At a glance.
- US Senate Select Committee on Intelligence releases the final volume of its report on Russian interference in the 2016 election.
- Russian disinformation in the Near Abroad retains a focus on Ukraine.
- Challenges of attribution in information operations.
Senate Intelligence Committee's final report on Russian influence operations during the 2016 US election.
The US Senate Select Committee on Intelligence has released the final volume of its report on Russian interference with the 2016 election. "The Committee found that the Russian government engaged in an aggressive, multifaceted effort to influence, or attempt to influence, the outcome of the 2016 presidential election." It found that President Putin directed the campaign and set its goals (generally disruptive, but specifically anti-Clinton), that despite troubling behavior by sometime Trump consigliere Paul Manafort there was no evidence of collusion between the Trump campaign and Russian intelligence services, and that the FBI made loose and careless use of the retrospectively implausible Steele dossier. The report's focus is counterintelligence, and not, as its authors point out, criminal investigation of the sort taken up by the earlier Mueller report.
Particularly interesting conclusions include the following:
- On President Putin's involvement: "Russian President Vladimir Putin ordered the Russian effort to hack computer networks and accounts affiliated with the Democratic Party and leak information damaging to Hillary Clinton and her campaign for president. Moscow's intent was to harm the Clinton Campaign, tarnish an expected Clinton presidential administration, help the Trump Campaign after Trump became the presumptive Republican nominee, and undermine the U.S. democratic process."
- On division of labor within Fancy Bear: One GRU section was charged with gaining access to the targets, another with staging and amplifying them where they could work their influence.
- On WikiLeaks: "WikiLeaks actively sought, and played, a key role in the Russian influence campaign and very likely knew it was assisting a Russian intelligence influence effort. At the time of the first WikiLeaks releases, the U.S. Government had not yet declared WikiLeaks a hostile organization and many treated it as a journalistic entity." DCLeaks, established as a conduit for the leaks, lacked the desired reach and credibility; the GRU shifted to WikiLeaks, which many were at the time still willing to treat as a legitimate journalistic operation. The general presumption that WikiLeaks was more-or-less aligned with progressive politics would have been gravy, giving the DNC leaks a misleading character of an admission against interest.
- On Paul Manafort: "The Committee found that Manafort's presence on the Campaign and proximity to Trump created opportunities for Russian intelligence services to exert influence over, and acquire confidential information on, the Trump Campaign. Taken as a whole, Manafort's high-level access and willingness to share information with individuals closely affiliated with the Russian intelligence services, particularly Kilimnik and associates of Oleg Deripaska, represented a grave counterintelligence threat."
- On Roger Stone: "Trump and senior Campaign officials sought to obtain advance information about WikiLeaks's planned releases through Roger Stone.... The Committee could not reliably determine the extent.of authentic, non-public knowledge about WikiLeaks that Stone obtained and shared with the Campaign." Other Trump campaign operators were mentioned in dispatches, but we will for present purposes let Messrs. Manafort and Stone stand for all of them.
- On the FBI: "The Committee found that certain FBI procedures and actions in response to the Russian threat to the 2016 elections were flawed, in particular its interactions with the DNC about the hacking operation and its treatment of the set of memos referred to as the Steele Dossier.... FBI gave Steele's allegations unjustified credence, based on an incomplete understanding of Steele's past reporting record. FBI used the Dossier in a FISA application and renewals and advocated for it to be included in the ICA before taking the necessary steps to validate assumptions about Steele's credibility. Further, FBI did not effectively adjust its approach to Steele's reporting once one of Steele's subsources provided information that raised serious concerns about the source descriptions in the Steele Dossier. The Committee further found that Steele's reporting lacked rigor and transparency about the quality of the sourcing." In general, the Bureau handled the DNC with a punctilious attention to its own regulations, but was markedly more free-wheeling in its use of the Steele Dossier. The committee did not find evidence that the Russians successfully assembled kompromat against then-candidate Trump.
- On the market for political influence services: It's there, it's large, and it's international. "Over the course of this investigation, the Committee identified an international marketplace for digital services to shape popular sentiment and electoral outcomes. These services-many of which are based overseas-use an array of personal information to build targeted messaging profiles. During elections, campaigns can use these profiles to direct select political advertisements and narrative content toward specific audiences calculated to be most susceptible to the messaging. This practice of "micro-targeting" is in tum designed to influence the thoughts and judgments of voters. The use of messaging to sway voter sentiment is not a new development. However, it is now enabled by advanced data analytics and algorithmic targeting, the globally expansive reach of social media, and user-generated data and personal information that is often unwittingly provided or illicitly obtained." As the conclusion states, this is not a new development. We suggest its immediate ancestor might be found in the direct-mail techniques that came to maturity in the late 1970s and 1980s.
Democratic reaction has emphasized the counterintelligence problems Paul Manafort and others represented, and the Trump campaign's interest in what was expected to emerge from WikiLeaks. Additional comments from some of the Democratic members concluded, "the Russian intelligence services' assault on the integrity of the 2016 U.S. electoral process and Trump and his associates' participation in and enabling of this Russian activity, represents one of the single most grave counterintelligence threats to American national security in the modem era." For their part, Republican reactions pointed out a lack of evidence that the Trump campaign colluded with Russia, and noted the problems with the FBI's conduct of its investigation. Republican members' additional comments said, "All Americans should be deeply troubled that the FBI was willing to accept and use Steele's information without verifying its sourcing or methodology. Volume 5 is an important contribution to the historical record from which historians will someday draw. As is evident to those who read all five volumes of the Committee's report, the Russian government inappropriately meddled in our 2016 general election in many ways but then-Candidate Trump was not complicit. After more than three years of investigation by this Committee, we can now say with no doubt, there was no collusion." (Emphasis in the original.)
What are some other takeaways? As FCW observes, the report's look at the FBI in particular suggests ways in which the Bureau, and presumably other Federal agencies, might usefully improve the investigation of cyber incidents. And it's difficult to read the report without being struck by how much of the interaction among intelligence officers, agents, and targets seems the work of opportunists and fantasists. Let the Russian proposal to have President Putin show up at the National Prayer Breakfast stand for the rest. These are tactical and not principled operations.
Disinformation in the Near Abroad.
Unrest in Belarus and continuing Russian ambition to re-engorge the near abroad have been on display over the past week.
Ukraine’s National Cyber Coordination Centre warns that Gamaredon Group (also known as Primitive Bear, a Russian threat group run by the GRU and presenting itself as a Ukrainian separatist organization) is newly active with phishing. The attackers are using malicious attachments that pose as official government documents, often spoofing the Security Service of Ukraine. The effort appears to be battlespace preparation for a campaign against Ukrainian infrastructure believed to be timed for Monday, August 24th, which is Ukraine’s independence day.
The Centre’s press service stated, “Specialists of the NCCC within the National Security and Defense Council of Ukraine have identified a trend towards the modernization of cyberattack software in order to increase the effectiveness of overcoming protection means and concealment of their activities in compromised systems. The analysis of malicious programs revealed signs of preparation for a large coordinated attack on government agencies and critical infrastructure, aimed at destabilizing the situation in Ukraine before the Independence Day and during preparations for the next local elections.”
Ukraine’s SBU security service also says that accounts of its involvement with Russian Wagner Group paramilitaries allegedly active in Belarus are Russian disinformation. Ukraine’s SZR foreign intelligence service yesterday said the Wagner Group is operating in Belarus under Russian control. The imposture in both cases would be the pretense that Primitive Bear and the Wagner Group are either, in the former case, a homegrown Ukrainian group or, in the latter, a private militia contracted for deniable violence by Kiev. See SentinelOne's useful February report for background on the Gamaredon Group.
Challenges of attribution.
Two low-grade instances of hacking in two conflict-prone regions, the Aegean and the Subcontinent, serve as reminders of the difficulties of attribution. Spontaneous hacktivism can be difficult to distinguish from government-run cyberattacks, but two current campaigns look for now more like patriotic hacktivism than espionage. The Greek Reporter says that government websites in Eastern Macedonia and Thrace have been defaced with “Blue Homeland” messaging that evidently came from Turkish operators. And Zee News trumpets the activities of the “Indian Cyber Troops” who’ve “hoisted the Indian tricolor” on some eighty Pakistani websites. Further complication arises from the possibility that such actions could also be false flags or provocations.