December 13, 2016
If there’s one thing that’s certain in the intelligence business, it’s that there’s rarely any certainty.
That’s pretty much the first thing they teach you at spy school.
Back in the early days of my intelligence career, I had one instructor who explained it in a way that I’ll never forget.
“If you present your analysis as if it’s fact, instead of conjecture, the person who’s relying on your intelligence could end up making a bad decision that gets people killed.”
Intelligence is not about definitive conclusions. It’s about gathering data and coming up with plausible theories that connect the dots.
Sadly, sometimes those theories are influenced by personal or political agendas.
Back in 2002-2003, the Bush White House had a pretty clear predisposition that Iraq possessed Weapons of Mass Destruction (WMDs).
Miraculously, the intelligence reports conformed to that narrative.
And America went to war based on an “unassailable conclusion” from the intelligence community that Iraq had WMDs.
The facts were largely bogus, circumstantial at best. But this became the rallying cry behind every politician and media outlet’s patriotic bloodlust.
How quickly they all forget.
Here we are today with a new assertion: those dastardly Russians hacked Hillary Clinton and the Democratic National Committee (DNC).
I read it in the New York Times, so it must be true.
Once again there is a chorus of condemnation from the intelligence community and political establishment based on supposed rock-solid conclusions.
Yet once again the assertions are nothing more than theories that connect some very circumstantial dots.
Here’s the actual evidence:
The hacks were executed using two types of malware known as Cozy Bear and Fancy Bear.
(Yes that’s what they’re actually called.)
Fancy Bear is malware that takes a conventional “phishing” approach.
A phishing attack is when a hacker creates a web page that’s almost an exact copy of one that you’re used to.
For example, they’ll create a website that looks like your bank’s login page.
So if you click on a malicious link in your email that takes you to the fake page, you’ll inadvertently supply a hacker with your bank username and password.
They’ll then use that information to compromise your bank account.
Fancy Bear allowed hackers to gain access to private emails… primarily because the users at the DNC got duped into providing their login credentials.
Cozy Bear is the second piece of malware that installs itself on a computer, typically after a user clicks on a malicious web link.
One installed, the Cozy Bear malware deploys Remote Access Tools (known as RATs), providing a remote hacker access to the machine and its files.
If, however, Cozy Bear finds that the machine has advanced security software that could detect the malware and cause problems for the RATs, Cozy Bear will self-terminate.
So the first thing to point out here is that the DNC (and potentially the people who were administering Hillary’s private email server) weren’t maintaining the latest security patches and updates on their systems.
Someone at the DNC clicked on a malicious web link that installed the malware, and it didn’t self-terminate because they weren’t bothering to use advanced security software.
This is a simple competence issue, and I’m surprised it never came up in the news.
More importantly, Cozy Bear was used against the DNC as far back as summer 2015... as in just before, or right after, Donald Trump entered the race.
So it’s hard for me to believe that Vladimir Putin was actively hacking the DNC to support a candidate that had barely (or not even yet) materialized.
Most importantly, just because cybersecurity experts detected Cozy Bear and Fancy Bear doesn’t mean that the Russians were behind the attacks.
These assertions aren’t based on concrete facts; they’re just speculating that Colonel Mustard did it in the library with the candlestick.
But facts (or lack of facts) don’t matter.
Whenever something bad happens, the US government blames Russia… and everyone believes it without taking any time to question the evidence.
It’s as if we’re living in some lame espionage movie from the 1980s where the Russians are always the bad guys.
Look, I have absolutely zero regard for the Russian government (as is the case with just about every country’s government).
But I find it almost hilariously short-sighted how quickly everyone rushes to judgment against the Russians. Or the Chinese. Or the North Koreans.
Sure, maybe the Russians did it. And I’m happy to believe that’s the case once clear evidence is presented.
But it’s worth acknowledging right now that their assertions are nowhere near conclusive.
It’s not like this is the first time in US history that the federal government or one of its intelligence agencies could be wrong… or… <shudder> have a reason to lie.
It’s notable that last week President Obama ordered the entire intelligence community to investigate the Russian hacks.
Given the Obama administration’s numerous statements about the Russians’ complicity, and the nonstop media coverage about the “conclusive” evidence, it’s pretty clear that the outcome of the report is already pre-determined.
Just like the Iraq/WMD analysis back in 2002-2003, this investigation is biased by the boss’s predisposition that the Russians are guilty.
What I find most disturbing, though, is how they can’t let it go that the Russians influenced the election and manipulated voter sentiment.
I’m sure we can all appreciate that the hacks, no matter who perpetrated them, constitute criminal activity.
But the information that was released as a result of the hacks shined a painful and embarrassing spotlight on the inner workings of the corrupt political establishment.
So when the papers and politicians complain that the hacks influenced the election (as if the US government has never tried to influence a foreign election), they’re really just whining that voters found out the truth.
They have that little respect for your dignity.