New Assertions, But No New Evidence, on Russian Hacking in NSA Leak

by | Jun 9, 2017

New Assertions, But No New Evidence, on Russian Hacking in NSA Leak

by | Jun 9, 2017

This week, there was a new, aggressively reported story on alleged Russian hacking, based on anonymous leaks from the US intelligence community.

The latest story is different in some respects, but it still follows the normal script of this genre. New assertions are made by the intelligence community. No evidence is presented to support the assertions, nor any discussion of what the classified evidence might be. Russia is conclusively blamed anyway. And then speculation is entertained on how the crafty (yet seriously indiscreet) Russians might have used their hacking success and whether it impacted the results of the 2016 election.

The Story

The Intercept received an internal intelligence analysis from the NSA, which discusses a previously unreported hacking episode. According to the analysis, the hackers used a spear-phishing campaign to target a private software company, surmised to be the company VR Systems, that sells electronic voting software and equipment. Spear-phishing is a technique where victims are sent spam emails that appear to be from a legitimate website and attempt to get users to enter their login credentials in a bogus form.

Then, once the hackers gained access to some user accounts at VR Systems, they used them to send emails to election officials. The apparent purpose for this was to get access to individual election office networks. In theory, this could then be used to download sensitive information like voter registration lists.

Importantly, the company targeted does not actually sell the voting systems themselves. Thus, the article suggests that none of the hacking operations posed a direct threat to vote tallies by manipulating the software. Instead, it indicates that by compromising VR Systems, the hackers might have been able to modify voter registration databases and, assuming they had an accurate estimation of voter sentiments and which states / precincts could be key, they could then selectively purge the registrations to influence the outcome.

However, even if someone was deleted from a voter registration lists, the article notes that voters might still be able to file a provisional ballot that just has to be rechecked for eligibility prior to counting–it’s a hassle for voters and could deter some but probably wouldn’t outright prevent voting.

It should be clear that all of this suggests a very indirect and uncertain mechanism for influencing election results. The hackers had to know which states mattered most, which people were likely to go which way, and then they still had to penetrate the systems that gained them access to this information. The analysis does not conclude whether they were successfully able to do this. Accordingly, it also does not weigh in on whether these actions successfully impacted the election outcome.

The Differences

While the story is similar to ones we’ve heard before, there are some important differences.

Perhaps the most important distinction is the news outlet that broke the story. Most of the high-profile allegations against Russia have been first reported by the major mainstream media outlets–primarily The Washington Post. However, this latest leak was reported by The Intercept, the online progressive media outlet co-founded by Glenn Greenwald.

Greenwald initially made a name for himself by reporting on the Snowden leaks and has been generally been skeptical and adversarial toward the government–under both Republican and Democratic administrations–the way journalists should be. Greenwald’s ethos has also been evident in much of The Intercept’s work, making it one of the more reliable outlets on matters of foreign policy and national security. This has included pushing back on the rush to judgment on Russian interference and  general McCarthyite urge that has descended on Washington.

Thus, it is surprising for them to present a story on this issue that sounds almost as if it could have been written by The Washington Post. One of the primary virtues of The Intercept’s reporting has been its skepticism of unproven government assertions. Unfortunately, this characteristic was not very evident in their most recent piece.

To their credit, the authors (which do not include Greenwald) do note near the beginning of the story that the leaked analysis doesn’t include any raw intelligence. However, most of the story seems to set this disclaimer off to one side while framing the new allegations in very dire terms. A significant portion of the story effectively accepts the premise that Russia was responsible for this hack and others, and then speculates on the strategy of the attack, its possible (as yet unknown) impacts on the election, and potential policy options to prevent future breaches.

Another important difference in this story is that The Intercept published photos of the leaked documents in this case. Presumably, this was done to bolster the credibility of the story and not just be another anonymously sourced Russian hacking story. An admirable goal perhaps, but it had the unfortunate side effect of outing the otherwise anonymous leaker. Specifically, The Intercept shared photos of printed out documents. But it’s a little-known fact that printed out documents often contain nearly invisible microdots that indicate where they were printed. This document was no exception.

Using The Intercept’s photos, the authorities were apparently able to a) verify the document had been printed and b) identify where it was printed. They were able to narrow their search to six people who had printed this specific analysis. One of these individuals had also contacted The Intercept via their work email, and so the authorities were able to figure out the source. The leaker was named as NSA contractor Reality Winner and was arrested earlier this week.

The Case for Skepticism

Ultimately, this story brings forth new assertions from the intelligence community about Russian wrongdoing, but it still doesn’t present new evidence. Thus, in our view, skepticism is still the best default position on the overall Russian hacking story, including this latest allegation.

To be clear, the case for skepticism does not rest on any affinity for either Vladimir Putin or Donald Trump. Rather, it rests on the fact that virtually no evidence has been presented. Additionally, multiple high-profile stories surrounding the Russia interference narrative have been so unsubstantiated that they resulted in retractions or corrections by their initial authors (here, here, and here, for example).

Here’s a useful summary of all the public evidence that existed to support the Russian hacking charge as of December 2016–compiled, incidentally, by The Intercept itself. At that time, they concluded correctly that the evidence was inadequate, noting that “the refrain of Russian attribution has been repeated so regularly and so emphatically that it’s become easy to forget that no one has ever truly proven the claim.”

Indeed, the public evidence listed includes a few things that are either inconsequential or absurd. My personal favorite is the fact that the name of founder of the Soviet secret police, Felix Edmundovich, was found in the metadata of the malware.

Obviously, there’s no reason a hacker would have occasion to cite a random historical figure in the metadata–so it’s not as if someone just forgot to take it out. It had to be put there deliberately. So you have to ask yourself,  is it a single bluff, or a double bluff, or a triple bluff, or… the hackers are trolling everyone. Clearly, this is not the kind of thing that should count as compelling evidence.

Since the time that evidence summary was published by The Intercept in December, the US government came out with a formal assessment which also assigned blame to the Russian government. However, even this report still failed to provide actual evidence, as journalist Robert Parry has pointed out. So we still have no proof.

Of course, Russia might have done everything they stand accused of. The point is that the unclassified evidence released to date does not prove they did it. All we have are assertions and assessments offered by the intelligence community. And given the US government’s established track record of misleading the public to justify belligerent foreign policy actions, government assertions are not enough.

The newest NSA leak story does nothing to change this state of affairs. It adds one more assertion to the list. And it tells us that at least some internal assessments at the NSA adopt the same confident tone that Russia carried out the hacks. This is interesting, but it isn’t much to go on. It’s also not much different in character than The Washington Post stories that preceded it.

Additionally, the report notes that the techniques used were not terribly sophisticated. You don’t need to be a nation-state to carry out a spear-phishing campaign. Given this, the reader is left to wonder exactly why this particular attack was attributed to Russia.

Also according to the new analysis, there were some apparent election targets that don’t fit too well with the Russian hacker theory. Specifically, The Intercept reported that one plot targeted offices in American Samoa–a territory that has no electoral college votes and therefore no ability to influence the presidential election. Is it likely that a nation-state planned a high-risk campaign to influence a foreign election and didn’t even bother to figure out how the electoral college system works?

And finally, there’s the questionable premise that always underlies the Russia hacking theory. If we believe the popular narrative, then the Russian government penetrated many different US networks and its hacking operations are highly-sophisticated. But on the other hand, these same highly-sophisticated hackers are sufficiently careless or inept that all of their plots were conclusively identified. In essence, the narrative requires the Russian government to be simultaneously omnipotent and incompetent.

Conclusion

All things considered, The Intercept makes a new significant allegation against Russia. But like the previous accusations, no meaningful evidence has been released to support it. Until that changes, it does not make sense to accept the official narrative as fact. And it is clearly reckless to have unproven accusations drive US foreign policy decisions on Russia.

Eric Schuler

Eric Schuler

Eric Schuler is a contributor to The Libertarian Institute, with a focus on economics and US foreign policy. Follow his work here and on Twitter.

View all posts

Our Books

Shop books published by the Libertarian Institute.

libetarian institute longsleeve shirt

Support via Amazon Smile

Our Books

15 books

Recent Articles

Recent

TGIF: Supply Precedes Demand

TGIF: Supply Precedes Demand

"Consumption is the sole end and purpose of all production." —Adam Smith, The Wealth of Nations, 1776 "In the market economy the consumers are supreme. Their buying and their abstention from buying ultimately determine what the entrepreneurs produce and in what...

read more

Pin It on Pinterest

Share This