No, We Don’t Know Yet That Russia is Behind DNC Email Hacks. Here’s Why.
There is a strong narrative underway. It was propelled largely by Clinton’s campaign manager, Robby Mook, and members of the Democratic National Committee after news broke over the weekend that thousands of embarassing internal emails were posted to WikiLeaks. The theory goes that the Russian government is behind the hack because they want to meddle in U.S. politics to help Donald Trump (who is “cozy” with Vladimir Putin).
Different media organizations continue to cite “government sources” as confirmation of Russia’s evil intentions. (Russia has denied any involvement). And, if you actually examine the facts, you will see that we simply don’t have enough yet to prove this theory out. Yes, there are some indicators that it could be Russia. Yes, there is reportedly metadata hidden in early documents that show they were edited with Russian language settings. Yes, Crowd Strike, a cyber firm hired by the DNC, claims that they found two hacker groups associated with the Russian government could be behind the breach. However, cyber security experts that we spoke with say, at this point, there is absolutely no way of knowing for sure who the hackers are and what their motives are. Plus, you must also keep in mind that hackers are pretty clever, and can easily disguise themselves to throw us all off.
So, first myth: the FBI has not said Russia is behind the attack. You’ve heard over and over again, reporters say Russia is behind the attack and they attribute the information to the FBI. Except that’s just not true. Here’s what the FBI has actually said on the record (We just checked with them this afternoon):
“The FBI is investigating a cyber intrusion involving the DNC and is working to determine the nature and scope of the matter. A compromise of this nature is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace.”
In addition, the U.S. intelligence head just announced Thursday while at a summit in Aspen, Colorado that they are “not ready” to say Russia is behind the DNC hack.
“Was this to just stir up trouble or was this ultimately to try to influence an election? Of course, that’s a serious — a serious — proposition,” Director of National Intelligence James Clapper said. He added, “We don’t know enough [yet] to … ascribe a motivation, regardless of who it may have been.” He urged every one to stop the “hyperventilation” over this theory.
What’s more– cyber security experts say these attacks are very hard to trace.
“Criminals usually mount their attacks from machines that they have compromised often in another country. So connections from China for example could be by an adversary in eastern Europe or even the US,” Clifford Neuman who is the director of the Center for Computer System Security at University of Southern California told LawNewz.com. “The only real way to attribute the attacks is if you catch them in the act and observe the first hop they are using, or if you are able to seize the hackers system and find evidence there.” As far as we know, the DNC did not catch the hackers in the act.
Guccifer 2.0 has claimed credit for the DNC hack on his wordpress blog.
And, Guccifer 2.0 has repeatedly claimed not to be working for the Russian government:
“Worldwide known cyber security company CrowdStrike announced that the Democratic National Committee (DNC) servers had been hacked by “sophisticated” hacker groups. I’m very pleased the company appreciated my skills so highly))) But in fact, it was easy, very easy.
Some linguistic experts, who have analyzed Guccifer 2.0’s speech pattern on a Twitter chat log, have concluded he must be Russian.
“It is possible that the writer is a Romanian speaker who has studied Russian. However, the writer denied knowing any Russian, and so the most reasonable conclusion is that he is a Russian native speaker rather than a Romanian native speaker,” one expert told The New York Times.
And, in fact, others have gone so far to say that Guccifer 2.0 is “likely a Russian government attempt to cover up their own hack.” How do they know he is from Russia? According to experts in a recent Motherboard article, it is because of his use of emoticons.
The first, most easy to spot one, is the use of “)))” instead of a standard smile emoticon in the Guccifer 2.0 blog post. Using a single or multiple “)” instead the usual “:)” is very common for Russians, given the awkward way one needs to type the colon in a Russian keyboard.
The use of emoticons, and Russian speech patterns are still not proof for sure — and certainly not enough to draw such definitive conclusions.
“There is strong evidence of Russian involvement, although it is certainly not free from doubt,” Maury Shenk, a security lawyer at Steptoe & Johnson told LawNewz.com. “Overall, security professionals are a skeptical bunch, so may be inclined to express doubt until there is more proof than currently available on the DNC hack. We shall see if that changes as more facts emerge.”
Have a tip we should know? firstname.lastname@example.org