Before we begin, though, we have to understand that all of this is based on publicly available information. Much of the information about Russian involvement is classified, so in some cases we will be making what may be considered to be educated guesses. We will make every effort to differentiate between what is known and what is supposed. Moving right along ...
Right off the bat, we must acknowledge that Russia got an incredible return on their investment. In terms of sheer cost-effectiveness and disruptiveness, this qualifies as one of the most effective espionage operations in history. Simply by use of a few small hacks with the Democratic National Committee and some basic online trolling of social media and news sites. the Kremlin managed to completely upend the politics of the world's one remaining superpower. Russia's chief rival in the geoplitical arena is spending more time sniping at each other than dealing with the foireign power that precipitated this crisis. While Russia's bill may one day come due, for now they are able to sit back and enjoy the fruits of their labor ... and their victory grows larger with each partisan intramural attack. So what happened, exactly?
It all started in September of 2015, when the FBI became aware that Russian hackers had broken into DNC (Democratic National Committee) servers.6 Interestingly enough, it appears that these same hackers had also broken into systems associated with the Republican National Committee as well as accounts belonging to various Republican officials. However, in keeping within the assessment by the intelligence community that the Russian interference was specifically perpetrated to assist trump, they chose not to release any information obtained.
The hackers were identified by CrowdStrike, an independent cyber security firm, and they split them into two groups1. The first group, named by CrowdStrike as "Cozy Bear," focused their efforts on gaining access to emails and chat transcripts. The second group, dubbed "Fancy Bear," directed their attention toward gaining access to opposition research. Confirmation of CrowdStrike's assessment of Russian infiltration came from two unnamed CrowdStrike competitors, who based their results on the following attributes of the break-ins:
- The hack was analyzed, and it was discovered that the tools used by the hackers were the same as the ones that had been used by previous hacks from Russia.
- The domain used in the spear-phishing scam against the DNC employees was the same one that had been used previously in other spear-phishing attacks.
- The leaked files contained Russian language metadata, and error messages that were printed in Russian. Later versions of these files had this information removed.
- Guccifer 2.0, identified as the leaker of the documents, claimed to be Romanian despite being unable to speak the language.
On August 24, 2016, Russian hackers sent spear-phishing emails, spoofed to look like a Gmail account, to employees of an unnamed election software company. The name of the firm was redacted for security reasons, although other evidence points to the company being VR Systems, of Florida. VR Systems has contracts in eight states: California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia2. Seven "potential victims" were identified. Of these, emails sent to three of the were returned by the server for unknown reasons (it could have been something as simple as those three people not working there any longer). At least one employee account was compromised.
Roughly a month before the election, the Office of the Director of National Intelligence and the Department of Homeland Security issued a joint statement that was considered to be unusual. In this statement they said "The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process."1
On October 27, 2016, Russian hackers set up an "operational" GMail account set up to appear as if it belonged to an employee at VR Systems.
On October 31 or November 1, 2016, spear-phishing emails were sent from the newly-created account to 122 employees of local government employees in the United States using the documents obtained from the previous hack. These emails had a Word attachment that contained a hidden PowerShell script that notified the hackers that they were in.
According to a report in The Intercept, an online national security publication, "Russian military intelligence executed a cyber attack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election, according to a highly classified intelligence report obtained by The Intercept." In addition, there were reports of long lines at polling places in Durham, North Carolina due to a malfunction with the voter registration system. This triggered election officials to switch to paper ballots and extend voting into the the late evening hours. Interestingly, Durham's voter rolls were maintained by VR Systems.2
The FBI and the National Cybersecurity and Communications Integration Center (NCCIC) released a declassified joint analysis of their evidence linking Moscow to the DNC hacks in late December. According to this report, "The U.S. Government confirms that two different actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29 entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016."1
After news reports surfaced on the intelligence community's analysis of the Russian interference in January, the Director of National Intelligence released a declassified version of its assessment7, requested by President Obama, of the role of the Kremlin: "[W]hile the conclusions in the report are all reflected in the classified assessment, the declassified report does not and cannot include the full supporting information, including specific intelligence and sources and methods."1 The main point of the report was this: "We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump." The report further goes on to conclude that, while the hacking did not actually alter vote counts, Putin had spearheaded an elaborate effort to put trump in the White House. This was accomplished not only through the hacking efforts, but also through dissemination of false news stories, all with the intent of boosting trump and undermining Hillary Clinton.
President Obama's Secretary of Homeland Security, Jeh Johnson, said of the Obama administration's delay in publicizing Russian interference that officials were concerned they would be blamed for attempting to exert a partisan influence on the results of the election (the irony of which is not lost on us at the Blowhard Pundit, given trump's continuous railing against a "rigged election").
"Former Secretary of Homeland Security Jeh Johnson defended the Obama administration’s delay in revealing Russian attempts to interfere with the 2016 election, saying Wednesday that officials were worried that they’d be blamed for a partisan attempt to influence the results."
According to former FBI Director James Comey, these hackers were "unusually loud" in their intervention in that they left identifying digital fingerprints on both the DNC servers and the emails stolen from John Podesta that allowed them to easily be linked back to the Kremlin. Meanwhile, Russian state-sponsored media such as RT and Sputnik openly backed trump. In addition, automated Twitter accounts -- many of which were linked to Russia and assisted by professional trolls paid by the Kremlin -- flooded social media with fabricated news throughout the campaign, especially in the last few days before the election.
On June 21, 2017, a hearing was held by the Senate Intelligence Committee on "Russian Interference in the 2016 Elections."4 During the course of this hearing it was confirmed that at least one state had experienced a breach of its voter registration database. Testimony was conclusive, however, that there was no tampering with actual votes, even though "[t]here is unanimity of opinion in the intelligence community that hackers working on behalf of the Russian government undertook a coordinated effort to destabilize our election system."
So there's our timeline. But what does it all mean? Who are the key players? What's next?
The National Review9 attempted to answer the "what does it mean" question using a "Q&A" format3. It's a rather lengthy piece, so we won't reproduce it in its entirely here, but here are the main points:
According to this article, the Kremlin was behind attacks on several computers, but technically they did not "hack" the election. What they did do was to "sow confusion and chaos" through the use of planted fake news stories and social media posts, creating artificial waves of online commentary. Multiple intelligence agencies agree that there is strong evidence to support the idea that Moscow ultimately sought to have trump beat Clinton. There is a difference of opinion as to whether these efforts were successful enough to have altered the outcome of the campaign; the view of the National Review is that there is really no way to know due to the large number of other factors.
Basically, the consensus is that interference in the 2016 elections occurred, that the Kremlin and Vladimir Putin were ultimately behind it all, and (at least as far as the right is concerned) it's impossible to tell whether or not this had any effect on the election (our belief at The Blowhard Pundit is that it absolutely did have an effect, and the National Review is trying to spin things their way ... but getting back to the main story here).
It appears now that the hacking campaign took four distinct, yet related, paths6:
- Establish personal contact with American citizens who were perceived to be sympathetic to Russia. For example, former Defense Intelligence Agency chief Michael Flynn, former trump campaign chairman Paul Manafort, and former trump foreign policy advisor Carter Page. The Kremlin would use these contacts to further Moscow's foreign policy goals.
- Hack the DNC servers and feed the resulting stolen data to Wikileaks, which then would leak the data in batches throughout the second half of 2016.
- Amplify the proganda value of the leaked data with a disinformation campaign. This was achieved through multiple social media avenues such as Facebook and Twitter, using both automated bots and paid trolls to spread fake news and pro-trump propaganda.
- Breach U. S voting systems in an effort to steal registration data that could be used to target and manipulate voters in future elections. Reports indicate that Russian hackers managed to infiltrate the systems in 39 states, although there is no evidence of vote tampering.
- Manafort had actually been working to advance Russia's interests for over a decade. Beginning in 2004, he served as a top adviser to Viktor Yanukovich, former President of Ukraine. Yanukovich is a pro-Russia "strongman," and Manafort's efforts are credited with helping him win the presidency in 2010. Later, between 2006 and 2009, Manafort received millions of dollars to lobby on behalf of Oleg Deripaska, a Russian billionaire. In an interview with Fox News, Associated Press reporter Jeff Horwitz referred to Manafort as a "gun for hire," and said that he was willing to work "on behalf of Russian interests."
- During the trump transition period Michael Flynn had discussed U. S. sanctions against Russia with Kislyak. The official line form the trump administration was that Flynn had resigned because he had misled Vice President Mike Pence about the nature of these discussions. However, it was later reported that Acting Attorney General Sally Yates had warned the White House in January that Flynn could be vulnerable to Russian blackmail due to U. S. intelligence knowing that Pence had publicly mischaracterized the interactions between Kislyak and Flynn. Interestingly, Flynn also had business ties to Russian firms and to RT, the Kremlin-owned propaganda network.
- Page had taken a trip to Moscow in July of 2016 was cause for concern at the FBI, which was granted a warrant by the Foreign Intelligence Surveillance Court to monitor his communications based on the suspicion that he was in communication with Russian officials.
- An investigation was opened into Jared Kushner, trump's son-in-law and senior adviser, after intelligence officials intercepted communications suggesting he had proposed setting up a secret back-channel to Moscow using Russian diplomatic facilities on US soil. While back channel communications are not uncommon, the fact that he proposed using Russian facilities on U. S. soil, that he had met with both Russian banker Sergey Gorkov and Ambassador Sergey Kislyak, and that he failed to disclose these meetings on his security clearance form all contributed to the decision to investigate his actions.
- Roger Stone had communicated with self-described hacker Guccifer 2.0 in August 2016 This is the same Guccifer 2.0 who leaked information to Florida GOP operative Aaron Neveis, as we covered here). U. S intelligence officials hold the opinion that Guccifer 2.0 is a Russian prop.
- It came to light that then-nominee Jeff Sessions misled the Senate about his Russian contacts. This forced him to recuse himself from the investigation into Russia's activities.
- There were claims that Moscow had damaging information about trump that the campaign would want to keep suppressed, giving the Kremlin undue influence on his presidency. These reports became so prevalent that both trump and President Obama were brief on these claims by intelligence officials.
According to former FBI Special Agent Clint Watts, speaking before the Senate Intelligence Committee in May, said that the trump campaign itself may have been an unwitting Russian agent6. “Part of the reasons active measures have worked in the US election is because the commander-in-chief has used Russian active measures at times against his opponents,” Watts said, citing both trump and Manafort's referring to fake news stories last year propagated by entities linked to Russia. “[Trump] denies the intel from the United States about Russia, and he claimed the election could be rigged — that was the number one claim pushed by RT, Sputnik News, all the way up until the election,” Watts said. “Part of the reasons Russian active measures work is because they parrot the same lines.”
In addition, U. S. intelligence agencies hold the opinion that Wikileaks has become a propaganda tool of the Kremlin.
So now the question under consideration is whether or not there was collusion between Moscow and the Republican Party and the trump campaign. This is huge, actually, as it could constitute treason against the United States. According to the article in The Intercept, "If collusion can ultimately be demonstrated — a big if at this point — then the assistance on Russia’s part went beyond allegedly hacking email to serve a propaganda campaign, and bled into an attack on U.S. election infrastructure itself.2" To date there has been little more than very circumstantial evidence that this happened ... not enough to actually say for sure, but enough to have the intelligence community worried.
As far as what to do next?
According to David Becker at The Hill4, we should bear the following points in mind:
- Election officials are not the problem. They are part of the solution. A common thread is that local election officials are, at best, negligent, and at worst, wholly incompetent. By and large, these impressions are false. Election officials at both local and state levels are highly attuned to this problem and stand ready to address it.
- Acknowledge the threat. Some people, especially some on the right, are willing to dust off their hands and claim "what's done is done." This is somewhat understandable because their guy won, but it ignores the very real fact that this will happen again unless we are vigilant. This attitude is demonstrated in trump's comments during his recent visit to Poland, when he said of the hacking attempts “I think it was Russia, but I think it was probably other people and/or countries, and I see nothing wrong with that statement. Nobody really knows. Nobody really knows for sure.” The thing is, we do know for sure, and they will be back for another swing at this particular pinata.
- Strengthening processes and auditing. Part of the problem after the 2016 election was a lack of data forensics. Many voting machines have no paper trail, making it very difficult to perform an accurate audit. We need to come up with more robust voting technologies that also include a hard-copy component.
- Better training. Election workers at all levels need better training in security protocols and procedures.
- Improved communications between all levels. We must facilitate better communication between local, state, and federal election officials as well as the intelligence community.
- Election infrastructure. None of these things are without cost, and the first step is to harden election infrastructure against outside tampering.
I gotta lie down.
Please like and share our Facebook page at www.facebook.com/blowhardpundit.
1 The Washington Post, "Here’s the public evidence that supports the idea that Russia interfered in the 2016 election,", Philip Bump, 6/3/2017, https://www.washingtonpost.com/news/politics/wp/2017/07/06/heres-the-public-evidence-that-supports-the-idea-that-russia-interfered-in-the-2016-election/
2 The Intercept, "Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election," Matthew Cole, Richard Esposito, Sam Biddle, Ryan Grim, 6/5/2017, https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
3 The National Review, "A Beginner’s Guide to the Trump/Russia Controversy," David French, 3/31/2017, http://www.nationalreview.com/article/446339/donald-trump-russia-2016-election-controversy-explained
4 The Hill, "The truth about Russia, 'hacking' and the 2016 election," David Becker, 6/25/17, http://thehill.com/blogs/pundits-blog/national-party-news/339225-what-we-know-about-russian-hacking-and-the-2016
5 The Los Angeles Times, "Former head of Homeland Security testifies on Russian interference in 2016 election," Joseph Tanfani, David S. Cloud, http://www.latimes.com/politics/la-na-johnson-russia-20170621-story.html
6 Business Insider, "Evidence is mounting that Russia took 4 clear paths to meddle in the US election", Sonam Sheth, Natasha Bertrand, 6/24/2017, http://www.businessinsider.com/evidence-russia-meddled-in-us-election-2017-6
7 Office of the Director of National Intelligence, "Background to 'Assessing Russian Activities and Intentions in Recent US Elections': The Analytic Process and Cyber Incident Attribution", 1/6/2017, https://www.dni.gov/files/documents/ICA_2017_01.pdf
8The Washington Post, "Russian Government Hackers Penetrated DNC, Stole Opposition Research on Donald Trump", Ellen Nakashima, 6/14/2016, https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html?utm_term=.96b0b4c4a690
9In the interest of full disclosure, it should be pointed out that the National Review has a decidedly right-wing slant. For example, two of the headlines on the site were "Hillary Clinton: Nasty, Corrupt, Evil, Crooked, Ruthless" and "Chelsea Clinton – Creep", and they refer to liberals as "lefties" and attempt to minimize the effects of the hacking.