As my colleague Glenn
Greenwald told
WNYC on Monday, while there may never be conclusive evidence that the
Democratic National Committee was hacked by Russian intelligence operatives to
extract the trove of embarrassing
emails published by WikiLeaks, it would hardly be shocking if that was what
happened.
“Governments do spy on each
other and do try to influence events in other countries,” Glenn noted.
“Certainly the U.S. government has a very long and
successful history of doing exactly that.”
Even so, he added, given the
ease with which we were misled into war in Iraq by false claims about weapons
of mass destruction — and the long
history of Russophobia in American politics — it is vital to cast a
skeptical eye over whatever evidence is presented to support the claim, made by
Hillary Clinton’s aide Robby Mook, that this is all part of a Russian plot to
sabotage the Democrats and help Donald Trump win the election.
The theory gained
some traction, particularly among Trump’s detractors, in part because the
candidate has seemed obsessed at times with reminding crowds that Russian
President Vladimir Putin once said something
sort of nice about him (though not, as Trump falsely
claims, that the American is “a genius”). Then last week, Trump’s campaign
staff watered down a pledge to help Ukraine defend its territory from
Russian-backed rebels and the candidate told
the New York Times he would not necessarily honor the NATO treaty
commitment that requires the United States military to defend other member
states from a direct attack by Russia.
Since Trump has refused
to release his tax returns, there are also questions about whether or not
his businesses might depend to some extent on Russian investors. “Russians
make up a pretty disproportionate cross-section of a lot of our assets,”
Trump’s son Donald Jr. told a real estate conference in 2008, the
Washington Post reported last month. “We see a lot of money pouring in from
Russia.”
Paul Manafort, who is
directing Trump’s campaign and was for years a close adviser of a Putin ally,
former President Viktor Yanukovych of Ukraine, called
the theory that Trump’s campaign had ties to the Russian government
“absurd.” (On Monday, Michael Isikoff of Yahoo News reported
that a DNC researcher looking into Manafort’s ties to pro-Russian politicians
in Ukraine in May had been warned that her personal Yahoo email account was
under attack. “We strongly suspect that your account has been the target of
state-sponsored actors,” the warning from the email service security team
read.)
Unhelpfully for Trump, his
most senior adviser with knowledge of the world of hacking, retired Lt. Gen.
Michael T. Flynn, former director of the Defense Intelligence Agency, told
Bloomberg View that he “would not be surprised at all” to learn that Russia
was behind the breach of the DNC network. “Both China and Russia have the full
capability to do this,” he said.
Later on Monday, Trump himself
then attributed
the attack on the DNC to “China, Russia, one of our many, many ‘friends,'”
who “came in and hacked the hell out of us.”
Since very few of us are
cybersecurity experts, and the Iraq debacle is a reminder of how dangerous it
can be to put blind faith in experts whose claims might reinforce our own
political positions, there is also the question of who we can trust to provide
reliable evidence.
One expert in the field, who
is well aware of the evidence-gathering capabilities of the U.S. government, is
Edward Snowden, the former Central Intelligence Agency technician and
National Security Agency whistleblower who exposed the extent of mass
surveillance and has been given temporary asylum in Russia.
“If Russia hacked the #DNC,
they should be condemned for it,” Snowden wrote
on Twitter on Monday, with a link to a
2015 report on the U.S. government’s response to the hacking of Sony
Pictures. In that case, he noted, “the FBI presented evidence” for
its conclusion that North Korea was responsible for the hacking and
subsequent release of internal emails. (The FBI is now investigating the breach
of the DNC’s network, which officials told
the Daily Beast they first made the committee aware of in April.)
What’s more, Snowden added,
the NSA has tools that should make it possible to trace the source of the hack.
Even though the Director of National Intelligence usually opposes making such
evidence public, he argued, this is a case in which the agency should do so, if
only to discourage future attacks.
Another former insider with
knowledge of American and Russian intelligence capabilities, Michael McFaul,
the U.S. ambassador to Russia from 2012 to 2014, agreed that it should be
possible for the U.S. to present proof if Russia was, in fact, responsible for
the attack.
While we wait to see if the
NSA will take its most famous former employee’s advice, it is worth reading a
thorough review of the evidence produced so far, compiled for Motherboard
by Thomas Rid, a professor at King’s College London who has charted the
use of hacking for espionage.
As Rid explains, the
attribution of the DNC hack to Russian intelligence agents was first suggested
on June 15 by CrowdStrike, the cybersecurity firm hired by the Democrats to
investigate the possible breach of their system in May.
Last month, one of the firm’s
founders, Dmitri Alperovitch, explained in a
detailed technical analysis of their findings that CrowdStrike discovered
“two separate Russian intelligence-affiliated adversaries present in the DNC
network in May.”
The groups, he added, are so
familiar to the investigators from previous attacks that they have acquired
commonly used nicknames in the security industry. One, “Cozy Bear” or “APT 29,”
had been inside the committee’s network for about a year; a second, “Fancy
Bear,” also called “APT 28,” breached the system in April.
We’ve had lots of experience
with both of these actors attempting to target our customers in the past and
know them well. In fact, our team considers them some of the best adversaries
out of all the numerous nation-state, criminal and hacktivist/terrorist groups
we encounter on a daily basis. Their tradecraft is superb, operational security
second to none and the extensive usage of “living-off-the-land” techniques
enables them to easily bypass many security solutions they encounter. In
particular, we identified advanced methods consistent with nation-state level
capabilities including deliberate targeting and “access management” tradecraft
— both groups were constantly going back into the environment to change out
their implants, modify persistent methods, move to new Command & Control
channels and perform other tasks to try to stay ahead of being detected.
Cozy Bear is the group that
“successfully infiltrated the unclassified networks of the
White House, State
Department, and U.S.
Joint Chiefs of Staff” last year, Alperovitch noted. Fancy Bear, he added,
has “been linked publicly to intrusions into the German
Bundestag and France’s
TV5 Monde TV station in April 2015.”
Readers with a high level of
technical competence can parse the clues explained fully in Alperovitch’s blog
post, but he also noted a surprising fact: that the two groups thought to be
affiliated with rival Russian intelligence agencies — the successor to the
Soviet-era KGB, known as the FSB, and the GRU, a military intelligence service
— appeared unaware of each other’s activities.
“We have identified no
collaboration between the two actors, or even an awareness of one by the
other,” Alperovitch observed. “Instead, we observed the two Russian espionage
groups compromise the same systems and engage separately in the theft of
identical credentials.”
One day after this initial
attribution of the attack to Russian intelligence was made public by
CrowdStrike and the DNC, someone using the pseudonym Guccifer 2.0, in reference
to the Romanian hacker who famously uncovered
George W. Bush’s secret career as a painter of selfies, started publishing
documents stolen from the committee’s servers on a WordPress blog set up that day,
and taunting the security experts on
Twitter.
Guccifer 2.0, who claims to be
a Romanian who dislikes Russians, told
my colleague Sam Biddle that he or she had carried out the attack with no
help from anyone else, just to expose “all those illuminati that captured our
world,” and had provided hacked documents to WikiLeaks.
However, several analysts
pointed out that there is evidence in the metadata that copies of the DNC
documents posted online by Guccifer 2.0, starting with an opposition research
dossier on Trump, appear to have been processed on a computer with Russian
language settings. Parsing the documents on Twitter, the blogger Davi
Ottenheimer and an information security analyst who writes as @pwnallthethings
pointed out that copies of the stolen documents uploaded to WordPress rendered
the hacker’s username, Iron Felix, in Cyrillic characters, and gave error
messages for links in Russian.
Doubts were also cast over
Guccifer 2.0’s identity by his or her apparent lack of fluency in Romanian in an
online chat with Lorenzo Franceschi-Bicchierai of Motherboard.
Despite Guccifer 2.0’s claims,
CrowdStrike’s attribution to the previously known Russian groups was supported
by subsequent research last month from two rival network security firms:
Fidelis Cybersecurity and Mandiant.
“We performed an independent
review of the malware and other data (filenames, file sizes, IP addresses) in
order to validate and provide our perspective on the reporting done by
CrowdStrike,” Michael Buratowski, a Fidelis senior vice president, explained in
a detailed
technical analysis. The firm’s conclusions supported the attribution to the
two well-known Russian groups. Among other factors, Buratowski noted, “the
malware samples were conspicuously large” and “contained all or most of their
embedded dependencies and functional code.”
“This is a very specific modus
operandi less sophisticated actors do not employ,” he argued.
A Mandiant researcher,
Marshall Heilman, told
the Washington Post he agreed that the malware and associated servers were
consistent with those previously used by the two Russian groups.
Another American cybersecurity
firm, ThreatConnect, reported
on Tuesday that it had uncovered evidence that “Guccifer 2.0 is using the
Russia-based Elite VPN service to communicate and leak documents” to reporters.
The suspicion that the raid of
the DNC servers might have been carried out by Russian intelligence was
unsurprising to some experts, as Wired’s Andy
Greenberg reported, given that the FBI warned both
Barack Obama and John McCain in 2008 that their campaign computer systems
had been breached by foreign hackers, most likely from Russia or China.
Some observers, like the
Harvard Law professor Jack Goldsmith, who worked for President George W. Bush, suggested that such
attacks might be seen as payback, given that American intelligence agencies
have made aggressive use of hacking, which “almost certainly extends to
political organizations in adversary states.”
As the journalist Marcy
Wheeler noted
on her blog, according to report
on the Snowden documents by Jens Glüsing, Laura Poitras, Marcel Rosenbach
and Holger Stark for Spiegel, the NSA hacked into “a key mail server in the
Mexican Presidencia domain within the Mexican Presidential network,” during
that country’s 2012 election campaign, and intercepted 85,489 text messages
sent by the ruling party candidate, Enrique Peña Nieto himself, or his
associates.
What makes the DNC breach new,
however, is the fact that close to 20,000 emails and other documents —
including personal information and credit card details of donors — were
provided to WikiLeaks, which made them public on the eve of this week’s
convention. Some of the private email traffic made public, which validated
complaints from the Bernie Sanders campaign that the DNC officials favored
Hillary Clinton, helped to reopen wounds from the bruising primary campaign.
The role played by WikiLeaks,
and the professed indifference of the group’s founder, Julian Assange, to the
source of the hacked documents, caused some journalists to ask if the site had
allowed itself to be used as part of a post-modern dirty trick, a sort of
Watergate 2.0.
One reporter, James Surowiecki
of the New Yorker, even mused about how WikiLeaks might have treated documents
provided by the Watergate burglars had it been around in 1972 when the
Republican operatives broke into the DNC office in that building, precisely to
obtain damaging information about the party through theft and surveillance.
Of course, many other
reporters have taken the view that the material made public by WikiLeaks is
clearly newsworthy, given that it helps expose the inner workings of a largely
unaccountable private political party, which plays a central and privileged
role in the election of America’s leaders. That is why an array of
publications, including
The Intercept, quickly started to provide reporting and analysis on what
was revealed in the leaked documents.
Asked by NBC News on Monday if
WikiLeaks might have been used to distribute documents stolen as part of a
Russian intelligence operation, Assange insisted there was “no proof of that
whatsoever — we have not disclosed our source, and of course this is a
diversion that’s being pushed by the Hillary Clinton campaign.”
Of course, given that a
cornerstone of the WikiLeaks promise to sources is that the site was designed
to receive material without revealing the identity of the leaker to anyone at
the anti-secrecy group, it should be impossible for Assange himself to know
that the hacked DNC documents did not come from a Russian intelligence
operative — or, for that matter, a Republican one.
Convinced by the available
evidence that the leak was orchestrated by Russian intelligence, Thomas
Rid, the security analyst who writes for Motherboard, went so far as to suggest
that by publishing these documents, WikiLeaks had become “a legitimate target”
for counterintelligence operations by the five-nation club of the United States,
Britain, Canada, Australia, and New Zealand.
Although WikiLeaks describes
the hacked DNC emails as “part one of our new Hillary Leaks series,” Assange
himself rejected the charge that he is helping in a partisan attack. “This is a
quite a classical release,” he told
Amy Goodman of “Democracy Now” on Monday, “showing the benefit of producing
pristine data sets, presenting them before the public, where there’s equal
access to all journalists and to interested members of the public to mine
through them and have them in a citable form where they can then be used to
prop up certain criticisms or political arguments.”
Assange demurred
when Goodman asked if he preferred Trump over Clinton — “You’re asking me, do I
prefer cholera or gonorrhea?” — but he was more forthright in an interview with Robert Peston of
Britain’s ITV on June 12, two days before the DNC hack was first reported.
After telling Peston in that
conversation, “We have emails relating to Hillary Clinton which are pending
publication,” Assange was asked if his intention was to help Trump get elected.
“Well, I think Trump is a completely unpredictable phenomenon. You can’t
predict what he would do in office,” he replied. “From my personal perspective,
well, you know, the emails we published show that Hillary Clinton is receiving
constant updates about my personal situation; she has pushed for the
prosecution of WikiLeaks, which is still in train. So, we do see her as a bit
of a problem, for freedom of the press more generally.”
On Twitter, WikiLeaks has been
more forthright about seeing the DNC emails and those from Clinton’s personal
server — which the group copied from the State Department’s website to make
into a searchable database — as material that can be used “to prop up certain
criticisms” of the former secretary of state.
Some of that criticism,
however, has not been well-grounded in fact, leaving the organization open to
accusations that, rather than serving as an impartial clearinghouse for leaks,
annotated by its readers — like Wikipedia — it has evolved into a platform for
analysis by a small circle of insiders.
To take one example, on
Saturday, a WikiLeaks tweet incorrectly claimed that one email from the leak
revealed that Luis Miranda, the DNC communications director, had suggested that
Trump might have been right to say that Ted Cruz’s father was involved in the
Kennedy assassination.
Reading the email itself,
however, shows something quite different. The complete text of the email chain makes
it clear that Miranda was contributing to a thread in which officials worked
together to edit a draft of a humorous press release, or “hit,” that mocked
Trump for making such an outlandish suggestion.
While Miranda did write to his
colleagues that Cruz’s father might have been part of an anti-Castro Cuban
exile community “with questionable histories,” he also indicated that he
approved the final text, which was posted
online by the DNC that same day. That text put Trump’s claim about Cruz’s
father at the top of a list of examples of “the GOP’s presumptive standard
bearer just spouting nonsense he reads on the internet or in the tabloids.”
While such errors in the
annotation of the DNC documents look more like sloppiness than an attempt to
intentionally mislead readers, the mistakes point to a weakness in the
platform’s development — the lack of a robust system for correcting mistakes
noted by readers, like the one used by Wikipedia.
That problem has also been
noted in the way WikiLeaks presented emails from Hillary Clinton’s private
server first released by the State Department.
In March, WikiLeaks was
criticized by some Twitter followers — including David
Kenner, the Middle East editor of Foreign Policy — for the confusing way it
presented the text
of a draft opinion article sent to Clinton by a friend as if it were the text
of an email from her — and one that revealed her secret plan to destroy the
Syrian government to help Israel.
In fact, as the State
Department’s website makes clear, that text was sent to Clinton as an
attachment to a
2012 email from James Rubin, who served in Bill Clinton’s administration.
Reading the email, Rubin attached his draft piece to make it clear that he
hoped his essay — which was later published in slightly revised form by Foreign
Policy — would convince the Obama administration to help Syrian rebels topple
Bashar al-Assad largely to “forestall the biggest danger on the horizon, that
Israel launches a surprise attack on Iran’s nuclear facilities.”
Rubin also made it clear in
his email that he did not think Clinton shared his view of the situation at
that time. “I know you may not agree,” he wrote, “but I thought it was better
to share this with you first as at least a new way to look at the problem.”
Unfortunately, the way
WikiLeaks described Rubin’s draft op-ed as one of “Hillary Emails” sowed
confusion online and led to outraged blog
posts and Russian
news reports that mistakenly credited Assange’s group with revealing the
text of a bombshell email from Clinton that offered insight into her thinking.
Despite concerns that the
group’s own annotation of documents related to Clinton might be at times
muddled, in his “Democracy Now” interview, Assange defended his decision not to
“establish partnerships with the New York Times or the Washington Post,” as he
has done in the past to ensure that leaked documents would come to light
not only in raw form but also accompanied by some analysis from
political or national security reporters.
Working with the editorial
staffs of those newspapers on material like this “might be counterproductive,”
Assange said, “because they are partisans of one group or another.”
Contact the author:
No comments:
Post a Comment