Democratic leaders have blamed Russian hackers for this year’s spate of cyberattacks, arguing that they prove Kremlin opposition to Hillary Clinton’s presidential candidacy. And many in the media have been quick to accept that conclusion.
Yet that rush to blame Russia is lazy and sometimes wrong, analysts say.
“Attributing a specific hack to a specific aggressor requires making a judgment call that is more like an intelligence estimate than it is a forensic criminal case,” said Mark McArdle, chief technology officer at cybersecurity firm eSentire. “Much of the evidence itself must be questioned for authenticity and integrity.”
When it was discovered over the summer that several hackers had breached the Democratic National Committee, the evidence appeared to indicate that at least two of the entities were associated with the Russian government.
The media went on to attribute responsibility for several subsequent cybersecurity incidents, some of which have involved Clinton’s presidential campaign and news organizations like the New York Times, to the same actors.
Critics say the media is becoming lazy and making too many assumptions. National Security Agency historian James Bamford said that was the case in August, when it was widely reported that Russians might have had something to do with that agency’s data appearing suddenly online.
In that case, a group calling itself the Shadow Brokers put the data up for sale, and claimed it had been stolen by hacking the agency.
Experts later pointed out that much of the information likely came from an agency network that had been air-gapped, or cut off from the outside Internet, which meant that an agency insider walking out with the information was a more plausible scenario.
Additionally, Bamford noted, “I’ve never heard of intelligence agencies developing a fairly complex computer program to steal secrets that will give them access to other networks that they want, and then just turn around and auction and basically put them up for sale. That doesn’t make sense … Hacktivists do work like that.”
As to why some were so quick to accept the idea the agency had been hacked by Russia, Bamford said, “I think Russia is an easy target. It seems the default is always just to say ‘Russia’ without putting more thought into the nuances.”
Politicization has also contributed to the problem, and Democrats are happy to push the narrative that every attack can be linked to Russia. California Rep. Adam Schiff, the ranking Democrat on the House Intelligence Committee, took it a step further in July, when he argued in favor of blaming Donald Trump directly.
“Given Donald Trump’s well-known admiration for [Russian President Vladimir] Putin … the Russians have both the means and the motive to engage in a hack of the DNC,” Schiff said in a statement.
Schiff failed to mention that Republicans have also been targeted by organizations connected to Moscow. In June, a little-known website called DCLeaks published emails stolen from the staff of prominent Republicans that included Arizona Sen. John McCain and South Carolina Sen. Lindsey Graham, as well as former Minnesota Rep. Michele Bachmann.
The site, described as a “Russian-backed influence outlet” by cybersecurity firm ThreatConnect, followed that action with an August leak of documents belonging to Democratic billionaire George Soros’ philanthropic Open Society Foundations. Taken together, the records make it difficult to establish any kind of pattern.
In addition to uncertainties inspired by the larger picture, questions also arise from looking at smaller details, particularly the hacker known as “Guccifer 2.0,” who has claimed responsibility for hacking the DNC and the Democratic Congressional Campaign Committee.
Experts have argued that Guccifer, who claims to be Romanian, is actually Russian, and possibly even a public relations professional for the government. Reasons have included virtual forensic evidence tying Guccifer to Russia and idiosyncrasies involving language patterns, revealed in the messages Guccifer has sent online.
Yet few, if any, of Guccifer’s actions have been characteristic of typical PR professionals, much less those working for an intelligence agency.
Instead of holding interviews to promote messaging, Guccifer leaks handfuls of pilfered documents to journalists. He also communicates most often over Twitter, rather than an encrypted messaging application, putting his conversations in full view of the American intelligence community.
Guccifer did not respond to a request for comment to this story, though he did provide previously unseen documents obtained in the DCCC breach to the Washington Examiner. While some might claim that kind of activity is part of a high-level Russian scheme to derail American politics, others remain skeptical
“Solving a crime typically involves identifying the parties of interest who had the means, motive and opportunity,” McArdle said. “In the case of the DNC and NSA hacks, the Russians are certainly high on most people’s lists.
‘But it is very difficult, and ultimately requires a judgement call, akin to those made when determining if Iraq had WMDs or whether Osama bin Laden is hiding out in a house in Abbottabad.”
He added that the best determination eventually needs to come from the intelligence community. “It will ultimately come down to a recommendation backed by a confidence measure. And it’s not going to be 100 percent. Ever.”
