The Weird Logic Behind Russia's Alleged Hacking
One of the biggest stories of the U.S. election cycle has been the allegedly Russian hack into the computer network of the Democratic National Committee. Sidestepping the embarrassing implications of what the hack revealed about the DNC’s behavior during the primaries, the Democratic campaign, along with major U.S. news organizations, framed the story as one of Russia’s nefarious meddling in American democracy. That story has since become central to the U.S. election. In the first presidential debate, it was a key point of disagreement between Donald Trump and Hillary Clinton. Both candidates emphasized the cyber threat, but while Clinton laid the blame for the DNC attacks squarely with Russia, Trump suggested that the hack could have been perpetrated by anyone, from a state security organization to a lone individual.
The case is much more complicated than it may appear.
The evidence for Russian involvement in the hack is based upon research done by three independent security firms, which discovered that similar hacking techniques had been used in previous attacks by operatives allegedly working for Russian state security. Soon after these findings were released, however, an individual hacker calling himself Guccifer 2.0 came forward to dispute them. Identifying himself as a Romanian unaffiliated with the Russian government, he claimed that he had carried out the DNC hacks alone and said he had the evidence to prove it. While experts agreed that his evidence—previously unreleased emails and other data pilfered from the DNC—was authentic, they also made the case that it contained further proof of a Russian plot:
• One of Guccifer 2.0’s documents had been previously accessed by a user named феликс эдмундович (“Felix Edmundovich”). Not only was this username written in Cyrillic, but it referenced the founder of the Soviet security services, Felix Edmundovich Dzerzhinsky.
• Metadata showed that document notifications that had originally appeared in Cyrillic had later been changed to English.
• In his own communications, Guccifer 2.0 made two slips suggesting a Russian background: he used the common Russian “))))” as a smiley face symbol, rather than the “:)” used by English speakers, and, when pressed to communicate in Romanian in a chat with Vice News, he was unable to respond with the fluency expected of a native Romanian speaker.
Here’s where it gets tricky. Though certainly suggestive, these findings are far from conclusive. The Russian government does not have a monopoly on the use of Cyrillic characters nor on the names of historical Soviet figures. Besides, how likely is it that a presumably discreet NSA hacker trawling the data of foreign governments would use the moniker GeorgeWashingtonIs#1? Never mind intelligence operatives—what internet-savvy Russian wouldn’t know that the Russian and Western symbols for the smiley face, perhaps the most widely used symbol on the internet, are different? If creating an alibi that hinged on a Romanian identity, would an elite spy organization not perform the due diligence of having someone who knows Romanian present during the one major opportunity to prove that alibi’s veracity? Would that same organization also forget to erase routine metadata? And, if suggestive but inconclusive Cyrillic notifications were left behind, why would Russian operatives go back to scrub them—leaving a trail of evidence far more compelling than the presence of Cyrillic notifications in the first place?
(This week, Guccifer 2.0 released what he claimed were the internal files and databases of the Clinton Foundation. Evidence suggests the new hacks to be a crudely labeled collection of material from other sources.)
The evidence leads us to an impasse. Either Russian spies are dunderheads, or Guccifer 2.0’s clues are red herrings.
There is, however, a third explanation that would account for this level of sloppiness: the clues were left intentionally. Though hard to believe, it wouldn’t be the first time the Kremlin resorted to such tactics.