The Atlantic reports: Considerable evidence shows that the Wikileaks dump was an orchestrated act by the Russian government, working through proxies, to undermine Hillary Clinton’s presidential campaign.
“This has all the hallmarks of tradecraft. The only rationale to release such data from the Russian bulletproof host was to empower one candidate against another. The Cold War is alive and well,” Tom Kellermann, the CEO of Strategic Cyber Ventures said.
Here’s the timeline: On June 14, the cybersecurity company CrowdStrike, under contract with the DNC, announced in a blog post that two separate Russian intelligence groups had gained access to the DNC network. One group, FANCY BEAR or APT 28, gained access in April. The other, COZY BEAR, (also called Cozy Duke and APT 29) first breached the network in the summer of 2015.
The cybersecurity company FireEye first discovered APT 29 in 2014 and was quick to point out a clear Kremlin connection. “We suspect the Russian government sponsors the group because of the organizations it targets and the data it steals. Additionally, APT29 appeared to cease operations on Russian holidays, and their work hours seem to align with the UTC +3 time zone, which contains cities such as Moscow and St. Petersburg,” they wrote in their report on the group. Other U.S. officials have said that the group looks like it has sponsorship from the Russian government due in large part to the level of sophistication behind the group’s attacks.
It’s the same group that hit the State Department, the White House, and the civilian email of the Joint Chiefs of Staff. The group’s modus operandi (a spear-phishing attack that uploads a distinctive remote access tool on the target’s computer) is well known to cybersecurity researchers.
In his blog post on the DNC breaches, CrowdStrike’s CTO Dmitri Alperovitch wrote: “We’ve had lots of experience with both of these actors attempting to target our customers in the past and know them well. In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter.”
Crowdstrike stood by its original analysis, writing: “these claims do nothing to lessen our findings relating to the Russian government’s involvement, portions of which we have documented for the public and the greater security community.”
Other security firms offered independent analysis and reached the same conclusion. The group Fidelis undertook its own investigation and found Crowdstrike to be correct.
A Twitter user named @PwnAlltheThings looked at the metadata on the docs that Guccifer 2.0 provided in his blog post and found literal Russian signatures.
— Pwn All The Things (@pwnallthethings) June 15, 2016
His findings were backed up by Dan Goodin at Ars Technica. “Given the evidence combined with everything else, I think it’s a strong attribution to one of the Russian intelligence agencies,” @PwnAllTheThings remarked to Motherboard.
Motherboard reporter Lorenzo Franceschi-Bicchierai actually conversed with Guccifer 2.0 over Twitter. The hacker, who claimed to be Romanian, answered questions in short sentences that “were filled with mistakes according to several Romanian native speakers,” Bicchieri found.
A large body of evidence suggests that Guccifer 2.0 is a smokescreen that the actual culprits employed to hide their involvement in the breach.
That would be consistent with Russian information and influence operations. “Russian propagandists have been caught hiring actors to portray victims of manufactured atrocities or crimes for news reports (as was the case when Viktoria Schmidt pretended to have been attacked by Syrian refugees in Germany for Russia’s Zvezda TV network), or faking on-scene news reporting (as shown in a leaked video in which ‘reporter’ Maria Katasonova is revealed to be in a darkened room with explosion sounds playing in the background rather than on a battlefield in Donetsk when a light is switched on during the recording),” notes a RAND report from earlier in July.
The use of Wikileaks as the publishing platform served to legitimize the information dump, which also contains a large amount of personal information related to democratic donors such as social security and credit card numbers. This suggests that Wikileaks didn’t perform a thorough analysis of the documents before they released them, or simply didn’t care. [Continue reading…]
Wikileaks describes itself as a “source-protection organization” — without a reliable commitment to that goal, it’s unlikely they would have any material to publish. So, this layer of secrecy is a necessity.
But what exactly is Wikileaks’ mission? The closest they come to offering a mission statement is this:
WikiLeaks is a multi-national media organization and associated library. It was founded by its publisher Julian Assange in 2006.
WikiLeaks specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption. It has so far published more than 10 million documents and associated analyses.
“WikiLeaks is a giant library of the world’s most persecuted documents. We give asylum to these documents, we analyze them, we promote them and we obtain more.” – Julian Assange
This is a description of what Wikileaks does, but it doesn’t explain why.
One might assume that anyone involved in the “liberation” of censored information would be a firm believer in transparency.
Wikileaks doesn’t just leak secrets; it’s trying to undermine and challenge deeply entrenched cultures of secrecy — or so we have been led to believe.
Yet if this is indeed Wikileaks’ mission, shouldn’t we expect the organization to demonstrate greater transparency in its own workings?
Sure, they need to protect their sources, but if the only explanation they have about their own decision-making processes is that they are guided by public interest, then Wikileaks turns out to be no less secretive than the governments and organizations it exposes.
Wikileaks can say they released their trove of DNC emails in the public interest, but that doesn’t explain the timing.
A datadump right before the Democratic National Convention was sure to garner the maximum amount of publicity and have the maximum disruptive effect. As a PR decision, it’s easy to understand.
But given the political consequences of Wikileaks actions, it’s worth asking what political agenda they are supporting and who is driving that agenda.
Since the DNC emails Wikileaks has just published cover a period that ended on May 25, 2016, it’s reasonable to assume that Wikileaks received the emails shortly after that time. Indeed, in an interview in early June, Julian Assange said: “We have upcoming leaks in relation to Hillary Clinton.” It sounds like he must have been referring to the DNC emails — although if that was the case, he misled the interviewer by failing to correct the interviewer’s presupposition that Assange was referring to emails from Hillary Clinton’s private server. This interview took place before the DNC hacking had become public knowledge.
At that time, Bernie Sanders had not conceded defeat to Hillary Clinton and Wikileaks, had it been so inclined, could have tossed a spanner into the primary process and given the Sanders camp some greater political leverage in its negotiations with the Clinton campaign. (At the same time, let’s not forget about that irksome detail from the outcome of the primaries that gets ignored by some Sanders supporters: At the end of the process Clinton had received 16,847,075 votes to Sander’s 13,168,214 and she had won in 34 states while he won 23.)
Given that Wikileaks made the DNC email release at a time of its choosing and it chose July 22, the evidence strongly suggests that its interest was in harming Clinton without helping Sanders. The only immediate beneficiary of the leak was Donald Trump.
The reasons Vladamir Putin would like to see Trump become president have already been presented at length. The reasons why Wikileaks would back Trump are far from clear.
Is Wikileaks being manipulated by powers it doesn’t recognize, or does it receive encouragement, guidance, or directions from sources it is compelled to keep secret, not in the name of source-protection but for the sake of self-protection?