The final days of 2016 were filled with more developments—some real, some not—in the ongoing story of Russia’s alleged interference in the US presidential election. On December 29, the FBI and the Department of Homeland Security released a joint report that provided “technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election.”
In retaliation, the Obama administration announced that it was expelling 35 Russian diplomats, closing 2 diplomatic compounds in Maryland and New York, and applying sanctions on Russia’s intelligence service. A day later, December 30, The Washington Post reported that an electrical utility in Vermont had been infiltrated by the same Russian malware that used to hack the DNC.
Taken together, these events set off a wave of media condemnation not just of the Russian government, but of President-elect Donald J. Trump for what is widely believed to be his overly accommodative posture toward Russian President Vladimir Putin.
Yet despite the scores of breathless media pieces that assert that Russia’s interference in the election is “case closed,” might some skepticism be in order? Some cyber experts say “yes.”
As was quickly pointed out by the Burlington Free Press, The Washington Post’s story on the Vermont power grid was inaccurate. The malware was detected on a laptop that belonged to the utility but was not connected to the power plant. “The grid is not in danger,” said a spokesman for the Burlington utility. The Post has since amended its story with an editor’s note (as it did when its November 24 story on Russian “fake news” by reporter Craig Timberg was widely refuted) dialing back its original claims of Russian infiltration.
Meanwhile, the joint DHS/FBI report has come under scrutiny. Leonid Bershidsky, an outspoken critic of Vladimir Putin, believes that “the U.S. intelligence community is making a spectacle of itself under political pressure from the outgoing administration and some Congress hawks. It ought to stop doing so.”
Cyber-security experts have also weighed in. The security editor at Ars Technica observed that “Instead of providing smoking guns that the Russian government was behind specific hacks,” the government report “largely restates previous private sector claims without providing any support for their validity.” Robert M. Lee of the cyber-security company Dragos noted that the report “reads like a poorly done vendor intelligence report stringing together various aspects of attribution without evidence.” Cybersecurity consultant Jeffrey Carr noted that the report “merely listed every threat group ever reported on by a commercial cybersecurity company that is suspected of being Russian-made and lumped them under the heading of Russian Intelligence Services (RIS) without providing any supporting evidence that such a connection exists.”
In this respect, it is worth noting that one of the commercial cybersecurity companies the government has relied on is Crowdstrike, which was one of the companies initially brought in by the DNC to investigate the alleged hacks.
In late December, Crowdstrike released a largely debunked report claiming that the same Russian malware that was used to hack the DNC has been used by Russian intelligence to target Ukrainian artillery positions. Crowdstrike’s co-founder and chief technology officer, Dmitri Alperovitch, told PBS, “Ukraine’s artillery men were targeted by the same hackers…that targeted DNC, but this time they were targeting cellphones [belonging to the Ukrainian artillery men] to try to understand their location so that the Russian artillery forces can actually target them in the open battle.”
Dmitri Alperovitch is also a senior fellow at the Atlantic Council.
The connection between Alperovitch and the Atlantic Council has gone largely unremarked upon, but it is relevant given that the Atlantic Council—which is funded in part by the US State Department, NATO, the governments of Latvia and Lithuania, the Ukrainian World Congress, and the Ukrainian oligarch Victor Pinchuk—has been among the loudest voices calling for a new Cold War with Russia. As I pointed out in the pages of The Nation in November, the Atlantic Council has spent the past several years producing some of the most virulent specimens of the new Cold War propaganda.
It would seem then that a healthy amount of skepticism toward a government report that relied, in part, on the findings of private-sector cyber security companies like Crowdstrike might be in order. And yet skeptics have found themselves in the unenviable position of being accused of being Kremlin apologists, or worse.
When the progressive Internet juggernaut “The Young Turks” questioned the Obama administration’s move to impose new sanctions on Russia in the absence of any clear evidence of its involvement in the DNC hacks, Eric Boehlert of Media Matters for America took to Twitter to denounce the program, as well as Daily News columnist Shaun King—who had nothing to do with the ‘Turks’ segment—as “Kremlin cheerleaders.”
King replied in a Facebook post that “Demanding evidence does not make anybody a cheerleader. And working for a company where a journalist said he wanted to see the evidence for himself damn sure doesn’t make me a Kremlin cheerleader any more than EVERY journalist at CNN is responsible for what EVERY person who ever worked at CNN says.”
When Florida Congressman Ted Yoho seemed insufficiently impressed with the new DHS/FBI report, CNN’s national-security correspondent Jim Scuitto replied that Yoho’s argument was “an odd point to make for an American…. it seems you’re making a point that Vladimir Putin, frankly, has made.”
Meanwhile President-elect Donald J. Trump’s skeptical stance toward the flood of accusations against Russia has also aroused the ire of the pundit class. The Washington Monthly’s David Atkins said Trump’s “bizarre strategy of denying and minimizing” Russia’s interference in the election was “treason.” ABC news political analyst and former George W. Bush adviser Matthew Dowd declared that “U aren’t an American patriot & don’t respect Constitution if u believe Putin more than our President and intelligent services.” Former CIA operative Nada Bakos tweeted, “As a CIA officer, if I had a colleague talking like Trump is about Putin, I would think he was turned.” The Atlantic’s editor in chief Jeffrey Goldberg echoed Bakos’s sentiments almost exactly, accusing Trump of aligning “himself with the president of Russia and against the current American president.”
Given all of this, it would seem the rhetoric of blame is far outpacing the facts: All we have at the moment are assertions (which is different from evidence) and expressions of “confidence” (which is different from certainty).
Alas, this puts skeptics on “the side” of Putin’s Russia. But it may be useful to recall the novelist and journalist Arthur Koestler’s admonition that “the fear of finding oneself in bad company is not an expression of political purity, it is an expression of a lack of self-confidence.”
And until such time as hard evidence is presented, skepticism, not blind faith in assertions of fact from the government, is what is required.