Published by

What We Know About the Russia Hacks

A screenshot of the Fancy Bears website fancybear.net seen on a computer screen in Moscow, Russia, Wednesday, Sept. 14, 2016.

When the DNC emails were leaked this summer, the Democratic Party didn't hesitate to point the finger at the Russian government. The evidence? Clues in the metadata, the history of the suspected hacking groups, and the testimony of anonymous officials and private cyber-security firms. In early October, the Obama administration made it official, with the heads of the Department of Homeland Security and the Office of the Director of National Intelligence issuing a joint statement declaring that the "US Intelligence Community is confident that the Russian government directed the recent compromises of e-mails...to interfere with the US election process." Before long, there were hints of a US counterattack.

But not everyone is so certain. Jeffrey Carr, a cybersecurity consultant and author of "Inside Cyber Warfare," has been skeptical of the intelligence community's assessment of the hacks--and the media's coverage of this assessment--from the beginning. He talks to Bob about his doubts, the risks of false attribution, and why we need a higher standard of evidence when making claims about cyber war.

BOB GARFIELD: This is On the Media. I’m Bob Garfield.

By now, we all know the story. The Russians are coming, for our emails, specifically, and our democracy, in general. We know they hacked the DNC. We read about that in the Washington Post. And we know that they’re probably behind the Podesta emails. We read about that in The New York Times. And we know that they're doing all of this to try to tip the election in the favor of Donald Trump. We’ve heard that from everyone, the media, the intelligence community, the White House, even presidential candidate Hillary Clinton, herself. It’s one of those things where we're so sure that we know it, we almost forget to ask how we know it, to which cyber security analyst Jeffrey Carr says, we don't.

JEFFREY CARR: There is evidence that the hackers who attacked the DNC were probably Russian-speaking and/or used Russian-made tools, but what is missing is the connection between the Russian-speaking, Russian-made tools, and so on, with Russian intelligence agencies. Russia has an incredibly profitable cyber criminal infrastructure performing acts of industrial espionage for people who hire them.

BOB GARFIELD: It’s kind of like if the Lucchese family were shaking down restaurants for protection money, it’s an American outfit doing business in America and no connection to the CIA.

JEFFREY CARR: Right. Russian Ministry of Communication issued a report on Russian organized crime activities and said that they see approximately 40% of the billion dollars or more that’s earned by Russian cyber criminals gets reinvested into software development. So how can you tell, using digital forensics and just looking at the malware that was used in any given attack, if what you’re looking at was developed in a lab run by the Russian government or in a lab run by Russian criminals? You know, you can’t.

BOB GARFIELD: The attacks of the DNC were launched using a Russian email address [LAUGHS] and one of the documents was modified by a user, one of the hackers whose codename was the founder of the Soviet secret police.

JEFFREY CARR: Exactly. It, it, it’s a comic book. It’s, it’s Boris and Natasha. There is not a single professional intelligence service in the world that would run a secret operation using their own country’s servers, using email addresses from their country's most popular email provider, using tools that have the signature of a Russian developer. I mean, maybe one mistake, fine, but you’ve got like a half-a-dozen mistakes, right, major mistakes.

So, on the one hand, you have evidence that says, these guys must be completely incompetent and the Keystone cops version of intelligence agents. On the other hand, you have Washington saying, Russia is highly sophisticated technologically and we should be afraid. Now, how do you have both of those exist at the same time?

BOB GARFIELD: Notwithstanding your reservations about the persuasiveness of the evidence, when the intelligence community tells us they know something, and let’s just say we’re not discussing aluminum tubes, all right, and they keep saying it over and over, no, no, no, we’ve got the goods, is it possible that they have goods that you're unaware of that put the smoking gun in the hands of Vladimir Putin?

JEFFREY CARR: Absolutely, it’s certainly possible. And we saw that with Sony, right, Sony and the North Koreans. In that case, the NSA actually said, we are 100% convinced, due to sources that we cannot disclose, that the North Korean government was involved. I certainly wouldn't have any means to argue against that. Those are classified sources and if, if they are backing it 100%, then terrific. But that was not said about this attack.

BOB GARFIELD: You think that if they absolutely had the goods they would have said exactly that, as they did in the Sony hack.

JEFFREY CARR: I think so, yeah.

BOB GARFIELD: The danger, at, at least to you, as I understand it, is that all of this smoke causes someone to fire, because there's been a lot of saber rattling or, I don’t know, malware rattling, which says that the United States should take action against Russia for its alleged behavior during this election period. You don't believe that there's nearly enough evidence for any kind of retaliatory cyber attack.

JEFFREY CARR: Well, it's a moot point now. The US has officially charged Russia for attempting to manipulate our election. And in international law, we've already established that a cyber attack is a use of force. Therefore, the US government, by charging Russia, is saying that we are now entitled to use force that is proportionate against you. And once that begins to scale up, you can’t stop it. And this is not some little backwoods country. This is a major world player. This is, in my opinion, a highly dangerous and even irresponsible approach to handling our cyber issues with Russia.

BOB GARFIELD: And then there's the sort of moral authority question. We have also engaged in cyber warfare [LAUGHS], embedding the Stuxnet virus in the Iranian centrifuges. So even if the Russians are behind this, I guess we don't necessarily have the right to be shocked, shocked that a power would be creating mischief against another.

JEFFREY CARR: Absolutely. I mean, we – [LAUGHS] you know, unfortunately, the US has been outed for quite a number of government-run cyber operations around the world. It wasn't just Stuxnet. There are now dozens, if not hundreds, of operations that could be laid at the feet of the NSA because of the release of information most recently by this group know as Shadow Brokers. So yeah, where is the moral high ground? I, I don't know.

BOB GARFIELD: Just to be clear, this could very well be the Russian government. You’re just not sure and your concern is that we have made a judgment based on far too little physical evidence.

JEFFREY CARR: That's right. It's not possible to rule out the Russian government as somehow controlling or performing the attack. My concern is that the standard of evidence for when governments accuse one another needs to be high, and historically it has been high. This incident, however, sets a very low bar, and we must demand a better quality or a better standard of evidence.

BOB GARFIELD: Jeffrey, thank you very much.

JEFFREY CARR: My pleasure.

BOB GARFIELD: Jeffrey Carr is a cyber security consultant, author of Inside Cyber Warfare and founder of the consulting company, the 20K League.