Experts Aren’t Convinced by FBI and Homeland Security Report on Alleged Russian Hacking

Ryan Somma / CC-BY-2.0

The U.S. Department of Homeland Security and the FBI released a summary of their inquiry into the alleged hacking of Democratic Party servers during the 2016 elections by groups working at the behest of the Russian government.

Veteran intelligence analyst and NSA whistleblower William Binney, who has criticized as inadequate the CIA’s public case arguing Russian responsibility for the hacking, does not find the new report convincing.

“This is the typical bamboozle type report the IC [intelligence community] gives Congress or anybody else that they want to confuse,” Binney told Truthdig in an email.

The Guardian describes the report:

The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late.

“The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the US government and its citizens,” wrote the authors of the government report. “This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the US government.”

The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as “advanced persistent threat 28” (APT 28), which the company’s internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear.

Binney went on to share an evaluation of the new report, which he sent to his peers in the group Veteran Intelligence Professionals for Sanity (VIPS):

Gee, I expected to see the IP’s or other signatures of APT’s 28/29 and where they were located and how/when the data got transferred to them from DNC/HRC/etc. They seem to have been following APT 28/29 since at least 2015, so, where are they? Further, once we see the data being transferred to them, when and how did they transfer that data to Wikileaks? This would be evidence of trying to influence our election by getting the truth of our corrupt system out. And, as Edward Snowden said, once they have the IP’s and/or other signatures of 28/29 and DNC/HRC/etc., NSA would use Xkeyscore to help trace data passing across the network and show where it went. In addition, since Wikileaks is (and has been) a cast iron target for NSA/GCHQ/etc for a number of years there should be no excuse for them missing data going to any one associated with Wikileaks.

“Too many words means they don’t have clear evidence of how the data got to Wikileaks,” Binney added in a second message.

In mid-December, VIPS published a memorandum describing the CIA’s claims of Russian hacking as “baseless.”

The Guardian cited evaluations by other experts:

Security experts on Twitter criticized the government report as too basic. Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center.

Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”

—Posted by Alexander Reed Kelly