I Now Officially Believe it Was Russians


In various postings this year, I’ve been guarded about the Russian attribution of the DNC email hacks.

As I said in [stderr]:

To accurately establish attribution, you need evidence and understanding:

  • Evidence linking the presumed attacker to the attack
  • An understanding of the attacker’s actions, supporting that evidence
  • Evidence collected from other systems that matches the understanding of the attacker’s actions
  • An understanding of the sequence of events during the attack, matching the evidence

Until this point, I deliberately maintained a position of strict skepticism regarding Russian involvement (while admitting it was likely or even highly likely) It’s still possible that someone crafted the reported evidence, but unless we want to live our lives as radical skeptics eventually we can accept something as a given as long as contradictory facts don’t emerge. A lot of people were comfortable accepting the arguments that the US Government (notably the FBI and the ‘5 intelligence community agencies’) collectively asserted – I was not, because my assessment of their assertions was that they didn’t provide evidence that they doubtless had, consequently, I felt I had to wonder “why not?” and whether that evidence was any good.

I’ll note that the US Government still hasn’t provided anywhere near the kind of quality attribution that I’d expect they could if they tried. I freely admit that I hold that against them: they collect this stuff and it’s their job – as I see it – to distribute information that will help us better understand attacks that are being made against US government and corporate networks. Obviously we disagree about what their job is.

In terms of my components of a good attribution, we now have:

Evidence linking the presumed attacker to the attack: George Papadopolous was being played by someone he believed was directly connected to Putin, and was being offered dirt on Clinton “on or about” April 26. The DNC emails were leaking between January and May, so if Papadopolous’ contacts with the emails had them, they were getting them in real-time or near real-time. That establishes a linkage between the attacker and the attack that I am willing to accept.

An understanding of the attacker’s actions, supporting that evidence: Papadopolous’ contacts were claiming that they were tied in with Russian interests and had access to the emails and wanted to arrange a meeting with the Trump campaign. That is completely consistent with the overall story that has been promulgated, so far, that the Russians were trying to lure the Trump campaign into compromising itself with some dirt. Papadopolous has now admitted that that was exactly what he was doing, and what he believed the Russians were doing. I accept the story, now.

Evidence collected from other systems that matches the understanding of the attackers’ actions: This element of the attribution is still thinner than I’d like but the timing on the documents that Wikileaks eventually released matches the story of how the documents were compromised, shopped around between Papadopolous/the Trump Campaign and Wikileaks. I don’t think we need to see the various emails going back and forth; all the information Papadopolous has provided is congruent with Wikileaks’ version and the accounts of the DNC break-in from Crowdstrike. I think Crowdstrike could have provided better information but almost certainly were told not to by the FBI who were keeping that information in order to strengthen their own attribution if congruent pieces of the puzzle later emerged. In fairness to the FBI I will note that having whatever information Crowdstrike provided to them kept secret probably made it harder for Papadopolous to lie about any of the timing of these events and subsequent emails. So, while I complain about the FBI’s actions, I understand them.

An understanding of the sequence of events of the attack, matching the evidence: This is the piece of the puzzle that flips me from “skeptical” to “convinced.” Papadopolous’ exchanges with the Russians happened in the right sequence of time within the broader sequence of events and there is no contradiction. If Papadopolous was talking to the Russians “on or about” April 26 about getting a drop of dirt on Clinton, that fits with the story that the data went:

Hacker -> Russians -> (offered to Papadopolous) -> (given to Wikileaks) -> Published by Wikileaks

not

Hacker -> Wikileaks -> (shared with Russians somehow) -> (offered to Papadopolous) -> Published by Wikileaks

The latter wouldn’t be consistent with how Wikileaks operates and has operated, or how Papadopolous, or his Russians operated.

There are still plenty of loose ends but I think they are mostly curiosity. Was the hacker part of the Russian government, or merely “affiliated” to some degree? That’s an irrelevant question because “affiliation” doesn’t mean much; the programmers who are writing malware for NSA’s “Equation Group” are probably contractors, not employees – are they “US Government hackers”, “US Government affiliated hackers”, or “Patriotic American hackers who choose to share things with the US Government sometimes (like, when they are paid)”? I have no idea what the org chart of the Russian cyberintelligence efforts look like, and I suspect nobody does – any more than anyone knows what the org chart of the NSA looks like if you were to include contracting companies that make more than 80% of their revenue from NSA and CIA on it. I am comfortable with accepting that there’s a tight linkage between Papadopolous’ Russians and the hackers that initially got the documents, because of the speed at which the data moved. Someone in Papadopolous’ Russians group had to get the data from the hackers and check it out superficially to make sure it was what it purported to be, which would take about a week, while the Russian group was baiting the Trump Campaign. The timing works.

I’m also waffling a bit by calling the Russians “Papadopolous’ Russians” because we don’t really know to what degree they were “affiliated” with the Russian intelligence apparatus. Like with the hackers, I am comfortable saying they are “affiliated” because that’s how they presented themselves and even if they weren’t taking orders from Putin (I bet they weren’t, he’s not that much of a micro-manager) they were acting in line with their own perception of Russian affiliation. I believe that many CIA or NSA operations happen without the direct oversight of anyone on the National Security Council and certainly without the direct approval of the president. So, at what point can we say that something is a “US Government operation” versus a “CIA operation” versus a “rogue CIA operation” versus “ultra-nationalists going their own way” (which was basically what the White House portrayed G. Gordon Liddy as doing during Iran/ContraWatergate)

Based on the time-line of events there’s another thing we learn, which may explain why the FBI and intelligence community were so reluctant to offer good attribution: they appear to have been standing around figuring all of this out around April/May/June – well in advance of the election, which was in November. Meanwhile, Comey was making mysterious election-influencing remarks about the FBI’s investigations into Clinton’s other emails. Maybe the FBI doesn’t want to talk much about who knew what and when because it’d make it clear that they were incompetent, or playing politics, or incompetently playing politics.

------ divider ------

“Likely or even highly likely” sounds pretty bayesian to me. I’m just not comfortable assigning bogo-probabilities to things in order to bolster my confirmation bias.

For an example of the kind of high quality attribution I’d expect from the US’ very expensive intelligence apparatus, you can take a look at Brian Krebs’ attribution of the Mirai Worm: [krebs] or Kaspersky Labs’ attribution of the ‘Equation Group’ malware tree to the NSA [kaspersky] [secur] Even Kaspersky’s attribution depends on external evidence in time, namely that Equation Group’s code was found on NSA’s development server leaks dated before Kaspersky’s attribution – which strongly identifies Equation Group as NSA (or NSA contractors working within NSA).

Papadopolous sounds like the kind of incompetent dumbass that Trump would love. I’m surprised he wasn’t put in charge of some important government agency.

Papadopolous also appears to be a “cooperating witness” which may be code for “he wore a wire during some meetings” – it is possible that Mueller has dropped Papadopolous as a card to pull in-suit denials from the next round of indictees.

Unrelated: Papadopolous and Manafort cheated on at least $75 million in taxes. I wonder whether part of this is going to result in the FBI getting Trump’s tax returns. One thing everyone seems to forget about those: Trump has them but so does the IRS. One need not ask Trump for them. The whole thing around releasing Trump’s taxes is a charade.

Comments

  1. fusilier says

    A Minor Niggle:

    Liddy ran the Watergate operation, not Iran/Contra.

    fusilier, who’s old enough to remember both in real time.

    James 2:24

  2. says

    fusilier@#1:
    Liddy ran the Watergate operation, not Iran/Contra.

    You’re right! I’m also old enough to remember but I didn’t, because I was ignoring politics at that time.

  3. jazzlet says

    So, at what point can we say that something is a “US Government operation” versus a “CIA operation” versus a “rogue CIA operation” versus “ultra-nationalists going their own way” (which was basically what the White House portrayed G. Gordon Liddy as doing during Iran/ContraWatergate)

    They are all the former until they become embarrasslly public and/or go wrong when they become one of the latter.

  4. Siobhan says

    The thing about the “Russians manipulated Americans” take is that even if it’s true you still have a problem of 63-million credulous bumbleheads with disproportionate voting power due to the electoral college. It’s like, yes, maybe it would be nice to catch the arsonist that set our house on fire, but can we talk about how the homeowner waters his garden with accelerant?

  5. says

    Shiv@#4:
    The thing about the “Russians manipulated Americans” take is that even if it’s true you still have a problem of 63-million credulous bumbleheads with disproportionate voting power due to the electoral college. It’s like, yes, maybe it would be nice to catch the arsonist that set our house on fire, but can we talk about how the homeowner waters his garden with accelerant?

    Yes, that’s why you may have noticed no comments or postings over here about the whole Russia disinformation campaign on facebook, etc. Because I don’t see that as any different from any other propaganda campaign, and the DNC and RNC have been waging unrestricted propaganda warfare for a long time. Their complaints about Russian propaganda amount to “the Russians got a yuge price break from Facebook and we didn’t! Waa!” It’s reminiscent of the scene in The Sting where Harry Gondorff out-cheats Doyle Lonigan at cards and Lonigan says, “what am I going to do, stop the game and say he out-cheated me?!”

    It appears to me that we’re headed for a situation that’s exactly that – everyone screaming “fake news!” and “lies!” at eachother, when in fact the whole situation came about, in large part, because everyone was lying all along. As you say: watering the lawn with ether (it’s way more fun than kerosene!)

  6. jrkrideau says

    To be honest, the Papadopolous story is so far fetched that it makes me even more dubious of an official Russian involvement. I don’t know if anyone here has read the old Sax Rohmer novels but his story could be taken from one of them.

    Currently I see three likely possibilities with about equal probability: 1) the story including the official Russian involvement is true, 2) someone, for various reasons was playing him for a fool—clearly not difficult—and rolled him into an on-going operation that may or may not have had any Russian involvement and 3) the FBI has managed to manufacture some thrilling tale either deliberately or accidentally.

    Note I am not American and have no particular respect for the FBI, a barely competent and overly politicized organization so I have no problem thinking they may have mucked up again.

    In any case, Papadopolous needs to go along with the current official story to get out of prison before he qualifies for the Old Age Pension.

  7. kestrel says

    @jrkrideau, #6: Sax Rohmer! Now *there’s* a blast from the past. I read those books when I was a kid. I doubt I could do it these days. The casual racism is hard to overlook.

  8. says

    jrkrideau@#6:
    To be honest, the Papadopolous story is so far fetched that it makes me even more dubious of an official Russian involvement.

    I agree. Isn’t it hard to imagine a sneaky political operative who put his career on the line assuming that some stranger he was talking to was Putin’s niece? I wonder if he fell for a lot of 411 scams, too: “Hey this is Papadopolous, and I’ve got intel from Putin’s niece and Saddam Hussein’s uncle who is now working for Mossad…”

    To the earlier discussion about whether you need to be smarter than someone to fool them, apparently Papadopolous is arguing my point.

  9. lanir says

    Several times in the first six or so months of this year I thought about asking if you’d reconsidered any of this. But then I’d stop and ask myself “What has changed?” All I kept coming up with was “How much I have heard rumors about this being tossed around on the news.”

    I still don’t think the intelligence agency’s claims about this are worth a hill of beans. There’s something fishy about people who should be able to prove their point but instead go out of their way to make their “proof” nothing but smoke and mirrors. It makes me uncomfortable accepting anything about the matter until I understand what their motivations are for pushing such a shoddy sales job at me.

  10. says

    lanir@#9:
    It’s the sequence of events and the difficulty in faking them, that convinces me. Unless I were to go full monty conspiracy theorist and hypothesize that the “Russians” were agent provocateurs, it’s kind of hard to reject the fact that clearly everyone (including the Russians, now) seemed to think the Russians were in on it.

    I still don’t think the intelligence agency’s claims about this are worth a hill of beans

    Agreed. I trust the FBI as far as I can comfortably spit a live rat. And I don’t even trust the CIA or NSA that far.

  11. Pierce R. Butler says

    … Papadopolous and Manafort cheated on at least $75 million in taxes.

    No, just the taxes due on $75M of income: presumably less than 100% at the time, though possibly more than that now.

    Once or more a month, I’ve seen a “leak” story involving what the wingnuts call Russiagate and just barely refrained from posting queries here, figuring you’d seen same and declined from opinionating for a reason. And now I can’t recall specifics and don’t have time to go look… :-P

  12. jrkrideau says

    # 9 lanir
    It makes me uncomfortable accepting anything about the matter until I understand what their motivations are for pushing such a shoddy sales job at me.

    Every time I start to think that the Russians did it I remind myself of the tangled mass of lies, the wild exaggerations, the gulibilty and plain US hysteria/paranoia that led up to the invasion of Iraq and I go, “Is there anything that is really convincing here?”

    The answer is always no.

    I caught a part of a clip on CBC Radio news this morning where reportedly the evil Russians were buying social media time and paying in rubles. Hello? I realize that intelligence agencies can be amazingly inept but paying in rubles? Why not just add a note to the social media post saying “This public service announcement brought to you courtesy of Vladimir Vladimirovich Putin”.

    On the other hand I have no problem crediting Trump and his origanization with all sorts of dubious financial dealings with Russians and citizens in other former republics of the USSR. I read in the Washington Post that the Orange One is upset that Mueller’s investigations are extending to Trump financial dealings. I wonder why?

  13. Hj Hornbeck says

    Took ya long enough! ;)

    More seriously, temporal evidence can be ridiculously strong, so I’m not surprised it was the final straw. As for your “maybe it was a Russian hacking group, not the Kremlin,” I made that point aaaages ago: the Kremlin is explicitly hiring criminals to do their dirty work, as it makes attribution much harder. One article from 2015:

    Vladimir Putin’s regime has become increasingly adept at deploying a whole range of practices that are more common among crime syndicates than permanent members of the UN Security Council.

    In some cases, as with the hacking, this involves the Kremlin subcontracting organized crime groups to do things the Russian state cannot do itself with plausible deniability. And in others, it involves the state itself engaging in kidnapping, extortion, blackmail, bribery, and fraud to advance its agenda.

    Spanish prosecutor Jose Grinda has noted that the activities of Russian criminal networks are virtually indistinguishable from those of the government.

    “It’s not so much a mafia state as a nationalized mafia,” Russian organized crime expert Mark Galeotti, a professor at New York University and co-host of the Power Vertical Podcast, said in a recent lecture at the Hudson Institute.

  14. lanir says

    # 12 jrkrideau

    The rubles thing certainly sounds telling but realistically is probably the weakest, most useless detail. The whole, rather large country uses rubles, it’s not like it’s an IOU direct from their intelligence agency. Facebook may well have a non-trivial amount of legitimate* advertising that’s paid for in rubles. Even if they don’t, that’s the kind of detail that raises flags only AFTER something problematic has happened.

    In other words, it’s “common sense” but only if you look just at that example and don’t look anywhere else or think about it too hard.

    * as legitimate as advertising ever is, which is to say it’s the usual buy-our-product lies rather than anything extraordinary

  15. Pierce R. Butler says

    We also have some interesting non-technical details:

    “Based on a conversation that took place on or about March 6, 2016, with [Sam Clovis] Papadopolous understood that a principal foreign policy focus of the Campaign was an improved U.S. relationship with Russia.” … This exchange happens a few weeks before Trump hires Paul Manafort. … I suspect most people in early March, even reporters following the campaign closely, would have been highly surprised to hear this, notwithstanding Trump’s and Putin’s mix of chummy statements about each other. It wasn’t clear Trump really had any foreign policy at all.

  16. says

    Hj Hornbeck@#13:
    the Kremlin is explicitly hiring criminals to do their dirty work, as it makes attribution much harder.

    The CIA has been doing it longer. That’s “how it’s done.”

    Since I’ve been in the position of having to recommend extremely expensive actions to clients, based on this sort of analysis, I can’t go by feelings, I have to hold the line and demand the strongest possible attribution before I recommend an action. Unfortunately, we’ll probably eventually see a war because someone went by “yeah, probably” and mis-attributed. We need to hold the line on this stuff because we are potentially condemning people to death. Please bear that in mind.

  17. says

    jrkrideau@#12:
    Every time I start to think that the Russians did it I remind myself of the tangled mass of lies, the wild exaggerations, the gulibilty and plain US hysteria/paranoia that led up to the invasion of Iraq and I go, “Is there anything that is really convincing here?”

    I’m with you on that.

    I usually keep asking myself “how can I tell this from a false flag operation?” Well, as we now know, the Iraq war as in part triggered by Israeli-provided falsified documents. We still don’t know if the Israelis falsified them, but … probably. To me, what’s scary is how easily one could generate a false flag operation on the internet (the easiest approach would be to have an insider, which is basically what the FBI did to the Weathermen and Black Panthers during COINTELPRO) If I want to imagine scary scenarios, they are much scarier than the current reality, which keeps me in check.

Leave a Reply