Is it safe?

Photographer: Brendan Smialowski/AFP/Getty Images

Clinton Should Stop Whining About Russian Hackers

Leonid Bershidsky is a Bloomberg View columnist. He was the founding editor of the Russian business daily Vedomosti and founded the opinion website Slon.ru.
Read More.
a | A

Hillary Clinton and her team hold that "the Russians" were responsible for almost any disruptive or embarrassing hack in the U.S. Many articles about the recent attack on Dyn, the New Hampshire-based internet infrastructure company, mentioned Russian hackers, though the disruption could not be traced to them. This blame game, however, is not an effective response to the shady side of the tech revolution. 

Russian hackers (and East European ones in general) are dangerous. Their skill is inversely proportional to their well-being, and their lack of opportunity often makes them angry, cynical and vindictive. They have even hacked the Kremlin and the Russian government: A group known as Anonymous International or Shaltai-Boltai has revealed, time after time, e-mails and other confidential documents from the domestic policy department of President Vladimir Putin's administration, as well as those belonging to ministers and aides to Prime Minister Dmitri Medvedev and Moscow Mayor Sergei Sobyanin. The revelations they contained were often more embarrassing than those that emerged from the Democratic National Committee hack or the e-mails of Clinton aide John Podesta. For example, the e-mails of Kremlin staffer Timur Prokopenko exposed a history of pressure on Russian media and the systematic subversion of some news outlets. 

QuickTake Cybersecurity

The Kremlin hasn't been able to silence the Russian-speaking hacking team. Last month, Anonymous International released material from the pro-Putin propaganda holding News Media. Nor has Putin tried to link Anonymous International with a foreign government. Instead, he appears to have used similar tactics against his opponents. One of the people suspected of working on behalf of the Kremlin, Germany-based Sergei Maksimov, received a suspended sentence and a fine from a Bonn court last year for breaking into the social media and e-mail accounts of Putin foes.

Putin's security services may have messed with the U.S. Democrats' servers, too, though that, despite the Clinton team's insistence, has not been confirmed. In an Oct. 7 statement, U.S. intelligence officials expressed "confidence" that the Russian government directed the leak of Clinton-related e-mails and that the hack was "consistent with the methods and motivations of Russian-directed efforts." The careful phrasing does not amount to beyond-a-reasonable-doubt attribution, which, I suspect, is not possible. Although forensics experts could perhaps track the attack to Russian-speaking individuals or Russian-based servers, there would need to be direct evidence of their ties to government to be certain, and such evidence would be hard to obtain.

Vice President Joe Biden has hinted at a response to the "Russian hacking." Presumably, U.S. government hackers will hit a Russian target "under the circumstances that have the greatest impact" so Putin "will know it." This is an empty threat to Putin: He's certain U.S. cyberintelligence is already doing all it can against Russia. 

In any case, fighting back by the same means is of limited use. It's difficult to embarrass a dictator like Putin. Enough is already known about him and his shady circle of friends that a democracy would have thrown them out long ago. And what if it is, after all, private actors who broke into the Democrats' servers -- or both government and private ones? The DNC network was so vulnerable that at least two groups were able to infiltrate it independently of each other. The line between government-contracted and private hackers is thin: Both use the same methods to penetrate systems, both can buy software modules and vulnerabilities on hacking forums, both use the same skills and technical arsenal. These break-ins are more often the result of freelance arrangements than the product of direct government employment.

Michael McFaul, the Stanford professor who served as U.S. ambassador to Russia when Clinton was secretary of state, recently unleashed a Twitterstorm against WikiLeaks, which published the hacked e-mails. When a WikiLeaks staffer defended the group by calling it an independent media organization financed by its readers, McFaul retorted:

Michael McFaul @McFaul
You work is also underwritten by Russian intelligence services. That makes your claim to being "independent" suspe… https://t.co/MIKoe8UAWl
Twitter: Michael McFaul on Twitter

There is no evidence that the Wikileaks founder, Julian Assange, has any ties to Russian intelligence, but he has made clear that he has it in for Clinton, who harshly condemned WikiLeaks for earlier releases of stolen U.S. government documents. Assange appears to hold her responsible for his forced stay at the Ecuadorean Embassy in London, among other things.

Hacktivists will use the means at their disposal. Putin is not the only person interested in discrediting Clinton. I have met many Americans who dislike her. 

Senator Bernie Sanders, almost saintly by Washington standards, has demonstrated a lighthearted attitude toward the inevitable hacks. "Trust me, if they went into our e-mails -- I suppose which may happen, who knows? -- I’m sure there would be statements that would be less than flattering about, you know, the Clinton staff," Sanders recently told The Washington Post. "That’s what happens in campaigns."

That's an approach Clinton and her aides cannot afford -- not just because they apparently have more to hide than Sanders, but because they are about to govern the most powerful nation. Clinton has already tried to bypass the requirements of cybersecurity to avoid the inconvenience of carrying two mobile phones. The front-runner of the presidential race cannot do it again; and, in 2016, the U.S. cannot be governed by a president who is unable to use a computer. It is a skill that is far easier to learn than effective governance, even at age 69.

It's OK to criticize the likes of Assange and Edward Snowden -- but Clinton and her people must borrow a page from their book to stop being their victim. Before Snowden contacted Glenn Greenwald with his story, he demanded that the journalist learn to use encryption. Before even revealing his name, he lectured Greenwald that his failure to erect safeguards "puts everyone who communicates with you at risk." According to Greenwald's book on Snowden, "No Place to Hide," the NSA contractor then offered to help the journalist install and learn to use encryption software. Greenwald resisted: he couldn't understand the instructions. He ended up having to share his scoop with the filmmaker Laura Poitras, who had been handier with personal cybersecurity. Snowden, for his part, escaped prosecution thanks to his privacy-consciousness.

Learning some relatively simple techniques -- the same ones Snowden insisted on with Greenwald -- might have saved Clinton, Podesta and the other Democrats from embarrassment. Even Putin's intelligence services and their private contractors would have had trouble breaking modern commercial encryption -- just as the U.S. Federal Bureau of Investigation had trouble with the San Bernardino shooter's encrypted phone. 

Beating the Russians, or any other cyberspies, at their game requires humility, discipline and a willingness to learn. It's easier to protect communications than to do damage control once they've been breached. What I'd like to hear from Clinton and her aides, instead of variations on "the Russian did it" theme, would be a clear statement that they have realized where they failed and that they are taking lessons in basic cybersecurity.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

To contact the author of this story:
Leonid Bershidsky at lbershidsky@bloomberg.net

To contact the editor responsible for this story:
Max Berley at mberley@bloomberg.net