Technology

There is still no proof that Putin hacked the US election

Russian meddling is plausible, and even likely, but where's the smoking gun?

January 12, 2017
Did President-Elect Donald Trump benefit from Russian hacking? It's probable—but not certain ©Van Tine Dennis/ABACA/ABACA/PA Images
Did President-Elect Donald Trump benefit from Russian hacking? It's probable—but not certain ©Van Tine Dennis/ABACA/ABACA/PA Images
So, it’s official. Russia helped Donald Trump win the American presidential election by hacking into Democratic Party computers, stealing emails and feeding them to media outlets such as Wikileaks, according to a report released last Friday by the US intelligence community. What is more, this was all directed by Vladimir Putin himself.

"We assess with high confidence,” the report states, “that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election, the consistent goals of which were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency."

Previous reports had reached similar conclusions, and this new document surely buries any doubts about Russia’s involvement.

Or does it? The report is short—a mere 25 pages. And it is remarkably light on detail. Soon after the document came out, a horde of journalists took to Twitter in protest. Newsnight’s Ian Katz, for example, said it was “very low on evidence.” Politico reporter Eric Geller called the report “very thin,” while, for NBC’s Bill Neely, it contained “no open proof.”

Even staunch critics of the Putin regime expressed their doubts. Julia Ioffe of the Atlantic tweeted, “It’s hard to tell if the thinness of the #hacking report is because the proof is qualified, or because the proof doesn’t exist.” For Michael Weiss of the Daily Beast, it was “underwhelming.” And, for Stephen Hayes of Fox and the Weekly Standard, “little more than a collection of assertions.”

Worse, this is now the second dud official report about hacking in under a month. In December the FBI and Department of Homeland Security produced another much-derided document giving a long list of suspicious IP addresses supposedly associated with Russian hacking. But experts studied the addresses, and found that many of them are not specifically tied to Russia, while almost half might not be related to hackers at all. The report even led to a false alarm that Russian hackers hit Vermont’s power grid.

True, CrowdStrike and other cyber security firms have analysed the data and reached similar conclusions as the US government. They based their findings on the fact that the two groups of hackers involved appear to use Russian and operate within Russian office hours, among other things. They claimed that Russian intelligence was behind these attacks, but offered no evidence of a Kremlin conspiracy. You would really need the FBI or a spy service to prove that.

And, as Friday’s intelligence report shows, such proof is still lacking. Let us be charitable and assume that the American spooks have more information about Russian government culpability than they are able to disclose. Even Trump himself, who has received a classified briefing on the material, yesterday conceded "I think it was Russia." Of course the spies cannot publicly reveal too much data without compromising sources and methods. That is understandable, and even desirable. But surely they could provide a bit more public evidence to support the strong claims made in their report? This is a very slender basis on which to stoke tensions with a major nuclear-armed state.

Indeed, the US government has at times provided far more detail about foreign hacking than we have here. In 2014 and 2016 respectively the Department of Justice indicted two sets of hackers one Chinese, the other Iranian. You can read both indictments online, and they give the identities of the villains, explain their involvement and provide granular narratives of what happened. We need comparable evidence for Kremlin meddling in the election, if there is to be anything like a smoking gun.

In all fairness, those indictments took time to produce, while the recent documents were rushed out (presumably before Trump takes office). It can be very difficult to pin down the culprits of cyberattacks, and often the best one can do is make an educated guess.

Maybe more evidence is forthcoming. Putin certainly had motive to intervene in Trump’s favour. The president-elect had promised repeatedly to improve relations with Moscow. Clinton, by contrast, seemed willing to risk war with Russia over Syria.

Furthermore, there is now a pattern of anti-western cyberattacks associated with these hackers. For instance, they seemingly attacked the website Bellingcat, which has been critical of Russia, along with French TV, in 2015. Then there was a suspicious attack on the Ukrainian power grid later that year. These hacks employed similar tools and infrastructure, and can safely be attributed to the same groups that broke into the Democratic Party, experts say.

But, though this might make Russian state meddling plausible, and even likely, we still lack definitive proof. And there are reasons to be sceptical of the official line. Craig Murray, a former British ambassador and friend of Julian Assange, claims he met the actual leaker, who he says is not Russian. Assange has also denied that his source is a state party, although it is not clear how he knows that given the Wikileaks submission system is supposed to guarantee anonymity.

Moreover, in 2016 Germany accused Russia of hacking the Bundestag, extracting embarrassing data, and giving it to Wikileaks (sounds familiar, right?). The domestic German security agency, the BfV, issued a report assuming—not proving—that the Russian government was responsible. But, according to Der Spiegel, the source for that data was actually an individual in the German parliament. The bottom line is: we don’t really know.

And let’s remember that Trump and the US intelligence community are daggers drawn at the moment, with the president-elect vowing to reform the CIA and even scrap the Office of the Director of National Intelligence (which released last Friday’s report). Those agencies have a clear motive to undermine him and we should be wary of bias. This is especially true given the weakness of last week’s report, much of which consists of old, open-source information about Russia Today and its well-known ties to the Kremlin.

It is also important to bear in mind that cyber attacks can be wrongly attributed. Earlier this year the Bangladesh Central Bank was hacked and money stolen. Initially North Korea was blamed, but the evidence now points elsewhere. So we should be cautious before fingering Russia for the US election hack. Maybe a congressional probe could give us the proof we currently lack.