It's become a lazy, unfortunate habit of the American press: Appealing to “government,” “expert,” or “scientific” authority in the absence of hard facts and conclusive evidence.
Not only is this journalistic malpractice being committed with stories of dubious significance (no, Beyonce did not fake her pregnancy and Steve from “Blues Clues” is not dead), but it's also becoming common fare with politically explosive stories of far-reaching magnitude.
Take the Russian hacker story, please. There have been numerous off-the-record statements, intelligence agency pronouncements, partisan talking points, and a few thinly sourced reports issued about this politically nuclear football.
A comprehensive list of evidence provided to the public looks something like this:
- Some intelligence agencies have concluded the Russian government must be behind it.
- The “phishing” techniques of the hackers looks suspiciously like APT 28 and 29 (circumstantially connected to Russian government).
- The hackers left the “digital finger prints” of having used Cyrillic keyboards.
This is not to dismiss suspicion that the Russian government may have been involved in the DNC hack and subsequent release of emails by WikiLeaks (whose head, Julian Assange, just denied with “1000%” certainty). Yet, precisely because the charge is so serious, there must be a demand for hard evidence. The media all-too-often is not making such a demand.
Let's go through one step at a time why we cannot yet conclusively say, based on the evidence so far provided to the public, the Russian government was behind the DNC hack.
Secondly, the “phishing” tactics detailed in the Grizzly Steppe report are commonplace in the hacking world. In a ZDNet report appropriately titled, “No smoking gun for Russian DNC hacks,” the tech site points this out:
The primary method used in Grizzly Steppe is spear phishing. In spear phishing, a very common hacking approach, you receive messages, which look like they're coming from a friend or co-worker. In Grizzly Steppe, if you click on the message's content or follow a link, you infect your device with Remote Access Tools (RATs) malware. From that, emails and other data are syphoned to the attacker.
The post goes on to cast further doubt on the government report, pointing out the outdated nature of shell code:
Mark Maunder, Wordfence's CEO, concluded that since the attacks were made “several versions behind the most current version of P.A.S [sic] which is 4.1.1b. One might reasonably expect Russian intelligence operatives to develop their own tools or at least use current malicious tools from outside sources.”
True, as Errata Security CEO Rob Graham pointed out in a blog post, P.A.S is popular among Russia/Ukraine hackers. But it's “used by hundreds if not thousands of hackers, mostly associated with Russia, but also throughout the rest of the world.” In short, just because the attackers used P.A.S., that's not enough evidence to blame it on the Russian government.
There have been other tech experts who have cast doubt on the DHS/FBI joint announcement about the Russian hacking. As Fortune points out:
On Thursday, the Department of Homeland Security and the FBI released a joint report about Russian cyberattacks, titled “Grizzly Steppe.” The report had been expected to lay out more details about intelligence agency’s claims that the Russian government was directly linked to hacks on the DNC and other organizations, but security experts have expressed broad disappointment with the report.
Jeffrey Carr, author of Inside Cyber Warfare, wrote on Friday that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at New America, argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details.
There is an alternative explanation behind the DNC hacks, one unproven, but remotely plausible: Ukrainian hackers wanted to sabotage the DNC and Clinton campaign to make the presumed incoming President Hillary Clinton furious at the Russians. Such a turn of events would benefit the Ukraine in that it would reinvigorate U.S. foreign policy resistance to Russian territorial incursions.
Code identified by the Department of Homeland Security and Federal Bureau of Investigation as being used by Russian intelligence services is an outdated malware developed by Ukrainians that can be downloaded online, according to a blog post by the founder of WordFence.
WordFence is a plug-in designed to protect users of WordPress that has been downloaded over 1 million times. The report released last Thursday by the DHS and FBI, titled “Grizzly Steppe,” contains a PHP malware sample which WordFence employees analyzed.
Lastly, CNN is trumpeting the “digital fingerprints” of Cyrillic keyboards (possessing Russian alphabet characters) as a further bit of hard evidence that The Kremlin must be behind the DNC hacks:
Even as President-elect Donald Trump and his aides cast doubt on the links between Russia and recent hacks against Democrats, US intelligence officials say that newly identified “digital fingerprints” indicate Moscow was behind the intrusions.
One official told CNN the administration has traced the hack to the specific keyboards — which featured Cyrillic characters — that were used to construct the malware code, adding that the equipment leaves “digital fingerprints” and, in the case of the recent hacks, those prints point to the Russian government.
Just for context, the Cyrillic alphabet is used by hundreds of millions of people, including those living in the Ukraine.