What The US Intelligence 'Russia Hacked Our Election' Report Could Have Said... But Didn't
from the why-didn't-it? dept
Because the debate over this issue has gotten quite silly in some places -- and ridiculously political as well -- let's start with a few basic points: It is absolutely entirely possible that the Russians hacked into all these systems and that it was trying (and perhaps succeeding?) to influence the election. Nothing in what I'm saying here is suggesting that's not true. What I am concerned about is the evidence that's presented to support that claim -- mainly because I think we should all be terrified when we escalate situations based on secret info where the government just tells us to "trust us, we know." And, yes, governments (including the US) have done this going back throughout history. That doesn't make it right.
But here's the thing: there actually is some pretty good evidence that Russia was behind the hack. But here's the crazy thing: that evidence is not in this report, but presented elsewhere. If you keep reading below, I'll point out an example of some pretty compelling evidence that Russia was behind the hack -- and it's the kind of evidence that the US intelligence community could have easily provided, but did not.
And that's where the problems lie. Because very little in this new report provides any evidence at all of Russia doing anything. It certainly goes deep into the motivations for why Russia might want to influence our election. It's also not surprising that Russia might have the ability and expertise to do these things. But it would be nice to see actual evidence. As Lovenzo Franceschi-Bicchierai at Motherboard notes, there's really very little in the new report that we didn't know already:
But this report adds nothing we didn’t already know from public information. The only significant statement is that, yes, American spies are convinced Russian President Vladimir Putin himself directed the hacking and influence campaign—something they already stated in early October.Marcy Wheeler similarly notes that there's plenty of work on motives, but little on evidence:
What we see of it is uneven. I think the report is strongest on Russia’s motive for tampering with the election, even if the report doesn’t provide evidence. I think there are many weaknesses in the report’s discussion of media. That raises concerns that the material on the actual hack — which we don’t get in any detail at all — is as weak as the media section.The "media" section is actually pretty ridiculous. It basically notes that RT, the American-targeted TV station owned by the Russian government, has a history of pushing Russian-approved propaganda. Well, sure.
And just one more pointer on this. Former CIA analyst Patrick Eddington also has a really thorough analysis of the report and comes to basically the same conclusions:
While the report provides new and important details on the multifaceted Russian operation, its failure to include declassified primary source data for key claims ensures the controversy has not been put to rest.So, what kind of evidence could the intel community have provided? Well, Matt Tait, who used to work at the UK's GCHQ, and who now tweets at @pwnallthethings gave a pretty damn good example of digging down into publicly available data to present quite compelling evidence that Russian interests were behind, at the very least, the hack of John Podesta's emails. This is not 100% conclusive, certainly, but it's a hell of a lot more compelling than anything released by the US government:
So the actual email used to phish John Podesta ended up in the WIkileaks dump. It's here https://t.co/H6ACVvnOXH— Pwn All The Things (@pwnallthethings) January 4, 2017
This is a reconstruction of that phishing email. (All of the information is bogus - the mention of Ukraine isn't relevant here). pic.twitter.com/EvFhdYfZaI— Pwn All The Things (@pwnallthethings) January 4, 2017
You can't tell just by looking, but that "Change Password" link doesn't take you to Google. It takes you to Bit.ly. pic.twitter.com/e6Rm71YTfG— Pwn All The Things (@pwnallthethings) January 4, 2017
This link expands to a fake login page (note URL is for a .tk site). This is what Podesta saw when he accidentally gave creds to hackers. pic.twitter.com/3Cc8KxvjNf— Pwn All The Things (@pwnallthethings) January 4, 2017
But the hackers screwed up. The hackers weren't hacking one-by-one; so URL contraction wasn't done manually. It was done via the Bitly API.— Pwn All The Things (@pwnallthethings) January 4, 2017
Using the Bitly API requires you create an account. So the hackers had to create an account. And they forgot to make their account private.— Pwn All The Things (@pwnallthethings) January 4, 2017
It's no longer possible - the hackers have changed their settings - but before you could simple enumerate ALL of the contracted links.— Pwn All The Things (@pwnallthethings) January 4, 2017
Those gobble-de-gook strings aren't encrypted. They're Base64 encoded. In this case, it tells us the link was for firstname.lastname@example.org pic.twitter.com/ebLWQndneO— Pwn All The Things (@pwnallthethings) January 4, 2017
Why did the hackers include this info? Same reason they contracted links via API. Because they're not hacking 1-by-1. Are hacking at scale.— Pwn All The Things (@pwnallthethings) January 4, 2017
This information lets their attack server populate fields to look more authentic (it's why it's able to pre-fill Podesta's name and picture)— Pwn All The Things (@pwnallthethings) January 4, 2017
But it also means this opsec screw up is bad. Bc we can see the links contracted by the account, we can see all of the spearphishing URLs— Pwn All The Things (@pwnallthethings) January 4, 2017
And the spearphishing URLs tells us the accounts that were targeted.— Pwn All The Things (@pwnallthethings) January 4, 2017
How many accounts did this "14 year old" hack? About 1800. In 2015.— Pwn All The Things (@pwnallthethings) January 4, 2017
Who were these accounts? Mil, govt personnel in the West, defence cos, journos critical of govt in Russia etc pic.twitter.com/NyZEkWLncf— Pwn All The Things (@pwnallthethings) January 4, 2017
Here's a pie chart of some of the accounts the 14 year old hacker hacked outside of Russian sphere of influence pic.twitter.com/AzdtL0Umbt— Pwn All The Things (@pwnallthethings) January 4, 2017
This 14 year old is apparently an avid reader, given how many authors they're hacking. What are their interests? Another pie chart. pic.twitter.com/TKSXePJViJ— Pwn All The Things (@pwnallthethings) January 4, 2017
And which countries is our friendly 14 year old hacker interested in? These ones. Remember. This is 1800 gmail accounts *in 2015 alone*. pic.twitter.com/TZ2B2p6bw9— Pwn All The Things (@pwnallthethings) January 4, 2017
Is it possible this was all a 14 year old? Sure. Also possible I'm a bridge salesman, and boy have I got a great deal for you today.— Pwn All The Things (@pwnallthethings) January 4, 2017
When hackers hack at scale, they reuse infrastructure. They make mistakes. This isn't unusual. You can piece the bits together.— Pwn All The Things (@pwnallthethings) January 4, 2017
I've seen lots of people arguing that the intelligence community couldn't reveal more details because it would "burn sources and methods" that were used to determine the attribution of the hacks -- but Matt Tait did figure all that out with public information (ironically, some of it revealed via Wikileaks). Now, perhaps the intelligence community that hates Wikileaks doesn't want to use that as a "source" in its report. Or perhaps it's something else. And, yes, it makes sense that the intelligence community should not burn sources and methods to reveal stuff like this. But there are ways to present compelling details without compromising those things. But, of course, this is the US intelligence community we're talking about, and they're generally not fans of revealing anything at all. So I'm sure even the details in this report were like pulling teeth. And that's dumb.
Again, more and more of what happens in the world is going to happen via computer systems and networks. And we're not always going to know. But it's a serious problem when governments are escalating situations and making angry posturing moves against one another based on totally secret information where the best we're being told by the government is "trust us." Especially when that very same government has a long history of not being so trustworthy.