Questions for the Senate Hearing on Russian Hacking

Senior intelligence officials will testify Thursday before the Senate Armed Services Committee (SASC) about foreign cyberthreats to the U.S. Much of the testimony is likely to focus on what role Russia had in the U.S. election.

U.S. intelligence officials say Russia hacked the Democratic National Committee and others in an attempt, they say, to influence the U.S. presidential election. Although it's unclear if that alleged action was successful, President-elect Donald Trump is skeptical of claims about Russia’s role. He says it’s difficult to definitively say who was behind the hacking, and has supported the views of Julian Assange, the WikiLeaks founder, that a “14-year-old could have hacked” Democratic officials.

Among those testifying Thursday are James Clapper, the director of national intelligence; Marcel J. Lettre, the under secretary of defense for intelligence; and Admiral Mike Rogers, who heads U.S. Cyber Command.

Senator John McCain, the Republican senator from Arizona who chairs the SASC, has made his own views clear, telling Ukrainian TV that Russia's actions were “an act of war.”

Who is involved?

Intelligence officials leaked word to NBC and ABC that Russian President Vladimir Putin was “personally involved” in cyberattacks aimed at interfering with the United States presidential election. NBC’s report relied on “two senior officials with direct access to the information,” ABC’s on “U.S. and foreign intelligence officials.” In an interview with NPR on December 15, U.S. President Barack Obama vowed that the U.S. would take action in response, “at a time and place of our own choosing.” He went on: “Mr. Putin is well aware of my feelings about this, because I spoke to him directly about it.” On December 29, he did more than speak: He sanctioned the two Russian intelligence services believed to be involved in the hacks (Russian military intelligence, the GRU, and the KGB’s successor the FSB, which is responsible for counterintelligence and internal security). He also expelled 35 Russian officials in the U.S. believed to be intelligence agents. After Russian Foreign Minister Sergei Lavrov threatened to retaliate, Putin declined to do so.

Didn’t we already know about Russia hacking the Democratic National Committee and others? Why all the fuss?

The newest reports purport to add detail on both actors and intent. Putin personally has not been previously blamed for hacks resulting in leaks damaging to the Clinton campaign, though in October Director of National Intelligence James Clapper stopped just short of doing so, saying that “based on the scope and sensitivity of these efforts ... only Russia’s senior-most officials could have authorized these activities.” Secondly, separate intelligence leaks to The New York Times and The Washington Post on December 9 for the first time claimed that the intent of the hacking was to sway the election in favor of Trump, rather than simply sow generalized distrust. It has not yet been suggested that cyberattacks managed to change the actual vote tally in favor of either presidential candidate.

Information on what exactly happened has been dripping out slowly, and often anonymously and unofficially, for months. Way back in mid-June, the Democratic National Committee reported an intrusion into its computer network, and the cybersecurity firm CrowdStrike publicly blamed Russian hackers after analyzing the breach. In July, after emails stolen from the committee appeared on WikiLeaks, Democratic members of congress also blamed the Russians, with Clinton campaign manager Robby Mook alleging that “It was the Russians who perpetrated this leak for the purpose of helping Donald Trump and hurting Hillary Clinton.” 

It wasn’t until September that anonymous federal officials confirmed to The New York Times the intelligence community’s “high confidence” of Russian government involvement in the hack, if not the subsequent leak, and leaving doubt as to whether the hacks were “routine cyberespionage” or actually intended to influence the election. And it wasn’t until October that the Director of National Intelligence, James Clapper, went on the record to blame Russia—government actors, not, say, cybercriminals who happened to be Russian, “based on the scope and sensitivity of these efforts,” and further declaring that they were “intended to interfere with the U.S. election process.” Days later, emails stolen from Clinton campaign chairman John Podesta appeared on WikiLeaks.

So as of fall, the United States government had officially blamed Russia for the hacks, and stated that the hacks were intended to interfere with the American election. Until December 9, intelligence officials were not claiming that the Russians wanted specifically to help Trump win, as opposed to undermining faith in the overall process. Then The Washington Post disclosed a “secret CIA assessment”—again described by anonymous officials—declaring it “quite clear” that a Trump presidency was the ultimate goal of the hacks. A Times investigation published a few days later provided more background on how the hacks actually worked. Yet the Office of the Director of National Intelligence (ODNI) has not publicly embraced the CIA’s findings, and the FBI has given a more “ambiguous” picture of Russia’s goals in congressional briefings. Meanwhile, Congress is planning to investigate.

Who else has been hacked?

Thomas Rid, writing in Esquire in October, noted that Russia began hacking the U.S. as early as 1996, five years after the demise of the Soviet Union, and added that the DNC hack concealed an even bigger prize for the Russians: the National Security Agency, whose secret files were dumped this August on Github and other file-sharing sites.

Then there is Germany. In May, BfV, Germany’s domestic intelligence agency, said hackers linked to the Russian government had targeted Chancellor Angela Merkel’s Christian Democratic Union party, as well as German state computers. In September, Arne Schoenbohm, who heads Germany’s Federal Office for Information Security (BSI), briefed German lawmakers about Russian hacking. Schoenbohm told Sudduetsche Zeitung, after reports emerged in the U.S. of the hacking of the Democratic National Committee, that “[g]iven the background of the American situation, I have to protect our political parties from spying.” Those warnings became more urgent after the U.S. presidential election. Bruno Kahl, the head of the Germany’s foreign intelligence service, told the newspaper last month that Russia could seek to disrupt Germany’s elections next year to create “political uncertainty.” Merkel, who is seeking a fourth term in those elections, said in November after an attack targeted Deutsche Telekom customers that “[s]uch cyber attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them.”

Suspected Russian hacking has targeted other countries, as well. In April 2007, websites and servers belonging to the government, banks, and media in the former Soviet republic of Estonia came under a sustained monthlong attack. A U.S. diplomatic cable, published in WikiLeaks, called the Baltic state an “unprecedented victim of the world's first cyber attacks against a nation state.” Similar attacks targeted the former Soviet republic of Georgia a year later, and Ukraine more recently. All three countries have pro-Western leaders that are deeply critical of what they see as Russia’s turn toward authoritarianism under President Vladimir Putin.

And prior to perhaps their most high-value target thus far, the DNC, Russian hackers allegedly targeted the World Anti-Doping Agency ahead of the Rio Olympics this summer. WADA had reported a widespread Russian state-run doping program that involved the country’s track-and-field program. That revelation resulted in the Russian track-and-field team being banned from the games. WADA was hacked in apparent response, and the personal information of several athletes, including the Russian whistleblower who alerted WADA to the scandal, was leaked online. It’s worth pointing out that the Russian government has dismissed claims that it is involved.

What does “hacking” actually entail?

It depends: Hackers believed to be from Russia have accessed computers and servers belonging to government and political parties in rival countries. In some cases, such as in the DNC or WADA hack, those hacks resulted in the leak of information on websites such as WikiLeaks. In other cases, the attacks focused on national infrastructure: In Ukraine, for instance, according to Wired, hackers targeted the power grid; they then attacked the telephone service so customers couldn’t call to report the outages. When they hit the NSA, hackers posted the agency’s  “cyber-weapons” to file-sharing sites, according to Esquire. The hackers don’t just target states and institutions. Frequently, individuals are caught up, as well. On December 9, the Times reported that suspected Russian hackers targeted critics of the country’s government who live overseas by posting child porn on their computers.    

How solid is the CIA’s case that Russia tried to tilt the election for Trump?

An unnamed official told Reuters on Tuesday that “ODNI is not arguing that the agency (CIA) is wrong, only that they can’t prove intent.” The Post noted this problem in its Friday report, citing “the United States’ long-standing struggle to collect reliable intelligence on President Vladi­mir Putin and those closest to him.” Since the end of the Cold War and especially since 9/11, American intelligence agencies have deprioritized Russia. The Post reported in fall, citing U.S. officials, that the “CIA and other agencies now devote at most 10 percent of their budgets to Russia-related espionage, a percentage that has risen over the past two years,” but is still dwarfed by the Cold War peak of about 40 percent.

As for the actual evidence of intent, what’s publicly available is circumstantial, including Russian state TV’s pushing of Trump’s candidacy, and reports that the Republican National Committee, too, was hacked though suffered none of the same embarrassing leaks as the DNC. (The RNC has denied it was hacked; The Wall Street Journal reports, citing “officials who have been briefed on the attempted intrusion,” that the effort was thwarted by the RNC’s cybersecurity systems.) All of this was occurring in an international political context in which Trump was one of the most pro-Russian presidential candidates in recent memory, while Vladimir Putin personally blamed Hillary Clinton for inciting protests against his rule when she was secretary of state.

Meanwhile, the denials. Many of Trump’s surrogates have publicly suggested that Russia is the victim of a false-flag operation planned by U.S. intelligence—an assertion that doesn’t appear to be based on any fact in the public realm. Russian officials themselves have rejected the idea they are involved, as have Russian cyber-security experts, one of whom dismissed it as “a classic stereotype of the nineties and early 2000s.” They say that it’s virtually impossible to trace the origin of a hack.

But as Kaveh Waddell explained in The Atlantic, while it can be difficult to catch the culprit of a hack, it’s by no means impossible. Esquire, in its story, noted that sloppy errors committed by the hackers pointed U.S. intelligence to their whereabouts. Andrei Soldatov, who wrote Red Web, told The Telegraph the Russian government is using its computer industry to hack its targets. “We have maybe the biggest engineer community in the world, and lots of great specialists,” he told the newspaper. “They are not criminals, they are professionals—and they are not bothered or afraid to refuse requests from government agencies.”

But Trump says we shouldn’t trust the CIA because they were wrong about Iraq’s WMD. Shouldn’t we take that history into consideration?

“There's a big difference between Iraq WMD and Russian cyber hacking,” wrote Amy Zegart, an intelligence expert at Stanford, in an email. “For starters, we're talking about different people making the assessments, a different problem to unravel (hidden nuclear capabilities in a foreign country versus cyber attacks on US systems), and a different analysis process. Intelligence analysis was thoroughly revamped after Iraq, as it should have been. But saying that these are same people who brought us Iraq WMD is like saying this year's Golden State Warriors must be terrible, because the Warriors lost so many games in the 90s.”

Which isn’t to say that past intelligence failures writ large have no relevance to today. The relevance is: Intelligence sometimes fails. As Zegart notes: “The best experts didn't predict Trump's win, and that's Americans predicting what Americans will do in an open society with frequent polling. In intelligence, adversaries are working hard and spending billions to hide their activities and deceive us.”

Kenneth Pollack, a former CIA analyst and Clinton National Security Council staffer who argued for invading Iraq in 2003, said in an interview that Saddam Hussein did a “totally insane” version of this: “Saddam’s whole thinking was, ‘I’m going to get rid of my weapons of mass destruction, basically after 1995, but I can’t tell my people that. I want my people to continue to fear me, and believe that I have this.’ … The U.S., and the rest of the world, frankly … all picks up on the fact that that he is putting it out to all of his people that, ‘Yeah I still have WMD.’ And that strikes me as a really fundamental difference.”

He continued: “The intelligence community certainly can be wrong about these kinds of things, and you do want to take everything with a certain amount of skepticism. That said, it seems like in this case, they’ve found the tracks—that’s kind of the nice thing about cyber, as best as I understand it, is you can actually go back and see the keystrokes … which was not something that we had in Iraq.”