“How the Department of Homeland Security Created a Deceptive Tale of Russia Hacking US Voter Sites”
Gareth Porter, Consortium News, August 28, 2018
DHS compiled an intelligence report suggesting hackers linked to the Russian government could have targeted voter-related websites in many states and then leaked a sensational story of Russian attacks on those sites without the qualifications that would have revealed a different story. When state officials began asking questions, they discovered that the DHS claims were false and, in at least one case, laughable.
The National Security Agency and special counsel Robert Mueller's investigating team have also claimed evidence that Russian military intelligence was behind election infrastructure hacking, but on closer examination, those claims turn out to be speculative and misleading as well. Mueller's indictment of 12 GRU military intelligence officers does not cite any violations of U.S. election laws though it claims Russia interfered with the 2016 election.
Porter's view is that the Department of Homeland Security is trying, by means of a sketchy publicity campaign, to establish its credentials as the primo defenders of America's computers and networks “despite its limited resources for such responsibility.”
You would think that experienced diplomats would demand extremely reliable evidence for attributing a network attack to agents of a foreign government. But accurate attribution is so difficult, the perceived need to find someone to blame is so profound, and the notional political advantages of blaming some currently unpopular rival state are so compelling that governments are willing to proceed with accusations on incredibly weak and ambiguous evidence.
A case in point: The government of the United Kingdom has joined the United States in blaming the widespread and consequential propagation of the NotPetya ransomware on the agents of the Russian government. Here is the basis for their confident accusation:
1. More computers were affected in the Ukraine than in any other country. The Russian government hates the Ukrainian government.
2. One vector for the spread of the malware was an accounting software package used in the Ukraine. The Russian government hates Ukrainian software developers.
3. The attack “fits a pattern” that also describes other attacks that have been previously attributed to agents of the Russian government (on even flimsier evidence).
4. NotPetya was a variant of an earlier ransomware package called Petya, but it appears to have been reimplemented from scratch instead of being adapted from the Petya codebase. This demonstrates the level of technical sophistication characteristic of a nation-state. Russia is a technically sophisticated nation-state.
5. The ransomware feature of NotPetya didn't work, and provided no way for the victims to pay the ransom to the attackers. Instead, NotPetya simply waited for the payment window to run out and then wiped the targeted system's drives. Similarly, the Russian military has often used criminal operations as cover for special ops and not infrequently employs deception as a military tactic.
6. NotPetya exploited two vulnerabilities originally identified by the National Security Agency and made public by a group (nationality unknown) calling itself the Shadow Crew. Some people have speculated that the hackers who stole the NSA's tools for exploiting these vulnerabilities were agents of the Russian government.
7. Don't forget: The Russian government hates the Ukrainian government.*Sigh.*
“What the UK Knows: Five Things That Link NotPetya to Russia”
Paul Roberts, The Security Ledger, February 15, 2018
(In case you're trying to link my seven-item list to the “five things” mentioned in the article title or to the five slides in the slideshow at the end of the article: the first slide corresponds to items 1, 2, and 3 on my list, the second to my item 4, the third to my item 5, the fourth to my item 6, and the fifth to my item 7.)