Who is right? And how should the nation handle this leak and potential foreign interference at a critical time?
A close look at the evidence shows that neither Biden nor Trump have the facts on their side for now. Take a step back, and the Russian interference of 2016 holds valuable lessons on what to do and what not to do in 2020: We must treat the Hunter Biden leaks as if they were a foreign intelligence operation — even if they probably aren’t.
On April 12, 2019, a man at the end of his 40s allegedly walked across a parking lot in Wilmington, Del., just south of Conaty Park. He carried three water-damaged MacBooks with him as he entered the Mac Shop, a small repair store for Apple computers in a threadbare red-brick building. The shop’s owner, John Paul MacIsaac, looked at the machines and kept one for data recovery, according to a long, rambling interview with MacIsaac.
MacIsaac reportedly asked the customer for his name. First name, “Hunter.” Second name, after a pause, “Biden.” MacIsaac then asked the man for his phone number. The man provided Hunter Biden’s actual AT&T cellphone number and email address. MacIsaac wrote him a quote for $85 for data recovery services. The man left, and never returned to retrieve the machine or pay for the requested services. Less than two weeks later, Joe Biden would announce his run for the presidency.
MacIsaac, a self-described “military guy” and an ardent Trump supporter, had noticed a Beau Biden Foundation sticker covering the Apple logo on the laptop. He became suspicious. When he started recovering the data, MacIsaac noticed that the desktop was cluttered with files, including “disturbing” items. He notified the FBI, and passed a copy of the files on to trusted political contacts. Soon a hard drive was in the hands of Rudolph W. Giuliani, the president’s lawyer and surrogate. MacIsaac later said he “can’t be 100 percent sure” the customer that day was actually Hunter Biden.
Then, on Oct. 14, files purportedly from the mysterious laptop spilled into public view in the New York Post. My Signal messaging app immediately lit up with keen observers suspecting that this was finally it: the long-expected Russian hack-and-leak operation, a rerun of 2016, surfaced via a computer repair shop and the Post, in lieu of Guccifer 2.0 and WikiLeaks.
But the Hunter Biden leaks so far offer sharp contrasts to the infamous events of 2016.
First, in 2016, we had meaningful forensics artifacts on day one to show traces of the hack — in 2020, we have no such meaningful evidence. The cybersecurity research community immediately knew, with a good degree of confidence, what was going on in 2016, literally on the day the Democratic National Committee hack, and then the first leaks resulting from it, became public. The Biden leaks are starkly different: We have no malware samples or infrastructure forensics from a hack, and it is unclear whether the laptop, which is not available to researchers, even contains productive metadata or forensic indicators from the leaks.
Second, in 2016, disinformation was a surprise — in 2020, it was expected. Most journalists and media organizations reporting on the Hunter Biden leak initially focused on the disinformation, not the content of the leaked files. It helped, for sure, that the contents were not nearly as scandalous and revealing as initially — and falsely — reported. Social media companies were also ready: Facebook and Twitter had cooperated in several instances with the FBI to take down smaller disinformation campaigns already this year, and were expecting more to come. The social media companies immediately demoted or entirely prevented the Post story from being shared on their platforms.
Third, covert Russian operators also learned their lessons from 2016: They improved their operational security (with the exception of some GRU units) and made their work more stealthy. Russian intelligence agencies continued to operate aggressively at a high tempo since 2016, including a partly successful attempt to interfere, via hack-and-leak, in the French presidential elections of 2017 and almost certainly in the United Kingdom in 2019. On the day of the second debate, the FBI warned generically of ongoing and partly successful “Russian state-sponsored” advanced intrusion activity against various U.S. state, local, territorial and tribal government networks, although no breach of election-related information or systems has been confirmed.
The tactical targets for a potential influence operation against the United States in 2020 were even softer than they were in 2016. Giuliani had been actively searching for dirt on Hunter Biden on trips to Ukraine, practically advertising his willingness to become a useful idiot on unknown terrain, exposed to some of the world’s most aggressive and sophisticated intelligence services. Giuliani’s sloppy phone habits and his questionable behavior on the set of the new “Borat” film only demonstrate how soft an intelligence target he makes. During a trip to Ukraine in December 2019, Giuliani indeed interacted with individuals tied to Russian intelligence, and U.S. counterintelligence officials subsequently warned the White House that “America’s mayor” was at risk of becoming a conduit for Russian misinformation, as The Washington Post reported last week.
Moreover, the Trump campaign had long signaled that it was receptive to receiving hacked materials, whatever the sourcing. But Hunter Biden was a soft target, too: regularly traveling in Ukraine for meetings, with personal financial interests at stake, and a history of substance abuse. Allegedly explicit photos and communications purportedly from Hunter Biden were circulating in Ukraine, for sale, as Giuliani was digging for dirt there, Time reported Wednesday. Mere hours before the debate Thursday, one inadvertently revealing text-message surfaced via a Fox News contributor: a picture of a phone displaying a text, allegedly sent by Hunter Biden to an associate, taken while that phone was logged into a Russian cellphone network, MTS RUS. That photo was extremely unlikely to have come from Biden’s allegedly water-damaged laptop in Delaware.
Finally, the FBI and U.S. intelligence also learned their lessons from 2016 and James B. Comey’s errors: Don’t get both hands into the political meat-grinder weeks before a general election. The exception, in 2020, was Director of National Intelligence John Ratcliffe, who claimed Oct. 19 that “Hunter Biden’s laptop is not part of some Russian disinformation campaign.” The next day, the FBI, in a carefully worded letter, said it had “nothing to add at this time” to Ratcliffe’s statement, and hinted that actionable intelligence might still be developed. Although U.S. spies have improved their visibility into Russian operations, it is highly unlikely we would learn the full story before the election.
Meanwhile, more than 50 former U.S. intelligence officials signed a letter stating that the New York Post story “has all the classic earmarks of a Russian information operation.” The list of ex-intelligence officials included several directors and deputy directors of the CIA and the National Security Agency, as well as working-level officers. The group, however, added that “we do not have evidence of Russian involvement.” Biden referred to that letter in the debate exchange.
Indeed, there are good reasons to be skeptical of the theory that the laptop is a foreign plot. If a competent Russian intelligence agency went to the length of procuring hacked material, blending it with forgeries, perhaps researching a suitable surfacing locale and setup in Wilmington and surfacing the package in a human intelligence operation that required careful planning — then it’s highly likely that agency would have found, or more likely forged, files that would have actual political impact, instead of the unremarkable material revealed in the Post so far.
Nevertheless, in the likely continued absence of certainty either way, the Biden leaks deserve the full potential-disinformation treatment. This means three concrete things.
First, every individual little fact — every email, every text, every photo — must be independently verified when data is surfaced in such a suspicious way, not just one piece of information. Genuine photos, for example, could be there simply to add credibility to forged emails surfaced along with the photos — shielding a few forgeries with genuine content would be a time-tested active measures tactic.
Second, the absence of a denial by the Biden campaign or Hunter himself should not be treated as a tacit admission of authenticity. Mixing facts with forgeries has another time-tested effect: It sets a trap for the victim. If Hunter or the Biden campaign started selectively denying pieces of the reporting ostensibly from the laptop, they would give oxygen to the operation, extend its life-cycle and get entangled in a losing battle about discussing what’s fact and what’s not. Verifying large amounts of leaked files, the Democrats learned in 2016, is also hard and labor-intensive.
Finally, and hardest of all, we must resist the temptation to jump to premature conclusions on “a Russian plant” without good evidence — “classic earmarks” are not nearly enough. The Mac Shop story, and even the files, could still be genuine, no matter how unusual the setup sounds. Worse, even if a foreign intelligence service had a role in the strange saga of the Biden leaks — a scenario that remains as likely as not — then the critical enablers at several steps along the way were prominent Americans who decided to act irresponsibly, again and again, by putting party above country — and after four years of publicly discussing useful idiocy, they could no longer be unwitting.
If we continue to ascribe too much power and influence to shadowy foreign spies, downplay our own agency and blame our domestic political problems on outside interference, then we are not only behaving like the old-school Soviet active measures playbook wants us to behave — worse, we’re becoming a little more like Russia ourselves.