While the media says that Russian hackers targeted the DNC, how do we know it wasn’t the CIA?
Wikileaks released a bunch of secrets yesterday, and one of them is quite relevant to claims about Russian hackers.
There are obviously a lot of interesting claims here. But I want to focus on one that is relevant to recent discussion of Russian hackers. I’m referring to “UMBRAGE.” Here’s how Wikileaks describes the program:
The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a “fingerprint” that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible. As soon one murder in the set is solved then the other murders also find likely attribution.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from.
UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.
Many claimed that the Wikileaks release of DNC emails and John Podesta’s emails was all due to Russian hackers. Julian Assange denied it, but many believe otherwise.
But why should we believe in Russian hackers if the CIA can hack computers and make it look like Russian hackers?
Remember, the hacking of the Democrats might have nothing to do with how Wikileaks got hold of the emails. Julian Assange might have acquired the emails from a whistleblower while the hacking was done by someone else for an unrelated reason. Perhaps the CIA did it and then later decided to use the deceptive “fingerprints” they left behind to create a story that claimed that Russia helped Trump.
Or perhaps the CIA as an organization had nothing to do with the hack, but someone in the organization had access to their tools and used them for his own reasons.
And if the CIA has the ability to pretend to be Russian hackers, who is to say that someone else hasn’t developed this ability?
The bottom line is that we now know that the clues that led to the conclusion that Russian hackers were involved can be faked. We have no reason to rely upon such evidence.
We will probably hear some Conservatives say some bad things about Wikileaks and Julian Assange. We need to remember that Assange is not an American citizen. All the techniques that the CIA uses are, at least, intended for foreigners. It is not surprising that he would find that troubling.
Should we Americans also find it troubling? Amy Davidson asks at the New Yorker,
Are Americans the targets? This is going to be a key issue, both politically and legally. If the C.I.A. is developing these tools, and perhaps promulgating them to other intelligence agencies, is it also taking part in domestic spying? How is the line between domestic and foreign defined these days? The Guardian notes that one of the files related to the Samsung sets contains a reference to a “joint workshop with MI5/BTSS (British Security Service),” and that others refer to hackers working out of American diplomatic facilities in Germany. There has been a persistent concern that, in order to get around various statutory and constitutional restrictions on domestic spying, the intelligence agencies have outsourced the actual surveillance to foreign allies, and then shared the intelligence gained with them. (This is an American-centered way of posing the basic concern that people in other countries will have about how these tools might be used against them.) The files will at least pose the question of whether the C.I.A. is following the rules—and whether the rules might need changing.
Wikileaks claims to have more information to release. We will have to wait and see.