Boris Badenov, hacker: skeptical thoughts on the Russian election espionage affair

I’ve been following the Russian American election hacking story between speaking gigs, physical meetings, international travel, winter storms, and holiday planning.  Finally I have a few minutes to write about this here.*

Overall, I’d like to caution people at this moment.  There’s a lot of hysteria surging through politicians, mainstream media, social media, and multiple government agencies.  I recommend taking a deep breath and stepping back from the panic for a few minutes.

DNC logoTo begin with, amidst the sober statements of experts, there is an awful lot of incompetence in these accounts, starting with the Democratic party’s National Committee.   For example, the story about the DNC IT guy mistyping “legitimate” instead of “illegitimate” and thereby enabling the hack (here) is painful and darkly funny, especially for anyone who works in or around IT.  Also comic is the way the DNC people didn’t believe the real FBI was calling them.  Guccifer 2.0‘s follow-up flubs are entertaining (and is this the first international incident where Google Translate played a role?).  This hack seems to really depend on, and succeed despite, some basic human weaknesses, that ancient zone of security flaws.

More importantly, there is also a great deal of mysterious behavior by US agencies and actors.  I still can’t tell if the FBI’s responses, which some have characterized as too slow or ineffective, were lame or overcautious or stymied by other forces .  Perhaps they just doing things according to correct procedure. Surely there is a great deal of backstory here which we can’t see clearly, due to the FBI’s established secrecy and the problem’s complexity.  Yet the FBI’s head is on the defensive.

Meanwhile, President Obama is playing this very cool.  His Friday press conference (transcript) urged calm and projected quiet, folksy strength (“I felt that the most effective way … was to talk to [Putin] directly and tell him to cut it out”).  I don’t know if this soothing strategy is because US cyberwar capacity is hard to use in this situation, because he doesn’t want to start an escalating conflict with Russia as he leaves the office (to Trump), or as a tactical ploy, as he has actually launched a gigantic covert response and is covering it up with chill.

In fact, much of the story is mysterious at a basic level, which isn’t surprising, given that it’s an ongoing saga about, of all human enterprises, espionage and counterintelligence.   These are fundamentally about secrecy and misdirection.  Unsurprisingly, it’s hard to follow what’s actually happened, especially in real time, as multiple press accounts appear and contradict each other.  For most people it is all too easy to grab onto a congenial narrative fragment and hold on for dear life. Remember that James Angelton used to describe thinking through spy stuff as being trapped in “a wilderness of mirrors,” quoting TS Elliot (“Gerontion”):

These with a thousand small deliberations
Protract the profit of their chilled delirium,
Excite the membrane, when the sense has cooled,
With pungent sauces, multiply variety
In a wilderness of mirrors.

Remember, too, that Angelton knew a lot more than the rest of us, being head of US counterintelligence for may years.  If someone in a position of power and information access found it difficult to track the reality of espionage stories in real time, perhaps the rest of us should have more than a few grains of salt at the ready.

So far, many of us do not.  I’m both amused and saddened that many people recently worried about fake news are now deciding an awful lot based on a handful of anonymous CIA leaks.  Setting aside that agency’s near-century of epic secrecy and misinformation, CIA hasn’t exactly covered itself in glory recently, with its assessment of Iraqi WMD or Saddam Hussein’s war-making capacity.  Are we really that eager to trust them without a shred of skepticism?  Similarly, so many people worried about the NSA are now taking admiral Clapper‘s statements uncritically.   Further, how many people are relying for information and news on the social media they criticized a few weeks ago?  We have lost our recently-won sense of critical distance.  *This* is the time for information and digital literacy, friends!

For example, by the phrase “hacking the election”, are we only referring to the  emails phished and sent to Wikileaks? Is that the entirety of the hack?  If so, that’s a pretty low bar for “hacking an election.”  Instead, note how Wikipedia describes the entire hack:

On October 7, the DNI and DHS stated the intelligence community was confident Russia had directed Democratic National Committee (DNC) cyber-attacks and the release of its private documents…

Is that all?  If so, the hack story is really about the DNC, and a handful of people therein, not the election as a whole.

As Fred Kaplan describes it – and know that he’s furious about the hacks:

there would have been no ruckus if the Russians had simply hacked emails from the DNC and the Clinton campaign; that’s what intelligence agencies do, if they can: collect intelligence on what the presidential candidates and their close aides are saying and doing, what kinds of policies they might pursue.

“There would have been no ruckus.”  That’s a strong statement, but Kaplan continues:

What’s different this time around is that the Russians leaked cherry-picked excerpts of these stolen files to WikiLeaks, which passed them on to the scoop-happy mass media. In short, the Russians didn’t merely engage in “passive intelligence collection”; they weaponized what they collected. They didn’t merely hack files to learn about U.S. politics; they then strategically planted damaging bits from those files in order to shape U.S. politics.

That’s the main charge.  The “hack” consists of phishing, then sharing for web publication.  The hack is also not disinformation, for those readers who like their spying stories, but the spreading of actual, unaltered documents.

President Obama and other officials have stated repeatedly that election mechanisms (voting machines, the vote counting process) were not compromised.  Kaplan again: “There is no evidence—nor is anyone claiming there’s evidence—that the Russians tampered with voting machines or registration rolls.” It’s not the whole election nor America itself nor the reputation of democracy that Russian hackers hit, but instead one small organization that’s part of one of our two major political parties.  (Yes, the parallel Republican entity was hit, but Moscow did nothing with the results (so far), and nobody seems excited about this part.)  Moreover, the “hack” was a pretty simple spear phishing exercise through email, which was enabled by an IT staffer’s, er, misstyping.  We’re not talking about elite haxors cracking killer passwords or finding sophisticated back doors into subtly organized databases.

phishing, by Renate Meijer

It behooves us, then, to not overstate things.  We can think more clearly and react more judiciously if we focus less on hype and panic and more on what we can actually learn.  For example, when the New York Times dubs this hacking expedition as a “perfect weapon“, that’s clearly a bit much.  Remember that panics over national security are historically fine opportunities to commit a variety of mistakes and abrogations of civil liberties.  As the admittedly skeptical Intercept advises,

If we’re going to blame the Russian government for disrupting our presidential election — easily construed as an act of war — we need to be damn sure of every single shred of evidence. Guesswork and assumption could be disastrous…

The question, then, is this: Do we want to make major foreign policy decisions with a belligerent nuclear power based on suggestions alone, no matter how strong?

Did the DNC email hack tip the election from Clinton to Trump?  It seems unlikely.  The Wikileaks coverage occurred in September and October, when Clinton was flying high in the polls.  Clinton really dropped in the week before the election, when Wikileaks was not on the agenda, compared to numerous other topics and themes.

If we want to see Putin tipping the election to Trump, we also have to assume that the Wikileaks emails, risotto recipes and all, seriously influenced voters across the country.  There’s little evidence of this in exit polls and, indeed, during the lead-up to the vote.  AS Jack Shafer points out,

the recent campaign, in which Trump spent about a third of what Clinton did on TV ads yet prevailed, proves that the masses are not susceptible to all the advertisements that money can buy. The volume of Clinton ads clearly dwarfs the combined output of Russian propaganda and disinformation but still did not change enough minds to win the prize.

There was very little in the Podesta emails to shake voters.  Most of the juicy stories confirmed previous concerns, from the fabled secret banker speeches (pretty dull stuff, at least in transcript form) to some in the DNC being anti-Bernie Sanders.  Meanwhile, the list of reasons that drove Trump voters to the polls, and those that kept voters from pulling the Clinton lever, are extensive: economic stress, racism, anti-PC-ness, various gender politics, fear of ISIS, etc.

If I’m right, and many are overstating the power of this DNC hack, we can ask cui bono? Who is served by this jittery mixture of hyperbole and panic?

To begin with, I nominate Democrats who don’t want to examine their truly catastrophic election.  They might well prefer to focus on Moscow instead of Brooklyn.  That’s human nature, and also safe politics for those implicated by impending criticism.  Talking about Putin instead of the failure to reach out to the Rust Belt is a practical move.

Additionally, how many warhawks are gladdened by heightened tensions?  Think of defense contractors, cybersecurity agencies, older people with minds shaped by the Cold War and still seeing red, not to mention various people throughout the Department of Defense who want us to focus military attentions on Russia. (Here’s a small instance.) Ginning up Russophobia is, as we know from the 20th century, a reliable way to get Americans behind a massive military drive, with its concomitant civil liberties restrictions. Are we really willing to support these beneficiaries through our panic?

Instead let’s step back for a minute and actually use our digital literacy tools of skepticism.  Let’s recall the methods librarians have developed, and not race warlike into that wilderness of mirror.

Caveat1: yes, there could well turn out to be more fire than smoke.  We may learn of a more substantial hacking threat over time, as better information sifts out (and we do some of the sifting).

Caveat2: in case anyone was wondering, I don’t support the Trump campaign.  No am I a Russian agent.

(thanks to my multiple Facebook friends for taking the time to think through this with me; phishing photo by Renate Meijer)

*I was actually thinking of doing this as a tweet storm.  I might try that out.

Liked it? Take a second to support Bryan Alexander on Patreon!
Become a patron at Patreon!
This entry was posted in digital literacy, politics. Bookmark the permalink.

12 Responses to Boris Badenov, hacker: skeptical thoughts on the Russian election espionage affair

  1. garthster says:

    top on! as a foreigner I follwed this issue and was looking for some coverage also in Europe of some replies from the supervisory party on the US Intelligence but there is none. Info like the following is simply not an issue as not part of main stream – it’s against main stream intend, it seems. Quote:”The overseers of the U.S. intelligence community have not embraced a CIA assessment that Russian cyber attacks were aimed at helping Republican President-elect Donald Trump win the 2016 election, three American officials said on Monday.”. It is also from these kinada articles that one learns that the US has 17 Intelligence Services. “The ODNI oversees the 17 agency-strong U.S. intelligence community”.” Likes that, Intelligence Community… B|

  2. I’ve been teaching and tinkering with educational technology for many years and finally earned an MET degree in late 2015. As someone old enough to remember where I was when JFK was shot, I truly cannot think of any historical event that has hit me harder than this election. It was like being sucker-bashed in the back of the head with a baseball bat.

    To fight off the feelings of anger, anguish, and depression (which were almost unbearable for about a week), I am now channeling my energies toward better equipping myself as a multiliteracy evangelist/researcher/collaborator and doing all I can to help others develop their literacies so this kind of debacle can never occur again.

    There were so many bad players in this – including many elements of FB, the MSM, Wikileaks, the FBI, CIA, Putin, Trump’s gang, the DNC, etc. – and they are all capable of deception. Therefore, I no longer have time for – or interest in – ruminating about them in my comfortable progressive echo chamber (even with rock stars like Maddow, O’donnell, Hayes, Reid, as much as I like those folks) because I need to focus all my time and energy on only one thing: helping myself and others to maximize our multiliteracy acumen so we can have some possibility of being able to stay ahead of the purveyors of fake news and deceptive misinformation in future elections.

    My experience as a grad student gave me a good start for this lifelong goal. The election has provided the biggest possible push. In that sense, I am thankful for that bash in the head. Something good will come out of it–especially of other like-minded folks choose to do something similar.

    Thank you, Bryan, for the thought-provoking and inspiring piece. Very helpful!

  3. John Powers says:

    “Moreover, the “hack” was a pretty simple spear phishing exercise through email, which was enabled by an IT staffer’s, er, misstyping.”
    I think this is hardly a full and fair assessment of Russian involvement. It is helpful to read the reporting by Thomas Rid and others in July of 2016 when the story was first made public. It’s also helpful to “step back and use our digital literacy tools” to understand, as best we can, the facts and context of stories in the news. Your commentary would be stronger for it.

    • John, by “Russian involvement” are you referring to what people are describing as “hacking the election”, or something broader?
      For the latter, do you have in mind (say) the production of mis- and disinformation stories from Russia, or the implantation of phone-home software (mentioned by several accounts; unclear how or if used), or the activities the PropOrNot site describes?

    • Some clarity would help. For example, check how NBC describes the “hack”:
      “The Russians had already stolen reams of emails and used them to embarrass Hillary Clinton and the Democrats.”
      On the other hand, the same account relates this description from a leading (and very biased and self-serving) player:
      “Donna Brazile, a Democratic party official, has said publicly that attempted cyber intrusions of Democratic Party systems continued through Election Day — and that Democrats felt abandoned by the government.”

  4. Judith says:

    You’re assuming that the only effect of the Russian interference was the Wikileaks hack. Perhaps I am reading too much into the various news sources I am trying to follow, but I suspect we will see that Russia paid for some or much of the “fake news” sources that heavily convinced the public that Hillary was evil (Pizzagate etc.) I don’t think the only tool of the Russian propaganda machine was Wikileaks.

    • Judith, I’m tackling fake news in another post.
      Here I was only referring to the hack, trying to get my head around it.
      Most people aren’t including the hack with fake news – should we?

      • Judith says:

        I think they are of a piece. Obtaining “secret” information, releasing information (with no assurance of integrity, so it may or may not be what was actually obtained), writing NEW information packaged as real and distributing it – these are all information security problems (covered in the CISSP exam!!), classic warfare activities, and just functionally related. I am staying alert to where the government (CIA, FBI, Obama) speaks of the DNC hack specifically and where they speak of “interference”. They might be the same thing or they might not. Which is why I would like to see a full investigation.

  5. lindaleea says:

    I have worked at a state school over a decade ago where there was a mac that would not connect to the internet. They tried to fix it for a couple of months. They kept saying it was the mac which was not compatible. I went in and they were typing in the wrong IP address. Another place they were having internet problems and it was set wrong, which I found. They did not believe me at first, but they finally changed it and it worked. So yes I believe IT can make stupid mistakes.

Leave a Reply

Your email address will not be published. Required fields are marked *