Speaking at a news conference in Warsaw on Thursday, President Trump again cast doubt on the U.S. intelligence community’s assessment that the Russian government tried to intervene in the 2016 presidential election by stealing private files and trying to disrupt voting systems.
“I think it was Russia,” Trump said, “but I think it was probably other people and/or countries, and I see nothing wrong with that statement. Nobody really knows. Nobody really knows for sure.”
There’s a lot packed into that statement: a cursory acceptance of the consensus view that Russia was involved, a shadow of doubt overlaid with the idea that Russia didn’t act alone, and a blanket shrug at the idea that the truth was really knowable. All of this, of course, comes alongside Trump’s repeated dismissal of investigations into what really happened last year as “witch hunts” — because they include a look at how allies of his may have helped the Russians to succeed.
Trump’s attempt to soften the accusation against Russia — whatever the motivation — is helped by the fact that the government agencies involved in the probes relied largely on classified information to find the Russians culpable of meddling. With that in mind, we’ve cobbled together the publicly available information to demonstrate why a layperson might have reasonable confidence that Russia was behind the election hacks — even if Trump, with access to a fuller set of information, does not concur.
The Democratic National Committee hack
In June 2016, The Washington Post reported that the Democratic National Committee’s computer network had been hacked, allowing access to email and chat transcripts, as well as files detailing research on GOP presidential candidate Donald Trump.
This was reported about a month before the hacked files were released, shortly before the Democratic convention began. As The Post reported at the time, the likely culprits had already been identified as Russian — not by the government but by an outside firm called CrowdStrike.
The firm identified two separate hacker groups, both working for the Russian government, that had infiltrated the network, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer. The firm had analyzed other breaches by both groups over the past two years.
One group, which CrowdStrike had dubbed Cozy Bear, had gained access last summer and was monitoring the DNC’s email and chat communications, Alperovitch said.
The other, which the firm had named Fancy Bear, broke into the network in late April and targeted the opposition research files. It was this breach that set off the alarm. The hackers stole two files, Henry said. And they had access to the computers of the entire research staff — an average of about several dozen on any given day.
That report was bolstered by other evidence. As the blog Motherboard reported, the additional evidence pointing to Russia includes:
- Analysis of DNC log files by two CrowdStrike competitors that reached the same conclusion based on the reuse of tools known to be linked to Russian hackers.
- The registration of a domain intended to trick DNC employees that pointed back to an Internet address that had been used in previous hacks.
- The accidental inclusion of Russian-language metadata in some of the leaked files, as well as some error messages that were printed in Russian. In later releases of the same files, those messages were removed.
- The fact that the leaker of the DNC documents, Guccifer 2.0, claimed to be Romanian but didn’t speak that language.
The October statement
About a month before the U.S. election, the Office of the Director of National Intelligence and the Department of Homeland Security issued an unusual public statement.
“The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of emails from US persons and institutions, including from US political organizations,” the statement read. “The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process.”
This is important for a simple reason: The president’s assertion that the focus of the investigation was meant to undermine his electoral victory is clearly incorrect, given the timing of this document. What’s more, the statement’s attribution is direct: The hacks bear the fingerprints of Russia.
The government analysis
In late December, the FBI and the National Cybersecurity and Communications Integration Center released a declassified overview — a joint analysis — of their evidence linking Russia to the hacks of the DNC.
“The U.S. Government confirms that two different actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29 entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016,” the report read.
The evidence presented was light on details but centered on the tools and methods used by the hackers. The hackers sent “spearphishing” emails meant to trick the recipients into surrendering their passwords, which apparently was successful.
The FBI/NCCIC report did not address the hack of Clinton campaign chairman Jon Podesta, but the methodology used in that case was the same. The firm SecureWorks tracked the shortened URL sent to Podesta to lure him into giving up his password and discovered that similar URLs were sent by the same user to more than 5,000 Google accounts largely in Russia but also to government and military targets, including in the United States and at NATO.
The report on Russian influence efforts
In January, after news reports on the intelligence community’s analysis of the Russian interference emerged, the DNI released a declassified version of its broad assessment of Russia’s role.
“[W]hile the conclusions in the report are all reflected in the classified assessment,” it said, by way of explaining its general lack of specifics, “the declassified report does not and cannot include the full supporting information, including specific intelligence and sources and methods.”
The key assessment, held with high confidence by the CIA, FBI and National Security Agency?
We assess Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election. Russia’s goals were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. We further assess Putin and the Russian Government developed a clear preference for President-elect Trump.
Much of the publicly available report focused on how Russian media tried to influence the election’s outcome. “Moscow’s influence campaign followed a Russian messaging strategy that blends covert intelligence operations — such as cyber activity — with overt efforts by Russian Government agencies, state-funded media, third-party intermediaries, and paid social media users or ‘trolls,'” it read.
The report mentions briefly that state elections systems were also targeted by the Russians, a point also made in the October report.
The leaked NSA report
In June, the Intercept published a document leaked to them from an employee of the NSA that provided classified analysis of those voting system intrusions.
“Russian military intelligence executed a cyberattack on at least one U.S. voting software supplier and sent spear-phishing emails to more than 100 local election officials just days before last November’s presidential election,” the Intercept’s report said, detailing the NSA’s analysis supporting that claim. It noted, though, that the analysis represents only one point of evidence to the charges it presents and that the document does not include the raw intelligence supporting the claims. That said, it comports with what was released publicly by the intelligence agencies.
The Intercept was initially skeptical of Russia’s involvement in the hacking attempts, based on the generally light evidence presented by the U.S. government. Trump, however, seems to be arguing the opposite — that, with access to far more evidence, he still maintains some doubt. What evidence that might be is not clear, assuming it exists.
Publicly, the intelligence agencies under his command paint a much simpler picture: It was Russia.