Joint report by FBI and Department of Homeland Security into Russian hacking allegations derided as ‘childish’ by IT experts; fails to prove Russians behind Clinton leaks.

In conjunction with U.S. President Obama’s announcement of new sanctions against Russia, the FBI and the Department of Homeland Security have published a 13 report into the Russian hacking allegations.

I think it is fair to say that a mountain has moved and produced a mouse. To get a sense of the absurdity, consider that the report actually begins with a Disclaimer. (bold italics added)

DISCLAIMER: This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service referenced in this advisory or otherwise. This document is distributed as TLP:WHITE: Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol, see https://www.us-cert.gov/tlp. Reference Number: JAR-16-20296 December 29.

After this unpromising beginning, the report — which goes by the frankly weird title “Grizzly Bear” — provides a summary that reads as follows

Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security. This activity by RIS is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information. In foreign countries, RIS actors conducted damaging and/or disruptive cyber-attacks, including attacks on critical infrastructure networks. In some cases, RIS actors masqueraded as third parties, hiding behind false online personas designed to cause the victim to misattribute the source of the attack. This JAR provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. Government.

Note that the report is solely concerned with hacking. It does not discuss who provided the DNC or Podesta material to Wikileaks, it does not say that Russian Intelligence carried out the hacking to influence the outcome of the U.S. Presidential election, and nor does it say that Russian intelligence did this in order to swing the election to Donald Trump — all questions concerning which the FBI is known to have doubts. On the contrary, it is careful to say that it is the U.S. government (ie. the Obama administration), not the US intelligence community or the FBI or the Department of Homeland Security, which assesses that the Russians passed the DNC and Podesta material on to Wikileaks for onward publication in the media

The U.S. Government assesses that information was leaked to the press and publicly disclosed.

(bold italics added)

The report provides no evidence that the hacking was the work of Russian intelligence agencies. It merely states it as a fact

The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party.

The two “actors” in question are the two groups of hackers known as Cozy Bear and Fancy Bear. As I have pointed out previously, the claim that these two groups of hackers act for Russian intelligence has so far been based purely on inference, with no hard facts behind it.

There is nothing in this report that changes that, or which substantiates this claim, and nothing in the report that remotely resembles a hard fact to support it. On the contrary as the paragraph I have quoted above shows, the claim is still based purely on inference . That the claim is entirely inferential, and may be based on completely false reasoning, is it turns out also the opinion of an expert in this field.

The rest of the report — which is to say nearly all of it — is taken up with technical information intended to confirm the existence of the hacking — something which no-one denies happened — and various suggestions for ways to mitigate against such hacking in the future. Whilst this is no doubt helpful, it is hardly the issue under discussion. Frankly it looks like padding, made to make the report look longer and more substantial than it actually is.

Even the Guardian has been forced to admit that this is thin stuff.

Security experts on Twitter criticised the government report as too basic. Jonathan Zdziarski, a highly regarded security researcher, compared the joint action report to a child’s activity center. Tom Killalea, former vice-president of security at Amazon and a Capital One board member, wrote: “Russian attack on DNC similar to so many other attacks in past 15yrs. Big question: Why such poor incident response?”

If this is the sum total of the evidence upon which the Obama administration is claiming that the Russians were behind the leak of the DNC and Podesta emails, and that they did this to swing the election to Donald Trump, then this “evidence” in no way does that. Indeed if anything what the report shows is how confected this whole scandal actually is.

I would add that the complete absence of enthusiasm on the part of the FBI and the Department of Homeland Security for the Obama administration’s attempts to use the claims of Russian hacking for its own political ends shines through the whole report. Anyone with experience of such reports can spot it immediately. This is very much a report produced to order, which does the absolute minimum it can get away with in order to appear to comply with the order.

Interestingly the NSA, the branch of US intelligence which has presumably the greatest expertise in the area, and which has the most information about it, is not a co-author of this report. I wonder why?

Via The Duran

Featured Image: Vicente Villamón/Flickr