cyberarmscontrolblog

International Agreement for Control of Cyber Weapons

Category: RUSSIAN HACKING

January 8, 2017

Comments on “Assessing Russian Activities and Intentions in Recent US Elections”

“Disclosures through Wikileaks did not contain any evident forgeries” (ODNI Report, p. 3)

The Office of the Director of National Intelligence (ODNI) released an unclassified report on the Russian hacking of the US election. The document is a consensus of the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) and the Central Intelligence Agency (CIA). In some cases, there is a difference in expressed confidence between the agencies, with the NSA being less sure on some items. The intelligence community made no conclusions regarding whether or not the Russian efforts were effective in changing the result in the Presidential election of 2016.

The report details various actions that Russia takes  to influence public opinion. There are a number of organizations mentioned in the report. These different organizations, according to the analysis, worked together in order to influence public opinion.  These organizations are summarized in Figure 1.

russian-propaganda-structure-001

Figure 1 — Different organizations mentioned in the ODNI report on Russian interference in the 2016 Presidential Election. Note: The small dots are “cut-outs”; see discussion below.

We can divide the organizations into three categories: (1) propaganda and public diplomacy; (2) covert cyber activities (hacking and dissemination of information); and (3) intelligence collection and unknown covert activities.

Propaganda and Public Diplomacy

Russia Today. A very large amount of the report is dedicated to activities of the Russian government-sponsored news channel RT, which previously was known as “Russia Today”. It has a multi-layered structure. The RIA Novosti (РИА Новости) agency is the official news organ of the Russian government. It created a subsidiary TV Novosti (ТВ-Новости) to operate “autonomously” apart from the government.  The word “novosti” in Russian means “news”. The root is “novo” which means “new”. (In English, the word “novel” as in “a novel idea” comes from the same root.) TV Novosti then created Russia Today (RT) as another autonomous organization.  The intelligence assessment is that these organizations are not independent of the Russian government; that they follow the Kremlin “line”, and this is confirmed with quotes from the head of Russia Today.

Russia Today changed its name to “RT” because it was felt it would appeal to a larger audience. RT is the most frequently viewed foreign news channel in the United Kingdom. RT operates in the United States a commercial news entity as a stand-alone news organization. This organization then hires westerners to act as reporters. This is the multi-layered structure.

Sputnik News. Named after the world’s first satellite to orbit the earth, the technology that launched the “space race”, Sputnik News seems to have the same structure. The report is not clear if it is sponsored by TV Novosti or RIA Novosti or through some other mechanism. (In Figure 1, there are dotted lines indicating uncertainty.). Nevertheless, Sputnik news operates in a way similar to RT. There is also a Sputnik Radio network.

The important point is that both channels broadcast the opinions of the Kremlin. In other words, the report argues, they slant the news in ways that are not harmful to Russia. In addition, if Russia has enemies abroad, these enemies get damning critical coverage. News, therefore, is not journalism in the common sense of the news as theoretically found in the United States, but instead is viewed as being an instrument of state power.

These Russian entities operate somewhat like the Chinese XinHua, or the Voice of America, or France 24, or Radio France International (FRI), or the BBC, or Deutsche Welle. All of these are government sponsored news outlets.

Internet Research Agency. The report also mentions the Internet Research Agency, located in St. Petersburg here (formerly called Leningrad when the Soviet Union existed). This organization is said to deploy armies of Internet Trolls. In Russia, these are called “Web Brigades” (Веб-бригады).  Trolls are persons who use assumed names to monitor news media websites as well as social media for the purpose of expressing opinions that follow the party line. For example, if it is decided that Hillary Clinton is not a favorite of Russia, then the trolls operate to insert negative Hillary comments in as many news outlets around the world as possible. Anyone who participates in online discussions through major news media web sites is familiar with this army of commentators. (Russia is not the only country to do this.)

Analysis of these Russian trolls shows a tendency to criticize anything about the United States that the Russian government does not like. According to the intelligence report, the overarching idea is to destroy the concept of liberal democracy.

Analysis. RT and Sputnik are the Russian version of similar government-supported news channels found elsewhere. They have been effective in getting their message across. In terms of the US election, it is not known how many Americans read Sputnik (probably not very many), or how many watch RT (compared to other media, probably not very many). Therefore, it is difficult to know if there was any substantial effect on the election. The Internet trolls may have had an effect, and may have been used to pump up and disseminate fake news, but no one seems to have measured this. After all, it is not possible definitively to identify the trolls.

Hacking & Dissemination by Russian Military Intelligence.

The GRU. The heart of the report concludes that the military foreign intelligence service of the Russian Federation, the GRU was responsible for hacking the emails from the Democrat party. GRU is an abbreviationn for Glavnoye Razvedyvatel’noye Upravleniye (Гла́вное разве́дывательное управле́ние). Glavnoye means Chief, or head. Razvedyvatel’noye means intelligence as in “collecting intelligence”. You can see the latin root “ved” which is “to see”. In English we have the same in the word “video”, from the Latin videre. In the United States, a rough equivalent to the GRU would be the Defense Intelligence Agency (DIA).

The report concludes that the GRU hacked the Democrat National Committee (DNC), took the emails, and also hacked John Podesta’s email account. So the next step was to deliver the information to the public, but without having anyone know it was sourced from the GRU. It is difficult to speculate on how the intelligence community identified the GRU as the source of the hacking. We do know, however, that intelligence collection on this type of operation within the United States would be done by the FBI, and intelligence collection outside the United States would be done by the CIA and for signals intelligence (SIGINT), by the NSA.

In terms of the National Security Agency (NSA), also known as “No Such Agency” or “Never Say Anything”, as far as the writer of this blog knows, this report on Russian hacking and influence operations is the first report ever published in the public with details of NSA assessments. Perhaps there have been others, but NSA does not usually publish anything at all except historical documents available through the National Cryptologic Museum, which is well worth the visit if you can find it.

Front Organizations. Sometimes covert operations (intelligence, police, industrial espionage teams, consultants) set up companies or organizations (non-profits, research services) to do certain work, but without identification of their true owner (sponsor, controller). The report does not specify any front organizations, but during the Cold War  a number were used to shape international public opinion. Evidently the concept of front organization was invented by Vladimir Lenin in his 1902 manifesto “What Is To Be Done“. The list is long, but front organizations associated with the Cold War and even before include the International Confederation of Free Trade Unions, the World Federation of Trade Unions, the Women’s International Democratic Federation, the World Peace Council, the International Union of Students, the Pan-Pacific Trade Union Secretariat, the Japan Peace Committee (日本平和大会), the Society for German Soviet Friendship. There is no need to provide a complete list here. Guccifer 2.0.  In this context, the report seems to express some suspicion that the hacker Guccifer 2.0 was a front organization. Rumored to be a single Romanian hacker, evidently it is not a single individual, according to the report. These things are murky. DCLeaks. This organization also was used as a conduit for providing information.

Cut-Outs. In Figure 1, the little circles represent “cut-outs”. The term “cut-out” is specific to espionage tradecraft, and represents a third party intermediary who can be trusted as a courier to transport information. Actually, one cut-out can pass the information to another before the information is given to the final destination. The utility in cut-outs is that their identities usually are vague. So if a source of information (S) hands the information to cut-out 1 (C1), who then hands it to the second cut-out (C2), who then hands it to the recipient (R), then (R) will not know the source of the information, and probably (C2) does not know the source of the information. And of course (R) is unaware of (c1) and so on. This system is made even more effective if the cut-outs have complete false identities, or if even their false identities are unknown to each other. (Even if interrogated, C2 would not be able to identify C1, and so on.)

False Flag Operations. This leads to the so-called “false flag” operation. False Flag is another espionage tradecraft term. It generally refers to a situation in which the person taking the action (whatever it is) thinks they are working for one country (or organization), when in actuality they are working for a different one. The use of cut-outs aids in getting people to provide their services (because they think they are working for someone else), but also aids the process of obscuring the source of any disseminated information.

Wikileaks. So when Julian Assange of Wikileaks says that he did not receive the information from a state party or a representative of a state party, he easily could be telling the truth, or at least the truth as he knows it. This doesn’t really matter, because once the information was released, the GRU had accomplished its purpose.

Intelligence and Unknown

SVR. The third type of operation mentioned briefly in the report is what we might call “classical espionage” conducted through the Russian Foreign Intelligence Service (SVR) Слу́жба вне́шней разве́дки (again you see the verb root “ved” in the last word, from the Latin videre). The report mentions use of Directorate S (Illegals).  Illegals are another espionage tradecraft term that refers to persons inserted into a society, like the United States, under completely false identities, even pretending to be Americans. The popular television series “The Americans” is an example of “illegals”. It also mentions persons who are recruited by the SVR to carry out espionage work. There were little if any details provided, and no examples, except that the report indicates the SVR systematically collected information on the US election system, including information on State election commissions. The report indicates there is no evidence of hacking the polling machines or changing the vote counts.

Other Campaigns

Apart from the actions regarding the election of the 45th President of the United States, the report cites other campaigns, including a few that the Russians believe were directed at Russia. These include the Olympic doping scandal, and release of the Panama Papers. It also describes Russian activities in support of Occupy Wall Street, and campaigns that criticize American democracy as being corrupt and not representative of the people, and that convince people “the media” is providing them false information. The report also argues that RT specials with an anti-fracking message are designed to hinder development of a challenge to Gazprom, the giant Russian energy company that supplies natural gas.

Summing Up

The intelligence report describes a range of public opinion campaigns directed by the government of Russia.  The major bombshell seems to be that the GRU is blamed for hacking the Podesta emails, and then through third parties getting the information to Wikileaks in a way that disguised the origin of the hack.

The remainder of the report describes programs of information (and “disinformation”) that have been in place since the Cold War.

The underlying message of the report is that the overall aim of the Russian campaigns should be seen in a larger context. It was not only to keep Hillary Clinton out of office, but to entirely discredit the democratic liberal order established by the United States in the Post War period. This includes spreading information that makes people believe the entire system is corrupt.

Trump’s Response

The 45th President has stated that although there is evidence a large number of countries hack into the United States, the Russian actions did not change the outcome of the US election. And to repeat, the intelligence report did not come to any conclusions in this regard.

 

 

Leave a comment
January 6, 2017

Highlights of James Clapper Testimony

National Intelligence Director James Clapper; Mike Rogers, the Chief of NSA’s Cyber Command, and Marcel Lettre, a Defense Undersecretary for Intelligence testified today to the U.S. Senate Armed Services Committee. The overall theme of the hearing was supposed to be Russian interference in the recent presidential election in the United States. As it turns out, the intel community has not yet completed its study. Nevertheless, a few notes on the hearing are provided below.

The intelligence community has concluded that Russia interfered with the election and that the plan was directed and planned directly by the Kremlin, including with knowledge of the President of the Russian Federation.

No proof was offered, because to offer the proof would destroy intelligence collection methods.

cyber-war-matrix-001

Cyber War Matrix.

This was a long testimony. Here, the intent is only to report on what was said, that is, the major conclusions that have been made by the intelligence community regarding Russian hacking. The set-up to the testimony by Senator John McCain was tricky. He stated that attacks against election emails were “consistent” with Russian techniques of hacking, but he did not say the hacks were Russian.

2,000,000 personnel records of the U.S. government were stolen by China, according to McCain. “Indecision and inaction” has thus far been the U.S. response. The cost needs to be raised for conducting cyber attacks against the United States. The opening statement from the Democratic side blamed election problems on Russia. These statements were made by Jack Reed, Democrat, Rhode Island, who argued also that Russia takes these actions because democracy is a threat to countries near to Russia, which is in what it claims is its “sphere of influence”.

Marcel Lettre. Threats. DOD defines 5 challenges. Russian coercion and aggression, particularly in Europe. Historic change in Asia Pacific. Risks with China’s destabilizing actions there. Iranian influences in Middle East. North Korea nuclear provocations. And Terrorism fighting, ISIS and Al Qaeda. All of these present a cyber threat.

The DOD strategy is to maintain dominance in this domain. Three missions: Defend DOD networks; giver cyber options to commanders; defend US against cyber attacks. “Cyber Mission Force”  now is operational.

Clapper (DNI). Regarding Russian interference in the electoral process. Said that the Russian tools detailed in the NCCIC report showed how they influenced the election. Russia has increased cyber espionage operations, and has leaked crucial data. China continues to attack US government and US companies. Iran and North Korea continue improve their capabilities. ISIS is using Internet to collect funds, broadcast propaganda, and recruit new members. Cyber attacks can also change or alter information. All of this chips away at the public trust. All instruments of power should be used to respond to cyber attacks. Using cyber to counter cyber attacks. Recommends separating NSA and Cyber Command.

Rogers (Cyber Command and NSA).They are awaiting the findings of a joint intelligence review. Their conclusions still have not been collected. Russian cyber groups have “a history of aggressively hacking into others’ governments”.

McCain first started to discuss Julian Assange. Confirmed that Wikileaks published names of people who had their lives put in danger. No credibility should be attached to his views, according to Clapper, Rogers and McCain.  McCain does not believe Russian actions

“They did not change any vote tallies; we have no way to gage the impact it had choices of the election.” Would that be act an of war if elections were changed? That is a “very heavy policy call”, but it definitely should carry great gravity. No one seems to know what to do if there is a cyber attack. They report it, but remain bystanders.

A “deterrence and response” framework needs to be put into place. There is a conclusion that the Russians interfered in the election. CIA, NSA and DHS will create joint report. They DO conclude that Russia interfered in the election. Rogers (NSA) said largest problem is “speed; speed and speed”.

Fake news sites; fake news stories also were part of Russian actions. A multi-facited campaign. Hacking was only one part of it. It also included classical propaganda,  disinformation, and fake news. Russian’s used “classical tradecraft”, particularly for misinformation, to hide source of the news information.

“People in glass houses should not throw too many rocks”. The attack against the Office of Personnel Management (OPM) was an act of espionage, not a cyber-attack. We do the same type of espionage. “Large data sets have become a particular high priority target” because “it is possible to mine the data”, according to Rogers.

The implication of Clapper’s statement is that cyber-espionage is not an “attack”. This is because every nation does it.

“If there is any connection with the Internet, there is an inherent security vulnerability,” according to Clapper.

Senator Nelson (Florida) compared cyber war to nuclear war. He argued that there is “no deterrence” in the field of cyber. A cyber response to a cyber act “may not be the best response”, according to Clapper. Also, you never know “what kind of cyber-retaliation” will be bought back from the other side. “All instruments of national power” should be used.

If a country launches a cyber counter-attack, then it is necessary to use the infrastructure of other countries, and this brings up a variety of legal issues.

Senator Claire McCaskill, Missouri Democrat, was highly critical of any contact with Assange. He is under indictment by Swedish government for sexual crimes. He exposed information that put people at risk. The “people in the intelligence community do not have much respect for him.”

Conclusions

The intelligence community has not yet completed its report. There appears to be a significant amount of evidence that Russia participated in the election, but there is no hard evidence yet presented. The key actors that oppose the United States are (1)~Russia; (2)~China; (3)~North Korea; and (4)~Iran.

One theme emphasized several times was that there is little strategy developed for responding to cyber attacks. “We don’t have a strategy.”  Also, the coordination needed for a response is very complicated, and takes too long. This prevents the United States from have a coherent and effective response to a cyber attack. “We are being hit repeatedly because the benefits  outweigh the cost”.

There also were indications that the intel community may have an idea of what happened inside the Kremlin. This will not come to light, because it obviously would give away too much information about “sources and methods” of intelligence collection.

In addition, there is no policy of responding to acts of espionage because we do the same.

Bottom line: The current thinking is that the Russians at the highest levels approved of and directed the hacking campaign against the United States. In this context, it means President Putin himself. This is not really good news. Clapper sees Russian actions as being in the same tradition as the Cold War, like what happened in the 1960s.

Below is a rough sketch of the categories of cyber activities under discussion.

 

Prospects for Cyber Arms Control

There are two ways to think about the election hacking. First, there are arguments that political activity should be considered to be a “critical infrastructure”, and the consequence of this would be that such hacking would be considered to be an aggressive attack against the country. Second, the current line of thinking is that espionage (passive information collection) should be separated from collection of commercial industrial espionage, or political interference.

In the Cyber War Matrix, above, cyber arms control would apply to the warfare rows. There will never be any international agreement to limit espionage or active measures.

 

 

 

 

 

 

Leave a comment
January 3, 2017

2016 The Year of Cyber War 0.7

Is Interference in Campaigns “Cyber War”?

2016 was the year of cyber war, and we will call it “cyber war 0.7” because it not a complete cyber war in the proper sense of the word. The most incredible event was the role of WikiLeaks in the election for the president of the United States. WikiLeaks was able to publish a large number of emails from the Democratic National Committee. These emails indicated a certain level of untoward behavior on the part of the leadership of the Democratic committee. As a result of this, there were various personnel changes in the Democratic National Committee.

The emails seem to indicate a number of activities that were considered by the opposition to be improper. Although these activities or not reported upon widely in the mainstream media, nevertheless, they seemed to have a decisive effect on the election. The connection between the leak of these emails and the election found it’s nexus in the investigation by the Federal Bureau of Investigation. In particular, only about one week before the vote, the FBI announced that it was re-opening its investigation of the Clinton emails. According to most commentators on the Democratic side, this specific action by the FBI was responsible primarily for the loss of Hillary Clinton in the election. The opposition claimed however that the real reason why she lost the election had to do with her policies regarding industrialization and foreign trade policy for the United States. It is difficult to know what all of the reasons were, but this discussion regarding the role of WikiLeaks, and the role of cyber warfare in the election has continued.

US Retaliation Against Russian Diplomats

After the election for the president but before the inauguration of the new administration, President Obama announced that the United States would be taking retaliatory action against the Russian Federation. This retaliation involves the expiration of 35 diplomats and their families from the United States within 72 hours. That’s at the same time, the Russians or forced to abandon two facilities that they have been operating for more than a quarter of a century. And additional hardship imposed upon the Russians was that this expulsion came only a few days before the New Year’s celebration which in Russia, like in so many other countries, is a major celebration. The representative of the Russian Federation in San Francisco stated that the cook for the New Year’s festivities had been expelled from the United States. He lamented publicly on television that because of this it would not be possible for the consulate to invite the large number of American guest as was customary.

This time, it still is not clear exactly what role the Russian Federation had in the release of the Clinton emails. For example, Julian Assange, the head of WikiLeaks, as stated on numerous occasions, including today in a live interview on the Fox news Channel, that the Russian Federation government had absolutely no connection to the release of the emails. In spite of these numerous denials, many still argue that it was the intervention of the Russian government in the presidential election that was responsible for the election of Donald Trump as the 45th president of the United States.

During this past week, there also was a report that malicious code from the Russian Federation had been injected into the electrical supply control mechanism for the state of New Hampshire. This news item turned out to be false.

The Chinese Office of Personnel Hack

There were many other significant events involving cyber warfare or cyber espionage during the year 2016. One of the most significant incidents was when a group operating from the People’s Republic of China managed to hack into the personnel records of more than 2 million employees of the federal government. They took a large amount of extremely confidential information including background investigation and security information regarding these government employees. What is peculiar about this incident is that the Obama administration did not take the type of harsh countermeasures that it has taken in the case of the legend Russian hacking of the US election.

Terrorists Use of Social Media

A third major theme of cyber warfare during the year 2016 involved the role of I S I S in it’s propaganda efforts to recruit terrorists around the world. These recruitment efforts have been very successful, particularly in Europe. During this year, Europe has seen a dramatic increase in terrorism and has lost a large number of people. In general, the situation seems to be getting much worse in Europe. In spite of this rise in the number of deaths originating in terrorism, Europe still seems to be refusing to place any controls on the propaganda coming from the Middle East. Placing controls on information is very difficult because it is a direct contravention of the international law regarding freedom of speech and freedom of communication. These principles were incorporated into the Universal Declaration of Human Rights. Unfortunately, we can see that international declarations are not to the same as international law.

We can say confidently that the year 2016 was one in which all aspects of the cyber issue came to the forefront in the international news. We can also say that during the coming year we should continue to see an escalation of problems in the cyber domain.

This blog continues to maintain the position that until there is a very significant outage or Internet crisis which affects a number of countries at the same time there will not be any recognition of the need for an international agreement to limit the proliferation and development of cyber weapons.

 

 

Leave a comment