By Jeffrey Carr
July 10, 2017 "Information Clearing House" - Three days ago, the Washington Post ran this article by Philip Bump — “Here’s the public evidence that supports the idea that Russia interfered in the 2016 election”.
This gist of the article was, since we can’t know what the classified evidence is that supports the U.S. government’s finding in favor of Russian government intereference, there is plenty of public evidence which should convince us.
Bump is wrong about that. The public evidence isn’t enough to identify Russian government involvement, or even identify the nationality of the hackers involved. That doesn’t mean that the Russian government isn’t responsible. It means that we don’t know enough to say who is responsible based solely on the publicly known evidence, including classified evidence that’s been leaked.
Here’s a recap:
The X-Agent malware used against the DNC is not exclusive to Russia. The source code has been acquired by at least one Ukrainian hacker group and one European cybersecurity company, which means that others have it as well. “Exclusive use” is a myth that responsible cybersecurity companies need to stop using as proof of attribution.
The various attacks attributed to the GRU were a comedy of errors; not the actions of a sophisticated adversary.
The FBI/DHS Grizzly Steppe report was a disaster (here, here, here, and here).
Crowdstrike’s Danger Close report, which was supposed to be the nail in the coffin that proved the GRU was involved in the DNC hack, has been repudiated by the Ukrainian government, the IISS whose data they misused, and the builder of the military app that they claimed was compromised.
The Arizona and Illinois attacks against electoral databases that were blamed on the Russian government were actually conducted by English-speaking hackers.
The Reality Winner leak of a classified NSA document contained a graphic that used different colors of lines to qualify the data (confirmed, analyst judgment, contextual information). The line that connected the “actors” who sent out the spearphishing email to various electoral organizations with the GRU was yellow (analyst judgment) and included the words “probably within”; meaning that this was not a communications intercept.
There are many other problems with the DNC investigation starting with the fact that no government agency actually did the forensics work. It was done by a company with strong ties to the Clinton campaign and an economic incentive to blame foreign governments for cyber attacks on evidence that was either flimsy or non-existent.
Does any of this mean that the Russian government didn’t do it? No. It only means that there is insufficient public evidence to say that it did.
Jeffrey Carr - Principal consultant at 20KLeague.com; Founder of Suits and Spooks; Author of “Inside Cyber Warfare"