16 May 2017

Election Hacking: A False Russian Flag in France?

George Beebe


In the murky world of cyber operations, where there is smoke, there are often mirrors. And in the reports about alleged Russian hacking in the recent French presidential elections, there seems to be an abundance of both. Many have been quick to blame Moscow once again for cyber meddling; some have raised caution flags about attribution, pointing to anomalies in the evidence. The publicly available information on the operation provides no clear answers, highlighting the importance of careful investigation before drawing conclusions about any of a long list of possible suspects.

The general storyline of the French intrusions is becoming a familiar one. In the run up to last Sunday’s French elections, reports appeared in United States and European media alleging that Russian government hackers were attempting to target France and other European democracies, just as they had interfered in the U.S. election. Then, on the Friday before the vote, thousands of private emails from the En Marche! party of presidential candidate Emmanuel Macron were released anonymously to the web. Within hours, the party issued a statement blaming the leak on hackers hoping to disrupt France’s elections, adding that the files included a number of unspecified forgeries. Numerous media analyses quickly followed, suggesting that the operation was yet another in a series of high-profile Russian hacks that had targeted campaigns in the United States and Europe.

Examination of the case, however, uncovers troubling questions. Why, for instance, were the hackers so careless in leaving clues about their identity? According to a report in Wired, several of the leaked files included Cyrillic-character metadata, suggesting the involvement of a computer with Russian-language settings. Moreover, the metadata showed that nine files were modified by a user named Roshka Georgiy Petrovich, supposedly an employee of the Russian intelligence contractor Eureka. Such sloppiness is uncharacteristic of Russian government cyber operations, which have long had a reputation for stealth and technical excellence.

Moreover, leaving such obvious clues is particularly puzzling in light of the near hysteria that has surrounded Russia and its cyber operations following the accusations of meddling in the U.S. elections. Moscow is acutely aware that its behaviors are under the microscope in the United States and Europe, and it understands that its ability to strike deals with Washington, DC and key NATO players on critical security issues has been badly compromised by the suspicions surrounding the election hacks. And the extensive public discussion of the attacks on the Democratic National Committee has certainly highlighted for the Russians the kinds of forensic clues investigators look for in cyber attribution, if they were not already aware. Why then would Moscow risk reinforcing suspicions through an amateurish operation against a candidate with a seemingly insurmountable twenty-point lead in the polls on the eve of the election?

One’s answer to that question depends to a great degree on one’s beliefs about Russia’s broader objectives in the West. Many are convinced that Moscow sees democracy itself as an ideological opponent and that Russian goals are nothing less than to undermine the liberal international order. Anything that disrupts democratic processes, even if only psychologically, advances Russia’s interests. In pursuing such objectives, it didn’t matter that the hacks had little hope of helping the electoral prospects of Moscow’s preferred candidate, Marine Le Pen, and it was actually advantageous to leave behind clues pointing to Russia. The goal, as former FBI Director James Comey testified about the U.S. election hacks, was simply to “freak us out” over Russia’s interference.

Those who view Russia’s goals in the West through the prism of national interests find such logic unpersuasive. From their perspective, Moscow indeed regards the United States and NATO as its chief military threats and its most challenging international competitors, but it also recognizes the danger that a direct confrontation could spiral into nuclear war, realizes that its economy is deeply dependent on trade with the West, and doubts its ability to cope with critical security threats without some element of dialogue with the United States.

In the aftermath of the U.S. election intrusions, Russian diplomats and foreign-policy experts have with few exceptions lamented—not celebrated—the damage to Russia’s relations with the West that ensued. In this context, it would make little sense to pile onto the damage with yet another cyber attack almost certain to be discovered and very unlikely to affect the election outcome.

By contrast, it is not a challenge to compile a list of countries and non-state actors whose interests would be served by stoking tensions between Russia and the West. Misdirection is a fairly simple task for sophisticated cyber operators, who can spoof identifies, mask their locations, borrow or steal malware developed by others, mimic techniques and leave a variety of forensic clues meant to cast suspicion on third parties. In the case of the Macron hacks, the striking abundance of clues pointing to Russia, the paucity of rational motives that might drive Moscow’s sponsorship, and the list of plausible alternative suspects impel consideration of the false-flag explanation.

The most effective disinformation campaigns push on open doors. False data that reinforces pre-existing beliefs is more likely to resonate with target audiences than is valid information that challenges prejudices and questions cherished notions. When it comes to perceptions of Russia, one of the doors most prone to entry these days is the notion that Moscow is brazenly intent on destabilizing Western democracies through sophisticated cyber operations. We should be cautious in scrutinizing the evidence pushing on this door.

George Beebe is the president of BehaviorMatrix LLC, a text-analytics company. He is a senior fellow for intelligence and national security at the Center for the National Interest. He formerly served as chief of Russia analysis at the CIA, and as special advisor to Vice President Cheney on Russia and the former Soviet Union.

No comments: