UPDATE: Russian Interference in the U.S. Election

statement and it was a pretty stunning announcement. Barely two and a half months after a cyber attack was revealed on the Democratic National Committee, the Obama administration laid the blame at the feet of Russia's President Vladimir Putin with a strongly the US government publicly blaming a foreign country for attacking a U S entity. That's an incredibly rare thing. I was surprised when I saw this statement come out, even though it's something that the private cybersecurity experts have

been talking about for a while. Uh, the government formally blaming a foreign entities only happened a handful of times, and specifically here, the US was accusing Russia of hacking the Democratic Party right as voters prepared to go to the polls on November eight. It's a scary prospect. Could hackers tamper with or even obliterate our votes. So here's my question. We are so close now to election day, and you can tell because that's really all you see on TV right now. So how do we know for

sure what we think we know about these hacks? This is a perpetual problem in cybersecurity, and it reminds me of the famous New Yorker cartoon that goes on the internet. Nobody knows you're a dog, But when you're investigating a cybersecurity breach, uh, nobody knows whether you're a Russian hacker or a Chinese hacker pretending to be a Russian hacker, or even a US hacker pretending to be a Chinese

hacker pretending to be a Russian hacker. Or, as Donald Trump put it so delicately, I don't think anybody knows it was Russia that broke into the d n C. She's saying Russia, Russia, Russia, but I don't know. Maybe it was. I mean, it could be Russia, but it could also be China, could also be lots of other people. It also could be somebody sitting on their bed that weighs four hundred pounds, Okay, And how is the US or anyone else for that matter, so certain that the

Russians are trying to hijack our elections? What should an ordinary voter do? And should we even care? Hi, am Akito, and I'm George Robertson, and this week on Decrypted, we're going to take you inside the hunt for the people who have the Democratic National Committee. It's a sort of tale of how two of the world's great superpowers have found themselves locked in an escalating information war just weeks before millions of Americans go to the polls, and the

stakes they really couldn't be any higher. Not only is this the most divisive election we've seen in recent memory, with Hillary Clinton and Donald Trump advocating for completely print visions of America, but also hanging in the balance is the democratic process itself. What happens to a country's sovereignty in the age of the Internet. Our story today starts in April when the I T staff at the Democratic National Committee noticed something a little weird going on in

their network. For our non American listeners, this is the official organization behind the Democratic Party, the d n C, and the i T staff there, they escalated their concerns to their executives and a cyber security firm called CrowdStrike was called in to investigate. So CrowdStrike is one of a small group of digital forensics firms that really all they do is investigate data breaches. And they went in.

They installed sophtware in the DNC servers, essentially allowing them to spy on the spies, and it didn't take them long to pin the attacks on two groups of hackers associated with the Russian government. They called these groups Cozy Bear and Fancy Bear. Cozy Bear and Fancy Bear. Is this some kind of industry inside joke? Yeah, the hypersecurity industry has a lot of kind of goofy, funny names

for groups. They're thematic, often associated with a region. Uh. Some others are called deep Panda and things like that. I love that. Then CrowdStrike closed all the security holes that had allowed the attackers to breach the DNC servers, and so the hackers wouldn't be able to read the staff emails anymore. Now, normally you don't really disclose this

kind of thing unless you absolutely have to. It's certainly embarrassing for the d n C, especially when, as we learned later, they were warned about their networks vulnerabilities and ended up ignoring those early warnings. But the DNC may have had a hint that some of this information was about to be leaked on the internet, so they dropped this bomb show. But first, the Democratic National Committee said

today Russian government hackers have penetrated its computer network. Breaches by two separate groups allowed hackers to access emails, internal chats, and the opposition Research Democrats have compiled unpresumptive Republican nominee Donald Trump. That's PPS News Hour reporting the hack on June four, the day this all became public, and it hit the US political system like a bolt of lightning. People were furious, how dare Russia try to mess with

America that type of thing. And then one day after the DNC announcement, someone or a group of people who go by the name Goose Offer too Dato came out in a blog post and basically laughed in the d n c's face. This person was like, no, you idiots, I am the lone hacker that infiltrated the d n C. And this had nothing to do with the Russians and Goosefer too. Dato released a bunch of documents that he claimed he had stolen from the d n C as evidence that he was behind it, and from there it

was chaos. Was it the Russians with some lunar kid who had too much time on his hands, And that's when crowd Strike called in this guy for help. My name is Mike Burtaski. I'm the senior vice president of cybersecurity Services at Fidela Cybersecurity here in Maryland. I lead a incident response team of about thirty individuals and we've handled some of the largest breaches that have have occurred

over the past decade or so. So I've known Mike for several years now, and he's a really interesting guy. Used to be a cop with the Montgomery County Police Department in Maryland, and he looks like at X cop. He's got the short cropped haircut, solidly built guy at very friendly and uh, you know, very genial. Even before his time in the private sector, he had this long

experience of tracking down criminals. Mike's now an incident responder in cybersecurity speak, that means he flies out at the drop of a hat two companies that believe they've been breached, and he helps investigate and fix their networks. So like the computer nerd version of c s I or Law and Order right, and Mike and Fideli's his job was too independently VERI by the group of people who attack the DNC, and this cybersecurity version of the who done

it investigation. It's called attribution in the industry, and CrowdStrike had asked Fidelis and to other firms to check their work. So so we had, um, you know, we got five pieces of mal where we had a team of four reverse engineers. That's all they do is reverse engineering, so we had them bang on it. Jordan, I think we

should explain this to our listeners. Sure, So CrowdStrike sent Mike's team five files of the computer code that was on the DNC servers and was responsible for stealing information from the emails. And the job of Fidelis and these two other firms was to look at this code in what's called a virtual environment, like a parallel universe. Right, It's a simulated computer system where the code can't do

any damage on the real servers. Hackers used all kinds of tricks to prevent their malware from even opening in that kind of hall of mirrors. So a key job of an investigator is decoding all of those techniques to

see how the attack code actually behaves. Okay, and then Mike's team they compared that behavior to documented quode in the past that was linked to the two hacker groups associated with the Russian government and crowd Strait called these two groups Cozy Bear and Fancy Bear, and the clues surface immediately. You know, really there were a couple of things that that we looked at, So you look at the complexity of of what the malware was able to do.

The fact that it had the ability to m basically terminate itself and wipe its its tracks, hide its tracks. You know, that's not stuff you see in commoditized malware. Really, it kills itself. It kills itself. Yeah, And actually one of the functions within the one of the pieces of malware, UM had had a terminology for essentially Harry Carey UM

to kill itself. So this automatic suicide switch, this is something that's incredibly sophisticated, right, I mean, this is one of the reason that Fidelist and CrowdStrike and the other forensics researchers were so taken aback by this malware. You know, there's a there's a black market for pre built malware on the Internet that even somebody like me can piece together,

so like malware can be like legos. But this feature of killing yourself to avoid getting detected, that's really complicated stuff. And that's when Mike's team knew they were dealing with real pros here. You know, there aren't a ton of people around the world who have this level of sophistication, and there were a bunch of other things that backed up this conclusion. To the level of access that the

malware gave the malicious user UM was pretty astonishing. Uh. It was also written very very um well, I I guess elegant is probably a good way to to say it. It was not sloppy by any stretch of the imagination. UM. And again, so you start looking at, Okay, who would have had the capability to do that? And you know we talked earlier how you know, yeah, you can have somebody on the inside do something, but they may not

be the best at it. So you have, uh, you've got to have people who are a lot of experience doing it, or a lot of training to do it, and um, it was. It was a very complex piece of malware that the average person probably couldn't use. Uh. It's also not something that we've seen out in the wild necessarily. It's very targeted pieces of malware, very limited. Can't buy it on the black market. You can't buy

these components. Not that. No, not that we've come across. Okay, okay, So so far we know that this attack was orchestrated by someone really really good, someone really really experienced, and that immediately limited the pool of people who could be responsible for this. It really limited the pool of people to someone with the kind of resources, with backing from an entire government. And on top of that, there were a bunch of things that pointed to the code being

written in Russia. Yeah, some of these details are really interesting.

So one of the most fascinating for me is, you know, from the way the code was written, it was clear that it was written on a Russian language keyboard, and the dates and times that the code was compiled was during normal business hours in Russia, and that's consistent with the code that's already been traced back to the Russian government backed hackers in the past, and that's not something that you can easily fake, right, like change the time

stamps or something. Yeah, that was my question too, But Mike said, there's so many different things that you'd have to consistently change to successfully pull off that spoof. You're dealing with a situation that if it was a one off easier to change. You know, same same thing with you know, you can change the date and time on

your computer. Absolutely, you can do that, and it would potentially throw an investigator off consistently across five pieces of mour Okay, you know, probably a little more difficult across x number of pieces of hour across how many incidents and to all have them point to the same place. And that's why Mike doesn't buy Trump's theory of this four man sitting on the bed orchestrating this incredibly sophisticated attack. And while he doesn't buy goose offer Toodato's claim that

he was a lone hacker. Okay, is it a script, kiddiers, it's somebody who bought a piece of malware, or is it you know, somebody drinking mountain doing it in twinkies and mom's basement. No, it really needs a level of operational discipline that you don't see really in the wild. And you're right, the number of people who could pull it off, it becomes dramatically narrower. So Icky, are you convinced?

I mean I think so. I don't know. I keep on expecting a twist, like you're you're tricking me, Like in Law and Order when the guy who seems really suspicious turns out to be innocent in the end. I like that. Well, here's maybe the most important part. Then you need to look at the target, the victim of this hack, which was the d n C, and it later turned out a broad cross section of the U. S political system, everyone from lobbyists to lawyers to Hillary

Clinton's campaign. Going back to Mike's background of working in law enforcement, you have to ask who would have had the motive to pour this kind of effort into spying on key members of American politics. Sure, an opportunistic hacker, you know, putting a feather in their caps, saying hey, we you know we broke into the d n C. Okay, yeah, I mean that that could potentially happen um, But then

releasing the emails the evening before the convention started. Well then again, now you now you're looking at it, okay, Well, you know that really smacks like an information operation. And here I think we should remind our listeners of the chronology of the events that took place just a few weeks after the d n C announced the hack in mid June. I mean, this was a time when the Republican Party was still in complete disarray, but things were

looking pretty good for the Democrats. This was a time when Hillary Clinton UM was trying to solidify her support and you have this forest fire raging on the internet

about this issue. You have Wiki leaks and Goosea for Todato publishing a stream of emails that turned out to be really embarrassing for the d n C. At you know what couldn't have been a worse time for them, Yeah, like that one from when Bernie Sanders was still in the primary race with Hillary Clinton and a senior staff were at the DNC talked about how they should try to paint Sanders as an atheist, try to question his Jewish faith and the party itself is supposed to be neutral,

and that led to a lot of turmoil within the party. I mean, the Democratic Convention that took place at the end of July. That was kind of a mess, at least at the beginning. All these Bernie supporters were protesting and booing down speakers on stage, and ultimately d n C Chairwoman Debbie Wasserman Schultz, who was a rising young star in the party, she resigned. And bringing this back to our story today, like you said, Jordan's, this really

does point to motive. I mean, who would really want to introduce this kind of termal well to the democratic process itself in America, which is, you know, really the sacristanc thing. Who would want to do this thing that would make you question the fairness of the system that we've developed over the years. Yeah, this project has been interesting to me because I consider myself, you know, a

pretty serious skeptic on a lot of these claims. It's it's just way too easy for a hacked entity to throw out, oh the Russians did this and the Chinese did that or whatever. Yeah, kind of like this get at a jail free card when your company has been hacked? Right, these really sophisticated organized hackers backed by a whole government. If if someone like that tries to target you, what

could you have possibly done. It's like when we reported about Yahoo's breach, which was this massive, you know, more than five million customer accounts getting hacked. We reported that the company's claim of the attack being state sponsored, you know, isn't so iron clad. But this one with the d n C. After talking to Mike, after talking to all these other experts, Jordan, are you convinced. Yeah, I'm pretty convinced.

I mean, it takes a lot to clear that hurdle of you've got this piece of malware and this is evidence that the Russians did it. Uh, you know, but Mike will be the first to tell you this. Well, it's it's always risky. I mean, you know, when you're when you're you're doing attribution, you're really never saying a hundred percent that it's this person, because, you know, barring seeing somebody at the keyboard and actually doing it or

a confession, you're you're relying on that circumstantial evidence. This all comes down to Mike's days as a cop. Can you prove to a jury beyond a reasonable doubt that the Russians did this? And his answer was yes. And now the US government has come out and officially blame the Russian government, and there are lots of reasons potentially

for that happening. There are ways that the government can really know what's going on, intercepted phone calls, intercepted emails, human and signals intelligence sources in a way that no private cybersecurity could ever match. Sounds a little sinister. Well, we don't know for sure, but here's what Rob Owens, who's an industry analyst at Pacific Press Securities, told me. Nation States do hack. I think the US government hacks as well. It's a well known fact within the industry that, uh,

everybody's hacking everybody to some degree. So maybe the US government was spying on Russia while Russia was spying on the d n C. Well, we know that both countries spied each other all the time, but in this case, we don't know exactly what the evidence is. But it's fair to assume that that's the case. And that's why at the top of the show today you called it

an information war like the Cold War of our generation exactly. So, if we've managed to keep our listeners till now through this complicated journey inside the d n C hack, first of all, thanks for sticking with us and second of all, I think the burning question everyone has now is what's not next? Okay, so Jordan's you and I are now in the present day. It's September two thousand seventeen, and this story has evolved in ways we never could have

imagined over the last eleven months. Well since then, Donald Trump got elected. Yes, I do recall that happening, and Facebook took a lot of heat for not doing enough to stop the spread of fake news on its platform, the subject of another great episode of Decrypted. We ran in November last year, and there were quite a few

reports connecting these fake news stories to Russian state funded organizations. Right, and then the CIA, FBI, and n s A came out and reported that Russia's meddling was meant to help Donald Trump and undermine Hillary Clinton, And of course Special Counsel Robert Mueller is now leading an investigation into Russia's tampering and possible ties to Donald Trump's campaign. It also turns out that Russia's attack went beyond an information in campaign.

To my colleague Mike Riley and I report in June that Russia's hackers actually breached the voting systems in thirty nine states, for example, in Illinois, intruders tried to delete or alter voter data. And the most recent twist to hauld this is this Facebook announced that it found one hundred thousand dollars in ad spending connected to fake accounts that were probably run from Russia that aimed to stir political controversy in the election. Which is to say, this

Jordan is a story that never ends. Just when you think you've got your arms around the entire story, there's yet another development. So what do you make of the most recent announcement from Facebook on that one grand in an ad spending? It just goes to show that, you know, this Russian information operation went further than really anybody understood, and in ways that subverted, you know, the very coin of the realm of silicon value, which is targeted digital ads.

And you know, how do you disentangle yourself from that system if your Facebook or Google or you know, anybody else that relies on them. But hang on, because a lot of people when this news came out said a hundred thousands of small potatoes. I mean, do you think it's a small amount or do you think that there's

more that we just don't know of yet? There definitely could be more that we don't know about yet, because the way that these things are tracked are you know, you go from known accounts that have been identified to you either by the company or the U. S. Government, and you work backwards from there. But these networks are so vast, these ad networks, you know that knowing really who is pumping money into these systems is uh is, you know, a pretty challenging test. But the hundred thousand

signified something different to me. It's that one of my key takeaways from this information operation was that the Russians are learning, the hackers are learning. It's not that they've entered like a state of perfect execution. All of these things were tests, were trial runs, and that's the really concerning things. So in that context, a hundred thousand dollars may have gotten them what they needed, which was, you know, just a set of principles to operate on for the

next time. What I found partly remarkable was that the culprit and all this was a shadowy organization based out of St. Petersburg called the Internet Research Agency, which is known for pushing Kremlin propaganda. And this was not this is actually not all that secretive and organization like these are known guys. There have been profiles in major media organizations about about this agency. Had you heard of them and what do you make of their involvement? Yeah? I have?

Then you know, I mean there are there are armies of these kind of professional trolls, kind of quasi spammers that are not necessarily breaking the law, but are certainly acting in many ways as hackers, even if they're not breaking into accounts. And you know, one thing that we can't forget is that in this current information ecosystem, it's

all about headlines. And even if they're promoting fake headlines and half of your news feed or fake headlines that if you clicked on any any individual one of them you would recognize as bogus, it's the aggregate is the effect. So if you see enough of these things, you know, fake news, slanted news, propaganda, it actually psychologically can have an effect over time if you see enough of it.

And that's that's the disturbing part. Is you're not breaking a law, but they're influencing the way you think about things, and happens on a subliminal level. Right, Well, so we're talking about changing people's minds but what about actually changing people's vote. So you mentioned tampering with the actual voting systems before. Is there any progress in the investigation into into this aspect of it and whether Russia might be

trying to do that as well? You know, one of the most depressing parts about all this is the short answer is yes there. You know, the congressional committees are investigating. There's obviously a law enforcement investigation. The FBI is you know, investigating the hacks, and you know, potential collusion with you know, the Trump campaign, and then of course there's a special prosecutor.

But one of the most depressing aspects is you talk to folks in and around the administration and you get the sense that this is this is something that is simply not addressed. You know that that our current president refuses to acknowledge this issue to a degree that at the administration level this is really not being discussed. It poses such a problem because hacking, hacking really isn't a

partisan issue. Hacking effects everybody. It just happened to be targeted against Democrats, and it's not bringing it up here. It probably means it's not a factor in the diplomatic relationship with Russia and and their behavior won't change, absolutely not. And when it comes to to rigging votes, you know, everybody we talked to you says the same thing. They're like, actually, flipping votes is really hard. It requires a lot of work, a lot of hacking, a lot of precision in the endeavor.

Changing people's voter registration is not hard and can cause extreme chaos. And you have the lesson again I keep coming back to, is all the data points that I've seen point to being literally a trial run. Is the most effective successful trial run and hacking history. But it was also a trial run. Like those thirty nine states that we talked about, those were not all super breaches. Those were like probes and tests and can we change addresses?

Can we change people's voter retch just there were tests. And that's the thing I think has really gone really under disgust is that we've got these investigations. Everybody knows there was a big hack, uh, you know, but in terms of understanding the level to which this was not the best Russia has to offer, Russia is at our level, uh, when it comes to state sponsored hacking, And this was

kind of a trial run. And that's the scary part. Okay, so what do you expect to see and say, Germany and the elections later this month or even in the U S midterms in two thousan eighteen. Well, Germany is a great subject because they're experiencing the same thing that we do, and obviously their electoral system is different. But Russia is getting better at this and there's no doubt, I mean, there's no doubt that this was Russia. Everybody

agrees that that's who it was. And the thing that I really fear and I'm not one to fear monger when it comes to cybersecurity, even though it's an industry replete with it, is when it comes to you know, a lot of these breaches have not been cleaned up. The thirty nine states that we wrote about. It would be naive to assume that those states just cleaned up their act and the infections are gone. I think the attackers are going to take the footholds that they created

in and learn more and expand tinker more. And I mean they didn't just get away with it. They were successful. They're rewarded, you know, with the biggest prize maybe in hacking history, you know, the presidency of the United States. You know it was at stake. Uh So I suspect we're gonna not just see more of it, We're going to see more sophisticated tampering if if you know, the Russian state services feel it's needed, if that's you know,

and it could be turned. This is a weapon that could be turned in any direction on any political party. And that's the thing I think a lot of folks missed right now. Well, Jordan, you certainly haven't made me feel better about all this, So let's try to end on a high note here. What what can ordinary voters do to prevent hackers from either altering their votes, their registration records, or just to inoculate themselves from these disinformation

campaigns that are now so prevalent on social media. Sure, you know this is actually it's a really good question, because there's a really simple answer to a lot of this stuff. You know. The thing that concerns national security officials the most and concerned them the most in twenty sixteen, again was not that votes would be flipped. That's really hard.

It is that voter registration records would be changed in mass so people didn't know where they were going on election day or they were going to the wrong place, or they did their names didn't appear on the roles when they showed up. Uh, you know, it's really simple.

The same the same reason that these voter registration systems can be hacked is because they're online, and that means it's really easy for us to check, like literally a week or two before the election or on election day, you know, but if there's some lead time going into the election, let's call it a week or two, you

go online, you check your voter registration information. As long as it's your same name, your same address, and a reasonable enough polling place, whether it's one you've you've voted at before or something in your neighborhood, as long as that looks fine. Like that's literally the best defense against this stuff, because if people go to the right places, it's really hard to manipulate the votes. As long as you're on the rolls, it's hard to tamper with these elections.

But that that's a level of kind of you know, diligence that you know, not not a lot of folks you know might might be willing to employ. But that's the single best inoculation against that, and it's super easy and that's it for this week's episode of Decrypted. Thanks for listening. We always want to know what you think of the show. Get in touch at Decrypted at Bloomberg dot net or I'm on Twitter at Jordan's are one

thousand and I'm at brad Stone. If you haven't already, subscribe to our show wherever you get your podcast, and while you're there, please leave us a rating in the review. This goes a long way to get this show in front of more listeners. The original episode we aired in was produced by Pia Gtkari, Liz Smith, and Magnus Hendrickson. Today's edition was produced also by Akuto and Sarah Patterson. We'll see you next week.