clock menu more-arrow no yes mobile

Filed under:

Why it's hard for the CIA to make its case on Russian hacking

Majority Leader Mitch McConnell Holds Media Availability At U.S. Capitol
Senate Majority Leader Mitch McConnell has expressed some skepticism about the CIA’s contention that the Russian government tried to get Donald Trump elected.
Photo by Mark Wilson/Getty Images

If recent media reports are accurate, the CIA believes that the Russian government used its hacking prowess to help Donald Trump get elected president — a potentially unprecedented case of foreign interference in an American election decided by fewer than 100,000 votes in three key states.

US elected officials have traditionally taken pride in the idea that politics stops at the water’s edge — that whatever disputes Democrats and Republicans might have in domestic politics, they form a united front in confrontations with foreign countries.

But the debate over the CIA’s charges of Russian interference in the 2016 election has put that principle under strain. Trump and many of his congressional supporters have dismissed the government’s charges as partisan propaganda intended to undermine the legitimacy of his election. “They have no idea if it's Russia or China or somebody,” Trump said on Fox News on Sunday.

What makes this fight so tricky is that the CIA’s best evidence really might be information that it can’t release publicly without compromising valuable sources of future intelligence. That means the CIA needs to convince a skeptical public to accept its conclusions without sharing all of the information that led the intelligence agency to make those conclusions in the first place.

President Obama has asked the nation’s intelligence agencies to prepare a report on hacking incidents related to the 2016 election. This could give the CIA space to disclose some of its evidence and conclusions, but it will still likely have to withhold some key details to protect sources and methods.

The White House report will likely be dismissed out of hand by many Trump’s supporters, however, which means that the people to watch are the Republicans on Capitol Hill who have made clear that they want to aggressively investigate the Russian hacking charges.

Republican Sens. John McCain and Lindsey Graham have signed a bipartisan letter calling for a congressional investigation into Russian interference in the US election. The top Republicans in Congress, Senate Majority Leader Mitch McConnell and House Speaker Paul Ryan, have both endorsed the idea of investigating the allegations, though they’ve have resisted calls to appoint a special committee to look into the controversy.

The two parties might be willing to work together on the investigation, in other words. But it remains to be seen whether the Republicans and Democrats who conduct the probe together will ultimately see eye to eye on the conclusions.

The public evidence for Russia’s involvement is only circumstantial

Putin, Hollande, Merkel And Poroshenko Meet Over Ukraine Peace Plan
Russian President Vladimir Putin.
Photo by Sean Gallup/Getty Images

There are a lot of ways for a sophisticated hacking organization to cover its tracks, so it’s almost never possible to directly trace an attack back to the specific organization that initiated it. As a result, hacking investigations usually rely on more indirect methods.

One approach is to rely on patterns of behavior across multiple attacks. Hackers — especially sophisticated state-based attackers like in Russia and China — often build complex malware tools to help in their hacking efforts, and sometimes they leave copies of this software on machines they’ve compromised. If computer security experts examine a hacked machine and find malware on it that is similar to software used for previous attacks, it’s a reasonable guess that the same attacker was behind both attacks.

Attackers can also get sloppy and use the same computer or online account to launch multiple attacks. For example, whoever stole John Podesta’s emails did so by sending a malicious link using the link-shortening service Bitly. As the technology news site Motherboard put it, the Bitly account used in the attack was “one of almost 9,000 links Fancy Bear used to target almost 4,000 individuals from October 2015 to May 2016.”

“Fancy Bear” is a code name for a prolific hacking organization that’s believed, based on extensive circumstantial evidence, to be linked to the Russian government. The organization is far too prolific to be just a bored teenager, and it has a habit of choosing targets that would be of interest to the Russian government, like journalists in Eastern Europe.

Another example: The emails leaked from the Democratic National Committee — a separate attack from the hack of John Podesta — came from Guccifer 2.0, a pseudonym for a person (or group of people) who claims to be Romanian. He insists he has no ties to the Russian government and doesn’t even speak Russian.

However, there is significant evidence that Guccifer 2.0 did his work with a computer configured to work in the Russian language. When he was challenged to conduct an online chat in Romanian by a Motherboard writer, “he used such clunky grammar and terminology that experts believed he was using an online translator.”

With enough circumstantial evidence like this, you can build a strong case that a series of seemingly separate hacks were really part of a more organized campaign, and that the campaign was conducted by an organization with apparent ties to the Russian government.

But it’s difficult to conclusively prove a link to the Russian government with this kind of evidence. There’s always a possibility that someone else — perhaps another foreign government — faked a connection to Russia to mask their own involvement. Or it’s possible that some other organization in Russia carried out the attacks without the knowledge or endorsement of the Kremlin. Neither of these seems very likely, but we can’t rule them out based on the kind of circumstantial evidence the public has seen so far.

The strongest evidence is the hardest to make public

Sony Pictures' 'The Interview' Opens On Christmas Day
North Korea was reportedly incensed when Sony Pictures produced The Interview.
Photo by Ethan Miller/Getty Images

The best way to prove that a foreign government is behind a particular attack is by getting inside information. A good example comes from the 2014 hack of Sony Pictures.

The hack seemed to be in retaliation against Sony for producing The Interview, a comedy that mocked North Korean dictator Kim Jong Un. In December 2014, the US government blamed North Korea for the attack, but didn’t elaborate how it knew North Koreans were responsible.

Then in January, the New York Times published a story that explained Washington’s confidence about the perpetrators: For years, the US National Security Agency has been hacking into North Korean computer networks. That could have enabled the NSA to directly monitor the activities of the North Korean hackers as they plotted their attacks on Sony.

The Times story itself is a bit vague about the NSA’s capabilities, so it’s hard to say for sure how strong the NSA’s evidence was in the Sony hack. But in principle, this is the kind of evidence you need to definitely prove that a foreign government was responsible for a particular attack.

Having this kind of information is one thing; deciding to release it is a different question altogether. That’s because making the information public inevitably makes it harder for an intelligence agency to steal such secrets in the future. When North Korean officials read the New York Times report on the NSA’s penetration of North Korean computer systems, they undoubtedly ordered a thorough security audit. That may have undermined the US government’s ability to monitor North Korean activities, which could make the US less effective in responding to future crises on the Korean Peninsula.

The stakes in Russia hacking an American election are obviously incalculably higher than those in North Korea attacking a US movie studio. Unfortunately for the CIA and its defenders, a Sunday New York Times report suggests that the CIA’s evidence of Russian interference is not as strong as the evidence the NSA had about North Korea’s hacking exploits.

“The CIA’s conclusion does not appear to be the product of specific new intelligence obtained since the election, several American officials, including some who had read the agency’s briefing, said on Sunday,” the Times reports. “Rather, it was an analysis of what many believe is overwhelming circumstantial evidence — evidence that others feel does not support firm judgments — that the Russians put a thumb on the scale for Mr. Trump, and got their desired outcome.”

Of course, this is a thirdhand summary of what is likely to be a highly technical report, so it could easily be understating the CIA’s evidence.

In any event, it’s likely that publishing the full evidence the CIA has — the information it has showed only to select members of Congress so far — would give the Russians clues about the CIA’s surveillance capabilities. That could make those capabilities less effective in the future.

Partisanship makes it hard for US intelligence to do its job

President Elect Trump Continues His 'Thank You Tour' In Grand Rapids, Michigan Photo by Drew Angerer/Getty Images

The obvious solution here is not to disclose the evidence, but instead to show it to trusted, neutral parties who can publicly confirm the government’s conclusions without revealing details that would compromise sources and methods.

According to Friday reports from the New York Times and the Washington Post, this is exactly what the Obama administration has tried to do with members of Congress. Back in September, US intelligence agencies assembled a small, bipartisan group of members of Congress and laid out the evidence linking Russia to the attacks.

The hope was that the Republicans in the group would be persuaded by the evidence and sign on to a bipartisan statement condemning Russian interference with the election. They hoped that support from Republican leaders in Congress would convince Republicans across the country to accept the government’s conclusions without having to publish the full evidence.

But it didn’t work. “Republicans were divided, with at least two GOP lawmakers reluctant to accede to the White House requests,” the Washington Post reports. Senate Majority Leader Mitch McConnell “raised doubts about the underlying intelligence and made clear to the administration that he would consider any effort by the White House to challenge the Russians publicly an act of partisan politics.”

You can read this exchange in two ways. One reading is that McConnell was putting partisan interests above the national interest, refusing to accept clear evidence of Russian interference in order to aid Donald Trump’s election. But it’s also possible that the CIA’s case genuinely wasn’t very compelling, and McConnell was simply voicing appropriate skepticism about blaming Russia based on half-baked evidence.

This latter interpretation, naturally, is the one Trump favors. “Democrats are putting it out because they suffered one of the greatest defeats in the history of politics in this country,” the president-elect said on Fox News on Sunday.

Democrats are more inclined toward the first theory, especially since many believe that Obama took nonpartisanship to a fault by failing to respond when FBI Director James Comey upended the final days of the campaign by publicly reopening, and then closing, the dormant investigation into Clinton’s use of a private email server.

Trump’s strongest supporters in the Republican Party, meanwhile, are obviously going to prefer the second. But as long as the underlying evidence stays secret, there’s no way for the rest of us to figure out who’s right.

If intelligence agencies really do have clear evidence that Russia was trying to help Donald Trump, this situation puts them in a terrible bind. They could publish the full evidence and settle the debate, but in the process they could compromise valuable intelligence sources — and they would risk alienating a lot of Republicans in the process. Conversely, they could keep the evidence under wraps, making it more likely that foreign governments will stage similar attacks in future elections.

That’s the challenge for the authors of the White House’s forthcoming report on hacking during the 2016 election: They need to provide enough information to convince the public of the agency’s conclusions, without releasing details that could tip off the Russians to intelligence sources they didn’t previously know about.

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.