It’s been an extraordinary couple of weeks in the ongoing media tornado that US President-Elect Donald Trump finds himself in – related to just who hacked the US Democratic Party, and released swathes of confidential email correspondence to WikiLeaks.
At the very tail end of 2016, the United States kicked out 35 Russian intelligence officers – seemingly in response to the Kremlin’s alleged involvement in the attacks.
At the same time, the FBI and US Department of Homeland Defense published a report into what it described as “Russian military cyber activity”.
The report makes a good read, if you want to know how to better protect your business from spearphishing attack, or avoid having your vulnerable webservers co-opted into assisting hacking campaigns.
But where it fails, in the eyes of many independent computer security experts, is in providing any technical evidence that points towards Russia being behind the attacks.
As we described in a recent episode of Smashing Security, attributing attacks reliably is very difficult – and it’s quite possible that the United States intelligence agencies have more in the way of convincing evidence that they simply cannot share publicly for understandable operational reasons.
Yes, in my opinion it probably was an attack orchestrated by Russia. But wouldn’t it be nice to know for sure?
So our eyes lit up when we heard that intelligence chiefs were briefing Donald Trump with more information about what they knew about the attacks.
Sure enough, the Director of National Intelligence (DNI) released the catchily-titled much meatier report last Friday, entitled “Background to ‘Assessing Russian Activities and Intentions in Recent US Elections’ The Analytic Process and Cyber Incident Attribution”.
In that declassified report, based upon the information the FBI, CIA and NSA shared with Donald Trump at their meeting, the agencies described with confidence their belief that the Russian government “aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him.”
Of course, the USA would never try to influence another country's election process.
— Graham Cluley (@gcluley) January 6, 2017
There was little doubt it seemed, in the minds of America’s intelligence agencies, that the Russian government’s fingerprints were all over the hack:
“The General Staff Main Intelligence Directorate (GRU) probably began cyber operations aimed at the US election by March 2016. We assess that the GRU operations resulted in the compromise of the personal e-mail accounts of Democratic Party officials and political figures. By May, the GRU had exfiltrated large volumes of data from the DNC.”
The report went on to suggest that the Russian government went on to use sites like DNCLeaks, WikiLeaks and a hacker persona using the name “Guccifer 2.0” to spread information stolen from DNC staff’s email accounts.
Again, no smoking gun is presented in this report – but clearly the intelligence chiefs believed there was serious Russian meddling during the US election. That’s not to say the electoral voting machines themselves were hacked, but suggestions are made damage was done to Hillary Clinton’s campaign which served Trump well.
And now, this week, things have got really salacious.
At the end of October last year, Mother Jones reported that a veteran spy had collated a dossier containing “explosive” information about close ties between Trump, his campaign team and Russia.
The story went largely unnoticed until CNN published an article on Monday, claiming that Trump and outgoing President Barack Obama had been presented with a two-page summary of the allegations, alongside the declassified report on alleged Russian interference in the US election.
CNN’s story (which did not go into lurid detail) was the push that BuzzFeed needed to publish the full unexpurgated dossier, acknowledging that the document contained unverified allegations and a number of errors.
Trump was apoplectic, describing the media stories as a “witchhunt”.
FAKE NEWS – A TOTAL POLITICAL WITCH HUNT!
— Donald J. Trump (@realDonaldTrump) January 11, 2017
As I tweeted at the time, the dossier was sensational and (in some ways) entertaining to read. But it had been circulating amongst the media and political figures for some time.
No-one had been able to verify whether what the dossier actually claimed was true or not, and it would be a mistake to rush into believing that it was necessarily accurate.
Of course, that didn’t stop many on social media (I admit it, me included) having some fun with some of the dossier’s more lurid elements, and spawning hashtags like #watersportsgate.
So given what Trump allegedly had done to a bed Obama slept in, imagine what he'd do to a house the latter lived in. #yellowhouse
— Martijn Grooten (@martijn_grooten) January 11, 2017
My advice is that we should be cautious about jumping to conclusions. It wouldn’t take a lot of effort to write a sensational dossier about a political figure filled with scandalous accusations about him and his colleagues. What’s much more effort is confirming whether the allegations have a basis in truth. And that’s something that the media have not yet managed to do.
Frankly, what Donald Trump might or might not get up to in hotel bedrooms isn’t very important – provided no-one has it on video, and isn’t planning to use it against him.
What does matter is if US electors were influenced by an interfering foreign state, if US political parties had their systems broken into by hackers backed by the same foreign power, and if Trump’s presidency might be unduly influenced and compromised by – oh, let’s just say it – Russia.
At least we’re making some progress. In a shambolic press conference on Wednesday, Donald Trump confirmed that he did now believe Russia was behind the hacking, albeit with a caveat:
“I think it was Russia, but I think we also get hacked by other people. It’s not just Russia.”
I guess that’s a step forward from him suggesting it could have been a 400lb hacker, sitting in his bedroom.
Secretary of state nominee Rex Tillerson appears to agree that Russian President Vladimir Putin had approved the hacks.
This is a ripping yarn, with many twists and turns, and the story doesn’t seem likely to be over any time soon. One day, maybe we’ll know which bits of it are true, and which are not.
Let’s hope, for everyone’s sake, that day isn’t too far away.