Again and again we hear that Russian intelligence is probably behind the hacks of the DNC and now, Colin Powell’s private email server. Latest reports indicated that two years of Powell’s emails were hacked, from June 2014 to August 2016. How credible are these claims of Russian intelligence being behind the hack? What is the basis? And if true, what is the actual goal of Russian intelligence, the Russian government, and Vladimir Putin?
What’s In the Powell Emails
Powell is surprisingly candid in the hacked emails, which his spokeswoman Peggy Cifrino has confirmed are authentic. The juiciest bits?
- On Trump: "a national disgrace and an international pariah" who led a "racist" birther movement. “Yup, the whole birther movement was racist . . . That’s what the 99% believe. When Trump couldn’t keep that up he said he also wanted to see if the certificate noted that he was a Muslim. . . . As I have said before, ‘What if he was?’ Muslims are born as Americans every day. . . . [Trump] appeals to the worst angels of the GOP nature and poor white folks. . . . Trump has no sense of shame.. . . . a disaster . . .
- On Benghazi: “Benghazi is a stupid witch hunt. Basic fault falls on a courageous ambassador who thoughts [sic] Libyans now love me and I am ok in this very vulnerable place . . . .But blame also rests on his leaders and supports back here. Pat Kennedy, Intel community, [State Department] and yes HRC”
- On Trump and black voters: “He is at 1% black voters and will drop. He takes us for idiots, . . .He can never overcome what he tried to do to Obama with his search for the birth certificate hoping to force Obama out of the Presidency."
- On Clinton and her email woes: “HRC could have killed this two years ago by merely telling everyone honestly what she had done and not tie me to it . . . . I have told Hilleary's [sic] minions repeatedly that they are making a mistake trying to drag me in, yet they still try,. . . .The media isn't fooled and she is getting crucified. The differences are profound and they know it. . . . Everything HRC touches she kind of screws up with hubris.. . . For good reason she comes across as sleazy . . unbridled ambition, greedy, not transformational.”
- About Clinton’s health: “I think there is something to it. On HD TV she doesn't look good. She is working herself to death . . . She will turn 70 her first year in office.”
Who is Saying Russian Intelligence is Behind the Hack?
The US Government isn’t talking, but private cyber-security firm Threat Connect was quick to point to Russian intelligence. Powell’s emails appeared in a password protected link at DCLeaks, which claims as its raison d’etre to release hacked information from “top-ranking officials and their influence agents.” The site pitches itself as having been launched by “American hacktivists who respect and appreciate freedom of speech, human rights and government of the people.” So where is the Russian connection? And specifically, the connection not just to private hackers, but to Russian intelligence?
ThreatConnect, a cyber-security firm in Arlington, Virginia (a few miles down the George Washington Parkway from CIA headquarters) claims to have analyzed the site and found that items such as its its registration and Web hosting data are consistnt with the well established Russian GRU (military intelligence) hacking group known in cyber-security circles as Fancy Bear. ThreatConnect also points to the involvement of the famous hactivist, Guccipher 2.0, who takes his name from convicted Romanian hacker Guccifer, whose real name is Marcel Lehel Lazar.
Another cyber-security firm, Crowdstrike, who is the security firm contracted by the DNC, previously identified GRU hacker groups Cozy Bear and Fancy Bear as likely being behind the DNC hack. “Our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist-terrorist groups we encounter on a daily basis,” the company said at the time in a statement.
The specific evidence was summarized by Crowdstrike for NBC:
GEOGRAPHY: At least one of the hacker groups attacking the DNC appeared to cease operations on Russian holidays, and its work hours aligned with a Russian time zone, cybersecurity company FireEye concluded in a report.
LANGUAGE: The hackers also left an obvious digital fingerprint, one cybersecurity expert said, perhaps on purpose: a signature in Russia's Cyrillic alphabet.
FORENSIC EVIDENCE: After a different batch of hacked Democratic emails was released last month, a wide spectrum of cyber-security experts concluded that it was the work of Russian intelligence agencies through previously known proxy groups known as COZY BEAR or APT 29, and FANCY BEAR or APT 28. "We've had lots of experience with both of these actors … and know them well," according to the DNC's own contract cybersecurity firm, Crowdstrike, which blogged that one of the two groups had already gained illegal access to the White House, State Department and even the military's Joint Chiefs of Staff.
MOTIVE: Given their mutual and very public bromance, Putin would much prefer a Trump presidency to a Clinton one, and the timing suggests the leak was timed for maximum embarrassment to the Democrats and their presumptive nominee. Clinton campaign manager Robby Mook said the campaign was told by cyber experts that Russian hackers stole and released the emails to help Trump. "I don't think it's coincidental that these emails were released on the eve of our convention here," said Mook, "and I think that's disturbing."
HISTORY: U.S. intelligence officials, including Director of National Intelligence James Clapper, said they had previously seen evidence of foreign hackers spying on U.S. presidential candidates, including some state-sponsored ones, and that such cyber-intrusions would become even more commonplace.
Yet a third security company, Cryptzone, reinforced CrowdStrike’s claims regarding the DNC hack. Leo Taddeo of Cryptzone claimed that Crowdstrike had been thorough in analyzing maliciou code from the DNC hack and correlating it to samples previously associated with the same hacking groups. "I think if you follow a straight line, there's reason to believe that the Russians were likely the ones to provide that information to WikiLeaks," he said.
Strong evidence? Maybe not, but it is clear that there is enough substance to the claims to elevate them above the level of conspiracy fever dreams. Clearly there is credible evidence over time that has convinced a range of cyber-security experts that this is not coming from a lone wolf hacker in a Moscow flat. Credible experts are convinced of Russian GRU involvement, as well as possible other elements of the Russian intelligence community. The official US security community is more cautious, and has not spoken up. Will they? In the past they have, with North Korea and China, so there is reason to believe that if and when the USG gets to the point that it is certain, it will make a statement. But for now, those doing the talking are credible, but private.
If Russian Intelligence is Involved, What is Their Objective?
Threat Connect describes DC Leaks as “another Russian backed Influence Outfit” — meaning that the goal is influence. But how? To what end? Are the leaks meant to tip matters for one campaign over the others? Democrats worry about a “Russian connection” that favors Trump. Is this credible? Or is the influence that is being sought, simply a matter of muddying the waters and undermining US Democrary — creating a black eye for the US at a moment when its global prestige. Polimedia quotes an unnamed source:
“By making both sides of the race look bad, the voters will not be able to differentiate between the candidates,” this source said. “Any experience or expertise advantage Clinton would have goes out the window when the conversation is about credibility, cheating and what-have-you.”“By making both sides of the race look bad, the voters will not be able to differentiate between the candidates,” this source said. “Any experience or expertise advantage Clinton would have goes out the window when the conversation is about credibility, cheating and what-have-you.”
Is that it?
And how far would it go? For example, could the GRU reach wreak havoc on election day? Fully 25% of election returns are computerized without any kind of print backup. What does that mean for vulnerability to hacking? Actually, it gets worse. In 2015, an independent study found that computerized voting machines in 43 of 50 U.S. states are at least 10 years old — and there are no funds to replace them.
It’s a chilling thought.
But the vulnerabilities go beyond the voting machines themselves. For example — voter registration systems, administrative systems operated by state and national government are other points of vulnerability that need to be secured.
Should voters fear the worst?
Or is simply getting us to think about these kinds of potential problems already a win for any “influence outfit” — because it causes us to lose faith in the system.
It’s something to think seriously about.