Publicly Available Evidence Doesn’t Support
Russian Gov Hacking of 2016 Election
Three days ago, the
Washington Post ran this article by Philip
Bump — “Here’s
the public evidence that supports the idea that
Russia interfered in the 2016 election”.
of the article was, since we can’t know what the
classified evidence is that supports the U.S.
government’s finding in favor of Russian
government intereference, there is plenty of
public evidence which should convince us.
wrong about that. The public evidence isn’t
enough to identify Russian government
involvement, or even identify the nationality of
the hackers involved. That doesn’t mean that the
Russian government isn’t responsible. It means
that we don’t know enough to say who is
responsible based solely on the publicly known
evidence, including classified evidence that’s
X-Agent malware used against the DNC is not
exclusive to Russia. The source code
has been acquired
by at least one Ukrainian hacker group and one
European cybersecurity company, which means that
others have it as well. “Exclusive use” is a
myth that responsible cybersecurity companies
need to stop using as proof of attribution.
various attacks attributed to the GRU were a
comedy of errors;
not the actions of a sophisticated adversary.
FBI/DHS Grizzly Steppe report was a disaster (here,
Danger Close report,
which was supposed to be the nail in the coffin
that proved the GRU was involved in the DNC
hack, has been repudiated by the Ukrainian
government, the IISS whose data they misused,
and the builder of the military app that they
claimed was compromised.
Arizona and Illinois attacks against electoral
databases that were blamed on the Russian
government were actually conducted by
Reality Winner leak of a classified NSA document
contained a graphic that used different colors
of lines to qualify the data (confirmed, analyst
judgment, contextual information). The line that
connected the “actors” who sent out the
spearphishing email to various electoral
organizations with the GRU was yellow (analyst
judgment) and included the words “probably
within”; meaning that this was not a
There are many other problems with the DNC
investigation starting with the fact that no
government agency actually did the forensics
work. It was done by a company with strong ties
to the Clinton campaign and an
to blame foreign governments for cyber attacks
on evidence that was either flimsy or
of this mean that the Russian government didn’t
do it? No. It only means that there is
insufficient public evidence to say that it did.
Jeffrey Carr - Principal consultant at
20KLeague.com; Founder of Suits and Spooks;
Author of “Inside Cyber Warfare"
This article was first published by
views expressed in this article are solely those
of the author and do not necessarily reflect the
opinions of Information Clearing House.