Four briefing including Paul Ryan, Nancy Pelosi, Mitch McConnell, and Harry Reid or a briefing to SSCI plus McConnell, Reid, Jack Reed, and John McCain). Apparently, the substance of the briefing was that Russia’s intent in hacking Democratic entities was not to increase distrust of institutions, but instead to elect Trump.

The CIA has concluded in a secret assessment that Russia intervened in the 2016 election to help Donald Trump win the presidency, rather than just to undermine confidence in the U.S. electoral system, according to officials briefed on the matter.

The difference between this story and other public assessments is that it seems to identify the people — who sound like people with ties to the Russian government but not necessarily part of it — who funneled documents from Russia’s GRU to Wikileaks.

Intelligence agencies have identified individuals with connections to the Russian government who provided WikiLeaks with thousands of hacked emails from the Democratic National Committee and others, including Hillary Clinton’s campaign chairman, according to U.S. officials. Those officials described the individuals as actors known to the intelligence community and part of a wider Russian operation to boost Trump and hurt Clinton’s chances.

[snip]

[I]ntelligence agencies do not have specific intelligence showing officials in the Kremlin “directing” the identified individuals to pass the Democratic emails to WikiLeaks, a second senior U.S. official said. Those actors, according to the official, were “one step” removed from the Russian government, rather than government employees.

This is the part that has always been missing in the past: how the documents got from GRU, which hacked the DNC and John Podesta, to Wikileaks, which released them. It appears that CIA now thinks they know the answer: some people one step removed from the Russian government, funneling the documents from GRU hackers (presumably) to Wikileaks to be leaked, with the intent of electing Trump.

Not everyone buys this story. Mitch McConnell doesn’t buy the intelligence.

In September, during a secret briefing for congressional leaders, Senate Republican Leader Mitch McConnell (Ky.) voiced doubts about the veracity of the intelligence, according to officials present.

That’s one doubt raised about CIA’s claim — though like you all, I assume Mitch McConnell shouldn’t be trusted on this front.

But McConnell wasn’t the only one. One source for this story — which sounds like someone like Harry Reid or Dianne Feinstein — claimed that this CIA judgment is the “consensus” view of all the intelligence agencies, a term of art.

“It is the assessment of the intelligence community that Russia’s goal here was to favor one candidate over the other, to help Trump get elected,” said a senior U.S. official briefed on an intelligence presentation made to U.S. senators. “That’s the consensus view.”

Except that in a briefing this week (which may have been what impressed John McCain and Lindsey Graham to do their own investigation), that’s not what this represented.

The CIA shared its latest assessment with key senators in a closed-door briefing on Capitol Hill last week, in which agency officials cited a growing body of intelligence from multiple sources. Agency briefers told the senators it was now “quite clear” that electing Trump was Russia’s goal, according to the officials, who spoke on the condition of anonymity to discuss intelligence matters.

The CIA presentation to senators about Russia’s intentions fell short of a formal U.S. assessment produced by all 17 intelligence agencies. A senior U.S. official said there were minor disagreements among intelligence officials about the agency’s assessment, in part because some questions remain unanswered. [my emphasis]

That’s a conflict. Some senior US official (often code for senior member of Congress) says this is the consensus view. Another senior US official (or maybe the very same one) says there are “minor disagreements.”

Remember: we went to war against Iraq, which turned out to have no WMD, in part because no one read the “minor disagreements” from a few agencies about some aluminum tubes. A number of Senators who didn’t read that footnote closely (and at least one that did) are involved in this story. What we’re being told is there are some aluminum tube type disagreements.

Let’s hear about those disagreements this time, shall we?

Here’s the big takeaway. The language “a formal US assessment produced by all 17 intelligence agencies” is, like “a consensus view,” a term of art. It’s an opportunity for agencies which may have differing theories of what happened here to submit their footnotes.

That may be what Obama called for today: the formal assessment from all agencies (though admittedly, the White House purposely left the scope and intent of it vague).

Whatever that review is intended to be, what happened as soon as Obama announced it is that the CIA and/or Democratic Senators started leaking their conclusion. That’s what this story is.

Update: One other really critical detail. When the White House announced the Obama review today, Wikileaks made what was a bizarre statement. Linking to a CNN story on the Obama ordered review that erred on the side of blaming Russia for everything, it said, “CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency.” Even though none of the statements on the review focused on what this story does — that is, on the way that the DNC and Podesta emails got to Wikileaks — Wikileaks nevertheless interpreted it as an inquiry targeted at it.

Update: And now David Sanger (whose story on the Obama-ordered review was particularly bad) and Scott Shane reveal the RNC also got hacked, and it is the differential leaking that leads the spooks to believe the Russians wanted Trump to win.

They based that conclusion, in part, on another finding — which they say was also reached with high confidence — that the Russians hacked the Republican National Committee’s computer systems in addition to their attacks on Democratic organizations, but did not release whatever information they gleaned from the Republican networks.

In the months before the election, it was largely documents from Democratic Party systems that were leaked to the public.

This may be a fair assessment. But you would have to account for two things before making it. First, you’d need to know the timing and hacker behind the RNC hack. That’s because two entities are believed to have hacked the DNC: an FSB appearing hacking group, and a GRU one. The FSB is not believed to have leaked. GRU is believed to have. So if the FSB hacked the RNC but didn’t leak it, it would be completely consistent with what FSB did with DNC.

NYT now says the RNC hack was by GRU in the spring, so it is a fair question why the DNC things got leaked but RNC did not.

Also, Sanger and Shane say “largely documents” from Dems were leaked. That’s false. There were two streams of non-Wikileaks releases, Guccifer, which did leak all-Dem stuff, and DC Leaks, which leaked stuff that might be better qualified as Ukrainian related. The most publicized of documents from the latter were from Colin Powell, which didn’t help Trump at all.

Update: It’s clear that Harry Reid (who of course is retiring and so can leak speech and debate protected classified information without worrying he’ll be shut off in the future) is one key driver of this story. Last night he was saying, “”I was right. Comey was wrong. I hope he can look in the mirror and see what he did to this country.” This morning he is on the TV saying he believes Comey had information on this before the election.

Update, 12/10: This follow-up from WaPo is instructive, as it compares what CIA briefed the Senate Intelligence Committee about the current state of evidence with what FBI briefed the House Intelligence Committee about the current state of evidence. While the focus is on different Republican and Democratic understandings of both, the story also makes it clear that FBI definitely doesn’t back what WaPo’s sources from yesterday said was a consensus view.

The Game of Telephone about the Election Hacking Review

This morning, the White House announced that Obama has ordered a review of election-related hacking, to be completed before Donald Trump takes over. I want to capture the varying descriptions of what the review will entail.

Politico: The review will look at the hacks blamed on the Russians this year and malicious cyber activity (publicly understood to be China in 2008 and someone else in 2012) going back to 2008

The review will put the spate of hacks — which officials have blamed on Russia — “in a greater context” by framing them against the “malicious cyber activity” that may have occurred around the edges of the 2008 and 2012 president elections, said White House principal deputy press secretary Eric Schultz at a briefing.

“This will be a review that is broad and deep at the same time,” he added.

[snip]

In 2008, the campaigns for both Sen. John McCain (R-Ariz.) and Obama were bombarded by suspected Chinese hackers, according to U.S. intelligence officials. The digital intruders were reportedly after internal policy papers and the emails of top advisers.

And in 2012, Gawker reported that hackers had broken into Republican presidential candidate Mitt Romney’s personal Hotmail account after correctly answering his backup security question: “What is your favorite pet?”

“We will be looking at all foreign actors and any attempt to interfere with the elections,” Schultz said.

WaPo: The review will be a “full review” of Russian hacking during the November election

President Obama has ordered a “full review” of Russian hacking during the November election, as pressure from Congress has grown for greater public understanding of exactly what Moscow did to interfere in the electoral process.

[snip]

U.S. intelligence and law enforcement agencies had already been probing what they see as a broad covert Russian operation to sow distrust in the presidential election process. It was their briefings of senior lawmakers that led a number of them to press for more information to be made public.

[snip]

Though Russia has long conducted cyberspying on U.S. agencies, companies and organizations, this presidential campaign marks the first time Russia has attempted through cyber means to interfere in, if not actively influence, the outcome of an election, the officials said.

CNN: The review will look at “hacking by the Russians aimed at influencing US elections going back to 2008” (CNN notes that the IC “never said there was strong evidence that [hacks of voter registration systems were] tied to the Russian government”)

President Barack Obama has ordered a full review into hacking by the Russians aimed at influencing US elections going back to 2008, the White House said Friday.

“The President has directed the Intelligence Community to conduct a full review of what happened during the 2016 election process. It is to capture lessons learned from that and to report to a range of stakeholders,” White House Homeland Security and Counterterrorism Adviser Lisa Monaco said at a Christian Science Monitor breakfast with reporters Friday. “This is consistent with the work that we did over the summer to engage Congress on the threats that we were seeing.”
White House spokesman Eric Schultz added later that the review would encompass malicious cyber activity related to US elections going back to 2008. [my emphasis]

Wikileaks (relying on the CNN story): The review will look at Wikileaks

CNN: Obama orders report into WikiLeaks timed for release just prior to Trump presidency

NYT: The review will look at all Russian efforts to influence the 2016 election, including publishing email contents and probing the “vote-counting system” (presumably a reference to voter lists that have nothing to do with vote counting)

President Obama has ordered American intelligence agencies to produce a full report on Russian efforts to influence the 2016 presidential election, his homeland security adviser said on Friday. He also directed them to develop a list of “lessons learned” from the broad campaign the United States has accused Russia of carrying out to steal emails, publish their contents and probe the vote-counting system.

Seven Democrats Write Obama Asking Him to Declassify More Information on Russian Involvement in the Election

Ron Wyden, five other Democrats, and Dem caucusing Independent Angus King just wrote Obama a cryptic letter. The entire body of the letter reads:

We believe there is additional information concerning the Russian Government and the U.S. election that should be declassified and released to the public. We are conveying specifics through classified channels.

Thank you for your attention to this important matter.

Aside from the fact that this suggests (as Wyden’s cryptic letters always d0) there is something meaty that we really ought to know, I find the list of signers rather curious. In addition to Wyden, the following Senators signed the letter:

  • Jack Reed
  • Mark Warner
  • Barb Mikulski
  • Martin Heinrich
  • Angus King
  • Mazie Hirono

That is, every Democratic SSCI member except current Chair Dianne Feinstein, plus Senate Armed Services Chair Jack Reed, signed the letter. So every Democrat except DiFi and Majority Leader Harry Reid signed the letter, suggesting it is something that got briefed to the full Senate Intelligence Committee as well as the Ranking Members of SASC (the latter of which suggests NSA or CYBERCOM may be involved).

I’m as interested in the fact that DiFi and Reid didn’t sign as that the others did sign. It can’t be that Reid is retiring and DiFi is heading to SJC (it’s still unclear whether she’ll remain on SSCI or not). After all, Mikulski is retiring as well.

Plus, Harry Reid wrote a far more explicit letter last month to Jim Comey — apparently following up on a non-public letter send months earlier — alluding to direct coordination between Trump and Russia.

In my communications with you and other top officials in the national security community, it has become clear that you possess explosive information about close ties and coordination between Donald Trump, his top advisors, and the Russian government – a foreign interest openly hostile to the United States, which Trump praises at every opportunity. The public has a right to know this information. I wrote to you months ago calling for this information to be released to the public. There is no danger to American interests from releasing it. And yet, you continue to resist calls to inform the public of this critical information.

Finally, what to make of the fact that not even John McCain signed onto this letter? Reed’s inclusion makes it clear that McCain, too, must have been briefed. He has been outspoken about Trump’s moves to cozy up to Putin. If he has seen — and objects to — such coordination, why not sign onto this letter and give it the patina of bipartisanship?

Look Closer to Home: Russian Propaganda Depends on the American Structure of Social Media

The State Department’s Undersecretary for Public Diplomacy, Richard Stengel, wanted to talk about his efforts to counter Russian propaganda. So he called up David Ignatius, long a key cut-out the spook world uses to air their propaganda. Here’s how the column that resulted starts:

“In a global information war, how does the truth win?”

The very idea that the truth won’t be triumphant would, until recently, have been heresy to Stengel, a former managing editor of Time magazine. But in the nearly three years since he joined the State Department, Stengel has seen the rise of what he calls a “post-truth” world, where the facts are sometimes overwhelmed by propaganda from Russia and the Islamic State.

“We like to think that truth has to battle itself out in the marketplace of ideas. Well, it may be losing in that marketplace today,” Stengel warned in an interview. “Simply having fact-based messaging is not sufficient to win the information war.”

It troubles me that the former managing editor of Time either believes that the “post-truth” world just started in the last three years or that he never noticed it while at Time. I suppose that could explain a lot about the failures of both our “public diplomacy” efforts and traditional media.

Note that Stengel sees the propaganda war as a battle in the “marketplace of ideas.”

It’s not until 10 paragraphs later — after Stengel and Ignatius air the opinion that “social media give[s] everyone the opportunity to construct their own narrative of reality” and a whole bunch of inflamed claims about Russian propaganda — that Ignatius turns to the arbiters of that marketplace: the almost entirely US-based companies that provide the infrastructure of this “marketplace of ideas.” Even there, Ignatius doesn’t explicitly consider what it means that these are American companies.

The best hope may be the global companies that have created the social-media platforms. “They see this information war as an existential threat,” says Stengel. The tech companies have made a start: He says Twitter has removed more than 400,000 accounts, and YouTube daily deletes extremist videos.

The real challenge for global tech giants is to restore the currency of truth. Perhaps “machine learning” can identify falsehoods and expose every argument that uses them. Perhaps someday, a human-machine process will create what Stengel describes as a “global ombudsman for information.”

Watch this progression very closely: Stengel claims social media companies see this war as an existential threat. He then points to efforts — demanded by the US government under threat of legislation, though that goes unmentioned — that social media accounts remove “extremist videos,” with extremist videos generally defined as Islamic terrorist videos. Finally, Stengel puts hope on a machine learning global ombud for information to solve this problem.

Stengel’s description of the problem reflects several misunderstandings.

First, the social media companies don’t see this as an existential threat (though they may see government regulation as such). Even after Mark Zuckerberg got pressured into taking some steps to stem the fake news that had been key in this election — spread by Russia, right wing political parties, Macedonian teenagers, and US-based satirists — he sure didn’t sound like he saw any existential threat.

After the election, many people are asking whether fake news contributed to the result, and what our responsibility is to prevent fake news from spreading. These are very important questions and I care deeply about getting them right. I want to do my best to explain what we know here.

Of all the content on Facebook, more than 99% of what people see is authentic. Only a very small amount is fake news and hoaxes. The hoaxes that do exist are not limited to one partisan view, or even to politics. Overall, this makes it extremely unlikely hoaxes changed the outcome of this election in one direction or the other.

[snip]

This has been a historic election and it has been very painful for many people. Still, I think it’s important to try to understand the perspective of people on the other side. In my experience, people are good, and even if you may not feel that way today, believing in people leads to better results over the long term.

And that’s before you consider reports that Facebook delayed efforts to deal with this problem for fear of offending conservatives, or the way Zuckerberg’s posts seem to have been disappearing and reappearing like a magician’s bunny.

Stengel then turns to efforts to target two subsets of problematic content on social media: terrorism videos (definedin a way that did little or nothing to combat other kinds of hate speech) and fake news.

The problem with this whack-a-mole approach to social media toxins is that it ignores the underlying wiring, both of social media and of the people using social media. The problem seems to have more to do with how social media magnifies normal characteristics of humans and their tribalism.

[T]wo factors—the way that anger can spread over Facebook’s social networks, and how those networks can make individuals’ political identity more central to who they are—likely explain Facebook users’ inaccurate beliefs more effectively than the so-called filter bubble.

If this is true, then we have a serious challenge ahead of us. Facebook will likely be convinced to change its filtering algorithm to prioritize more accurate information. Google has already undertaken a similar endeavor. And recent reports suggest that Facebook may be taking the problem more seriously than Zuckerberg’s comments suggest.

But this does nothing to address the underlying forces that propagate and reinforce false information: emotions and the people in your social networks. Nor is it obvious that these characteristics of Facebook can or should be “corrected.” A social network devoid of emotion seems like a contradiction, and policing who individuals interact with is not something that our society should embrace.

And if that’s right — which would explain why fake or inflammatory news would be uniquely profitable for people who have no ideological stake in the outcome — then the wiring of social media needs to be changed at a far more basic level to neutralize the toxins (or social media consumers have to become far more savvy in a vacuum of training to get them to do so).

But let’s take a step back to the way Ignatius and Stengel define this. The entities struggling with social media include more than the US, with its efforts to combat Islamic terrorist and Russian propagandist content it hates. It includes authoritarian regimes that want to police content (America’s effort to combat content it hates in whack-a-mole fashion will only serve to legitimize those efforts). It also includes European countries, which hate Russian propaganda, but which also hate social media companies’ approach to filtering and data collection more generally.

European bureaucrats and activists, to just give one example, think social media’s refusal to stop hate speech is irresponsible. They see hate speech as a toxin just as much as Islamic terrorism or Russian propaganda. But the US, which is uniquely situated to pressure the US-based social media companies facilitating the spread of hate speech around the world, doesn’t much give a damn.

European bureaucrats and activists also think social media collect far too much information on its users; that information is one of the things that helps social media better serve users’ tribal instincts.

European bureaucrats also think American tech companies serve as a dangerous gateway monopolizing access to information. The dominance of Google’s ad network has been key to monetizing fake and other inflammatory news (though they started, post-election, to crack down on fake news sites advertising through Google).

The point is, if we’re going to talk about the toxins that poison the world via social media, we ought to consider the ways in which social media — enabled by characteristics of America’s regulatory regime — is structured to deliver toxins.

It may well be that the problem behind America’s failures to compete in the “marketplace of ideas” has everything to do with how America has fostered a certain kind of marketplace of ideas.

The anti-Russian crusade keeps warning that Russian propaganda might undermine our own democracy. But there’s a lot of reason to believe red-blooded American social media — the specific characteristics of the global marketplace of ideas created in Silicon Valley — is what has actually done that.

Update: In the UK, Labour’s Shadow Culture Secretary, Tom Watson, is starting a well-constructed inquiry into fake news. One question he asks is the role of Twitter and Facebook.

Update: Here’s a summary of fake news around the world, some of it quite serious, though without a systematic look at Facebook’s role in it.

image_print