6 Problems With U.S. Intel on the Russian Hacks
America's intelligence-gathering bodies all agree that Russia interfered with last year's U.S. election by various means. But the public account of what happened is strikingly defective. The danger is that erroneous policy responses could result. As talk of retaliation escalates, getting the story right is critical -- both for the incoming Trump administration and also since Europe is now on high alert that Moscow may meddle in this year's key elections.
It's hard for someone who follows Russia and cybersecurity issues closely not to conclude from the declassified report that the intelligence services were under pressure in producing it. The narrative in the unclassified report is full of holes. One can only hope that the classified version has a good deal more chapter and verse.
- The Federal Bureau of Investigation did not examine the allegedly hacked servers of the Democratic National Committee until it was too late. All the forensic evidence we know of apparently came from CrowdStrike, a private cybersecurity firm that portrays itself up as the premier expert on Russian government cyberattacks. Its claims on the DNC hack are based on the use of certain malware that security researchers have linked to the Russian government. But even if the link exists as described, using the same malware doesn't automatically mean the same hacker was involved. And CrowdStrike has shown a propensity to overhype its stories in the past. The incoming U.S. president needs to understand how intelligence information is gathered and how robust it is; the declassified explanation doesn't exactly inspire confidence.
- Ahead of the report's publication, anonymous officials leaked to the press that the classified version of the document traces the publication of leading Democrats' emails to specific Russians, who allegedly passed the stolen data to Wikileaks through intermediaries. Such pre-preemptive revelations could undermine the ability of law-enforcement officials, and intelligence services, to help prosecute a crime (the theft of data by a foreign intelligence service and its intermediaries) as those cases take time to put together. From a law enforcement point of view, it made little sense to make that information public. Were the agencies forced to tip their hand too early?
- In general, there is a rushed quality to the U.S. intelligence reports on the hacking, perhaps unsurprisingly given fears that a Trump administration would have little interest in the probe. For example, the unclassified intelligence report brands Guccifer 2.0, an early leaker of DNC documents, a Russian actor. It cites "press reporting" of his "multiple contradictory statements and false claims" as evidence, raising the question of whether intelligence services conducted any original research into the Guccifer 2.0 persona. It wasn't impossible to dig a little there: In July the cyberthreat intelligence company ThreatConnect tracked Guccifer 2.0's communications to Russian-based Elite VPN service. It would have been better for the intel services to conduct similar research to ThreatConnect (though not itself a smoking gun) than cite press stories.
- In support of its claim that the Russian government tried to help get Trump elected, the report cites, among other things, the sympathetic coverage of Trump on the weekly news magazine show run by Dmitri Kiselyov on Russian state TV. That, of course, is hardly evidence of Russian election interference. The state may have been preparing to denounce Hillary Clinton's victory as an unfair outcome. There's an indirect confirmation of the latter in the intelligence report: "Pro-Kremlin bloggers had prepared a Twitter campaign, #DemocracyRIP, on election night in anticipation of Secretary Clinton’s victory." Is that it?
More evidence that the Kremlin backed Trump purportedly came from remarks by Vladimir Zhirinovsky, a nationalist member of the Russian parliament, who said Russia would "drink champagne" if Trump won. Zhirinovsky is not a Kremlin insider, and he is known for uncontrollable logorrhea and compulsive clowning. Though some actual Putin allies celebrated Trump's victory (as did the U.K. Independence Party's Nigel Farage), Putin himself has been cautious on Trump, clearly realizing his unpredictability and the lack of unity inside the Republican Party on mending fences with Russia.
- The unclassified report contains a lengthy annex on RT, the Russian government-owned international, multilingual TV station. The report accepts on faith RT's claims of success with Western audiences; though in fact it has a tiny audience share and only attracts traffic to its YouTube channel with footage of disasters and other clickbait. RT did develop a following among U.S. ultraconservatives, who reposted RT's stories on social networks. But plenty of similar fare is produced in the U.S.
The annex says RT's editorial policy is "likely aimed at undermining viewers' trust in U.S. democratic procedures" -- and goes on to give specific examples: sympathetic coverage of Occupy Wall Street, reports that "allege widespread infringements of civil liberties, police brutality, and drone use," "anti-fracking programming, highlighting environmental issues and the impacts on public health." Don't independent U.S. publications often carry similar perspectives and reporting? Are their journalists also in danger of being treated as Russian agents? RT is openly and proudly funded by the Kremlin, so there are no doubts concerning its non-journalistic goals. But the intelligence services' hostile description of the subject matter of its broadcasts raises the specter of McCarthyism.
RT, however, may shed crocodile tears at the insult. Alexei Kovalev, the Russian journalist known as RT's most consistent critic, noted in a tweet: "Dear U.S. Intelligence Community. Thanks to your valiant efforts, RT is getting a massive budget increase."
- The unclassified report expressed with "high confidence" that Wikileaks served as a tool of the Russian state. Two bits of circumstantial evidence are given: that Putin said in early September it was important that the material had been exposed on Wikileaks and that RT cooperated with Wikileaks. There could be more convincing proof in the classified report, but the assertions could also be motivated by the long-standing dislike of Wikileaks and its founder Julian Assange in the intelligence community. If not thoroughly substantiated, the accusations against WikiLeaks are dangerous for whistleblowers as a class. They have few outlets, and here we have a convenient blanket description of them as Russian spies.
The Russian interference story deserves to be known in much greater detail. Was it raw opportunism, a phishing expedition that proved unexpectedly productive? Or was it a well-executed, state-directed cyberwar strategy? We don't know, but the answer matters. A vicious circle of attack and retaliation could plunge U.S. politics into even worse chaos.
The report could also result in the erroneous attribution of cyberattacks by profit-seeking groups as Russian government meddling, and even in government action against journalists suspected of pushing the Russian line or spreading information stolen by Russian spies. Being in the ballpark here isn't good enough.
The intelligence services need time, and less pressure, to run a proper investigation. There's no rush; the 2016 election result will not be annulled. The post post-Cold War order may depend on getting it right. And, by presenting more complete findings, there is a chance that the U.S. intelligence community can even redeem itself.
This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.
To contact the author of this story:
Leonid Bershidsky at firstname.lastname@example.org
To contact the editor responsible for this story:
Therese Raphael at email@example.com