
How do we really know that the breaches of the Democratic National Committee were conducted by organizations working on behalf of the Russian state? With the CIA considering a major counterstrike against the superpower, as NBC has reported, it’s worthwhile for the public to measure how confident we can be that Putin’s government actually deserves retribution.
a solid new podcast from Bloomberg, called “Decrypted.” In the new episode, he and fellow reporter Aki Ito break down the facts that put security experts beyond a reasonable doubt that the hack was in fact an operation of the Russian state.
episode ofHere are the key points:
- Familiar techniques. Crowdstrike came in first, once DNC IT teams suspected breaches and recognized the techniques of the two groups it calls Cozy Bear and Fancy Bear. Others refer to them as APT 28 and 29, where APT stands for “Advanced Persistent Threat.” Crowdstrike’s co-founder Dmitri Alperovitch broke down his reasoning on its blog, writing,
- Redundancy is Russian. The Crowdstrike post explains that the fact that two organizations were inside and apparently not working together is consistent with Russian operations. “ Alperovitch writes.
- Such nice code. Bloomberg turns to an ex-cop at one of the companies that Crowdstrike recruited to check its work, Mike Buratowski at Fidelis. His company put the code discovered on DNC servers into a virtual environment to test it.
- Russian keyboards and timestamps. Investigators found evidence in the code that it had been written on a Russian style keyboard and found timestamps across multiple pieces of code consistent with the Russian workday.
- Motive. This was an extremely complex hack that took a lot of time and effort. Again, the Crowdstrike post helps here. It discusses evidence that the spies returned to the scene of the crime repeatedly to change out code to avoid detection. Buratowski refers to it as an entity with more operational discipline than an individual or a loose group could sustain. Which begs the question: who but a nation-state would have sufficient motive to work that hard? Further, the same groups were linked both to the hacks on John Podesta and Colin Powell, which suggests a multi-front initiative. That goes beyond what a hacker collective might do for bragging rights or lulz.
- Information war. The DNC emails dropped the day before the party’s national convention.
- Official attribution from the US government. Washington sees evidence of breaches all the time. It seldom points the finger at specific states, the Decrypted team argues. The fact that it has is powerful.
From there, the podcast asks: what does this hack mean for the U.S. election. They come to basically the same conclusions that the Observer did in September: voting systems are very safe—voter rolls are less so, but nation-states probably want to discredit our system more than they want to change outcomes.
How sure can we be? Buratowski says,
So what does it all mean? It’s natural for political junkies to wonder if there might be further disclosures coming before Election Day, but—if this is an information operation—it might be even more disruptive to hold documents until after the election in order to throw doubt on our final choice. Either way, further disclosures will probably come.