The hacking of the DNC emails is one of the central features of the whole Russia collusion mess. In July 2016, Wikileaks released just over 19,000 emails allegedly hacked from the DNC email server. Wikileaks has never confirmed the source but a hacker or group of hackers going by the moniker of Guccifer 2.0 have claimed responsibility. In October 2016, the US intelligence community released this statement:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities
Since that time we’ve engaged in some tit-for-tat expulsion of staff and closing of facilities in which, I’d argue, we have come out distinctly second best and made our cyber-security no stronger in the process.
Now the Wall Street Journal says that indictments may be in the works for a half-dozen Russians because of the hacks:
The Justice Department has identified more than six members of the Russian government involved in hacking the Democratic National Committee’s computers and swiping sensitive information that became public during the 2016 presidential election, according to people familiar with the investigation.
Prosecutors and agents have assembled evidence to charge the Russian officials and could bring a case next year, these people said. Discussions about the case are in the early stages, they said.
If filed, the case would provide the clearest picture yet of the actors behind the DNC intrusion. U.S. intelligence agencies have attributed the attack to Russian intelligence services, but haven’t provided detailed information about how they concluded those services were responsible, or any details about the individuals allegedly involved.
The pinpointing of particular Russian military and intelligence hackers highlights the exhaustive nature of the government’s probe. It also suggests the eagerness of some federal prosecutors and Federal Bureau of Investigation agents to file charges against those responsible, even if the result is naming the alleged perpetrators publicly and making it difficult for them to travel, rather than incarcerating them. Arresting Russian operatives is highly unlikely, people familiar with the probe said.
People familiar with the investigation drew the parallel to the Justice Department’s decision in March to charge two Russian operatives and two others with hacking into Yahoo’s computers starting in 2014 and pilfering information about 500 million accounts, one of the largest data breaches in U.S. history. One of the defendants in the Yahoo case, a Canadian national, was arrested and has pleaded not guilty; the other defendants are believed to be in Russia.
What strikes me about this is the timorous tentativeness of the story. Everything is couched in “if” or “may.” What that tells me is that this is more likely than not nothing. Why?
Contrary to the article’s assertion of a parallel to the Yahoo case, the people this article strongly implies might be indicted are actual members of the Russian FSB/SVR/GRU apparatus or the political policy makers that direct the hackers employed by those services. An indictment there would virtually guarantee a Russian “indictment” and “arrest” of US government officials. Keep in mind, we booted 35 Russian diplomats over their alleged meddling in the US election. Putin expelled 755 US embassy personnel and staff from other agencies.
The sources needed to prove Russian connection to the hack and to Wikileaks will be based on signals intelligence and that intelligence will be highly classified. The government may decide it is worth it to divulge to the world how we track hackers, but I doubt it. In particular, the NSA would be exposed to discovery claims lodged by Russian intelligence. Color me skeptical that the Intelligence Community is going to sign onto this proposition.
Finally, from what we’ve been told there is zero forensic evidence. Neither the FBI nor the CIA nor DHS examined the DNC servers. The investigation was done by a Democrat-centric firm, Crowdstrike. It is the contention of Crowdstrike that Russians hacked the server. That assertion, however, has not been received with hosannas of praise from the cybersecurity community. The fact that all investigatory work has been totally reliant on the work done by a third-party commercial vendor, and the quality of that work widely questioned, it is hard to see where the government is going to get the evidence that a hack even took place.
On the whole, I’m very skeptical that this report is anything near an actual representation of the state of play in any investigation concerning the DNC server. The political risk of indicting serving intelligence officers is all out of proportion to any possible gain. The forensic evidence to sustain a conviction is non-existent, thanks to then-FBI Director James Comey letting the Clinton campaign and its subsidiary, the DNC, refuse to cooperate. And finally, it is highly unlikely that the NSA will release details of signals intelligence for this venture.