Watch enough Law & Order and the crime scenes blur into one another: yellow tape, evidence markers, Jerry Orbach’s one-liners, a body. They are tied together by means, motive, and opportunity, the three elements of cop work that any fan knows.
Investigating cyber espionage means working in a different environment than a homicide detective, but the underlying principles are similar. When it comes to gathering intelligence, the ultimate goal isn’t usually criminal prosecution, like it is for a detective. The intelligence gathered by so-called state actors is always going to be incomplete and involve a certain amount of educated conjecture.
Following the reports that the CIA believed Russia intervened in the U.S. election to try to tip the scales in favor of Donald Trump — an assessment now shared by the director of the FBI and the Director of National Intelligence — everyone is talking about cyber crime and cyber espionage.
Some of the 538 electors who voted on Monday had asked for a classified briefing before casting their ballots, a request that went unfulfilled. What are we to make of this hack, and the competing claims by the intelligence community on one hand, and Trump’s continued denial of their conclusions on the other?
Still, the crime scene analogy can be helpful in trying to make sense of the purported Russian hack of the Democratic National Committee and John Podesta, Hillary Clinton’s campaign manager. To try to piece together exactly what’s publicly known and what remains unknown, Inverse spoke with Cedric Leighton, a former intelligence officer and retired Air Force Colonel.
“The weapon is the malware”
“Take the example of a murder suspect,” Leighton tells Inverse. “You know that the crime has been committed. You look for a motive, and you look for the weapon. In this case, the weapon is the malware that was inserted into the DNC’s and Podesta’s email. And when you look at the motive, that’s of course where the big question was.”
Leighton estimates that the intelligence community analysis suggests a 90 percent certainty that Russia is behind the hacks, but it is not a smoking gun. “Based on the signature the malware has, in other words, it would be like if only these people use this type of gun to commit a murder, with this caliber of bullet,” Leighton says. “The form of malware has a unique signature associated with it.”
But he stresses that intelligence analysts need to be careful when attributing the hack, since the attackers could have theoretically bought the malware from a third-party on the dark web. In this case, it appears that the intelligence community is near-certain that the producers of the malware are the same ones who carried out the attack — and that leads the analysts straight to Russia. “To go back to the murder analogy, you’re certain that this particular type of weapon was used, with this particular caliber, and because of, let’s say, fingerprints, they’re able to determine that a particular person committed the murder,” Leighton says.
As reported extensively in a widely shared New York Times story, there were apparently two Russian hacker groups who penetrated top Democrats networks, Cozy Bear and Fancy Bear. Cozy Bear, believed to be connected to the FSB, the post-Cold War version of the KGB, was in the DNC network for months before they were discovered. Fancy Bear, thought to be associated with GRU, Russia’s military intelligence, also penetrated the DNC and later gained access to the Podesta emails.
A person or group known as Guccifer 2.0 claimed to be a Romanian lone wolf hacker responsible for the intrusions and provided some of the hacked emails to media outlets. Shortly after that, Wikileaks began publishing the material, stretching the roll-out over months in an apparent bid to maximize attention.
In July, Donald Trump publicly urged Russian hackers to release Clinton’s emails: “Russia, if you’re listening, I hope you can find the 30,000 emails that are missing,” Trump said from the podium during a press conference in Florida.
With the exception of Colin Powell, no Republicans had their emails published as a result of suspected Russian interference. The same groups that infiltrated the DNC apparently tried to crack in the Republican National Committee, but were thwarted, according to the Wall Street Journal. Officials who spoke to the WSJ said the attempts to break into the RNC system paled in comparison to the multiple attacks on the DNC, leading some analysts to argue that Russia was much more interested in damaging Clinton than Trump.
Once the hacked emails were given to media outlets, the operation entered a new phase. In general, cyber espionage between countries is meant to gain insight into state secrets, steal weapons plans, or other typical spy behavior. If the intelligence community’s assessment is correct, Russia took this hack one step further. “It’s not just a cyber attack, although that’s complex enough in and of itself,” says Leighton. “You’re also talking about an influence operation, which means the cyber piece is a means to an end. That end may very well have been influencing the U.S. election to the advantage of Donald Trump.”
“This was a classic influence operation, using cyber as a tool to get there,” he says.
Speaking at his final scheduled press conference of the year, Obama pointed the finger at the Russian government and strongly insinuated that Putin himself was to blame. The intelligence community is assembling a full report on the matter due January 20, Obama’s last day in office. It remains to be seen how much of that will ever be made public, and whether or not the evidence goes beyond the circumstantial offerings the public has seen so far.
Unsurprisingly, Russia denies it is behind the hack.
Even with Obama’s assurances, some are still calling for skepticism of the anonymous leaks from the CIA. In the New York Times, Marcy Wheeler writes: “The Iraq War showed us how dangerous it is for these elected officials to decide based on leaks rather than a full deliberative product incorporating the views of skeptics.”
The electors are not the only ones who want more information. On Monday, a bipartisan group of senators called for the creation of a special committee specifically tasked with investigating the alleged Russian hack. Such committees are rare, and would signal that Congress thinks the issue deserves greater attention than any one oversight body — such as Senate Intelligence Committee — can offer.
Trump, for his part, initially dismissed the CIA’s findings out of hand. “These are the same people who said Saddam Hussein had weapons of mass destruction,” Trump said. Reince Priebus, former RNC chair and now Trump’s chief of staff, said over the weekend that if the FBI and the Director of National Intelligence agreed with the CIA’s assessment, as a report from last week claimed, Trump might be willing to listen to the joint assessment.
Contrary to Trump’s claims, the Office of the Director of National Intelligence, who oversees all U.S. intelligence agencies, issued a statement on October 7 blaming top level Russians for the hacks.
The lasting impact of the DNC hack is difficult to predict, at least with any specificity. Following Trump’s inauguration, many Democrats will see him as a figure who lost the popular vote by 2 percent nationwide and benefitted from foreign intrusion and a last-minute appearance by FBI director James Comey. Meanwhile, Republicans are finding a newfound admiration for Vladimir Putin. Extreme political polarization and a fractured media landscape continue to undermine any shared set of facts, or an agreed upon foundation of reality, among Americans at large. Whether Trump’s historic willingness to lie is part of an authoritarian strategy to undermine democratic institutions, or if he is simply pursuing the narcissistic behaviors that have defined his entire life, the result is largely the same: to his supporters, he is the source of truth.
He is still a month away from inauguration, and already, the country is grappling with challenges unique in its history. In short, expect to see a lot of new things — like the electors calling for secret briefings.
“To my knowledge, that’s never happened before in the history of the electoral college,” Leighton tells Inverse. “We certainly live in interesting times.”