The Case for Russian Hacking and Donald Trump

lauren-carroll Jun 28, 2017

The general case has been this: Russia hacked the DNC, they leaked the emails through WikiLeaks. This was done as collusion with Donald Trump to hurt Hillary Clinton in the presidential campaign.

There are 3 major links to prove:

  1. Russia hacked the DNC
  2. Russia leaked the information
  3. Donald Trump worked with Russia to do this
    • Alternatively: Russia preferred Trump; and,
    • Trump benefited from the leaks.

I want to look at the evidence skeptically, though. I want to look at the information presented by PolitiFact. She starts out with the summary:

The intelligence community and private cybersecurity professionals have widely concluded that the DNC hack and WikiLeaks dump are covered in Russian fingerprints.

1. Russia hacked the DNC

I’m going to quote the second reference, exclusively. The information is similar but more detailed than the first article. So, from the LawFare Archive (please note: this is written by someone claiming to be a member of British Intelligence, specifically, GCHQ):

It’s worth noting, of course, that CrowdStrike’s analysis was of the APT29 (COSYBEAR) malware, not malware of the more famous APT28 (FANCYBEAR) variety. Sophisticated intelligence agencies often use unsophisticated “disposable implants” But the whole thing left me with a lingering feeling that the “Russia” attribution, while certainly plausible, remained unclear.

. . .
But while the leak is quite a nice visual piece of evidence — it’s written in Russian and references the KGB after all — it’s not the main, or even a particularly significant reason in making me change my mind over whether the DNC hack was by Russian intelligence.

To me, there are three key facts in the public domain that strongly link the DNC hack to Russia, the first two of which are entirely non-technical.

First:

The first fact is that the Guccifer 2 account, despite being ostensibly a lone Eastern European hacker, is totally out of character for lone hackers. For a start, most lone hackers show a huge sense of bravado and self-aggrandizement which is a role the Guccifer2 character acts very poorly. Even his hacker pseudonym “Guccifer2” references another hacker rather than choosing his own brand to operate under. Despite having his own outlet, Guccifer2 allowed his most impactful stolen documents to be laundered by another outlet, and stands idly by when that outlet spreads disinformation about his involvement.

Guccifer 2.0 was an interesting person. ThreatConnect looked at two possibilities:

Since the emergence of Guccifer 2.0, researchers and journalists have been combing through his dumped files and details of the Guccifer 2.0 persona to determine whether he’s the independent hacker he claims to be or part of a hasty Russian denial and deception effort to distract focus from the FANCY BEAR and COZY BEAR breaches of the Democratic National Committee (DNC) as detailed by CrowdStrike.

Spoiler alert: they conclude Guccifer 2.0 was a denial and deception effort. Personally, I agree that it was a deception effort. But, by whom?

Second:

The second important fact is that the stolen documents were leaked en masse at all. There’s lots of capable foreign intelligence organizations that would plausibly hack the US to get dirt on senior Democrats, but mass-dumping stolen or intercepted political data to influence the public media has all the hallmarks of a Russian information influence operation. Other countries, of course, wouldn’t hesitate to use documents obtained via foreign intelligence for political advantage, or even maybe for HUMINT advantage, but mass-dumping intercepted documents is a Rubicon most foreign intelligence agencies simply do not cross.

Notice all of those examples of Russian document dumps? Perhaps this would be a stronger point if there were examples.

Third:

The third fact is technical; uncovered by cybersecurity expert and author Thomas Rid, showing that the malware control servers used in the DNC hack are the same computers as the malware control servers used in the hack of the German Parliament a few years ago.

It’s an important link and one that’s hard to fake. It ties the DNC hack to a much larger series of hacks, including against NATO, Georgia, human rights and Russian military monitoring groups in Syria, ministries of foreign affairs in Europe, and so on. It’s also important because the Bundestag hack was attributed by the head of Germany’s BfV intelligence to be Russian intelligence.

The fact really might be that this was done by the same people that hacked the German Parliament (in 2015, by the way). You know, 2015 was a bad year for Germany, wasn’t it? That was the same year that the NSA was wiretapping phone calls involving Angela Merkel (from The Guardian). That’s a crazy coincidence. Both Russia and the US wiretapping Germany in the same year…

Perhaps I’m wrong. But, I’m not really convinced Russia hacked the DNC. But, either way we still have to prove that they leaked to WikiLeaks.

Furthermore, all of this is based on a CrowdStrike assessment. So, when was the last time CrowdStrike made up evidence to blame Russia for a hack? That would be December, 2016 (CounterPunch). My favorite quote from the source:

[Jeffrey Carr:] “If it’s classified, an independent commission should review it because this entire assignment of blame against the Russian government is looking more and more like a domestic political operation run by the White House that relied heavily on questionable intelligence generated by a for-profit cybersecurity firm with a vested interest in selling ‘attribution-as-a-service.’”

2. Russia leaked the information

From the Politifact article, again.

There’s also the fact that WikiLeaks founder Julian Assange and the Russian government have a well-documented relationship. Assange has hosted a television show on RT, a state-owned network, for example.

A TV Show? Wow! I guess the good relationship is why Mr. Assange is holed up in the Russian embassy? Oh, wait, he’s not is he. Dang. For the record, I’m well aware of other links. But, they’re even more tenuous. But, also notable is that Mr. Assange has continuously denied it’s from the Russian Government. From DemocracyNow:

AMY GOODMAN: But how do you know—how do you know it’s not Russia? How do you know it’s not a state actor, since you usually say you don’t know who gives you documents?

JULIAN ASSANGE: We look very closely at our publications. We tend to come to a good understanding of them. And so, we’re not willing to go into details about our source, because it might describe the sort of person they are, the sort of jurisdiction that they’re in, which could put them at risk. But we have said clearly that our source is not a member of the Russian state. And even the U.S. government is not suggesting that our source is a member of the Russian state.

3. This was all for President Trump

There’s no reason Russia preferred President Trump to Secretary Clinton. Here’s an article from the Chicago Tribute. And, another from Newsweek. There’s nothing to refute. They don’t make any relevant claims.

The biggest claim seems to be that President Trump didn’t trust the US Intelligence Community (IC). Thus, Russia would be supporting someone who didn’t trust the IC. And, that would sow discontent.

Furthermore, Secretary Clinton had more ties to Russia. Here’s an article from The Hill highlighting them.

Summary

This whole thing comes down to believing 3 things.

  1. Russia hacked the DNC
  2. Russia leaked the information
  3. Donald Trump worked with Russia to do this
    • Alternatively: Russia preferred Trump; and,
    • Trump benefited from the leaks.

1. Russia hacked the DNC

This is according to a report from a company with a vested interest in acting as attribution for hire. Also, from the US Intelligence Community (IC). The same IC that said Iraq had WMDs. The same same IC led by Director of National Intelligence Clapper (the perjurer). And, a disinformation campaign by the name of Guccifer 2.0. Disinformation might not be the most actionable source of information.

2. Russia leaked the information

The only evidence of this is from the IC. And, it’s directly contradicted by Mr. Assange. Who’s more trustworthy?

3. This was all for President Trump

This is despite a complete dearth of information.