Wednesday, December 14, 2016


Can I prove that Russians hacked the U.S. election in order to help Donald Trump and harm Hillary Clinton? No, but I can point to stories like the big one posted by The New York Times yesterday, which persuasively gathers together detailed assertions that suggest a clear pattern. This is how it's supposed to work -- the press, when it's doing its job, presents us with a large set of theoretically falsifiable claims. If critics can't disprove them, the story deserves to stand.

The story describes the nature of the controversy, but doesn't get it quite right:
... the Russian attack is increasingly understood across the political spectrum as an ominous historic landmark -- with one notable exception: Mr. Trump has rejected the findings of the intelligence agencies he will soon oversee as “ridiculous,” insisting that the hacker may be American, or Chinese, but that “they have no idea.”
There isn't just one "notable exception" to the view that that this was a serious attack on our democracy by the Russians. It's not just Trump. Much of his base is also skeptical, and it's picking up that skepticism from right-wing media -- see, for instance, Breitbart's post "10 Ways the CIA’s ‘Russian Hacking’ Story is Left-Wing ‘Fake News.’" And the liberal-hating left is also skeptical -- see, for instance, Jeremy Scahill and Jon Schwarz at the Intercept:
The current discourse on this issue is plagued by partisan gibberish -- there is a disturbing trend emerging that dictates that if you don’t believe Russia hacked the election or if you simply demand evidence for this tremendously significant allegation, you must be a Trump apologist or a Soviet agent.
So should we believe the Times story, in the absence of a detailed release of information by the intelligence agencies? Well, here's some of what the Times tells us:
When Special Agent Adrian Hawkins of the Federal Bureau of Investigation called the Democratic National Committee in September 2015 to pass along some troubling news about its computer network, he was transferred, naturally, to the help desk.

His message was brief, if alarming. At least one computer system belonging to the D.N.C. had been compromised by hackers federal investigators had named “the Dukes,” a cyberespionage team linked to the Russian government.

... in an internal memo about his contacts with the F.B.I. [Tameene] added that “the Special Agent told me to look for a specific type of malware dubbed ‘Dukes’ by the U.S. intelligence community and in cybersecurity circles.”

... In November, Special Agent Hawkins called with more ominous news. A D.N.C. computer was “calling home, where home meant Russia,” Mr. Tamene’s memo says, referring to software sending information to Moscow. “SA Hawkins added that the F.B.I. thinks that this calling home behavior could be the result of a state-sponsored attack.”
And after a subsequent hack in April:
The D.N.C. immediately hired CrowdStrike, a cybersecurity firm, to scan its computers, identify the intruders and build a new computer and telephone system from scratch. Within a day, CrowdStrike confirmed that the intrusion had originated in Russia, Mr. Sussmann said.

... CrowdStrike investigators recognized the distinctive handiwork of Cozy Bear and Fancy Bear.

Those are CrowdStrike’s nicknames for the two Russian hacking groups that the firm found at work inside the D.N.C. network. Cozy Bear -- the group also known as the Dukes or A.P.T. 29, for “advanced persistent threat” -- may or may not be associated with the F.S.B., the main successor to the Soviet-era K.G.B., but it is widely believed to be a Russian government operation. It made its first appearance in 2014, said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer.

It was Cozy Bear, CrowdStrike concluded, that first penetrated the D.N.C. in the summer of 2015....

Only in March 2016 did Fancy Bear show up -- first penetrating the computers of the Democratic Congressional Campaign Committee, and then jumping to the D.N.C., investigators believe. Fancy Bear, sometimes called A.P.T. 28 and believed to be directed by the G.R.U., Russia’s military intelligence agency, is an older outfit, tracked by Western investigators for nearly a decade....

Attribution, as the skill of identifying a cyberattacker is known, is more art than science. It is often impossible to name an attacker with absolute certainty. But over time, by accumulating a reference library of hacking techniques and targets, it is possible to spot repeat offenders. Fancy Bear, for instance, has gone after military and political targets in Ukraine and Georgia, and at NATO installations.

That largely rules out cybercriminals and most countries, Mr. Alperovitch said. “There’s no plausible actor that has an interest in all those victims other than Russia,” he said. Another clue: The Russian hacking groups tended to be active during working hours in the Moscow time zone.
Okay, haters: Can you cast doubt on this account? Are the descriptions of Cozy Bear and Fancy Bear plausible? Is there reason to doubt what's said here about their links to the Russian security apparatus? Are there holes in the case for blaming the specific hackers? The Times has enough confidence in this story to publish those details and dare critics to show their work and explain why we shouldn't trust the story.

That's how it's supposed to work. And yes, the system sometimes fails. It failed when the press accepted the notion that Saddam Hussein still had WMDs. But the White House at the time was pressuring the media and the public to accept that story, and the opposition was weak. In this case, the story is backed by the government, but it's an outgoing government, and the incoming one is on the side of the skeptics.

But the way it works now is that a story like this doesn't face challenges on the details so much as it's subjected to a rousing chorus of LA LA LA I CAN'T HEAR YOU, especially from the right -- very much including the new administration.

The Times story is the press is doing its job. But these days we're arguing ideological affinities, not facts. And on that basis, the way to discredit a story is just to say you refuse to believe it. If there are enough of you and you're aggressive enough, you win.


Orthodox said...

The reaction we see to the Times story is wholly indicative of the kind of conspiracy theorist mode of argumentation infecting the mainstream. A huge part of conspiracy argumentation is poking holes in a handful of small details, or questioning why X happened instead of Y (not providing an answer, just asking the question, otherwise known as JAQing off). It's meant to sow doubt, enough to convince the consumer to reject the story and move on to what is considered the next viable option: this story was constructed to deceive me, so what really happened that they don't want me to know? And what kind of agenda is trying to be pushed?

That level of argumentation and analysis is so puerile that virtually every example of post-truth questioning of reality fits into the model. It's stunning how many people fall into this pattern and don't realize it in the slightest.

Xen said...

This is why the US is failing. Too much party and not enough patriots.