The FBI Report on Russian Hacking

by edwardmroche

On December 29, 2016, The Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) issued a report entitled “GRIZZLY STEPPE – Russian Malicious Cyber Activity”. The report discusses various techniques of hacking that are indicators of Russian activity, presumably activity sponsored by the Russian government itself.

According to the document, “This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.” (p.1).

The report does not specifically tie Russia with Wikileaks. In an interview on Fox News, Julian Assange, the editor of Wikileaks, condemned the report as being amateurish.

Here, however, we will not focus on the details of the hacking and the question of whether or not the hacks against the Democratic National Committee were part of a Russian disinformation (дезинформация) campaign. Instead, we will focus on the underlying social network involved.

Underlying Social Networks of Espionage and Cyber Espionage

We can say that although espionage has changed over the years (decades, centuries), the underlying pattern of social organization is the same.(1) It involves the isolation of the controlling agency from those actually doing the espionage management, and further isolation of those actors from the people actually doing the spying.

In Figure 1, we can see the same pattern for the arrangement of hacking.


Figure 1:  Network of hacking. It shows a layered structure in which those controlling the espionage activities are located in a separate country (here “space”). Source: Federal Bureau of Investigation, NCCIC, Grizzly Steppe – Russian Malicious Cyber Activity, White Paper, December 29, 2016. Available here.

In a book published in 1949, Mr. Alexander Foote published an interesting book Handbook for Spies in which he provided organizational diagrams for Soviet (Russian) espionage networks that operated out of Switzerland during the Inter-War period to spy on Germany. You can see one of his diagrams in Figure 2.

Persistence of Social Networks

Here in the FBI-DHS report we can see the parallelism between the classical structures of espionage and cyber espionage.


Figure 2:  Map of traditional espionage network structure. Here, a Soviet network that operated from Switzerland to spy on Germany during the inter-war period. Source: Alexander Foote, Handbook for Spies, Garden City, N.Y., Doubleday, 1949.



(1) See Edward M. Roche, Corporate Spy: Industrial Espionage and Counterintelligence in the Multinational Enterprise with Case Studies, New York, Barraclough Ltd, 2007.