Remember This Old Thing?

I’m a bit of an oddity on this network, as I’m pretty convinced Russia was behind the DNC email hack. I know both Mano Singham and Marcus Ranum suspect someone else is responsible, last I checked, and Myers might lean that way too. Looking around, though, I don’t think anyone’s made the case in favor of Russian hacking. I might as well use it as an excuse to walk everyone through using Bayes’ Theorem in an informal setting.

That was me one year, one month, and fifteen days ago, kicking off the first of a four-part series. My two main points were A) the priors favored the Kremlin, as they’ve done more to influence elections than anyone else (save the CIA), and B) while each bit of evidence may have been weak, the majority of it was more likely to be observed if the Kremlin were behind the hack than under any other hypothesis. Looking back, I don’t think I’d change a word, not even this bit in part 3:

Publicly revealing the evidence of hacking is a great way to convince people of its truth, but it’s also a great way to lose the ability to track the hackers. This is why the police never reveal their evidence until they absolutely have to at trial. This is why the FBI will let people they think are consuming child pornography walk free. This is why the CIA “cannot confirm or deny,” because even a single bit of information can reveal volumes. It is never in a government’s interest to explain the details of an investigation, especially when the target of the investigation is part of another government.

That line of thinking had me pessimistic that we’d ever see a good accounting of what happened. What government agency would dare reveal those details, and burn their sources?

12. Defendant IVAN SERGEYEVICH YERMAKOV (…) was a Russian military officer assigned to ANTONOV’s department within Unit 26165. Since in or around 2010, YERMAKOV used various online personas, including “Kate S. Milton,” “James McMorgans,” and “Karen W. Millen,” to conduct hacking operations on behalf of Unit 26165. In or around March 2016, YERMAKOV participated in hacking at least two email accounts from which campaign-related documents were released through DCLeaks. In or around May 2016, YERMAKOV also participated in hacking the DNC email server and stealing DNC emails that were later released through Organization 1. […]

21.c. On or about March 28, 2016, YERMAKOV researched the names of Victims 1 and 2 and their association with Clinton on various social media sites. Through their spearphishing operations, LUKASHEV, YERMAKOV, and their co-conspirators successfully stole email credentials and thousands of emails from numerous individuals affiliated with the Clinton Campaign. Many of these stolen emails, including those from Victims 1 and 2, were later released by the Conspirators through DCLeaks. […]

29. Between on or about May 25, 2016 and June 1, 2016, the Conspirators hacked the DNC Microsoft Exchange Server and stole thousands of emails from the work accounts of DNC employees. During that time, YERMAKOV researched PowerShell commands related to accessing and managing the Microsoft Exchange Server.

Apparently, the Special Council would. To be fair to past-me, this comes from an indictment submitted by Mueller’s team last Friday, so it is indeed related to a trial. Those news reports of Dutch government hackers snooping on this GRU unit also suggest that intel source is no longer needed (or alive), which also removed the need for secrecy.

And damn, those details: the GRU did indeed try to use “Company 1″‘s public statements to hide their tracks; they remained on the DNC network well into October 2016, yet “Company 1” claimed they’d been removed mid-June 2016; in September they swiped “test applications related to the DNC’s analytics;” and on July 27-ish tried to get into Hillary Clinton’s personal and campaign office. Those last two happen to line up with other plausibly-related events.

If you’re hardcore anti-CIA/FBI, this document may fall short of convincing. Remember, though, the indictment is the prelude to a trial; someone is going to ask how the hell Mueller’s team knew what specific Russian citizens were Googling on specific days, and if this is all a ruse it should be obvious from the government’s replies. By making easily falsified assertions, the Special Council is signaling they have high confidence they have sufficient evidence to prove them in court, and that’s not so easily dismissed.

Personally? I’m feeling vindicated. My original analysis was within epsilon of spot-on.