Thomas Rid, Professor in Security Studies at King’s College, London, writes: In the wee hours of June 14, the Washington Post revealed that “Russian government hackers” had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC’s entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention. Hillary Clinton said the attack was “troubling.”
It began ominously. Nearly two months earlier, in April, the Democrats had noticed that something was wrong in their networks. Then, in early May, the DNC called in CrowdStrike, a security firm that specializes in countering advanced network threats. After deploying their tools on the DNC’s machines, and after about two hours of work, CrowdStrike found “two sophisticated adversaries” on the Committee’s network. The two groups were well-known in the security industry as “APT 28” and “APT 29.” APT stands for Advanced Persistent Threat — usually jargon for spies.
CrowdStrike linked both groups to “the Russian government’s powerful and highly capable intelligence services.” APT 29, suspected to be the FSB, had been on the DNC’s network since at least summer 2015. APT 28, identified as Russia’s military intelligence agency GRU, had breached the Democrats only in April 2016, and probably tipped off the investigation. CrowdStrike found no evidence of collaboration between the two intelligence agencies inside the DNC’s networks, “or even an awareness of one by the other,” the firm wrote.
This was big. Democratic political operatives suspected that not one but two teams of Putin’s spies were trying to help Trump and harm Clinton. The Trump campaign, after all, was getting friendly with Russia. The Democrats decided to go public.
The DNC knew that this wild claim would have to be backed up by solid evidence. A Post story wouldn’t provide enough detail, so CrowdStrike had prepared a technical report to go online later that morning. The security firm carefully outlined some of the allegedly “superb” tradecraft of both intrusions: the Russian software implants were stealthy, they could sense locally-installed virus scanners and other defenses, the tools were customizable through encrypted configuration files, they were persistent, and the intruders used an elaborate command-and-control infrastructure. So the security firm claimed to have outed two intelligence operations.
The Russian spies got their hands on a large number of files from inside and beyond the Democratic National Committee. APT 29 — the suspected FSB-controlled group — had protracted access to the DNC’s email messages, chats, attachments, and more. Russian groups have also targeted Clinton’s wider campaign organisation at least since October 2015. Guccifer 2.0, in an email to The Smoking Gun, even claimed to have “some secret documents from Hillary’s PC she worked with as the Secretary of State.” It is unclear if this assertion is accurate, and indeed it is unclear if all leaked documents are actually sourced from the DNC breach. About three weeks later, on July 5, the FBI’s James Comey assessed that it was “possible that hostile actors gained access to Secretary Clinton’s personal email account.” The DNC intruders are likely to retain or regain some of this access. Moreover, the Guccifer 2.0 account has now been established as venue to distribute leaked documents. More activity, if not escalation, is to be expected.
Second, stolen documents leaked in an influence operation are not fully trustworthy. Deception operations are designed to deceive. The metadata show that the Russian operators apparently edited some documents, and in some cases created new documents after the intruders were already expunged from the DNC network on June 11. A file called donors.xls, for instance, was created more than a day after the story came out, on June 15, most likely by copy-pasting an existing list into a clean document.
Although so far the actual content of the leaked documents appears not to have been tampered with, manipulation would fit an established pattern of operational behaviour in other contexts, such as troll farms or planting fake media stories. Subtle (or not so subtle) manipulation of content may be in the interest of the adversary in the future. Documents that were leaked by or through an intelligence operation should be handled with great care, and journalists should not simply treat them as reliable sources.
Third, the DNC operation is unlikely to remain an exception. The political influencing as well as the deception worked, at least partly. The DNC’s ability to use its opposition research in surprise against Trump has been blunted, and some media outlets lampooned Clinton — not a bad outcome for an operation with little risk or cost for the perpetrators.
Another takeaway: the deception does not have to be executed with perfection; it is sufficient simply to spread doubt. High journalistic standards, paradoxically, work in GRU’s favour, as stories come with the Kremlin’s official denials casting doubt as well as pundits second-guessing even solid forensic evidence. If other intelligence agencies also assess that this operation was a success, even if only a moderate one, then more such false flag influence operations are likely in future elections, especially in Europe.
Democracies, finally, have a double disadvantage. General election campaigns and their ad-hoc organisations offer a soft, juicy target: improvised and badly secured networks, highly combustible content, all combined with a reluctance on the part of law enforcement agencies and private sector companies to wade into what could easily become a high-stakes political mess. [Continue reading…]
While Russia develops its evolving military doctrine, known as New Generation Warfare, it is able to exploit a panoply of useful idiots (most of whom see themselves as stalwart enemies of The Establishment) — a network much more extensive than the Soviets ever had at their disposal.
The prospect of being able to steer the grandest useful idiot of all — Donald Trump — into the Oval Office has presented what appears to be an irresistible opportunity.