As the White House and Treasury Department announced new sanctions against Russia over the alleged hacking of U.S. elections, the FBI and Homeland Security released a report that offered supposed proof amid an abundance of disclaimers.
Given the incongruous name of ‘Grizzly Steppe’, the Joint Analysis Report (JAR) on “Russian malicious cyber activity” issued by the FBI and the DHS National Cybersecurity & Communications Integration Center (NCCIC) on December 29 begins with the following disclaimer: The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.
- U.S. expels 35 Russian diplomats, closes two compounds, RT.com, Dec 29, 2016
- No tit-for-tat, Russia will not expel U.S. diplomats in response to U.S. sanctions, expulsions, RT.com, Dec 30, 2016
Accompanying the report was a joint statement by the FBI, Department of Homeland Security and the Director of National Intelligence explaining that the “activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. government and its citizens.”
The actual words “Russia” and “Russian” are mentioned only three times, with just 11 instances of “RIS” – a custom, catch-all acronym standing for “Russian Intelligence Services” without naming any. Both the FSB – Russia’s equivalent of the FBI – and the GRU, Russia’s military intelligence, were put on the U.S. sanctions list on Thursday.
“The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party,” says the JAR, identifying the two as APT28 and APT29. There is no indication anywhere in the document that these two groups are in any way connected with the Russian intelligence services, however.
Even when detailing the efforts of the two purported hacker groups, the report uses vague and noncommittal language. For example, the actual political party allegedly hacked by the two groups is never identified:
“In summer 2015, an APT29 spearphishing campaign directed emails containing a malicious link to over 1,000 recipients… In the course of that campaign, APT29 successfully compromised a U.S. political party.”
“In spring 2016, APT28 compromised the same political party,” the report continues. “Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.”
This could be referring to emails and documents of the Democratic National Committee, which were made public by Guccifer 2.0 and WikiLeaks – both of whom have categorically rejected any claim of Russian hackers being responsible. It could also refer to WikiLeaks publishing emails from the private account of Hillary Clinton’s campaign chairman John Podesta, over the course of a month prior to the November 8 election. The JAR does not actually say so, however.
Nor does the JAR note anywhere that it was CrowdStrike, a cybersecurity company hired by the DNC to investigate the June 2016 data breach, that accused APT28 and APT29 – which they named “Cozy Bear” and “Fancy Bear” – of being Russian government entities. CrowdStrike has never offered any proof for this assertion, which the JAR merely repeats without attribution.
In addition to CozyBear and FancyBear, the 13-page report includes a list of more ridiculous names for alleged Russian hacker groups, such as CakeDuke, CrouchingYeti, Energetic Bear, EVILTOSS, OLDBAIT, and SEADADDY.
The second half of the report is focused on mitigation strategies, from backing up one’s data and changing passwords to information-sharing with the government and giving Homeland Security access to networks for “voluntary assessments” of vulnerabilities.
An appendix to the report lists hundreds of IP addresses and code the authors say are “used by Russian civilian and military intelligence services.” While some of the addresses are in Russia, others are in the U.S., and none of the data actually points to Russian involvement.
Obama’s report on Russian hacking is a ‘case of fake news and propaganda’
Commentary by Annie Machon, RT.com, Dec 30, 2016
An FBI and Department of Homeland Security report on Russia’s alleged hacking of the U.S. presidential election provides no evidence and is a case of fake news and propaganda aimed at undermining the legitimacy of Donald Trump’s election win, says former MI5 intelligence officer Annie Machon.
The Obama administration on Thursday, December 29 imposed a set of unprecedented measures against Russia over alleged attempts to influence the U.S. presidential campaign this year. The new sanctions were unveiled after the release of the report by the FBI and the Department of Homeland Security. However, the document significantly lacks specifics. It doesn’t explain how two hacking groups described are linked to the Russian government.
RT asked whistleblower, and former MI5 intelligence officer Annie Machon what she makes of the evidence.
“This is very much a case of fake news, shall we say. It seems to serve two ends as well,” Machon said.
“On the day when the Syria ceasefire is announced, which has been brokered by Russia and Turkey, this hacking story is the one that will run and run in America, not the ceasefire in Syria. It’s all going to be about these Russians and hacking the election and things like that.
“I think this is the first stage – this is why it was announced that the Russian diplomats were going to be expelled,” she said.
“On the second point as well, it is a mass expulsion – 35 diplomats being thrown out of the country with no proof, with no sort of real intelligence. I think that has also been done to gain the idea, to solidify in public’s mind in America that actually Russia was involved in hacking the election.
“Where has that ‘hacking’ phrase evolved from? We don’t know. It was originally just hacking the DNC [Democratic National Committee] e-mails. So I think it is a sort of two-pronged attack that has been carried out, that has been carefully announced today to achieve that,” she said.
“One further point from that in terms of trying to solidify the fact that the Russians interfered in the democratic process of America – is part of this ongoing process to try to undermine the legitimacy of the election of Donald Trump – the next president,” Machon said.
The Joint Analysis Report (JAR) on “Russian malicious cyber activity” issued by the FBI and the DHS National Cybersecurity & Communications Integration Center (NCCIC) on Thursday begins with a disclaimer which reads: “This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.”
According to Machon, the FBI and DHS are “just covering their backs.”
“They know it’s much rubbish…they are trying to blind people with science, but there’s no real evidence,” she said.
“Running in parallel to this is a more serious investigation that Barack Obama apparently asked the CIA to carry out into this alleged Russian hacking of the election. That report is due to be announced no later than January 20 next year,” Machon said, adding that the timing is “interesting” since it’s the date of President-elect Donald Trump’s inauguration.
The report by the FBI and DHS doesn’t give any warranties, which “points to the fact that it is pure propaganda and they know it,” Machon told RT.
Annie Machon is a former intelligence officer for MI5, the UK Security Service. She resigned in the late 1990s with her ex-partner, David Shayler to blow the whistle on the spies’ incompetence and crimes.
Top-secret Snowden document reveals what the NSA knew about previous Russian hacking, by Sam Biddle, The Intercept, Dec 29, 2016
To date, the only public evidence that the Russian government was responsible for hacks of the DNC and key Democratic figures has been circumstantial and far short of conclusive, courtesy of private research firms with a financial stake in such claims. Multiple federal agencies now claim certainty about the Kremlin connection, but they have yet to make public the basis for their beliefs…