The Washington Post reported on Tuesday (6/14/16) that Russian intelligence had hacked the DNC servers to steal opposition research on Donald Trump:
Russian Government Hackers Penetrated DNC, Stole Opposition Research on Trump
While the Post story by Ellen Nakashima was sourced to “committee officials and security experts who responded to the breach”—i.e., CrowdStrike, the security firm hired by the DNC—that attribution dropped out of the headline, presenting Russian government culpability as an unquestioned fact. This framing was echoed by dozens of media outlets who picked up on the story and uncritically presented Russian guilt in their headlines without qualification:
- Russian Government Hackers Broke Into DNC Servers, Stole Trump Oppo (Politico, 6/14/16)
- Russia Hacked DNC Network, Accessed Trump Research (MSNBC, 6/14/16)
- Russians Steal Research on Trump in Hack of US Democratic Party (Reuters, 6/14/16)
- Russian Government-Affiliated Hackers Breach DNC, Take Research on Donald Trump (Fox, 6/14/16)
- Russia Hacks Democratic National Committee, Trump Info Compromised (USA Today, 6/14/16)
- Russian government hackers steal DNC files on Donald Trump (The Guardian, 6/14/16)
- Russians Hacked DNC Computers to Steal Opposition Research on Trump (Talking Points Memo, 6/14/16)
- Russian Spies Hacked Into the DNC’s Donald Trump Files (Slate, 6/14/16)
- What Russia’s DNC Hack Tells Us About Hillary Clinton’s Private Email Server (Forbes, 6/15/16)
Then something strange happened. Wednesday afternoon, a person or persons using the name “Gufficer 2.0” (referencing a hacker who infamously got into the Bush family emails) published online what appears to be detailed information derived from the hack. In the post, Gufficer 2.0 claimed the hack wasn’t nearly as sophisticated as CrowdStrike claimed, and wasn’t the work of hackers working for Russian intelligence.
While it’s definitely conceivable that Gufficer 2.0 could turn out to be a front for Russian intelligence, as CrowdStrike alleges, it certainly raises doubts as to the airtight case against Russia. Tech website Vocativ (6/16/16) concluded with a note of skepticism from Jeffrey Carr, CEO of a competing cybersecurity firm, who observed that while “it’s not unusual for any intelligence service to cover its tracks,”
I’m skeptical almost all the time when it comes to attribution…. I think the entire historical assignment of [government-affiliated] actors…was just wrong. That they were never part of an intelligence service or military service in the Russian government, that they were always independent hackers, and we don’t really know who they are.
In the wake of the Gufficer 2.0 development, some media outlets began to hedge their bets. Notice the shift in framing from Wired’s Andy Greenberg:
Russia’s Breach of the DNC Is About More Than Trump’s Dirt (6/14/16)
Thirty-six hours later — after the Guccifer revelation:
A Chaotic Whodunnit Follows the DNC’s Trump Research Hack (6/15/16)
They were 100 percent certain the hack was Russian, and now it’s a “Whodunnit”? International Business Times also shifted from a “Russia did it” to a “it’s a mystery” framing:
- Russian Hackers Infiltrated Democratic Party Computers to Steal Research on Donald Trump (6/14/16)
- DNC Hack: Security Firm CrowdStrike Stands by Research as Russia Strongly Denies Involvement (6/16/16)
Suddenly things aren’t so certain. Which is good—journalists should update stories as they evolve—but this raises an essential question: Why was everyone so willing and ready to take CrowdStrike’s word for it, without an ounce of skepticism, in the first place?
From the initial report, there were some red flags. Dmitri Alperovitch—CTO, co-founder and spokesperson for CrowdStrike—isn’t without a flair for the dramatic. In the Washington Post article, Alperovitch made a startlingly hyperbolic claim:
Russia has always been a formidable foe in cyberspace, but in the past two years, “there’s been a thousand-fold increase in its espionage campaign against the West,” said Alperovitch, who is also a senior fellow at the Atlantic Council. “They feel under siege.”
Russian espionage against “the West” has increased 100,000 percent? That would certainly add urgency to the Russian menace. A request by FAIR to the Washington Post to explain how they verified this figure remains unanswered.
The Post also did not respond to inquires by FAIR on how or whether they attempted to independently verify CrowdStrike’s claims of Russian intelligence’s culpability.
CSO Online (6/15/16), a straightforward cybersecurity blog, noted in its recap of the back and forth that “overall, the Washington Post story actually read more like a promotion for CrowdStrike’s incident response offerings than actual security news.”
Alperovitch, as the Post notes, also works for the Atlantic Council—a reliably anti-Putin think tank that publishes articles such as “Two Cheers for Cold War!” and policy papers like “Distract Deceive Destroy: Putin at War in Syria” and Hiding in Plain Sight: Putin’s War in Ukraine.” The Atlantic Council is funded by the US State Department, other NATO governments (Norway, Sweden, Finland, NATO itself) and a consortium of Western corporations (Qualcomm, Coca-Cola, The Blackstone Group), including weapons manufacturers (Lockheed Martin, Raytheon, Northrop Grumman) and oil companies (ExxonMobil, Shell, Chevron, BP).
CrowdStrike currently has a $150,000 / year, no-bid contract with the FBI for “systems analysis.”
In January 2014 (back when, according to Alperovitch, Russian espionage was 0.1 percent as intense as it is today), CrowdStrike again was the sole accuser of Russian cyberattacks. Just as in the DNC case, the Washington Post’s Nakashima was on it–although in the earlier report, the qualifications made it into the headline: “Researchers Say They See Russian Hackers’ Hands in Cyber Espionage Against Western Energy Interests.”
The story was also reported in Reuters (1/22/14), Mashable (1/22/14) and several others. According to the Post, Alperovitch “did not have definitive proof” to implicate Russia. It seems the standards for “definitive proof” have weakened since then.
As NATO and Russian tensions build to Cold War levels, wouldn’t it be prudent for editors, at the very least, to throw in an “allegedly” or two? Instead, what we have is lockstep condemnation from a press eager to demonize the Russian menace. Just because those in power are preparing for a “new Cold War” doesn’t mean the media need to play along.
Adam Johnson is a contributing analyst for FAIR.org. Follow him on Twitter at @AdamJohnsonNYC.