Cyber Scammers: Russia, Hacking, Elections and Cyber Attribution
The Baffler just posted my long investigation into the politicized, con-infested cyber-attribution industry.
In the article — which appears in Issue #34 — I look at the thinly sourced proof behind the supposed hacking of U.S. elections by Russia, but my main intellectual contribution here is to take the long historical view, going back to the birth of the cyber-attribution industry in the aftermath of 2008 Georgia-Russia War.
Back then, I lived and worked in Moscow. I was there when America suddenly found itself at the edge of a precipice: a war over a complex sectarian conflict in a remote part of the world that few knew much about or cared to deeply understand. American policymakers wanted a simple explanation for why Russia was to blame, and conveniently, they were offered one: cyber-aggression. It’s a story about the last time American and European cyber experts accused Russia of launching an attack against another country—and nearly provoked a war with a nuclear power, despite getting all sorts of things about the conflict wrong.
The moral of the tale is that cyberwarfare is a fraught and high-stakes theater of conflict, in which the uncertain nature of cyber-attack attribution can be exploited to support any politicized version of events that one chooses.
The political forces and twisted, self-serving logic of cyber attribution I saw being used to assign blame during the Georgia-Russia War in 2008 were on full display after Donald Trump's surprise victory in 2016. That's why it's an important event to revisit — that is, if we want to understand the nature of cyberwarfare and how easily it can be manipulated to satisfy political goals.
Here's one sample of the slam dunk evidence marshaled to prove Russia put Trump in power by hacking the elections:
Matt Tait, a former GCHQ analyst and founder of Capital Alpha Security who blogs under the influential Twitter handle @pwnallthethings, found a Word document pilfered from the DNC and leaked by Guccifer 2.0. As he examined its data signatures, he discovered that it had been edited by Felix Edmundovich—a.k.a. Felix Dzerzhinsky, founder of the Cheka. To him, it was proof that Guccifer 2.0 was part of the same Russian intelligence operation. He really believed that the super sophisticated spy group trying to hide its Russian ties would register its Microsoft Word processor in the name of the leader of the infamously brutal Soviet security service.
Or consider FireEye’s report on APT28—which, among other things, attributes this attack group to a Russian intelligence unit active in Russia’s “invasion of Georgia,” an invasion that we know never took place.
They compile malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.While we don’t have pictures of a building, personas to reveal, or a government agency to name, what we do have is evidence of long-standing, focused operations that indicate a government sponsor—specifically, a government based in Moscow.
So, FireEye knows that these two APTs are run by the Russian government because a few language settings are in Russian and because of the telltale timestamps on the hackers’ activity? First off, what kind of hacker—especially a sophisticated Russian spy hacker—keeps to standard 9-to-5 working hours and observes official state holidays? Second, just what other locations are in Moscow’s time zone and full of Russians? Let’s see: Israel, Belarus, Estonia, Latvia, Moldova, Romania, Lithuania, Ukraine. If non-Russian-speaking countries are included (after all, language settings could easily be switched as a decoy tactic), that list grows longer still: Greece, Finland, Turkey, Jordan, Lebanon, Syria, Iraq, Saudi Arabia, Somalia, Yemen, Ethiopia, Kenya—the countries go on and on.
Anyway, that's just a taste. Read the rest of the article here. From Russia, with Panic: Cozy bears, unsourced hacks—and a Silicon Valley shakedown
And don't forget to subscribe to The Baffler. Support investigative journalism!