10 October 2016

The Weird Logic Behind Russia's Alleged Hacking

October 6, 2016

One of the biggest stories of the U.S. election cycle has been the allegedly Russian hack into the computer network of the Democratic National Committee. Sidestepping the embarrassing implications of what the hack revealed about the DNC’s behavior during the primaries, the Democratic campaign, along with major U.S. news organizations, framed the story as one of Russia’s nefarious meddling in American democracy. That story has since become central to the U.S. election. In the first presidential debate, it was a key point of disagreement between Donald Trump and Hillary Clinton. Both candidates emphasized the cyber threat, but while Clinton laid the blame for the DNC attacks squarely with Russia, Trump suggested that the hack could have been perpetrated by anyone, from a state security organization to a lone individual.

The case is much more complicated than it may appear.

The evidence for Russian involvement in the hack is based upon research done by three independent security firms, which discovered that similar hacking techniques had been used in previous attacks by operatives allegedly working for Russian state security. Soon after these findings were released, however, an individual hacker calling himself Guccifer 2.0 came forward to dispute them. Identifying himself as a Romanian unaffiliated with the Russian government, he claimedthat he had carried out the DNC hacks alone and said he had the evidence to prove it. While experts agreed that his evidence—previously unreleased emails and other data pilfered from the DNC—was authentic, they also made the casethat it contained further proof of a Russian plot:


• One of Guccifer 2.0’s documents had been previously accessed by a user named феликс эдмундович (“Felix Edmundovich”). Not only was this username written in Cyrillic, but it referenced the founder of the Soviet security services, Felix Edmundovich Dzerzhinsky.

• Metadata showed that document notifications that had originally appeared in Cyrillic had later been changed to English.

• In his own communications, Guccifer 2.0 made two slips suggesting a Russian background: he used the common Russian “))))” as a smiley face symbol, rather than the “:)” used by English speakers, and, when pressed to communicate in Romanian in a chat with Vice News, he was unable to respondwith the fluency expected of a native Romanian speaker.

Here’s where it gets tricky. Though certainly suggestive, these findings are far from conclusive. The Russian government does not have a monopoly on the use of Cyrillic characters nor on the names of historical Soviet figures. Besides, how likely is it that a presumably discreet NSA hacker trawling the data of foreign governments would use the moniker GeorgeWashingtonIs#1? Never mind intelligence operatives—what internet-savvy Russian wouldn’t know that the Russian and Western symbols for the smiley face, perhaps the most widely used symbol on the internet, are different? If creating an alibi that hinged on a Romanian identity, would an elite spy organization not perform the due diligence of having someone who knows Romanian present during the one major opportunity to prove that alibi’s veracity? Would that same organization also forget to erase routine metadata? And, if suggestive but inconclusive Cyrillic notifications were left behind, why would Russian operatives go back to scrub them—leaving a trail of evidence far more compelling than the presence of Cyrillic notifications in the first place?

(This week, Guccifer 2.0 released what he claimed were the internal files and databases of the Clinton Foundation. Evidence suggests the new hacks to be a crudely labeled collection of material from other sources.)

The evidence leads us to an impasse. Either Russian spies are dunderheads, or Guccifer 2.0’s clues are red herrings.

There is, however, a third explanation that would account for this level of sloppiness: the clues were left intentionally. Though hard to believe, it wouldn’t be the first time the Kremlin resorted to such tactics.

Last November, while a major Russian news channel broadcast footage from a military meeting, cameras lingered on a printed PowerPoint slide held up, as if on purpose, by a participant. The slide showed a blueprint for the “Status-6,” an unmanned underwater vehicle (UUV) designed to deliver a dirty bomb off coastal areas “to inflict unacceptable damage.” Though U.S. media outlets were quick to seize on the frame as proof of Russia’s malicious intent, experts realized the significance of the slide being shown during a discussion about possible Russian responses to NATO’s installation of an anti–ballistic missile (ABM) shield in eastern Europe. It soon became clear that the broadcast was a heavy-handed attempt to illustrate the horrors of a world in which the U.S. and Russian governments ceased communications, and agreements like the ABM treaty, which ensured the principle of mutual deterrence, were allowed to lapse.

If we assume that a Russian security organ was indeed responsible for the recent hack into the DNC, and that the operatives who carried out the attack are more competent than the bumbling robbers in Home Alone, then their goal could very well be the same as it was when the UUV slide was broadcast: to get back to the negotiation table.

The explanation may sound counterintuitive. If wanting to restart a dialogue, why would Russia take an offensive action that should sooner lead to further alienation than reconciliation?

Because not only is that the only “rational” option Russia perceives itself to have, but it is what Russia has consistently done vis-à-vis the United States since the onset of sanctions. Leaving clumsy clues is from the same playbook as “accidentally” broadcasting the plans for a secret nuclear device, and is in many ways similar to Russian strategy in Ukraine and Syria. By inserting itself into developing situations, Russia forces its inclusion in the debate around the resolution of those situations. Furthermore, as many others have noted, the leaks have a tit-for-tat quality. Putin singled out Hillary Clinton for meddling in the 2011–12 Russian elections and causing major popular disruptions. The relative limitations of the target suggest that the attack was made as a calculated response, rather than as an aggressive and escalatory one. Its aim was not to inflict damage, but to remind the United States that ignoring Russia won’t make it go away.

One obvious, but perhaps inadequately reflected upon, aspect of Russia’s isolation is that it is cut off from dialogues about critical security issues. These are issues that must sooner or later be either addressed or exploited. Intolerable threats like the newly installed anti–ballistic missile shield will be dealt with in one way or another—if not by bilateral arms control agreements, then by such means as the Status-6.

If Russian security services were behind the hack, then the case of Guccifer 2.0 lies at the crux of the problematic policy of isolating Russia: in the absence of constructive avenues to make its voice heard, the only means left to the Kremlin are destructive.

Eugene Scherbakov is a Research Assistant for the Russia-Eurasia program at the Carnegie Corporation of New York.

No comments: