Dpt. of State / Foreign Policy / National Security / Politics / Presidential Race 2016 / Russia

Politicking National Security: A Hack Job

thumbnail_482436677_db5f31d862_oIn case you missed it, a presidential candidate invited a foreign government to break into either a private citizen’s email account and steal information or break into the servers at the United States Department of State.

I am in a state of disbelief. These were his words (with my editorial comments in parentheses):

Russia, if you are listening (which, of course there are a few Russian hackers who are), I hope you’re able to find the 30,000 emails that are missing. I think you will probably be rewarded mightily (brief pause) by our press (gestures to the journalists in front of him).

A candidate who was chosen by a portion of the United States of America, the bastion of democracy, to potentially represent the free world and serve as the guardian of U.S. national security, publicly requested that Russian hackers leverage their talents against his political opposition. But, no, he was certainly kidding or being sarcastic.

I counter these half-hearted denials. Any attempt to dilute the significance of this careless, dangerous “joke” is in itself equally dangerous and shameful.

Inviting hackers to root out the deleted emails condones illicit behavior. Inviting foreign hackers to do so moves the conversation from a political debate or a debate of ethical behavior to a national security issue.

It should be widely known that foreign governments actively participate in counter-espionage; one might consider it a form of patrolling. Files released through WikiLeaks and through Edward Snowden have made it abundantly clear that countries across the globe surveil each other’s internal workings, and, at times, political parties. That’s nothing new. What makes this affair different is that, first, hackers did not just siphon off political information for their own internal uses. They stole files, emails, voicemails, and released them during a politically sensitive time in the United States. Second, rather than condemning the foreign hack, a presidential candidate suggested that the hackers infiltrate U.S. cyber infrastructure to unearth deleted emails of his political opponent.

The timing of the release stoked political anger, and certainly warranted commentary, but did not warrant an explicit invitation for foreign actors to corrupt U.S. cyber security and intervene in a U.S. political process.

This episode ushered in a new reality for the United States. A foreign government intervened in the U.S. political process and effectively meddled in our business. Was there a collective, bi-partisan cry of fury against the violation? Did American patriotism whelm against the intruders? Well, not really.

Perhaps, we were skeptical of the accusation against Russia. Perhaps, the partisan divide is so severe that this intrusion is seen as a strike against one’s enemy, therefore its utility is ultimately good for you.

Check yourself. This is no joke.

U.S. intelligence agencies have “high confidence” that the Russian government is responsible for the theft of DNC communications. Prior to this conclusion, private cybersecurity firms released the results of their investigations that traced previous DNC hacking incidents to both the Russian military intelligence services (GRU) and Russia’s security agency (FSB). These conclusions pre-dated the release of the DNC emails and voicemails, and the evidence solidified over time (in the past few months). Forensic evidence, including overlapping encryption keys, common methods, and a reused command-and-control address, as well as language, timing, colloquial user names, and the metadata attached to the file dumps, led investigators to firmly identify Russia as the point of origin for the hack.

The first hint that hackers had breached the headquarters of a U.S. political party came to light in mid-June. The first hacking group, dubbed Cozy Bear (also referred to as CozyDuke or APT 29), had penetrated the DNC’s system a year before their presence was noticed. The second group, Fancy Bear (also referred to as Sofacy or APT 28), entered the party’s system just a few months ago, in April. According to the blog report listed by the security firm Crowdstrike, both groups are associated with Russian security agencies and this certainly isn’t their first hack.

I remember hearing about the DNC hack earlier this summer and talking with a few of my friends about it. We each assumed that this hack would be like others that happened in the past. Whoever had infiltrated the DNC’s system would probably use the information to try to understand the U.S. electoral system by peering into the heart of one of the two major political parties.

Even if I had entertained the idea that the foreign hackers would dare to publish the stolen materials, I held on to the hope that American citizens would have been more offended by the foreign intrusion than by the potential content of the communications and research. It’s a sweet Pollyanna thought, I know… or, at least, now I know.

What box of Pandora’s delights do you open when you concede to the belief that the theft, release, and manipulation of U.S. political materials is a low-grade sacrifice?

I do not believe that President Putin is the puppet-master behind these incredulous words. But, my blood does run cold when I see how words, situations, and information can be manipulated by an adversarial leader who would, indeed, benefit mightily if America were led by a rash, amorphous character.