The U.S. Intelligence Community Freaks Out About Russia

The declassified CIA report comes up short.


The wannabe Cold War with Russia continues apace. The American political establishment has not allowed a few major blunders along the way to hinder the hazy narrative that "Russia hacked our democracy." Rather, it has doubled down by inflating cyber threats and inflaming geopolitical tensions. But this full court press on public opinion has revealed more about the opportunism and opacity of the U.S. intelligence community and its allies than it has about any specific foreign harm to the American public.

Last Friday, the intelligence community finally released a declassified version of the vaunted secret CIA report that started it all. The report contains no new technical information, and interestingly enough barely addresses any actual hacking at all. The reader will learn more about RT's Occupy Wall Street coverage than he will about election-related hacking.

The report does maintain that Russian intelligence hacked into the DNC and controlled the "Guccifer 2.0" character and website. Notably, it also states that Russia did not interfere in vote counting systems and that the Wikileaks emails "did not contain any evident forgeries." But it does not mention the John Podesta emails once, and mostly repeats the established narrative that the Russian government strategically molded U.S. opinion to get Donald Trump elected through the Wikileaks disclosures, state-backed news stories, and even "quasi-governmental troll" accounts.

This report may have the unintended consequence of actually generating gratitude for our supposed enemies. Most of the report reads more as an aggrieved Clinton supporter's 99 theses for why her preferred candidate lost (none of them are Hillary) than a measured security analysis. Obviously, people who do not like Clinton are unlikely to take issue with her factual dirty laundry being aired. And plenty of people across the political spectrum join Putin's trolls in "characterizing the United States as a 'surveillance state'" that perpetrates "widespread infringements of civil liberties, police brutality, and drone use."

Of course, the intelligence community can always fall back on its excuse that the report "does not and cannot include the full supporting information" proving many of its claims. And it also purports to merely describe Russia's motivations without making any claims about what impact this had on the electoral outcomes. But this also limits its persuasive impact.

Many Americans, perhaps still reeling from the disastrous CIA-driven Iraq War, have so far not been quick to buy this story based solely on such vague assurances. And the core of the report's complaints—that certain political actors were embarrassed when their corrupt dealings were made public—didn't exactly generate much outrage outside of the affected partisan groups.

The declassified report is only the latest in a long line of rhetorical volleys that, in the worst case, would have the effect of drumming up a new international conflict.

In late December, the FBI and the National Cybersecurity and Communications Integration Center (NCCIC) of the Department of Homeland Security released a Joint Analysis Report (JAR) detailing these offices' public perspectives on the recent rash of leaks. It is the first of its kind to attribute a cyber-attack to a specific actor. The document is another gem in the U.S. government's proud tradition of Joseph Heller-esque communiqués.

The 13-page report starts by informing the reader that it is "provided 'as is' for informational purposes only," and that the offices do "not provide any warranties of any kind regarding any information contained within." (This would later prove prophetic.)

It then proceeds to unveil a sexy new name for the shadowy enemy du jour: "GRIZZLY STEPPE"—an updated Axis of Evil comprised of the entire "BEAR family." While the report does not mention them by name, it offers scant more information than put forth by the CrowdStrike report on the DNC breach and the SecureWorks analysis of the John Podesta email intrusion, upon which it appears to be based. Indeed, the bulk of the report does not speak specifically about the recent hacks at all, but rather puts forth a standard list of good defensive security techniques that people should practice regardless.

Where the report did mention specifics, it goofed—big league. The associated report files contain what's called "indicators" of the breaches, which include suspected IP addresses and even a sample of the malware that the threat groups supposedly used. This intrigued many in the puzzle-hungry information security industry, who did some investigating of their own.
The feds made a rookie mistake, as the security engineers at WordPress soon discovered. The hardcore malware that the moustache-twirling GRIZZLY STEPPE super-hackers supposedly used was no Russian-backed superbug at all, but a garden variety piece of old free Ukrainian malware. Furthermore, the "suspicious" IP addresses fingered in the report did not have any obvious connections to the Russian government at all, had been previously involved in a wide range of non-political attacks all across the web, and in fact appeared to mostly originate in the U.S.

In retrospect, it's easy to see how the FBI and NCCIC could have gotten things so wrong. In early January, BuzzFeed News reported that the FBI had never even asked to examine the DNC's servers. According to yet another unnamed intelligence agent, "Crowdstrike is pretty good," implying they felt that no further investigation was needed. Yet it is fairly unusual for a federal inquiry to solely rely on the work of a commercial firm, particularly when private bodies can have their own conflicts of interest and biases. At any rate, it hardly inspires confidence in their pronouncements on the issue.

This same sloppy rush to find Russian hackers under every piece of malware was evident in The Washington Post's recent fake news faux pas. On New Year's Eve, its reporters cited anonymous U.S. officials that GRIZZLY STEPPE hackers were inside the U.S. electricity grid. Egad! Suddenly, Putin and his trolls were not just antagonizing Hillary Clinton and her friends. They were physically attacking the American people—at least the ones in Vermont—and threatening to shut off their heat in the middle of winter. Not cool, Russia.

Except that's not what happened at all. There were no Russian hackers in the Burlington Electric computer systems, and there was certainly no threat to our nation's finest maple syrup producers' winter heat. So why all the hubbub? A Burlington Electric employee used his laptop to connect to a potentially malicious IP address—probably one of the hundreds examined by the WordPress team. This laptop was not connected to the electric grid, but out of an abundance of caution Burlington flagged the event for the authorities. The game of anonymous federal official telephone somehow turned this benign event into an act of war by a foreign villain. The Washington Post sheepishly retracted the story a few days later, but not before yet another wave of paranoid saber-rattling swept the American imagination.

Of course, none of this bungling means that the Russian government (or some group connected to them) did not attempt to infiltrate the computers of U.S. organizations. On the contrary: There is almost no question that Russia did and does. Every powerful modern body (including the U.S. government) does the same. However, these continued fumbles demonstrate the extent to which the U.S. intelligence community and its accomplices have been willing to sacrifice tact and evidence in the apparent pursuit of some unknown agenda that involves escalating tensions with the Russian government.

More importantly, they reveal a dangerous tendency for the commentariat to conflate criticism of the American political establishment with anti-American foreign propaganda. Just as the scare-word "terrorism" has been contorted to fit whatever new threat inconveniences the reigning party, so too will "hacking" and "fake news" be used as a cudgel to cut back on legitimate dissent.

This new Russian scare has also underscored the dramatic recent reversal of ideological allegiances. Reliable Republican war-hawks are now joined with formerly antagonistic Democrats in their lock step support of the intelligence community. All of a sudden, liberals seems to have forgotten their previous complaints about CIA torture methods, mass surveillance, and foreign subversion. For the first time since these polls have been conducted, Democrats support the CIA more than Republicans do.

Yet for libertarians, the problems with a self-serving intelligence community run amok remain the same regardless of which party cheers it on. The enemies and contexts may change, but the result is almost always the same: A bigger government, loss of civil liberties, and yet another foreign intervention. President-elect Trump says he wants to dramatically overhaul and limit the U.S. intelligence apparatus. Let's hope he actually does it.