VIPS is no ordinary group of citizens with an opinion. \u00a0Rather, it includes\u00a0a group of highly accomplished retired and senior intelligence personnel. \u00a0 It’s steering committee includes intelligence luminaries including\u00a0Thomas Drake (former senior executive with the NSA), Mike Gravel (former adjutant, top secret control officer and special agent of the Counter Intelligence Corps, as well as a former U.S. Senator), and famed NSA whistle blower William Binney (former technical director, world geopolitical and military analysis in the NSA), among others.<\/p>\n So which is it, Russian government hacks, third party hacks or insider leaks? \u00a0Here’s what the two sides are telling us to date.<\/p>\n Let’s start with a simple review of the difference between a hack and a leak (per VIPS). \u00a0A “hack” occurs “when someone in a remote location electronically penetrates operating systems, firewalls or any other cyber-protection system and then extracts data.” \u00a0On the other hand, a leak is an event “when someone physically takes data out of any organization and gives it to another person or organization.”<\/p>\n Several private security firms have cited certain specific facts to prove that hacks of the DNC occurred. \u00a0However, “proof” that these were Russian government hacks are more nuanced. \u00a0Our debate contrasts the recited “facts”, with the claim of Russian government responsibility.<\/p>\n On June 16, 2016, SecureWorks<\/a>\u00a0released a public summary revealing a spear-phishing campaign that they stated targeted both Mrs. Clinton’s campaign and\u00a0the DNC. \u00a0SecureWorks provided technical details of the spear phishing efforts in the June 16 release<\/a>. \u00a0 SecureWorks also offered two opinions in its report “with moderate confidence,” that (1) “the [hacking] group is operating from the Russian Federation”, and (2) the group “is gathering intelligence on behalf of the Russian government.”<\/p>\n Private security firm CrowdStrike (co-founded by Dmitri Alperovitch<\/a>), hired by the DNC in May, 2016, also claims to have collected evidence that two groups they labelled Crazy Bear and Fancy Bear had hacked into the DNC. \u00a0Here’s Crowdstrike’s take <\/a>on Cozy Bear and Fancy Bear:<\/p>\n Our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist\/terrorist groups we encounter on a daily basis. Their tradecraft is superb, operational security second to none and the extensive usage of \u2018living-off-the-land\u2019 techniques enables them to easily bypass many security solutions they encounter. In particular, we identified advanced methods consistent with nation-state level capabilities including deliberate targeting and \u2018access management\u2019 tradecraft \u2013 both groups were constantly going back into the environment to change out their implants, modify persistent methods, move to new Command & Control channels and perform other tasks to try to stay ahead of being detected. Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government\u2019s powerful and highly capable intelligence services.<\/p>\n<\/blockquote>\n So who are Cozy Bear and Fancy Bear (the “Bears”)? \u00a0Cozy Bear is claimed to be tied to FSB, Russia’s internal security service. \u00a0Similarly, Fancy Bear is claimed to be more generally tied to the Russian government. \u00a0However, no one has provided definitive proof of these claimed connections.<\/p>\n The private security firms point to\u00a0information found in code and malware as proof of the hackers national origin. \u00a0For example, security firm FireEye<\/a> cites Russian\u00a0language settings in code used by Fancy Bear in certain hacks. \u00a0There is also evidence that indicates some code was written in the same time zone as Moscow and St. Petersburg. \u00a0Of course, any hacker could have used the Russian language as misinformation to implicate Russia in the hacks.<\/p>\n Additional evidence<\/a>\u00a0alleged to prove\u00a0Russian government hacks includes<\/a>: (1) malware identified on DNC computers that was programmed to communicate directly with an IP address known to be used by Fancy Bear; and (2) use of\u00a0a deliberately misspelled domain name connected to an IP address also used by Fancy Bear to certain email phishing attacks against the DNC.<\/p>\n Editors Observation<\/strong><\/span>: \u00a0Readers might juxtapose comments such as those from CyberStrike, who acknowledge their opponents as “some of the best adversaries . . . [whose] tradecraft is superb [and] operational security second to none,” with claims that such groups would leave these\u00a0easily discoverable and directly incriminating pieces of evidence behind. \u00a0On the one hand, best-in-the-world hackers; on the other hand, bumblers and stumblers.<\/p>\n Cyber experts including FireEye have repeatedly referenced the identity of the targets of the two Bears as key evidence to support a claim of Russian government hacks. \u00a0For example, they and others point to prior\u00a0cyber attacks targeting the Ukrainian power grid, Georgian financial institutions and government websites, and Estonian government and financial systems, as evidence of Russian government complicity. \u00a0In each instance, Russia’s defense interests are readily identifiable. \u00a0We accept the reasonableness of this inference in these specific instances.<\/p>\n Editors Comment<\/strong>: Cyber attacks on targets within Russia’s natural sphere of immediate influence are one thing. \u00a0These attacks could easily have been the result of Russian government hacks. \u00a0From Russia’s perspective, there was little if any probability of a meaningful counter-attack.<\/p>\n However, we should be careful before extrapolating too much from Russia’s\u00a0willingness to launch those attacks. \u00a0At the least, Russia must have acted with full deliberation before deciding to\u00a0similarly attack the United States. \u00a0We presume that the United States and Russia regularly conduct cyber-probing of various data points for a variety of reasons. \u00a0But a hack that might strike at the fabric of an American election for President is quite another thing. \u00a0It would constitute, in our view, an attack of a much greater magnitude.<\/p>\n The United States is of course fully capable of launching a variety of highly destructive retaliatory attacks. \u00a0Russian government hacks targeting an American election might force the United States to respond. \u00a0This inference challenges the validity of the conclusion that Russia’s end-goal was to interfere in the U.S. election. \u00a0Had the Russians elected to pursue such a goal, they must also have assumed there would be a reasonably high probability of U.S. retaliation, ultimately leading to a cycle of retaliation between the two countries.<\/p>\n At a minimum, this leads to the critical question: what ultimate goal of a Russian end-game would warrant Russia running the risk of a retaliatory wave that it would not be able to control? \u00a0The consequences of such actions would be unknowable and game theory might not lead to outcomes with reasonable certainties.<\/p>\n Kaspersky Lab claims Cozy Bear responsibility for the 2015 hacks of White House and State Department unclassified networks. \u00a0However, we doubt that an attack of that nature would warrant a material response from the U.S. \u00a0A similar conclusion would have been reached by the Russian government.<\/p>\n The type of “proof” of Russian government hacks offered by FireEye is conclusory. \u00a0It consists of circumstantial inferences drawn by claimed experts. \u00a0However, this type of proof is not of a quality that would be direct evidence of complicity. \u00a0Moreover, a\u00a0hacker wishing to hide his identity\u00a0would be wise to plant evidence pointing to Russia. \u00a0Western analysts predisposed to find Russian government complicity could be\u00a0nudged further in that direction by little slices of misinformation supporting their biases.<\/p>\n![\"VIPS](\"https:\/\/i0.wp.com\/www.opinionsthoughts.com\/wp-content\/uploads\/2016\/12\/William-Binney.jpg?resize=180%2C240\")
A Hack Versus a Leak<\/h3>\n
The Case for Russian Government Hacks: Private Security Firms’ Analysis<\/h3>\n
\n
![\"CyberStrike's](\"https:\/\/i0.wp.com\/www.opinionsthoughts.com\/wp-content\/uploads\/2016\/12\/27261d2.jpg?resize=200%2C200\")
Proof of Russian Government Hacks?<\/h3>\n
Do the Hacked Targets Prove Russian Government Complicity?<\/h3>\n
Proving Russian Government Sponsorship is Not so\u00a0Simple<\/h3>\n