We haven’t seen this kind of hysteria since the darkest days of the cold war: a spy scare that is being utilized by one political party against another in a national election, with charges of disloyalty and even “treason” being hurled by one side against the other. The publication of the Democratic National Committee’s emails by WikiLeaks has caused a storm of spin and counter-spin that threatens to throw the entire election discourse off balance – not that it was all that centered, to begin with – and cause an international incident with perilous consequences for us all.
The media, one and all, have decided that the DNC hack was the work of the Russian government, and the Democrats have taken this one step further and declared that Moscow is pushing the candidacy of Donald Trump due to his oft-stated hope to “get along” with Vladimir Putin. And US government officials have added their voices to this chorus, with the New York Times reporting that unnamed members of the “intelligence community” believe “with high confidence” that the Russian state is behind the hack. Inside Cyber Warfare: ... Best Price: $8.73 Buy New $22.98 (as of 11:25 UTC - Details)
This is impressive, at least in Washington, D.C., where the pronouncements of government officials are taken as holy writ. For the rest of us, however, who remember that this same “intelligence community” declared with certainty that Saddam Hussein had “weapons of mass destruction,” this assertion should be taken with a very large grain of salt. Indeed, one might almost be tempted to write this conclusion off as quite obviously erroneous and self-serving, given the record of the people who are making it.
Indeed, the whole narrative reeks of confirmation bias in the context of what preceded it: a systematic campaign by cold war liberals and Democratic party hacks (or do I repeat myself?) tagging Trump as “Putin’s puppet,” “Putin’s poodle,” not to mention “Putin’s pawn.” Aside from the rhyming scheme, what all these smears have in common is the simple assertion that anyone who doesn’t want to start World War III over who shall rule over the ramshackle mess that is Ukraine, and who questions in any way our commitment to an obsolete and increasingly expensive alliance, is quite obviously a Manchurian candidate controlled by the Kremlin.
So when the DNC hack made headlines, the anti-Trump media – i.e. the entire “mainstream” media – pushed the Kremlin conspiracy narrative hard. But what is the technical evidence for such a charge? As it turns out, it is thin-to-nonexistent.
Instant Access to Current Spot Prices & Interactive Charts
Jeffrey Carr, author of Inside Cyber Warfare, who runs Taia Global, a cybersecurity firm, and founded the “Suits and Spooks” annual cyber-warfare conference, shows that the identification of the hacker groups – dubbed “Cozy Bear” and “Fancy Bear” – as Russian state actors are based on arbitrary definitions that exclude all exculpatory evidence.
Journalists covering the political and foreign policy scene are not usually conversant with the technical details of computer science: and this is a real handicap when dealing with the question of attributing a hacking to a state or nonstate actor. The issues are complex, impossibly nerdy, and go against the popular conception of “science” as identical with precision and even a kind of omniscience. Because, when it comes to attribution in these cases, there is no such thing as certainty. As Carr puts it:
“It’s important to know that the process of attributing an attack by a cyber security company has nothing to do with the scientific method. Claims of attribution aren’t testable or repeatable because the hypothesis is never proven right or wrong.”[amazon text=www.amazon.com&asin=1455568872]
Cyber-security companies like CrowdStrike, which was hired by the DNC to investigate the hack, are in the business of assuring their clients that they can know what isn’t knowable unless a) a hacker is caught in the act, and b) a government employee leaks the truth. It doesn’t help their profit margin to make these facts widely known, and so they hide the inherent subjectivity of attribution behind the mantle of “science.” This is what Carr calls “faith-based attribution,” and plenty of journalists – who are already prone to believe the worst of the Russians (and Trump) – are fooled, or have managed to fool themselves. As Carr writes:
“When looking at professions who use an investigative process to determine a true and accurate answer, the closest profession to the attribution estimate of a cyber intelligence analyst is that of a religious office like a priest or a minister, who simply asks their congregation to believe what they say on faith. The likelihood that a nation state will acknowledge that a cybersecurity company has correctly identified one of their operations is probably slightly less likely than God making an appearance at the venue where a theological debate is underway about whether God exists.”