Short answer: nobody knows, but the media is treating it as a fact based primarily on a single technical source employed by the Democratic National Committee. I read the source’s publicly available explanation. Here’s what I found.
A Quick Taste of Media Conclusions
Despite a line in paragraph five saying “Proving the source of a cyberattack is notoriously difficult,” the New York Times offers the following statements.
- “researchers have concluded that the national committee was breached by two Russian intelligence agencies;”
- “Though a hacker claimed responsibility for giving the emails to WikiLeaks, the same agencies are the prime suspects;”
- “Whether the thefts were ordered by Mr. Putin, or just carried out by apparatchiks who thought they might please him, is anyone’s guess.”
- “It is unclear how WikiLeaks obtained the email trove. But the presumption is that the intelligence agencies turned it over, either directly or through an intermediary. Moreover, the timing of the release, between the end of the Republican convention and the beginning of the Democratic one, seems too well planned to be coincidental.”
There’s more, but you get the picture. The article also quotes Clinton staffers citing unnamed experts and researchers.
Who Are These Experts?
The only experts cited work for a company hired by the Democratic National Committee to investigate the hack. There is no indication of any neutral third party investigation. The company, Crowdstrike, issued a publicly available report on what they found.
The report title makes clear the company’s conclusion: Bears in the Midst: Intrusion into the Democratic National Committee.
What Does the Report Say?
The report has some technical explanations, but focuses on conclusions that seem to be at best presumptions, despite the media treating them as fact.
- The key presumptive conclusion seems to be that the sophistication of the hacks points to a nation-state actor. “Their tradecraft is superb, operational security second to none and the extensive usage of ‘living-off-the-land’ techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities.”
- The hackers, two separate entities Crowdstrike says worked independently, used techniques known to be used by Russians. Better yet, with no evidence at all presented, Crowdstrike concludes, “Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government’s powerful and highly capable intelligence services.” Also, for one of the alleged hackers, “Extensive targeting of defense ministries and other military victims has been observed, the profile of which closely mirrors the strategic interests of the Russian government.”
- By the end of the report Crowdstrike is just plain out called the hackers “Russian espionage groups.”
FYI: Fidelis, another cybersecurity company, was hired by Crowdstrike to review the findings. Fidelis worked exclusively and only with data provided by Crowdstrike (as did several other companies.) Fidelis They concluded the same two hackers, COZY BEAR and FANCY BEAR APT, committed the intrusion, but made no comments on whether those two were linked to the Russian government.
Um, Valid Conclusions?
Despite the citing with certainty of experts and researchers by the media and the Clinton campaign, the only such expert who has made any findings public has basically thrown out little more than a bunch of presumptions and unsubstantiated conclusions.
Left undiscussed are:
- the commonality of hackers using “false flags,” say where an Israeli hackers will purposely leave behind false clues to make it seem that a Hungarian did the work. As one commentator put it sarcastically “The malware was written in Russian? It was a Russian who attacked you.
Chinese characters in the code? You’ve been hacked by the Peoples Liberation Army.”
- the question of if the hackers were “Russians,” can anyone tie them to the Russian government? Joe Black Hat breaking into some system in Ireland may indeed be an American person, but it is quite a jump to claim he thus works for the American government.
- there is also a significant question of motive. For Putin to be the bad guy here, we have to believe that Putin wants Trump in power, bad enough to risk near-war with the U.S. if caught in the hack, and bad enough to really p.o. Clinton who will be nominated this week anyway, and hoping of course that evidence of dirty tricks by the DNC released in July will be enough to defeat her in November. That’s a real s-t-r-e-t-c-h, Sparky.
- other than those private persons who hack for their own entertainment or personal political beliefs, most work for money. They steal something and sell it. Information from the DNC system would find an easy buyer.
- Who might be interested in buying these emails? Along the range of actors who would benefit from exposing these emails, why would the Russians come out on top? Perhaps the Republicans? China? Pretty much any of the many enemies the Clintons have amassed over the years? Hell, even Bernie Sanders, whose complaints about the DNC were validated by the email release. The suspects based on motive alone make up a very long list.
For some intelligent analysis suspicious that the DNC hack was a Russian intelligence job, try this.
For some more technical information on one of the alleged DNC infiltrators, here you go.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People. His latest book is Ghosts of Tom Joad: A Story of the #99 Percent. Reprinted from the his blog with permission.