Russia Didn’t Hack the DNC! (Or Did They…?)
Right- and left-wing conspiracy theories, and why they’re wrong
Here’s what we know: Someone stole documents from the Democratic National Committee during the 2016 primary campaign and provided them to WikiLeaks, who timed publication to maximize embarrassment to Hillary Clinton.
The U.S. intelligence community says Russian government hackers did it. So does CrowdStrike, a private cybersecurity firm the DNC hired to investigate the theft and remove malware from its computers. Congress and much of the media treats that explanation as settled, and most Americans accept it.
But not everyone.
In the final presidential debate, Donald Trump offered a novel theory:
I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, O.K.?
He kept that going for a while, until deciding in June 2017 it was better to just blame Obama:
I suppose, if one wanted to take Trump’s statements more seriously than they deserve, he could be referring here to other Russian meddling, leaving open the possibility some random guy stole the DNC’s files.
But for people who doubt the larger claims of Russian meddling, discrediting the DNC hack narrative is important. It’s the first accusation, and disproving it casts doubt on all the others.
They offer an alternative explanation: it wasn’t a hack at all, but a deliberate leak by a disgruntled DNC staffer.
First the Right…
Pro-Trump media decided that staffer was Seth Rich. Rich was murdered in Washington DC on July 10, 2016, 12 days before Wikileaks released the first batch of DNC emails. Some Trump fans theorized on internet message boards that Rich stole the emails, sent them to Wikileaks, and then Hillary Clinton had him killed. Russian government outlets RT and Sputnik helped spread the theory online, Breitbart picked it up, and then Fox News’ Sean Hannity made it his personal mission.
Here’s former Speaker of the House Newt Gingrich on Fox & Friends:
We have this very strange story now of this young man who worked for the Democratic National Committee, who apparently was assassinated at 4 in the morning, having given WikiLeaks something like 53,000 emails and 17,000 attachments. Nobody’s investigating that, and what does that tell you about what was going on? Because it turns out, it wasn’t the Russians. It was this young guy who, I suspect, was disgusted by the corruption of the Democratic National Committee.
There was never any evidence. The murder remains unsolved, but DC police believe it was a botched robbery. A private investigator named Rod Wheeler told a local DC news station he had evidence the FBI examined Rich’s computer, found emails to Wikileaks, and covered them up. Fox made that national news, and Hannity brought Wheeler on his show. But Wheeler recanted and is now suing Fox.
Internet huckster Kim Dotcom — currently in New Zealand to hide from fraud and money laundering charges in the United States — popped up in May 2017 to announce he had proof Rich leaked the DNC emails. Then he got caught trying to hack Rich’s email account and crawled back into his hole.
Conspiracy theories are often harmless, bringing a weird sort of comfort to true believers and not affecting anyone else. But this one forced Rich’s family to confront made up stories about their son’s unsolved murder, and deal with constant calls from reporters. His parents wrote a heartfelt op-ed in the Washington Post pointing out that Rich’s job did not give him access to DNC emails, and imploring those spreading the story to stop.
But the theory checked too many boxes for the sort of right-wing conspiracy theorist that likes Donald Trump:
- It removes doubt about the legitimacy of Trump’s election.
- Undermines the Russia investigation, thereby protecting Trump’s presidency.
- Proves the mainstream media peddles fake news.
- Discredits long-time enemies in the Democratic party, the “deep state,” and “the Washington establishment.”
- Fits with one of their favorite conspiracy theories, that Hillary Clinton is a mass murderer.
Fox News issued an unequivocal retraction, pulled the story and told Hannity to stop pushing it. He relented, but promised “to the extent of my ability I am not going to stop trying to find the truth.”
Nevertheless, the theory lives on, especially on the message boards that spawned it.
They need to believe. Otherwise, they’ll have to confront the possibility Russia helped Trump. And that a bunch of people they hate were right.
… And Now the Left
The story took an interesting turn when left-wing magazine The Nation published a long article by Patrick Lawrence claiming incontrovertible forensic evidence of a leak.
The article cites a pseudonymous blogger named Forensicator, who examined the leaked DNC documents’ metadata and found time stamps showing a rapid file transfer (22.7 megabytes per second). Lawrence then cites a study by Veteran Intelligence Professionals for Sanity (VIPS), a private watchdog group, arguing this transfer speed exceeds what was possible over the internet at the time, especially when factoring in the distance between the U.S. and Russia.
Based on this evidence, Lawrence declares:
There was no hack of the Democratic National Committee’s system on July 5 last year — not by the Russians, not by anyone else. Hard science now demonstrates it was a leak — a download executed locally with a memory key or a similarly portable data-storage device. In short, it was an inside job by someone with access to the DNC’s system.
Left wing conspiracy theorists were ecstatic. They always knew — knew! — the Russia story was fake, and now they had proof. For example, here’s Caitlin Johnstone:
Reading Lawrence’s article, I was skeptical, but intrigued. Skeptical because the article seemed to fit my theory about conspiracy theories, the Human Fallibility Test (if your explanation requires a bunch of people performing with superhuman competence, it’s probably wrong).
VIPS and Lawrence’s claim that an employee, not a Russian hacker, stole the DNC’s files contains some insinuation and leaps of logic. (Why were they assuming the Russian hackers had to be physically in Russia at the time?) And it requires quite a few people in the CIA, NSA, FBI, CrowdStrike, and the Democratic Party who know the truth to keep their mouths shut.
However, though some of the logic may be faulty, the core point casting doubt on the prevailing explanation is based on hard evidence. I’m not a computer expert, and could not independently evaluate the claim about maximum file transfer speed. The cited VIPS members have impressive credentials. For the leak theory to be true, some people would have to be lying, but most could just be wrong. Intriguing.
Turns out my skepticism was warranted. Critics challenged the transfer speed claim, and pointed out The Nation didn’t ask any independent computer experts to analyze it. Some VIPS members — also with impressive credentials — wrote that Lawrence erroneously portrayed their groups’ conclusion as unanimous when it was anything but. The Nation, to its credit, published their dissent, which dismantles the insinuations and leaps of logic I noticed, and also challenges the technical evidence.
Nathanial Freitas of the Guardian Project, an independent expert The Nation asked (post-criticism) to review the evidence, confirmed Forensicator’s calculations of the transfer speed, but listed at least two easy ways the hackers could have achieved it:
1. Renting cloud space from Amazon or another company, quickly transferring the files, and then executing the slower international transfer from there.
2. Taking over a terminal — a common hacker technique — that was connected to the DNC’s network, making the rapid transfer internal, rather than over the internet.
Most damning for Lawrence’s leak theory, Freitas provides evidence the thief used a Linux command to copy the files. Hackers and other computer experts often use the Linux operating system, but the DNC used Windows. A remote hacker could have used Linux, but a leaker with a flash drive would have needed to reboot the computer to change operating systems.
The leaker theory says a normal DNC employee with access to the server downloaded the files. But rebooting the computer with a new operating system would log the user out. And a computer running Linux would not connect naturally with the Windows network.
The employee’s log in wouldn’t work.
Never Give Up, Never Surrender
After seeing this powerful rebuke, Patrick Lawrence admitted he got it wrong and the left-wing leak theorists changed their minds.
HA! Just kidding. That’s not the way these things work. The first VIPS faction wrote to The Nation restating their conclusion it couldn’t be a hack, ignored the substantive objections, and insisted the dissenting VIPS faction just doesn’t get it. Lawrence hasn’t said anything. And the conspiracy theorists who celebrated the first article castigated The Nation for kowtowing to the establishment.
Much as the Seth Rich theory checks all the conspiracy-minded Trump supporters’ boxes, the DNC leak theory is too perfect for left-wing conspiracy theorists to drop. It means:
- The CIA, NSA and FBI are lying.
- The neoliberal, neoconservative establishment is manipulating the public into an unprovoked confrontation with Russia for power and profit.
- The media’s going along with it because they’re in on it, because they don’t care as long as they’re making money, and/or because they’re easily duped.
- And it exposes just how far the DNC would go to “steal” the nomination from Bernie Sanders.
In support, they offer various reasons not to buy the Russia hacking explanation. Some of these have merit and others don’t. Many appear in Lawrence’s article. And, interestingly, both right- and left-wing leak theorists rely on them.
1 — The U.S. intelligence community (IC) hasn’t provided public evidence to support its accusation against Russia.
True. This is an important point, and a good reason to be skeptical about the prevailing narrative.
However, it’s not proof Russia didn’t do it, and does nothing to support the claim the DNC hack was really a leak.
2 — The FBI never examined the hacked DNC servers
True. But not as significant as they think.
The FBI worked with CrowdStrike to remove what they say was Russian malware from DNC servers, and examined CrowdStrike’s forensics after the document theft. Then-FBI Director James Comey said the FBI’s forensic experts believed the information from CrowdStrike was sufficient.
Conspiracy theorists claim this proves the IC can’t possibly know if Russia was behind the hack. But CIA and NSA judgments primarily rely on foreign intelligence. When the CIA told Obama in August 2016 about Russia’s efforts to influence the election, their assessment relied on intercepted communications and a source placed high inside the Russian government.
3 — The establishment says 16 intelligence agencies agreed, but it was really only 3.
You mean the DEA and the Coast Guard didn’t corroborate the judgment? Oh no!
The CIA, NSA and FBI — the three agencies that focus on this sort of thing — all signed off on the assessment, as did the Director of National Intelligence. None of the other 13 dissented. It’s safe to say the intelligence community believes Russia did it.
4 — The intelligence community lied about Iraqi weapons of mass destruction, so they must be lying now.
This is one of the leaps of logic that appears in Lawrence’s article. The two assessments have nothing to do with each other.
There’s an interesting debate as to how much intelligence agencies lied about Iraq vs. how much they were wrong. But it’s fair to say the Bush administration pressured the CIA to support the WMD claim, resulting in cherry-picked evidence, confirmation bias, and downplaying of dissent.
However, there’s no evidence of similar political pressure regarding the Russia question. And there was more dissent within the IC over Iraqi WMDs.
Furthermore, while it makes sense to reflexively doubt the word of an individual who lied in the past, that maxim doesn’t neatly translate to institutions. There’s been a lot of turnover in intelligence agencies over the last 15 years. Many current analysts, senior bureaucrats, and political appointees had nothing to do with Iraqi WMDs. The IC admits it got Iraq wrong, and subsequently implemented institutional reforms.
No, this doesn’t mean we should blindly accept whatever they say. But it also doesn’t mean we should blindly reject it.
5 — Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer, is anti-Putin.
That doesn’t mean he’s wrong. But it could mean his biases make him more inclined to accept anti-Russian evidence, and less diligent about searching for counter-evidence.
However, CrowdStrike’s not the only cybersecurity company that thinks Russia did it. Fidelis, FireEye, SecureWorks, Threat Connect and others agree with CrowdStrike’s analysis.
Those firms all have a strong incentive to prove their competitor wrong. And the idea that all of them are secretly working with CrowdStrike to support the FBI, CIA, NSA, Obama administration, and DNC’s lie — but managed to keep this conspiracy secret — fails the Human Fallibility Test.
John Hultquist, director of intelligence analysis at FireEye, agrees with Nathanial Freitas that there are many ways hackers could have transferred the files at 22.7 megabytes per second:
In short, the theory is flawed. The author of the report didn’t consider a number of scenarios and breezed right past others. It completely ignores all the evidence that contradicts its claims.
6 — The documents’ “Russian fingerprints” could be fake.
Yeah, but they could also be real.
The metadata shows someone copy-and-pasted the leaked documents using a Cyrillic keyboard on a computer with Russian language settings. Lawrence breathlessly claims this proves they’re fake, noting — in one of his many insinuations — that the CIA has a tool capable of fabricating this metadata. But then he admits “it is not known whether this tool was deployed in the [DNC hack] case.”
Based on this information, it’s possible that:
- Russian hackers copied-and-pasted text from the stolen documents into another document file. As Freitas points out, the files WikiLeaks posted are named 1.doc, 2.doc, etc., which suggests the thief curated them before submitting.
- Non-Russian hackers copied-and-pasted text from the stolen documents using a Russian-language computer to make it look like Russian hackers did it.
- No one copied-and-pasted text from the stolen documents using a Russian-language computer, but the CIA, or someone using leaked CIA hacking tools, changed the metadata to make it look like Russian hackers did it.
If the point here is that “Russian fingerprints” don’t provide incontrovertible evidence Russian hackers did it, fine. But it also doesn’t prove, as Lawrence claims, that Russian hackers didn’t do it. Basically, it proves nothing.
7 — WikiLeaks' Julian Assange says the Russian government wasn’t his source.
It’s always funny when someone demanding evidence of the DNC hack takes Assange’s word without demanding evidence.
Even funnier when the same people dismiss claims by the U.S. government, Democratic Party, and various media organizations on the grounds they all have a secret agenda to foment international conflict, and then ignore Assange’s openly stated agenda of undermining Hillary Clinton, and his obvious interest in disputing accusations that WikiLeaks partners with Russian intelligence.
Also worth noting: Assange has offered $20,000 to anyone who can find Seth Rich’s killer (though he’s never claimed Rich was his source).
Without evidence, we can’t know if he’s telling the truth or lying. But “because Assange said so” isn’t much of an argument.
8 — Assange associate and former UK ambassador Craig Murray claims the leaker met him in the woods near American University in Washington DC and gave him a package, but no media organization will interview him.
Again the word of one person, again the leak theorists accept it without evidence because he agrees with them.
Maybe every major media organization is secretly colluding to hide Murray from the public. Or maybe each organization independently chose not to interview him because they think he’s a kook. And because the UK removed him from his post as ambassador to Uzbekistan in 2004 amid charges of misappropriating funds, being drunk at work, and offering UK visas to Uzbek women in exchange for sexual favors. (The charges were dropped, and Murray claims the government made them up because he disagreed with UK counterterrorism policies).
The conspiracy-minded often mistakenly see the media as a single entity. In reality, it’s made up of competing businesses that love proving each other wrong. That’s the stuff of exclusives, Pulitzers, and ratings bonanzas. If they could confirm Murray’s story, they’d publish it.
But if they feature his claims without corroboration, and those claims prove false, the organization will lose credibility (and customers).
Patrick Lawrence and other leak theorists make one solid point: the intelligence community has not backed up its claims with evidence.
But it’s not going to. The IC works for elected officials. It’s up to Congress and the president — who work for the American people — to oversee the agencies, review classified evidence, and decide how to use intelligence assessments when making policy decisions.
We’re not going to get incontrovertible evidence proving who stole the DNC’s files. But we still have decide what, if anything, America should do in response.
That means, ultimately, you have to decide who you believe.
On one side, there’s the FBI, CIA, NSA, most of Congress, the Obama administration, the Democratic party, CrowdStrike, other top cybersecurity firms, part of VIPS, most of the media — including the Washington Post and Fox News — and Donald Trump.
On the other side, there’s Julian Assange, Craig Murray, the other part of VIPS, Patrick Lawrence and the leak theorists, Breitbart, some anonymous posters on Reddit, and Donald Trump.
Based on the available evidence, I’m more inclined to go with the first group.
