January 8, 2017

Russian President Vladimir Putin directed a massive propaganda and cyber operation aimed at discrediting Hillary Clinton and getting Donald Trump elected, the top U.S. intelligence agencies said in a remarkable yet unshocking report released on Friday.

Russian President Vladimir Putin tours RT facilities. Image: DNI

Russian President Vladimir Putin tours RT facilities. Image: DNI

The 25-page dossier from the Office of the Director of National Intelligence stopped short of saying the Russians succeeded at influencing the outcome of the election, noting that the report did not attempt to make an assessment on that front. But it makes the case that “Russia’s intelligence services conducted cyber operations against targets associated with the 2016 US presidential election, including targets associated with both major US political parties.”

“We assess with high confidence that Russian military intelligence (General Staff Main Intelligence Directorate or GRU) used the Guccifer 2.0 persona and DCLeaks.com to release US victim data obtained in cyber operations publicly and in exclusives to media outlets and relayed material to WikiLeaks,” the DNI report reads.

The report is a quick and fascinating read. One example: It includes a fairly detailed appendix which concludes that the U.S.-based but Kremlin-financed media outlet RT (formerly Russia Today) is little more than a propaganda machine controlled by Russian intelligence agencies.

“Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls,'” reads the report.

The DNI report is remarkable for several reasons. First, it publicly accuses Russia’s President of trying to meddle with the U.S. election and to hack both political parties. Also, as The New York Times observed, it offers “a virtually unheard-of, real-time revelation by the American intelligence agencies that undermined the legitimacy of the president who is about to direct them.”

However, those who’ve been clamoring for more technical evidence to support a conclusion that Russian intelligence agencies were behind the phishing, malware attacks and email leaks at The Democratic National Committee (DNC) and Clinton campaign likely will be unmoved by this report. Those details will remain safely hidden from public view in the classified version of the report.

Last week, the FBI and Department of Homeland Security issued a joint report (PDF) on some of the malware and Internet resources used in the DNC intrusion. But many experts criticized it as a poorly-written, jumbled collection of threat indicators and digital clues that didn’t all quite lead where they should.

Others were perplexed by the high confidence level the agencies assigned to the findings in their unclassified report, noting that neither the FBI nor DHS examined the DNC hard drives that were compromised in the break-in (that work was done by private security firm Crowdstrike).

Former black-hat hacker turned Wired and Daily Beast contributing editor Kevin Poulsen slammed the FBI/DHS report as “so aimless that it muddies the clear public evidence that Russia hacked the Democratic Party to affect the election, and so wrong it enables the Trump-friendly conspiracy theorists trying to explain away that evidence.”

Granted, trying to reconstruct a digital crime scene absent some of the most important pieces of evidence is a bit like attempting to assemble a jigsaw puzzle with only half of the pieces. But as digital forensics and security expert Jonanthan Zdziarksi noted via Twitter last night, good old fashioned spying and human intelligence seems to have played a bigger role in pinning the DNC hack on the Russians.

“The DNI report subtly implied that more weight was put on our intelligence coming from espionage operations than on cyber warfare,” Zdziarski wrote. “As someone who’s publicly called out the FBI over misleading the public and the court system, I believe the DNI report to be reliable. I also believe @CrowdStrike’s findings to be reliable based on the people there and their experience with threat intelligence.”

Key findings from the DNI report.

Key findings from the DNI report.

My take? Virtually nothing in the DNI report is dispositive of anything in the FBI/DHS report. In other words, the DNI report probably won’t change anyone’s minds. I’m sure that many smart U.S. intelligence analysts spent a great deal of time on this, but none of it was particularly surprising at all: The DNI report describes precisely the kind of cloak and dagger stuff that one might expect the Kremlin to be doing to the United States, day-in and day-out.

What makes these kinds of cyber espionage and propaganda campaigns so worthwhile is that even if the Kremlin cannot always get its favorite candidate elected, Moscow may still consider it a success if it can continuously sow doubt in the minds of Americans about the legitimacy of the U.S. election process and other tenets of democracy.

It’s also exactly the sort of thing the U.S. government has been doing to other countries for decades. In fact, the U.S. has done so as many as 81 times between 1946 and 2000, according to a database amassed by political scientist Dov Levin of Carnegie Mellon University, writes Nina Agrawal for The Los Angeles Times.

Anyone shocked by the Kremlin-funded news station RT in all of this probably never heard of Voice of America, a U.S. government-funded news service that broadcast the American response to Soviet propaganda during the Cold War.

President-elect Trump has publicly mocked American intelligence assessments that Russia meddled with the U.S. election on his behalf, and said recently that he doubts the U.S. government can be certain it was hackers backed by the Russian government who hacked and leaked emails from the DNC.

Mr. Trump issued a statement last night only loosely acknowledging Russian involvement, saying that “while Russia, China, other countries, outside groups and people are consistently trying to break through the cyber institutions, businesses and organizations including the Democrat [sic] National Committee, there was absolutely no effect on the outcome of the election including the fact that there was no tampering whatsoever with the voting machines.”

Trump also has called for a review of the nation’s plans to stop cyberattacks, which he said will be completed within 90 days of his taking office on Jan. 20.

“Whether it is our government, organizations, associations or businesses we need to aggressively combat and stop cyberattacks,” Trump said. “I will appoint a team to give me a plan within 90 days of taking office. The methods, tools and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm. Two weeks from today I will take the oath of office and America’s safety and security will be my number one priority.”

Time will tell if Mr. Trump’s team can do anything to slow the frequency of data breaches in the United States. But I hope we can all learn from this report. It’s open season out there for sure, but there are some fairly simple, immutable truths that each of us should keep in mind, truths that apply equally to political parties, organizations and corporations alike:

-If you connect it to the Internet, someone will try to hack it.

-If what you put on the Internet has value, someone will invest time and effort to steal it.

-Even if what is stolen does not have immediate value to the thief, he can easily find buyers for it.

-The price he secures for it will almost certainly be a tiny slice of its true worth to the victim.

-Organizations and individuals unwilling to spend a small fraction of what those assets are worth to secure them against cybercrooks can expect to eventually be relieved of said assets.

“We assess Moscow will apply lessons learned from its Putin-ordered campaign aimed at the US presidential election to future influence efforts worldwide, including against US allies and their election processes,” the DNI report concludes.

Yeah, no kidding. The question is: Will political and corporate leaders begin applying those lessons to their own operations, and gird themselves for full-on, 24/7 cyberattacks from every direction, before, during and after each election? How many more examples do we need to understand that maybe we’re really not taking this cybersecurity stuff seriously enough given what’s at stake?

The DNI report is available here (PDF).


139 thoughts on “DNI: Putin Led Cyber, Propaganda Effort to Elect Trump, Denigrate Clinton

  1. Irina

    Voice of America and Radio Freedom were our lifeline in the Soviet Union. Every decent person’s lifeline. Routinely jammed, etc. Whatever is left is still a decent news source. RT is world’s apart. To equate the levels of maliciousness and corruption in the Putin’s government to that in the USA is the same as to equate crime in a bad neighborhood and in a good one. Yes, both have crime, but the rates – and the quality of life – are vastly different. I hoped Krebs knew better…

    1. Kevin

      Irina – my mother, now a US citizen, grew up during the Cultural Revolution in China and also considered the Voice of America radio show to be her lifeline – a ray of light in an otherwise abysmal future. Inspired by the “propaganda” radio show, my mom came to the US seeking what she thought would be a better life, and the US delivered on its promises. I think that marks the difference between propaganda and outreach. I can’t speak to the truth/benefits that RT offers, not having listened to it, but I think this is important to keep in mind.

  2. Dale Lancaster

    Thanks for your analysis. I had the exact same conclusions – no technical evidence presented, especially on attribution. However, no one should be “shocked” that USSR is attacking us and trying to influence many issues.

    Guess what, the great USA does exactly the same to the USSR and other countries – daily. So what’s the big deal here?

    The real take-away here is that this event was very public and the US Gov had a chance to really show how our Intel agencies were “all over it”. The public version of the report simply left me and everyone else with the distinct impression that no one was “all over it” and that all evidence was circumstantial and inconclusive. It it was really the case that the intel agencies had substantive prove, they should have done a much better job showing such.

    I am left with the impression our intel agencies don’t know what they are doing in this area and/or the leaders are too soft to push back on being used as a political pawn.

    1. jobardu

      “this event was very public”.
      A little too public. There is a high liklihood that, if the Russians could hack the DNC, then the Chinese and a few others could too. In fact, unless you want to dismiss Wikileaks out of hand, it is possible that more than one person had the hacked documents.
      So a number of questions arise that aren’t discussed in the report:
      1. Were any other sources than Russia considered?
      2. Was the Russian leak the only documenet leak?
      3 Who had the most to benefit from the leaks?;
      4. Would the Russians have made it so easy to be tracked and caught and would they have such limited aims?. They are very sophisticated and there is little evidence of attribution at the time.
      5. Have insider threats and leaks been discounted? When the media leaks classified documents they usually get them from insiders.

      My guess is that this is a way for the Administration to undermine Trump’s freedom of action and avoid any responsibility for the leak. Unfortunately there are no independent media sources to check and critically analyze the reports or Obama’s story (Did he really not know until June 2016? )

      Oh well, the media certainly won’t cover for Trump. That is one reason why he was elected.

  3. Jeff

    Putin needs to go into advertising. His ‘influence campaign’ obviously worked better than Hillary outspending Trump by hundreds of millions with regular ad agencies. Lets not forget super pac’s that really make up some BS and spend crazy money, he even out performed them! I wonder how he does selling used cars?

  4. big bob

    I’m sorry, did Russia also force her to do a bunch of illegal / questionably illegal things and document them in her e-mails?

    1. Sean McVeigh

      It would be helpful if you could identify one illegal thing she did outside of mishandling classified emails. I have been trying to figure out what HRC did that has upset so many people.

      1. JP in KC

        Influence-peddling through her foundation, for one. But she has a 35 year history of malfeasance, so there are a number of other things you could pick.

  5. srhardy

    Interference in elections by the US in Russia. Is it just me or have you all gone brain dead and forgotten that Yeltsin got sent US doctors and media ‘experts’ so he could win his last election by the USA. Why, before the election they had him so full of drugs, I saw him dancing on stage but immediately after the election US doctors did massive heart surgery. He always suffered from alcoholism but post the operation he also had a condition known as PUMP HEAD (Bill Clinton suffers from it too now, since his heart surgery). Its what left the power vacuum that let Vald to rise to power. Not only did the US interfere, they bragged about the ‘assistance’ they were giving to help DEMOCRACY. Funny but if the Russians (not wanting WW3) extended the same hand of friendship, by releasing the DEMOCRATS dirty laundry (ie, the TRUTH) ~ they are blamed, even without a steric of anything resembling evidence! Jez, the USA is a pack of dicks in your government!

  6. Doug Bostrom

    Not so long ago Russia was hauled up for public shaming on charges of industrial-scale state-sponsored doping of athletes. The Russians ridiculed the notion, claimed it was political, relied on others to shore up their denials based on insufficient evidence. Not so long after, more evidence of complicity by the Russian government emerged. Denials and outrage continued. Shortly thereafter– confronted with loss of privilegse and access– Russia canceled their denials of doping, provided evidence to fill in missing parts from the public narrative and became quite contrite.

    This situation is not the previous situation, but it’s possibly instructive.

    Regarding “Hilary asked for it” etc., by keeping money in our bank accounts we are not inviting needy people to steal it. It’s minimally difficult to keep concepts such as “I don’t like Hilary” and “theft is wrong” compartmentalized.

  7. Zelco Munye`

    I don’t think Hillary required any Russian influence (or other countries) to lose the election. She’s a criminal, liar, conspirator to murder, a traitor, and has absolutely 0 (ZERO) moral fiber. Sorry guys, but she was “hoist by her own petard”.

    1. Carl Allen

      You are a deranged Hillary-Hater. She had her flaws, but she was so much more level-headed, experienced, and qualified for president than Trump (an arrogant, vindictive megalomaniac with attention-deficit disorder), that there is simply no comparison. Your absurd claim of “murder”, among other spurious accusations, is not just wrong, but slanderous. There is absolutely no proof to support the notion that she committed any criminal act.

      As far as the hacking, let’s not forget that Trump squeaked his way into the White House with a very narrow win in which he got a mere 46 percent of the vote, losing the popular count by nearly 3 million. His margin of victory in the three critical electoral states of Wisconsin, Michigan and Pennsylvania (which would have sealed the election for Hillary had they gone blue) was less than 80,000 votes TOTAL. It does not strain credibility in the least to think Russia’s hacking influenced public opinion significantly enough to have determined the outcome.

  8. Richard Steven Hack

    The entire report was a load of complete BS, void of evidence, and half of it was a rehash from 2012 making absurd complaints that a news organization which has almost zero penetration into the US media market was somehow complicit in influencing a US election.

    Anyone taking this stuff seriously is either 1) anti-Russia for their own political reasons, or 2) a complete idiot.

    See my earlier post in the “Download” thread on why the most likely scenario is a DNC/Clinton/Ukrainian false flag operation to frame Russia for hacking the DNC in order to 1) cover up the DNC leaks – not hacks, and 2) use it to tar Trump as a “Russian agent or patsy.”

    Such a scenario makes FAR more sense than the idea that Russia intelligence agencies would use a bunch of Russian hacker clowns – as Krebs seems to believe in his previous article – to conduct a sensitive intelligence operation.

    The fact that no one has even considered the possibility that Ukraine – which has any number of Russia-hating, Russian-speaking hackers who work in a time zone one hour behind Moscow time – might have a motivation to do these hacks tells one all you need to know about the bias in the mainstream media.

  9. Peter

    Trump said. “I will appoint a team to give me a plan within 90 days of taking office. The methods, tools and tactics we use to keep America safe should not be a public discussion that will benefit those who seek to do us harm. Two weeks from today I will take the oath of office and America’s safety and security will be my number one priority.”

    So basically in 90 days a motion will be put in place to extend the NSA, CIA and FBI’s etc reach on what they can do to snoop on internet traffic and phone calls etc

  10. www.norton.com/setup

    I’m amazed, I must say. Rarely do I come across a blog that’s equally educative
    and interesting, and let me tell you, you have hit
    the nail on the head. The issue is something which not enough
    men and women are speaking intelligently about. I’m
    very happy that I stumbled across this in my search for
    something regarding this.

  11. Tompson

    I like Vladimir Putin i really do . Is it a bad thing ?

  12. Steven S.

    “It’s also exactly the sort of thing the U.S. government has been doing to other countries for decades.” – Krebs

    “Guess what, the great USA does exactly the same to the USSR and other countries – daily. So what’s the big deal here?” – Dale Lancaster

    “Is it just me or have you all gone brain dead and forgotten that Yeltsin got sent US doctors and media ‘experts’” – srhardy

    I have seen so many examples of these kinds of logical failures around the hacking report that my head is about to explode. Even though it’s true we’ve done it too, it is irrelevant to the discussion about what we should think and do as a response. It amounts to essentially being an apologist for the attacks on our nation.

    Here is the same logic translated to a shooting war:
    “So, their side is shooting at us, killing us, attacking us to win the war. What’s the big deal? Why should we get upset? We’re shooting at them, too, killing them and attacking them. So, all you upset people, settle down!”

    I submit that national security and potentially national survival depend on the USA taking it VERY seriously and responding with a diligent, all hands on deck, robust defense and counter-attack (when and if deemed necessary) to assure our nation survives the war — the cyber-war.

  13. Robert Marchenoir

    I will second other commenters here by saying that “the US does it too” because Voice of America equates RT is just factually wrong. You’re playing into Russia’s hands by saying that. It’s exactly what their propaganda outlets repeat day in, day out.

    Voice of America (or, today, the much smaller RFERL) is fundamentally different from RT, Sputnik and the like in that it is striving to report the truth. RT masters explicitely say that the truth does not matter because it does not exist — and then they follow suit by broadcasting completely fabricated stories, which American media, or more generally speaking media from the free world, never do.

    Russian and American governement media, in addressing each other’s population, both obviously aim to support their own side : but that’s a different thing.

    The aim of RT and assorted outlets is to support Russia by subverting foreign countries and sowing hatred and discord, while pretending truth is an obsolete concept from the decadent West. The aim of RFERL and assorted outlets is to support America by broadcasting the truth about what’s happening in Russia — and America. It’s not similar ; it’s just the opposite.

    American government media broadcasting to foreigners obviously have a slant. Having an opinion, however, is not the same thing as despising truth and trying to lie, obfuscate, insult and disorient.

    Also, there’s nothing “fascinating” in the DNI report about RT, because all this has been publicly known for years. It’s open information. There are thousands of pages freely available on the subject, written by the most authoritative, independant experts : academics, historians, journalists and the like.

    You may start by browsing those reports, which, I’m sure, are far more thorough and illuminating on the subject than the recent DNI document. This one has been published two years ago :

    http://www.interpretermag.com/wp-content/uploads/2014/11/The_Menace_of_Unreality_Final.pdf

    This one is from last August :

    http://cepa.org/reports/winning-the-Information-War

    A shorter newspaper take on the subject, by one of the authors of the above :

    https://www.theguardian.com/news/2015/apr/09/kremlin-hall-of-mirrors-military-information-psychology

  14. TJ

    My Addition:

    -If a zero-day is used the victim will typically not report it to the vendor(especially banks and traded companies) and the attacker will continue using it on others.

    There was once an Apache RCE that went unpatched for five-years because the banks and high-profile targets it was used on don’t share attack details. This is still the reality..

  15. Patrik

    Neither candidate gave/gives a crap about the people.. all egomaniacs.
    I’m more interested in proof than supposition, and that’s all the report is…
    Please release IP/traceroute/DNS/ISP/more info…
    Theories are lame fodder for overexcited, under-educated sheeple.

Comments are closed.