It’s not really about Russia, it’s about the US whose entire political class seeks to render US voters and elections irrelevant to cement our status as peasant/colonists under our "classified" military/intel superiors: The US Endless War and Starvation “revolution is not directed primarily against foreign tyrants: for even as they [US warmongers] put on a great show of “liberating” foreign peoples, they are in the process of enslaving the American people….Our old Republic, once the enemy of kings and contemptuous of empires, is now donning the imperial purple….The America we loved is lost, perhaps forever. That is the meaning of this [2003 Iraq] war. The republic that bound its rulers with the chains of the Constitution and freed the rest of us to live in peace is no more.”…Justin Raimondo, March 19, 2003.
7/29/19, “MSM Coverage of Senate Intelligence Report Is Misleading,“ AntiWar.com, Dave DeCamp
“A day after Robert Mueller’s testimony before Congress, the Senate Intelligence Committee released a report on supposed Russian interference in the 2016 election at the state and local level. The committee will be releasing four more reports relating to Russian interference over the next month. The heavily redacted report made the claim the Russian government directed extensive activity against “US election infrastructure.” The activity was scanning the networks and servers of the “election infrastructure.”
The findings section of the report said, “The Russian government directed extensive activity [but not “hacking”] beginning in at least 2014 and carrying into at least 2017, against U.S. election infrastructure’ at the state and local level." And that, “The Committee has seen no evidence that any votes were changed or that any voting machines were manipulated.”
The report lacked any real evidence to link the activities to the Russian government. But of course, that’s not how the mainstream media reported it. Vox headlined their story, “New Senate Intelligence report shows ‘extensive’ Russia 2016 election interference.” NBC’s headline read, “Senate Intelligence report finds ‘extensive’ Russian election interference.” The Hill said, “Senate Intel finds ‘extensive’ Russian election interference going back to 2014.”
None of these mainstream outlets explained how the Department of Homeland Security (DHS) determined that Russia was behind the activities. Page 11 of the report said,
“DHS arrived at their initial assessment by evaluating whether the tactics, techniques, and procedures (TTPs) observed were consistent with previously observed Russian TTPs, whether the actors used known Russian-affiliated malicious infrastructure, and whether a state or local election system was the target.”...
[Ed. note: Being "targeted or "scanned"-if such things happened-are of course normal, harmless, meaningless, happen thousands of times a day to many computer systems, don’t imply “penetration” of an election “system.” The terrorist US government can use these terms as weapons to force US taxpayers to bomb Russia and murder Putin. We're told that US elections are no longer needed because all Americans have only one issue which is Putin.]
(continuing): “Page 13 of the report said, “IP addresses associated with the August 18, 2016 FLASH (an FBI alert of a potential cyber-attack) provided some indications the activity might be attributable to the Russian government, particularly the GRU:” So the IP addresses only provide some “indications” that the activity “might be attributable to the Russian government.”
The next few paragraphs are redacted. The only few sentences that are not redacted do not have the proper context to come to any real conclusion. Those sentences read, “One of the Netherlands-based [REDACTED] ‘exhibited the same behavior from the same node over a period of time. … It was behaving like … the same user or group of users was using this to direct activity against the same type of ***targets,’*** according to DHS staff.”
Nothing else in the report tries to tie the activity to the Russian government.
Another claim in the report was that all 50 states were ***targeted***, something that most media outlets repeated. That claim is based on an assumption the DHS had since they could not figure out a pattern to the ***scanning.*** After a chart explaining the varying degrees of ***scanning*** in up to 21 states, Illinois being the only one named, page 20 read,
“Neither DHS nor the Committee can ascertain a pattern to the states ***targeted,*** lending credence to DHS’s later assessment that all 50 states probably were ***scanned.“*** Notice the word “probably.”
The New York Times headlined their story on the report as, “Russia Targeted Election Systems in All 50 States, Report Finds.” The Progressive YouTube talk show The Young Turks titled their video on the story, “Russia Hacks All 50 States.””…
[Ed. note: “Hacking” hasn’t been mentioned in the report, just “targeting” and “scanning”–which are meaningless. “Hacking” is something entirely different and the report doesn’t say it happened or that “Russians” did it. If I were Russia, I’d sue for slander or libel anyone who made the claim that Russia “hacked” all 50 states. Of course the term “hacking” is really about the US and not Russia. The mere evidence-free accusation of “hacking” has converted the US into the Soviet Union. American voters have been permanently silenced. Certainly, the GOP Establishment is ecstatic about this. They’ve always dreamed of silencing Republican voters, would be thrilled if Democrat voters were their voters: "Christmas Morning": That's what it would be for the GOP E if they got a different voting base: "That is the way they're thinking....All they gotta do is throw away their base. That's Christmas morning for 'em." Rush Limbaugh, 10/13/2013]
(continuing): “The rest of the report explains ways in which the states could make their voting systems more secure. It also expresses a desire to respect state’s privacy from the federal government.
Senator Ron Wyden (D-OR) wrote the minority views at the end of the report. Wyden said, “The defense of US national security against a highly sophisticated foreign government cannot be left to state and county officials. For that reason, I cannot support a report whose top recommendation is to ‘reinforce state’s primacy in running elections.’”
Wyden’s almost manic ravings in this report encapsulate the attitude towards Russia that is becoming all too common in the US today. Wyden wrote, “America is facing a direct assault on the heart of our democracy by a determined adversary. We would not ask a local sheriff to go to war against the missiles, planes and tanks of the Russian Army. We shouldn’t ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia’s cyber army. That approach failed in 2016 and it will fail again.”
While the claim that Russian hackers infiltrated our election system to observe and scan it could be true, nothing in this report – at least the redacted version – substantiates that claim. Media outlets, politicians and the intelligence community are all still pushing the idea that the Russian government hacked our elections in 2016, even though there is no concrete evidence.
A thing Russia-gaters like Senator Wyden like to say is that Russian cyber-attacks are a “threat to our democracy.” But what is a real threat to our democracy is the fact that the establishment can blame any politician’s success on Russian interference or influence. Democrats [and Republicans] are still blaming Trump’s victory in 2016 on Russia.
Rep. Tulsi Gabbard (D-HI) has been the latest victim of this Russia smear. Shortly after she announced her candidacy for the 2020 presidential race NBC ran a story that said, “The Russian propaganda machine that tried to influence the 2016 US election is now promoting the presidential aspirations of a controversial Hawaii Democrat who earlier this month declared her intention to run for president in 2020.” The article drew this conclusion from the fact that she was given a lot of coverage by Russian funded media outlets like RT. These media outlets make it no secret that they are funded by the Russian government.
Another hit piece on Gabbard came from the Daily Beast titled, “Tulsi Gabbard’s Campaign is Being Boosted by Putin Apologists.” This sorry piece of journalism named three of Gabbard’s donors, two of them have been pushing for better US-Russia relations [who wouldn’t be?] and the other one worked for a show on the RT network.
On Friday, the Washington Post ran a story titled, “Mitch McConnell is a Russian Asset." The article makes the wild accusation that McConnell is doing “Vladimir Putin’s bidding” since he has blocked some legislation to [allegedly] further secure elections.
Over the next month, the Senate Intelligence Committee will be releasing four more reports on [so-called] Russian interference. It is almost a guarantee that most media outlets will be reporting the committee’s claims as fact. Unfortunately, the American people cannot count on the media to report on this honestly. Now every reporter and news outlet has a way to delegitimize any election they want if they’re not happy with the results. The real attack on US democracy is not from Russia, it’s from within.”
“Dave DeCamp is a freelance journalist based in Brooklyn NY, focusing on US foreign policy and wars. He recently joined Antiwar.com as an assistant editor. He is on Twitter at @decampdave.”
...........................
Added: Trump's FBI is also Soros/Obama's third term.
..........................
Added: “The narrative of Russian intelligence attacking state and local election boards and threatening the integrity of U.S. elections has achieved near-universal acceptance by media and political elites. And now it has been accepted by the Trump administration’s intelligence chief, Dan Coats, as well. But the real story behind that narrative, recounted here for the first time, reveals that the Department of Homeland Security (DHS) created and nurtured an account that was grossly and deliberately deceptive.
"The facts surrounding the two actual breaches of state websites in Illinois and Arizona, as well as the broader context of cyberattacks on state websites, don't support Russian government interference at all." In the case of Arizona, "After meeting with DHS officials in early October 2017, however, [Arizona Sec. of State] Reagan wrote in a blog post that DHS “could not confirm that any attempted Russian government hack occurred whatsoever to any election-related system in Arizona, much less the statewide voter registration database.” What the DHS said in that meeting, as Reagan’s spokesman Matt Roberts recounted to me, is even more shocking. “When we pressed DHS on what exactly was actually targeted, they said it was the Phoenix public library’s computers system,” Roberts recalled."
In article below, “grossly and deliberately deceptive” DHS “Russia scare” claims are documented. Among DHS would-be celebrities milking this scam is ubiquitous Jeanette Manfra. DHS personnel use terms that don't mean "hacking," such as "targeting," "scanning," or "attempts to penetrate" which mean nothing but are intended to be heard as "Putin stole the election," US taxpayers must bomb Russia and murder Putin. DHS claimed 21 US states were hacked by Putin, which has been disproved, but at the time DHS said they couldn't tell states exactly how Putin did it because it's "classified." That's heard as: US taxpayers must line up tanks on every inch of Putin's border, prepare to bomb Russia and murder Putin. Trump administration "intelligence chief," Dan Coats, also promotes DHS lies.
................
8/28/2018, “How Department of Homeland Security Created a Deceptive Tale of Russia Hacking US Voter Sites,” Gareth Porter, Consortium News
“The narrative about Russian cyberattacks on American election infrastructure is a self-interested abuse of power by DHS based on distortion of evidence, writes Gareth Porter.
“The narrative of Russian intelligence attacking state and local election boards and threatening the integrity of U.S. elections has achieved near-universal acceptance by media and political elites. And now it has been accepted by the Trump administration’s intelligence chief, Dan Coats, as well.
But the real story behind that narrative, recounted here for the first time, reveals that the Department of Homeland Security (DHS) created and nurtured an account that was grossly and deliberately deceptive.
DHS compiled an intelligence report suggesting hackers linked to the Russian government could have targeted voter-related websites in many states and then leaked a sensational story of Russian attacks on those sites without the qualifications that would have revealed a different story. When state election officials began asking questions, they discovered that the DHS claims were false and, in at least one case, laughable.
The National Security Agency and special counsel Robert Mueller’s investigating team have also claimed evidence that Russian military intelligence was behind election infrastructure hacking, but on closer examination, those claims turn out to be speculative and misleading as well. Mueller’s indictment of 12 GRU military intelligence officers does not cite any violations of U.S. election laws though it claims Russia interfered with the 2016 election.
A Sensational Story
On Sept. 29, 2016, a few weeks after the hacking of election-related websites in Illinois and Arizona, ABC News carried a sensational headline: “Russian Hackers Targeted Nearly Half of States’ Voter Registration Systems, Successfully Infiltrated 4.” The story itself reported that “more than 20 state election systems” had been hacked, and four states had been “breached” by hackers suspected of working for the Russian government. The story cited only sources “knowledgeable” about the matter, indicating that those who were pushing the story were eager to hide the institutional origins of the information.
DHS Secretary Jeh Johnson and other senior DHS officials consulted with many state election officials in the hope of getting their approval for such a designation. Meanwhile, the DHS was finishing an intelligence report that would both highlight the Russian threat to U.S. election infrastructure and the role DHS could play in protecting it, thus creating political impetus to the designation. But several secretaries of state—the officials in charge of the election infrastructure in their state—strongly opposed the designation that Johnson wanted.
On Jan. 6, 2017—the same day three intelligence agencies released a joint “assessment” on Russian interference in the election—Johnson announced the designation anyway. Media stories continued to reflect the official assumption that cyber attacks on state election websites were Russian-sponsored. Stunningly, The Wall Street Journal reported in December 2016 that DHS was itself behind hacking attempts of Georgia’s election database.
The facts surrounding the two actual breaches of state websites in Illinois and Arizona, as well as the broader context of cyberattacks on state websites, didn’t support that premise at all.
In July, Illinois discovered an intrusion into its [online] voter registration website and the theft of personal information on as many as 200,000 registered voters. (The 2018 Mueller indictments of GRU officers would unaccountably put the figure at 500,000.) Significantly, however, the hackers only had copied the information and had left it unchanged in the database.
That was a crucial clue to the motive behind the hack. DHS Assistant Secretary for Cyber Security and Communications Andy Ozment told a Congressional committee in late September 2016 that the fact hackers hadn’t tampered with the voter data indicated that the aim of the theft was not to influence the electoral process. Instead, it was “possibly for the purpose of selling personal information.” Ozment was contradicting the line that already was being taken on the Illinois and Arizona hacks by the National Protection and Programs Directorate and other senior DHS officials.
In an interview with me last year, Ken Menzel, the legal adviser to the Illinois secretary of state, confirmed what Ozment had testified. “Hackers have been trying constantly to get into it since 2006,” Menzel said, adding that they had been probing every other official Illinois database with such personal data for vulnerabilities as well. “Every governmental database—driver’s licenses, health care, you name it—has people trying to get into it,” said Menzel.
In the other successful cyberattack on an [alleged] electoral website, hackers had acquired the username and password for the voter database Arizona used during the summer, as Arizona Secretary of State Michele Reagan learned from the FBI. But the reason that it had become known, according to Reagan in an interview with Mother Jones, was that the login and password had shown up for sale on the dark web—the network of websites used by cyber criminals to sell stolen data and other illicit wares.
Furthermore, the FBI had told her that the effort to penetrate the database was the work of a “known hacker” whom the FBI had monitored “frequently” in the past. Thus, there were reasons to believe that both Illinois and Arizona hacking incidents were linked to criminal hackers seeking information they could sell for profit.
Meanwhile, the FBI was unable to come up with any theory about what Russia might have intended to do with voter registration data such as what was taken in the Illinois hack.
When FBI Counterintelligence official Bill Priestap was asked in a June 2017 hearing how Moscow might use such data, his answer revealed that he had no clue: “They took the data to understand what it consisted of,” said the struggling Priestap, “so they can affect better understanding and plan accordingly in regards to possibly impacting future elections by knowing what is there and studying it.”
The inability to think of any plausible way for the Russian government to use such data explains why DHS and the intelligence community adopted the argument, as senior DHS officials Samuel Liles and Jeanette Manfra put it, that the hacks “could be intended or used to undermine public confidence in electoral processes and potentially the outcome.
But such a strategy could not have had any effect without a decision by DHS and the U.S. intelligence community to assert publicly that the intrusions and other scanning and probing were Russian operations, despite the absence of hard evidence. So DHS and other agencies were consciously sowing public doubts about U.S. elections that they were attributing to Russia.
DHS Reveals Its Self-Serving Methodology
In June 2017, Liles and Manfra testified to the Senate Intelligence Committee that an October 2016 DHS intelligence report had listed election systems in 21 states that were “potentially targeted by Russian government cyber actors.”
They revealed that the sensational story leaked to the press in late September 2016 had been based on a draft of the DHS report. And more importantly, their use of the phrase “potentially targeted” showed that they were arguing only that the cyber incidents it listed were possible indications of a Russian attack on election infrastructure.
Furthermore, Liles and Manfra said the DHS report had “catalogued suspicious activity we observed on state government networks across the country,” which had been “largely based on suspected malicious tactics and infrastructure.” They were referring to a list of eight IP addresses an August 2016 FBI “flash alert” had obtained from the Illinois and Arizona intrusions, which DHS and FBI had not been able to attribute to the Russian government.
The DHS officials recalled that the DHS began to “receive reports of cyber-enabled scanning and probing of election-related infrastructure in some states, some of which appeared to originate from servers operated by a Russian company.” Six of the eight IP addresses in the FBI alert were indeed traced to King Servers, owned by a young Russian living in Siberia. But as DHS cyber specialists knew well, the country of ownership of the server doesn’t prove anything about who was responsible for hacking: As cybersecurity expert Jeffrey Carr pointed out, the Russian hackers who coordinated the Russian attack on Georgian government websites in 2008 used a Texas-based company as the hosting provider.
The cybersecurity firm ThreatConnect noted in 2016 that one of the other two IP addresses had hosted a Russian criminal market for five months in 2015. But that was not a serious indicator, either. Private IP addresses are reassigned frequently by server companies, so there is not a necessary connection between users of the same IP address at different times.
The DHS methodology of selecting reports of cyber incidents involving election-related websites as “potentially targeted” by Russian government-sponsored hackers was based on no objective evidence whatever. The resulting list appears to have included any one of the eight addresses as well as any attack or “scan” on a public website that could be linked in any way to elections.
This methodology conveniently ignored the fact that criminal hackers were constantly trying to get access to every database in those same state, country and municipal systems. Not only for Illinois and Arizona officials, but state electoral officials.
In fact, 14 of the 21 states on the list experienced nothing more than the routine scanning that occurs every day, according to the Senate Intelligence Committee. Only six involved what was referred to as a “malicious access attempt,” meaning an effort to penetrate the site. One of them was in Ohio, where the attempt to find a weakness lasted less than a second and was considered by DHS’s internet security contractor a “non-event” at the time.
State Officials Force DHS to Tell the Truth
For a year, DHS did not inform the 21 states on its list that their election boards or other election-related sites had been attacked in a presumed Russian-sponsored operation. The excuse DHS officials cited was that it could not reveal such sensitive intelligence to state officials without security clearances.
But the reluctance to reveal the details about each case was certainly related to the reasonable expectation that states would publicly challenge their claims, creating a potential serious embarrassment.
On Sept. 22, 2017, DHS notified 21 states about the cyber incidents that had been included in the October 2016 report. The public announcement of the notifications said DHS had notified each chief election officer of “any potential targeting we were aware of in their state leading up to the 2016 election.”
The phrase “potential targeting” again telegraphed the broad and vague criterion DHS had adopted, but it was ignored in media stories.
But the notifications, which took the form of phone calls lasting only a few minutes, provided a minimum of information and failed to convey the significant qualification that DHS was only suggesting targeting as a possibility. “It was a couple of guys from DHS reading from a script,” recalled one state election official who asked not to be identified. “They said [our state] was targeted by Russian government cyber actors.
A number of state election officials recognized that this information conflicted with what they knew. And if they complained, they got a more accurate picture from DHS. After Wisconsin Secretary of State Michael Haas demanded further clarification, he got an email response from a DHS official with a different account.
“[B]ased on our external analysis,” the official wrote, “the WI
[Wisconsin] IP address affected belongs to the WI Department of
Workforce Development, not the Elections Commission.”
California Secretary of State Alex Padilla said DHS initially had notified his office “that Russian cyber actors ‘scanned’ California’s Internet-facing systems in 2016, including Secretary of State websites.” But under further questioning, DHS admitted to Padilla that what the hackers had targeted was the California Department of Technology’s network.
Texas Secretary of State Rolando Pablos and Oklahoma Election Board spokesman Byron Dean also denied that any state website with voter- or election-related information had been targeted, and Pablos demanded that DHS “correct its erroneous notification.”
Despite these embarrassing admissions, a statement issued by DHS spokesman Scott McConnell on Sept. 28, 2017 said the DHS “stood by” its assessment that 21 states “were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure.” The statement retreated from the previous admission that the notifications involved “potential targeting,” but it also revealed for the first time that DHS had defined “targeting” very broadly indeed.
It said the category included “some cases” involving “direct scanning of targeted systems” but also cases in which “malicious actors scanned for vulnerabilities in networks that may be connected to those systems or have similar characteristics in order to gain information about how to later penetrate their target.”
It is true that hackers may scan one website in the hope of learning something that could be useful for penetrating another website, as cybersecurity expert Prof. Herbert S. Lin of Stanford University explained to me in an interview. But including any incident in which that motive was theoretical meant that any state website could be included on the DHS list, without any evidence it was related to a political motive.
Arizona’s further exchanges with DHS revealed just how far DHS had gone in exploiting that escape clause in order to add more states to its “targeted” list. Arizona Secretary of State Michele Reagan tweeted that DHS had informed her that “the Russian government targeted our voter registration systems in 2016.” After meeting with DHS officials in early October 2017, however, Reagan wrote in a blog post that DHS “could not confirm that any attempted Russian government hack occurred whatsoever to any election-related system in Arizona, much less the statewide voter registration database.”
What the DHS said in that meeting, as Reagan’s spokesman Matt Roberts recounted to me, is even more shocking. “When we pressed DHS on what exactly was actually targeted, they said it was the Phoenix public library’s computers system,” Roberts recalled. In April 2018, a CBS News “60 Minutes” segment reported that the October 2016 DHS intelligence report had included the Russian government hacking of a “county database in Arizona.” Responding to that CBS report, an unidentified “senior Trump administration official” who was well-briefed on the DHS report told Reuters that “media reports” on the issue had sometimes “conflated criminal hacking with Russian government activity,” and that the cyberattack on the target in Arizona “was not perpetrated by the Russian government.”
NSA Finds a GRU Election Plot
NSA intelligence analysts claimed in a May 2017 analysis to have documented an effort by Russian military intelligence (GRU) to hack into U.S. electoral institutions. In an intelligence analysis obtained by The Intercept and reported in June 2017, NSA analysts wrote that the GRU had sent a spear-phishing email—one with an attachment designed to look exactly like one from a trusted institution but that contains malware design to get control of the computer—to a vendor of voting machine technology in Florida. The hackers then designed a fake web page that looked like that of the vendor.
They sent it to a list of 122 email addresses NSA believed to be local government organizations that probably were “involved in the management of voter registration systems.” The objective of the new spear-phishing campaign, the NSA suggested, was to get control of their computers through malware to carry out the exfiltration of voter-related data.
But the authors of The Intercept story failed to notice crucial details in the NSA report that should have tipped them off that the attribution of the spear-phishing campaign to the GRU was based merely on the analysts’ own judgment—and that their judgment was faulty.
The Intercept article included a color-coded chart from the original NSA report that provides crucial information missing from the text of the NSA analysis itself as well as The Intercept’s account.
The chart clearly distinguishes between the elements of the NSA’s account of the alleged Russian scheme that were based on “Confirmed Information” (shown in green) and those that were based on “Analyst Judgment” (shown in yellow). The connection between the “operator” of the spear-phishing campaign the report describes and an unidentified entity confirmed to be under the authority of the GRU is shown as a yellow line, meaning that it is based on “Analyst Judgment” and labeled “probably."
A major criterion for any attribution of a hacking incident is whether there are strong similarities to previous hacks identified with a specific actor. But the chart concedes that “several characteristics” of the campaign depicted in the report distinguish it from “another major GRU spear-phishing program,” the identity of which has been redacted from the report.
California Secretary of State Alex Padilla said DHS initially had notified his office “that Russian cyber actors ‘scanned’ California’s Internet-facing systems in 2016, including Secretary of State websites.” But under further questioning, DHS admitted to Padilla that what the hackers had targeted was the California Department of Technology’s network.
Texas Secretary of State Rolando Pablos and Oklahoma Election Board spokesman Byron Dean also denied that any state website with voter- or election-related information had been targeted, and Pablos demanded that DHS “correct its erroneous notification.”
Despite these embarrassing admissions, a statement issued by DHS spokesman Scott McConnell on Sept. 28, 2017 said the DHS “stood by” its assessment that 21 states “were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure.” The statement retreated from the previous admission that the notifications involved “potential targeting,” but it also revealed for the first time that DHS had defined “targeting” very broadly indeed.
It said the category included “some cases” involving “direct scanning of targeted systems” but also cases in which “malicious actors scanned for vulnerabilities in networks that may be connected to those systems or have similar characteristics in order to gain information about how to later penetrate their target.”
It is true that hackers may scan one website in the hope of learning something that could be useful for penetrating another website, as cybersecurity expert Prof. Herbert S. Lin of Stanford University explained to me in an interview. But including any incident in which that motive was theoretical meant that any state website could be included on the DHS list, without any evidence it was related to a political motive.
Arizona’s further exchanges with DHS revealed just how far DHS had gone in exploiting that escape clause in order to add more states to its “targeted” list. Arizona Secretary of State Michele Reagan tweeted that DHS had informed her that “the Russian government targeted our voter registration systems in 2016.” After meeting with DHS officials in early October 2017, however, Reagan wrote in a blog post that DHS “could not confirm that any attempted Russian government hack occurred whatsoever to any election-related system in Arizona, much less the statewide voter registration database.”
What the DHS said in that meeting, as Reagan’s spokesman Matt Roberts recounted to me, is even more shocking. “When we pressed DHS on what exactly was actually targeted, they said it was the Phoenix public library’s computers system,” Roberts recalled. In April 2018, a CBS News “60 Minutes” segment reported that the October 2016 DHS intelligence report had included the Russian government hacking of a “county database in Arizona.” Responding to that CBS report, an unidentified “senior Trump administration official” who was well-briefed on the DHS report told Reuters that “media reports” on the issue had sometimes “conflated criminal hacking with Russian government activity,” and that the cyberattack on the target in Arizona “was not perpetrated by the Russian government.”
NSA Finds a GRU Election Plot
NSA intelligence analysts claimed in a May 2017 analysis to have documented an effort by Russian military intelligence (GRU) to hack into U.S. electoral institutions. In an intelligence analysis obtained by The Intercept and reported in June 2017, NSA analysts wrote that the GRU had sent a spear-phishing email—one with an attachment designed to look exactly like one from a trusted institution but that contains malware design to get control of the computer—to a vendor of voting machine technology in Florida. The hackers then designed a fake web page that looked like that of the vendor.
They sent it to a list of 122 email addresses NSA believed to be local government organizations that probably were “involved in the management of voter registration systems.” The objective of the new spear-phishing campaign, the NSA suggested, was to get control of their computers through malware to carry out the exfiltration of voter-related data.
But the authors of The Intercept story failed to notice crucial details in the NSA report that should have tipped them off that the attribution of the spear-phishing campaign to the GRU was based merely on the analysts’ own judgment—and that their judgment was faulty.
The Intercept article included a color-coded chart from the original NSA report that provides crucial information missing from the text of the NSA analysis itself as well as The Intercept’s account.
The chart clearly distinguishes between the elements of the NSA’s account of the alleged Russian scheme that were based on “Confirmed Information” (shown in green) and those that were based on “Analyst Judgment” (shown in yellow). The connection between the “operator” of the spear-phishing campaign the report describes and an unidentified entity confirmed to be under the authority of the GRU is shown as a yellow line, meaning that it is based on “Analyst Judgment” and labeled “probably."
A major criterion for any attribution of a hacking incident is whether there are strong similarities to previous hacks identified with a specific actor. But the chart concedes that “several characteristics” of the campaign depicted in the report distinguish it from “another major GRU spear-phishing program,” the identity of which has been redacted from the report.
The NSA chart refers to evidence that the same operator also had launched spear-phishing campaigns on other web-based mail applications, including the Russian company “Mail.ru.” Those targets suggest that the actors were more likely Russian criminal hackers rather than Russian military intelligence.
Even more damaging to its case, the NSA reports that the same operator who had sent the spear-phishing emails also had sent a test email to the “American Samoa Election Office.” Criminal hackers could have been interested in personal information from the database associated with that office. But the idea that Russian military intelligence was planning to hack the voter rolls in American Samoa, an unincorporated U.S. territory with 56,000 inhabitants who can’t even vote in U.S. presidential elections, is plainly risible.
The Mueller Indictment’s Sleight of Hand
The Mueller indictment of GRU officers released on July 13 appeared at first reading to offer new evidence of Russian government responsibility for the hacking of Illinois and other state voter-related websites. A close analysis of the relevant paragraphs, however, confirms the lack of any real intelligence supporting that claim.
Mueller accused two GRU officers of working with unidentified “co-conspirators” on those hacks. But the only alleged evidence linking the GRU to the operators in the hacking incidents is the claim that a GRU official named Anatoly Kovalev and “co-conspirators” deleted search history related to the preparation for the hack after the FBI issued its alert on the hacking identifying the IP address associated with it in August 2016.
A careful reading of the relevant paragraphs shows that the claim is spurious. The first sentence in Paragraph 71 says that both Kovalev and his “co-conspirators” researched domains used by U.S. state boards of elections and other entities “for website vulnerabilities.” The second says Kovalev and “co-conspirators” had searched for “state political party email addresses, including filtered queries for email addresses listed on state Republican Party websites.”
Searching for website vulnerabilities would be evidence of intent to hack them, of course, but searching Republican Party websites for email addresses is hardly evidence of any hacking plan. And Paragraph 74 states that Kovalev “deleted his search history”—not the search histories of any “co-conspirator”—thus revealing that there were no joint searches and suggesting that the subject Kovalev had searched was Republican Party emails. So any deletion by Kovalev of his search history after the FBI alert would not be evidence of his involvement in the hacking of the Illinois election board website.
With this rhetorical misdirection unraveled, it becomes clear that the repetition in every paragraph of the section of the phrase “Kovalev and his co-conspirators” was aimed at giving the reader the impression the accusation is based on hard intelligence about possible collusion that doesn’t exist.
The Need for Critical Scrutiny of DHS Cyberattack Claims
The DHS campaign to establish its role as the protector of U.S. electoral institutions is not the only case in which that agency has used a devious means to sow fear of Russian cyberattacks.
In December 2016, DHS and the FBI published a long list of IP addresses as indicators of possible Russian cyberattacks. But most of the addresses on the list had no connection with Russian intelligence, as former U.S. government cyber-warfare officer Rob Lee found on close examination.
When someone at the Burlington, Vt., Electric Company spotted one of those IP addresses on one of its computers, the company reported it to DHS. But instead of quietly investigating the address to verify that it was indeed an indicator of Russian intrusion, DHS immediately informed The Washington Post. The result was a sensational story that Russian hackers had penetrated the U.S. power grid. In fact, the IP address in question was merely Yahoo’s email server, as Rob Lee told me, and the computer had not even been connected to the power grid. The threat to the power grid was a tall tale created by a DHS official, which the Post had to embarrassingly retract.
Since May 2017, DHS, in partnership with the FBI, has begun an even more ambitious campaign to focus public attention on what it says are Russian “targeting” and “intrusions” into “major, high value assets that operate components of our Nation’s critical infrastructure”, including energy, nuclear, water, aviation and critical manufacturing sectors. Any evidence of such an intrusion must be taken seriously by the U.S. government and reported by news media. But in light of the DHS record on alleged threats to election infrastructure and the Burlington power grid, and its well-known ambition to assume leadership over cyber protection, the public interest demands that the news media examine DHS claims about Russian cyber threats far more critically than they have up to now.”
“Gareth Porter is an independent investigative journalist and winner of the 2012 Gellhorn Prize for journalism. His latest book is Manufactured Crisis: The Untold Story of the Iran Nuclear Scare.”
Comment: Why didn’t anyone demand a recount of 2016 Illinois results if Illinois is such a big example of Putin's work?
...............
...........
No comments:
Post a Comment