The Intelligence Community Assessment (ICA) on Russia’s cyber attacks was declassified recently, and of course, both sides – Republican and Democrat – are making political hay of it. Since I’m on neither Republican nor Democrat side, but rather on the side of America, let’s discuss, shall we?
First, let’s talk about what it did say, and not what the media says it says. I’m sick and tired of people citing the Washington Post and other media outlets in their efforts to promote “their side,” rather than actually reading the damn thing. In order to intelligently speak on the issue, we have to actually read the ICA – yes, all 25 pages of it.
- It says that Russia’s recent activities demonstrate an escalation of activities that Russia has been engaged in for years.
- It says Putin ordered the activities in the 2016 campaign.
- It says Russia’s goals were to undermine confidence in the U.S. election system, as well as undermine Hillary Clinton in favor of Trump. I’ve said this before on this very blog. The declassified ICA confirms what I’ve said previously.
Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.
- It says Russia’s cyber campaign was done in concert with its longer-term public relations/information warfare strategy.
- It says Guccifer 2.0 and DCLeaks were both part of Russia’s General Staff Main Intelligence Directorate’s (GRU)’s cyber campaign, and released information to WikiLeaks.
- It says the types of systems Russian actors targeted or compromised were not – I repeat NOT – involved in vote tallying.
- It says Russia will employ similar strategies in other countries’ elections processes.
Here’s what it does not say.
- It does not say that the Russians helped Trump win.
We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion.
- It makes no assessment at all about the effectiveness of Russia’s efforts. As a matter of fact, I argued a few weeks ago on this site that their efforts to undermine confidence in the U.S. elections system was not successful.
Gallup polling in September indicated that only 62 percent of Americans had confidence in the accuracy of the vote count, but this number is similar to the polls conducted in 2008 – before revelations about active Russian meddling came to light. So it’s difficult to attribute the low confidence to the Russians.
- It does not give away sources and methods. There are specific reasons for that. Know what the Russians do to sources who reveal information to their adversaries? They kill them. They are not big on due process. Their due process involves a bullet to the back of the head. If you doubt me, look up “smersh,” which stands for “smert’ shpionam” or “death to spies.” Believe it or not, we do care about human lives, and slimy detritus such as Robert Hansen and Aldrich Ames, who caused the deaths of numerous sources who had the unmitigated gall to betray the Soviet state and provide information to the United States, unfortunately are still allowed to draw breath.
There are also specific reasons to ensure that methods remain classified. Unlike certain morons in the DNC who failed to change their passwords or made them so ridiculously simple, that a teenager living in his mother’s basement could figure out a way in with his little Cheeto-stained fingers, the Russians will actually change their email addresses, beef up cyber security, and increase operational security, as well as make our collection platforms worthless once their existence is discovered.
- It does not say the Russians wanted Trump from the start. It clearly says the Russian government “developed” a preference for Trump, and aspired to help his election chances.
- It does not say that they in any way knew these efforts would succeed. As a matter of fact, it specifically says they developed a strategy to undermine Hillary Clinton’s presidency when they thought it was likely that she was going to win.
- It did not say Russia’s propaganda campaign was anything new and shocking. It wasn’t. It was part of a longstanding Russian strategy.
- It did not say anything released by the Russians through WikiLeaks and other methods was false in any way.
- It did not say that the Trump campaign had anything to do with these attacks or leaks.
It says the three major agencies agree with these assessments, although NSA makes the assessment that these operations were directed by Putin with moderate confidence, while FBI and CIA have high confidence assessments. The ICA explains what these assessments mean. High confidence means that the assessment is based on high-quality information from multiple, corroborative sources. Note that the ICA specifically says this does not preclude the possibility that the judgment could be wrong – only that the chance of it being erroneous is small, based on the quality and quantity of corroborative sources.
Moderate confidence in an assessment means the sources on which said judgment is based are plausible and credibly sourced, but there may not be a sufficient number of said sources or they may not be corroborated sufficiently to warrant a high confidence judgment. This does not mean the NSA disagrees with the assessment; it merely means that their confidence level is a bit lower. Confidence levels are kind of subjective. One analyst’s view of the sources could differ from another’s. But once again, moderate confidence assessment does not mean that there’s disagreement on the judgment itself.
The report talks about Russian state ownership and control of RT and other forms of media and that it conducts strategic messaging for the Russian government. There’s nothing surprising about this. Anyone who has been paying attention should know that Russian propaganda campaigns are well funded and well executed, as well as omnipresent and popular in the United States, especially given RT’s strategy of building its social media presence, in an effort to avoid broadcast regulations. Again, nothing new, and the IC had been making these assessments since at least 2012.
Additionally, the IC assesses that Russian efforts to gain information about U.S. elections, candidates, etc. are part of Russia’s efforts to gain intelligence about the adversary – to understand U.S. leaders and their motivations and vulnerabilities and to assess their future actions.
All of this isn’t new. It is intelligent, strategic information warfare. What is new is the extent to which the Russians were able to penetrate private servers, probe state elections systems for vulnerabilities, and disseminate their message using willing patsies such as WikiLeaks.
Conspiritards screeching that they deserve access to classified sources and methods, because EVIL, BAD GOVERNMENT are going to be sorely disappointed. You want access to classified? Get educated, get a clearance, get hired by the Intelligence Community, and work on cyber issues. But no, the IC is not going to disclose underlying reporting to some quasi-anarchist loon, who gives less than a shit about the lives disclosing such reporting could endanger and collections platforms it could compromise. Fuck off!
“But we do it!” “Obama interfered in Israeli elections!” “What about Radio Free Europe and Voice of America? They’re propaganda outlets!” and “We do it too.” Those are all cries of those who lack understanding of how pervasive Russia’s cyber intrusions were.
I will admit fully to being a hypocrite when it comes to us spying on other countries. I want information about them. I want to be able to determine what their leadership is up to, and to assess motivations and goals. That is what an intelligent nation does. It’s nothing they don’t attempt to do to us. That said, I don’t want to make it easy for them. I don’t want them to succeed. But I’m not going to apologize for doing exactly what they do, but better than they do. Fuck that.
And sorry, but using U.S. grants to fund a politically active group in hopes it would influence the Israeli election is much different than hacking into a private server, stealing information about a candidate and releasing it in hopes of influencing the election or discrediting the President-elect. The Obama Administration’s funding of propaganda and opposition movements is nothing new, especially given our actions during the Cold War to stop the spread of communism. But again, this is nothing compared to the Russians’ actions in this election.
The Kremlin’s campaign aimed at the US election featured disclosures of data obtained through Russian cyber operations; intrusions into US state and local electoral boards; and overt propaganda. Russian intelligence collection both informed and enabled the influence campaign.
Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties
We assess Russian intelligence services collected against the US primary campaigns, think tanks, and lobbying groups they viewed as likely to shape future US policies. In July 2015, Russian intelligence gained access to Democratic National Committee (DNC) networks and maintained that access until at least June 2016.
The FBI and DHS in a separate joint assessment provided some technical details about the tools and infrastructure used by the Russian civilian and military intelligence Services to steal information regarding the U.S. election, and target other political, and private sector entities.
The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016
Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.
At least one targeted individual activated links to malware hosted on operational infrastructure of opened attachments containing malware. APT29 delivered malware to the political party’s systems, established persistence, escalated privileges, enumerated active directory accounts, and exfiltrated email from several accounts through encrypted connections back through operational infrastructure.
The assessment lists technical details, alternate names for these operations, and mitigation strategies.
If you think these operations are OK because we have a long history of funding opposition groups worldwide, you are an uber douche.
Again, I’ll admit to loving my country so much, that I believe it’s not OK, even though we’ve been known to fund opposition groups in foreign elections, and this level of intrusion far outstrips anything we’ve done in the past.
The ICA specifically assesses that Russia may have chosen WikiLeaks as its vehicle of delivering stolen information because it is known for its authenticity. It does not make any judgment that the information released to WikiLeaks is false. Julian Assange claims the Russians were not the ones who delivered the damaging information to him. I’m not claiming he’s lying, although he very well could be. I’m saying he wouldn’t know. At all. The Russian intelligence services aren’t known for sending files via the post office with large, flowery stickers on the package, saying “With love, from the Kremlin.” They would be several times removed from this information to ensure operational security. I also think the Russians chose WikiLeaks, because they accurately assess Assange to be an egomaniacal, arrogant asshole, who would feel important publishing this information, and who wouldn’t dig too deeply into its origins, because he wouldn’t give a shit – all for a higher cause.
So people pointing to Assange’s claims that it wasn’t the Russians who gave him the information as evidence contradicting the claims in the ICA are really unfamiliar with how the Russians work.
Do I think Trump won the election fair and square? Of course! There’s nothing to indicate otherwise.
Does this change the fact that the extent of Russian interference is a matter of national security? No, it doesn’t.
I’m once again listening to Kellyanne Conway in spin mode on CNN, claiming that had Hillary Clinton won, we wouldn’t even be talking about these hacks! AYFKM?
We had been talking about them since at least June of last year – when everyone, including me, thought Trump didn’t have a chance – even against someone as repugnant, corrupt, and unlikeable as she was!
We had been talking about them in September, when FBI disclosed that at least 20 state election systems had been hacked – likely by the Russians and Clinton was still ahead in the polls, albeit by a narrower margin. The fact that no one was paying attention because they were distracted by the latest pussy-grabbing scandal or another bright, shiny object does not change this fact.
The President-elect needs to start focusing on what the Russians did and how they did it, rather than getting defensive about his perfectly legitimate election. Only delusional morons think these revelations have anything to do with the results of the election! But it’s time to start focusing on the actual threat, because, as the ICA stated, the Russians will continue to use these tactics to compromise other nations’ democratic election processes. It’s not like they haven’t done it before!
No foreign power should be able to gain access to our election systems, steal information, and use it in attempts to influence the outcome! THAT is the issue here.