Did Putin Direct Russian Hacking? And Other Big Questions

Did Moscow influence the U.S. election? Who else has been hacked? Could the CIA be wrong?

Gary Cameron / Reuters

Updated on January 7, 2017

In a “declassified version of a highly classified assessment” released on Friday January 6, the U.S. intelligence community laid out its judgment that “Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election,” with the specific goal of harming Hillary Clinton’s “electability and potential presidency.” The report went on: “We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.”

These conclusions had previously been reported, based accounts anonymous intelligence officials gave to various news outlets. The January 6 intelligence assessment was the first time the Office of the Director of National Intelligence had detailed them officially in public.

The release came a day after Senator John McCain, the Arizona Republican who chairs the Senate Armed Services Committee, said at a hearing on foreign cyberthreats to the United States: “Every American should be alarmed by Russia’s attacks on our nation.” (Our blog of the hearing is here.)

President-elect Donald Trump has been publicly skeptical of claims about Russia’s role. He says it’s difficult to definitively say who was behind the hacking, and has supported the views of Julian Assange, the WikiLeaks founder, that a “14-year-old could have hacked” Democratic officials. After reviewing a classified version of the assessment made public on Friday, Trump issued a statement citing the cyber threat from “Russia, China, other countries, outside groups and people,” but emphasizing that the hacking had “absolutely no effect on the outcome of the election.”

Last month McCain told Ukrainian TV Russia's actions were “an act of war.” He repeated those comments Thursday, but added: It “doesn’t mean you go to war and start shooting.”

Who is involved?

The intelligence-community assessment provides official backing to media reports from mid-December stating that that Russian President Vladimir Putin was “personally involved” in cyberattacks aimed at interfering with the United States presidential election. In an interview with NPR on December 15, U.S. President Barack Obama vowed that the U.S. would take action in response, “at a time and place of our own choosing.” He went on: “Mr. Putin is well aware of my feelings about this, because I spoke to him directly about it.” On December 29, he did more than speak: He sanctioned the two Russian intelligence services believed to be involved in the hacks (Russian military intelligence, the GRU, and the KGB’s successor the FSB, which is responsible for counterintelligence and internal security). He also expelled 35 Russian officials in the U.S. believed to be intelligence agents. After Russian Foreign Minister Sergei Lavrov threatened to retaliate, Putin declined to do so.

Didn’t we already know about Russia hacking the Democratic National Committee and others? Why all the fuss?

The assessment purports to add on-the-record detail on both actors and intent. Prior to mid-December, Putin personally had not been blamed for hacks resulting in leaks damaging to the Clinton campaign, though in October Director of National Intelligence James Clapper stopped just short of doing so, saying that “based on the scope and sensitivity of these efforts ... only Russia’s senior-most officials could have authorized these activities.” Secondly, separate intelligence leaks to The New York Times and The Washington Post on December 9 for the first time claimed that the intent of the hacking was to sway the election in favor of Trump, rather than simply sow generalized distrust. It has not yet been suggested that cyberattacks managed to change the actual vote tally in favor of either presidential candidate. This is now the official position of the intelligence community.

Information on what exactly happened has been dripping out slowly, and often anonymously and unofficially, for months. Way back in mid-June, the Democratic National Committee reported an intrusion into its computer network, and the cybersecurity firm CrowdStrike publicly blamed Russian hackers after analyzing the breach. In July, after emails stolen from the committee appeared on WikiLeaks, Democratic members of congress also blamed the Russians, with Clinton campaign manager Robby Mook alleging that “It was the Russians who perpetrated this leak for the purpose of helping Donald Trump and hurting Hillary Clinton.”

It wasn’t until September that anonymous federal officials confirmed to The New York Times the intelligence community’s “high confidence” of Russian government involvement in the hack, if not the subsequent leak, and leaving doubt as to whether the hacks were “routine cyberespionage” or actually intended to influence the election. And it wasn’t until October that the Director of National Intelligence, James Clapper, went on the record to blame Russia—government actors, not, say, cybercriminals who happened to be Russian, “based on the scope and sensitivity of these efforts,” and further declaring that they were “intended to interfere with the U.S. election process.” Days later, emails stolen from Clinton campaign chairman John Podesta appeared on WikiLeaks.

So as of fall, the United States government had officially blamed Russia for the hacks, and stated that the hacks were intended to interfere with the American election. Until December 9, intelligence officials were not claiming that the Russians wanted specifically to help Trump win, as opposed to undermining faith in the overall process. Then The Washington Post disclosed a “secret CIA assessment”—again described by anonymous officials—declaring it “quite clear” that a Trump presidency was the ultimate goal of the hacks. A Times investigation published a few days later provided more background on how the hacks actually worked. Congress is planning to investigate.

Who else has been hacked?

Thomas Rid, writing in Esquire in October, noted that Russia began hacking the U.S. as early as 1996, five years after the demise of the Soviet Union, and added that the DNC hack concealed an even bigger prize for the Russians: the National Security Agency, whose secret files were dumped this August on Github and other file-sharing sites.

Then there is Germany. In May, BfV, Germany’s domestic intelligence agency, said hackers linked to the Russian government had targeted Chancellor Angela Merkel’s Christian Democratic Union party, as well as German state computers. In September, Arne Schoenbohm, who heads Germany’s Federal Office for Information Security (BSI), briefed German lawmakers about Russian hacking. Schoenbohm told Sudduetsche Zeitung, after reports emerged in the U.S. of the hacking of the Democratic National Committee, that “[g]iven the background of the American situation, I have to protect our political parties from spying.” Those warnings became more urgent after the U.S. presidential election. Bruno Kahl, the head of the Germany’s foreign intelligence service, told the newspaper last month that Russia could seek to disrupt Germany’s elections next year to create “political uncertainty.” Merkel, who is seeking a fourth term in those elections, said in November after an attack targeted Deutsche Telekom customers that “[s]uch cyber attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them.”

Suspected Russian hacking has targeted other countries, as well. In April 2007, websites and servers belonging to the government, banks, and media in the former Soviet republic of Estonia came under a sustained monthlong attack. A U.S. diplomatic cable, published in WikiLeaks, called the Baltic state an “unprecedented victim of the world's first cyber attacks against a nation state.” Similar attacks targeted the former Soviet republic of Georgia a year later, and Ukraine more recently. All three countries have pro-Western leaders that are deeply critical of what they see as Russia’s turn toward authoritarianism under President Vladimir Putin.

And prior to perhaps their most high-value target thus far, the DNC, Russian hackers allegedly targeted the World Anti-Doping Agency ahead of the Rio Olympics this summer. WADA had reported a widespread Russian state-run doping program that involved the country’s track-and-field program. That revelation resulted in the Russian track-and-field team being banned from the games. WADA was hacked in apparent response, and the personal information of several athletes, including the Russian whistleblower who alerted WADA to the scandal, was leaked online. It’s worth pointing out that the Russian government has dismissed claims that it is involved.

What does “hacking” actually entail?

It depends: Hackers believed to be from Russia have accessed computers and servers belonging to government and political parties in rival countries. In some cases, such as in the DNC or WADA hack, those hacks resulted in the leak of information on websites such as WikiLeaks. In other cases, the attacks focused on national infrastructure: In Ukraine, for instance, according to Wired, hackers targeted the power grid; they then attacked the telephone service so customers couldn’t call to report the outages. When they hit the NSA, hackers posted the agency’s  “cyber-weapons” to file-sharing sites, according to Esquire. The hackers don’t just target states and institutions. Frequently, individuals are caught up, as well. On December 9, the Times reported that suspected Russian hackers targeted critics of the country’s government who live overseas by posting child porn on their computers.

How solid is the intelligence community’s case that Russia tried to tilt the election for Trump?

The Washington Post has cited “the United States’ long-standing struggle to collect reliable intelligence on President Vladi­mir Putin and those closest to him.” Since the end of the Cold War and especially since 9/11, American intelligence agencies have deprioritized Russia. The Post reported in fall, citing U.S. officials, that the “CIA and other agencies now devote at most 10 percent of their budgets to Russia-related espionage, a percentage that has risen over the past two years,” but is still dwarfed by the Cold War peak of about 40 percent.

As for the actual evidence of intent, what’s publicly available remains circumstantial, including Russian state TV’s pushing of Trump’s candidacy, and reports that the Republican National Committee, too, was hacked though suffered none of the same embarrassing leaks as the DNC. (The RNC has denied it was hacked; The Wall Street Journal reports, citing “officials who have been briefed on the attempted intrusion,” that the effort was thwarted by the RNC’s cybersecurity systems.) All of this was occurring in an international political context in which Trump was one of the most pro-Russian presidential candidates in recent memory, while Vladimir Putin personally blamed Hillary Clinton for inciting protests against his rule when she was secretary of state.

In tandem with Obama’s announcement of sanctions against Russia on December 29, the Department of Homeland Security and the FBI released a joint report on “Russian malicious cyber activity” during the U.S. election. That report, however, was short on specific evidence; moreover, The New York Times noted, it “included a long list of malware it said was evidence of Russian hacking, when some of the malware is used by non-Russian attackers.”

Meanwhile, the denials. Some of Trump’s surrogates have publicly suggested that Russia is the victim of a false-flag operation planned by U.S. intelligence—an assertion that doesn’t appear to be based on any fact in the public realm. Russian officials themselves have rejected the idea they are involved, as have Russian cybersecurity experts, one of whom dismissed it as “a classic stereotype of the nineties and early 2000s.” They say that it’s virtually impossible to trace the origin of a hack. For his part, the president-elect tweeted the claim of WikiLeaks founder Julian Assange that, in Trump’s words, “the Russians did not give him the info!” and that “a 14 year old could have hacked Podesta.”

As Kaveh Waddell explained in The Atlantic, while it can be difficult to catch the culprit of a hack, it’s by no means impossible. Esquire, in its story, noted that sloppy errors committed by the hackers pointed U.S. intelligence to their whereabouts. Andrei Soldatov, who wrote Red Web, told The Telegraph the Russian government is using its computer industry to hack its targets. “We have maybe the biggest engineer community in the world, and lots of great specialists,” he told the newspaper. “They are not criminals, they are professionals—and they are not bothered or afraid to refuse requests from government agencies.”

But Trump says we shouldn’t trust the CIA because they were wrong about Iraq’s WMD. Shouldn’t we take that history into consideration?

“There's a big difference between Iraq WMD and Russian cyber hacking,” wrote Amy Zegart, an intelligence expert at Stanford, in an email. “For starters, we're talking about different people making the assessments, a different problem to unravel (hidden nuclear capabilities in a foreign country versus cyber attacks on US systems), and a different analysis process. Intelligence analysis was thoroughly revamped after Iraq, as it should have been. But saying that these are same people who brought us Iraq WMD is like saying this year's Golden State Warriors must be terrible, because the Warriors lost so many games in the 90s.”

Which isn’t to say that past intelligence failures writ large have no relevance to today. The relevance is: Intelligence sometimes fails. As Zegart notes: “The best experts didn't predict Trump's win, and that's Americans predicting what Americans will do in an open society with frequent polling. In intelligence, adversaries are working hard and spending billions to hide their activities and deceive us.”

Kenneth Pollack, a former CIA analyst and Clinton National Security Council staffer who argued for invading Iraq in 2003, said in an interview that Saddam Hussein did a “totally insane” version of this: “Saddam’s whole thinking was, ‘I’m going to get rid of my weapons of mass destruction, basically after 1995, but I can’t tell my people that. I want my people to continue to fear me, and believe that I have this.’ … The U.S., and the rest of the world, frankly … all picks up on the fact that that he is putting it out to all of his people that, ‘Yeah I still have WMD.’ And that strikes me as a really fundamental difference.”

He continued: “The intelligence community certainly can be wrong about these kinds of things, and you do want to take everything with a certain amount of skepticism. That said, it seems like in this case, they’ve found the tracks—that’s kind of the nice thing about cyber, as best as I understand it, is you can actually go back and see the keystrokes … which was not something that we had in Iraq.”