Russian President Vladimir Putin directed a massive propaganda and cyber operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday.
Russian President Vladimir Putin tours RT facilities. Image: DNI
The 25-page dossier from the Office of the Director of National Intelligence stopped short of saying the Russians succeeded at influencing the outcome of the election, noting that the report did not attempt to make an assessment on that front. But it makes the case that “Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties.”
“We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks,” the DNI report reads.
The report is a quick and fascinating read. One example: It includes a fairly detailed appendix which concludes that the U.S.-based but Kremlin-financed media outlet RT (formerly Russia Today) is little more than a propaganda machine controlled by Russian intelligence agencies.
“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls,’” reads the report.
The DNI report is remarkable for several reasons. First, it publicly accuses Russia’s President of trying to meddle with the U.S. election and to hack both political parties. Also, as The New York Times observed, it offers “a virtually unheard-of, real-time revelation by the American intelligence agencies that undermined the legitimacy of the president who is about to direct them.”
However, those who’ve been clamoring for more technical evidence to support a conclusion that Russian intelligence agencies were behind the malware attacks and email leaks at The Democratic National Committee (DNC) and Clinton campaign likely will be unmoved by this report. Those details will remain safely hidden from public view in the classified version of the report.
Last week, the FBI and Department of Homeland Security issued a joint report (PDF) on some of the malware and Internet resources used in the DNC intrusion. But many experts criticized it as a poorly-written, jumbled collection of threat indicators and digital clues that didn’t all quite lead where they should.
Others were perplexed by the high confidence level the agencies assigned to the findings in their unclassified report, noting that neither the FBI nor DHS examined the DNC hard drives that were compromised in the break-in (that work was done by private security firm Crowdstrike).
Former black-hat hacker turned Wired and Daily Beast contributing editor Kevin Poulsen slammed the FBI/DHS report as “so aimless that it muddies the clear public evidence that Russia hacked the Democratic Party to affect the election, and so wrong it enables the Trump-friendly conspiracy theorists trying to explain away that evidence.”
Granted, trying to reconstruct a digital crime scene absent some of the most important pieces of evidence is a bit like attempting to assemble a jigsaw puzzle with only half of the pieces. But as digital forensics and security expert Jonanthan Zdziarksi noted via Twitter last night, good old fashioned spying and human intelligence seems to have played a bigger role in pinning the DNC hack on the Russians.
“The DNI report subtly implied that more weight was put on our intelligence coming from espionage operations than on cyber warfare,” Zdziarski wrote. “As someone who’s publicly called out the FBI over misleading the public and the court system, I believe the DNI report to be reliable. I also believe @CrowdStrike’s findings to be reliable based on the people there and their experience with threat intelligence.”
Key findings from the DNI report.
My take? Virtually nothing in the DNI report is dispositive of anything in the FBI/DHS report. In other words, the DNI report probably won’t change anyone’s minds. I’m sure that many smart U.S. intelligence analysts spent a great deal of time on this, but none of it was particularly surprising at all: The DNI report describes precisely the kind of cloak and dagger stuff that one might expect the Kremlin to be doing to the United States, day-in and day-out.
What makes these kinds of cyber espionage and propaganda campaigns so worthwhile is that even if the Kremlin cannot always get its favorite candidate elected, Moscow may still consider it a success if it can continuously sow doubt in the minds of Americans about the legitimacy of the U.S. election process and other tenets of democracy.
It’s also exactly the sort of thing the U.S. government has been doing to other countries for decades. In fact, the U.S. has done so as many as 81 times between 1946 and 2000, according to a database amassed by political scientist Dov Levin of Carnegie Mellon University, writes Nina Agrawal for The Los Angeles Times.
Anyone shocked by the Kremlin-funded news station RT in all of this probably never heard of Voice of America, a U.S. government-funded news service that broadcast the American response to Soviet propaganda during the Cold War.
President-elect Trump has publicly mocked American intelligence assessments that Russia meddled with the U.S. election on his behalf, and said recently that he doubts the U.S. government can be certain it was hackers backed by the Russian government who hacked and leaked emails from the DNC.
Mr. Trump issued a statement last night only loosely acknowledging Russian involvement, saying that “while Russia, China, other countries, outside groups and people are consistently trying to break through the cyber institutions, businesses and organizations including the Democrat [sic] National Committee, there was absolutely no effect on the outcome of the election including the fact that there was no tampering whatsoever with the voting machines.”
Trump also has called for a review of the nation’s plans to stop cyberattacks, which he said will be completed within 90 days of his taking office on Jan. 20.
“Whether it is our government, organizations, associations or businesses we need to aggressively combat and stop cyberattacks,” Trump said. “I will appoint a team to give me a plan within 90 days of taking office. The methods, tools and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm. Two weeks from today I will take the oath of office and America’s safety and security will be my number one priority.”
Time will tell if Mr. Trump’s team can do anything to slow the frequency of data breaches in the United States. But I hope we can all learn from this report. It’s open season out there for sure, but there are some fairly simple, immutable truths that each of us should keep in mind, truths that apply equally to political parties, organizations and corporations alike:
-If you connect it to the Internet, someone will try to hack it.
-If what you put on the Internet has value, someone will invest time and effort to steal it.
-Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it.
-The price he secures for it will almost certainly be a tiny slice of its true worth to the victim.
-Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.
“We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes,” the DNI report concludes.
Yeah, no kidding. The question is: Will political and corporate leaders begin applying those lessons to their own operations, and gird themselves for full-on, 24/7 cyberattacks from every direction, before, during and after each election? How many more examples do we need to understand that maybe we’re really not taking this cybersecurity stuff seriously enough given what’s at stake?
The DNI report is available here (PDF).
Read more here:: KrebsOnSecurity