The Case For Russian Hacking

I wrote here, here and here about the Obama administration’s two reports that purport to show that the DNC’s email system was penetrated by Russian intelligence. (For reasons about which we can only speculate, they don’t talk about the intrusion into the email account of Hillary Clinton’s campaign manager, John Podesta.) I concluded that those reports completely failed to make the case that the Russians were behind the DNC hack.

The administration’s reports are so lacking in technical information that I think my assessment is non-controversial. Moreover, the fact that the Washington Post was briefed on last week’s report by the CIA, FBI and NSA before President-Elect Donald Trump demonstrates that the report’s purpose was wholly political. It was just one more effort by President Obama and his minions to undermine the Trump administration before it gets off the ground.

That doesn’t answer the question, of course, of who did penetrate Debbie Wasserman-Schultz’s and John Podesta’s accounts. While the administration’s reports are useless, there is technical support for the claim that Russians believed to be associated with that country’s intelligence apparatus were involved. As I understand it, no one can say this definitively, but some experts say that the footprints left by the party or parties who accessed the accounts through a crude spearfishing strategy reflected, in a number of ways, the M.O. of a couple of known Russian hacking groups.

Perhaps the most significant such assessment comes from the company that was hired by the DNC to investigate that intrusion, CrowdStrike:

CrowdStrike Services Inc., our Incident Response group, was called by the Democratic National Committee (DNC), the formal governing body for the US Democratic Party, to respond to a suspected breach. We deployed our IR team and technology and immediately identified two sophisticated adversaries on the network – COZY BEAR and FANCY BEAR. We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well.

CrowdStrike’s post goes on to supply quite a bit of technical detail, but it never actually says what features of the attack allowed them to “immediately identify” COZY BEAR and FANCY BEAR. COZY BEAR and FANCY BEAR are also known in the business as APT 29 and APT 28, respectively. CrowdStrike adds this interesting note:

COZY BEAR (also referred to in some industry reports as CozyDuke or APT 29) is the adversary group that last year successfully infiltrated the unclassified networks of the White House, State Department, and US Joint Chiefs of Staff.

They are wrong about the year–the intrusion that shut down the White House and State Department computer systems occurred in the fall of 2014–but it is interesting to see that connection drawn. The Obama administration said, once the midterm election was safely over, that the Russian government had been behind the White House and State Department hacks–intrusions far more significant than the Wasserman-Schultz and Podesta accounts.

Other experts agree that the DNC and Podesta hacks were most likely perpetrated by the Russians. A group called Secure Works writes:

The Hillary Clinton email leak was the center of the latest scandal in the news caused by Threat Group-4127[1] (TG-4127). SecureWorks® Counter Threat Unit™ (CTU) researchers track the activities of Threat Group-4127, which targets governments, military, and international non-governmental organizations (NGOs). Components of TG-4127 operations have been reported under the names APT28, Sofacy, Sednit, and Pawn Storm. CTU™ researchers assess with moderate confidence that the group is operating from the Russian Federation and is gathering intelligence on behalf of the Russian government.

Here, too, there is much technical detail at the link. You can read it for yourself and draw what conclusions you will.

Whether Putin’s government was responsible for the Wasserman Schultz and Podesta penetrations is not critical, given that at worst, the exposure of those emails merely provided voters with accurate information and, in any event, had little impact on the presidential campaign. At least three far more important points have emerged from this controversy:

1) The FBI, CIA and NSA are now on record for the fact that the Soviet and Russian governments have carried out propaganda and false front campaigns for decades, trying to influence American politics. The nuclear freeze movement of the 1980s, in which Barack Obama participated, is a great example of a Soviet front operation. This is something conservatives have been saying for a long time, which led me to ask the FBI, CIA and NSA: Where were you when we needed you?

2) The Russians and Chinese have carried out relentless cyber warfare against the United States for years, illegally accessing computerized information, including but not limited to emails, from the White House, the State Department, the Joint Chiefs of Staff, and many corporations and other entities. The Obama administration has been typically supine, failing to respond to these attacks on the U.S. Only when he thought political hay could be made did Obama belatedly swing into action.

Well, that’s an overstatement–Obama hasn’t actually done anything, beyond trying to undermine his successor. But Donald Trump has promised to give cyber warfare a high priority during the early days of his administration. Let’s hope he does so.

3) This controversy highlights Hillary Clinton’s extreme negligence in circumventing the State Department’s security arrangements, flawed as those arrangements might have been. It is impossible to understand how anyone with even the most primitive understanding of internet security could think it makes sense to set up a completely unsecured server in her home, and use it to transact State Department business. Thank goodness Hillary Clinton will never again hold high office!

Responses

Books to read from Power Line