Alex Grigsby is the assistant director for the Digital and Cyberspace Policy program at the Council on Foreign Relations.
Identifying the responsible party for a cyber incident is always a challenge. However, evidence has been piling up over the last few months that Russian intelligence services, and Russian military intelligence (GRU) in particular, is behind the hack of the Democratic National Committee’s (DNC) network and the email disclosures. Over at Motherboard, Thomas Rid does an excellent job laying out the case, but here’s a short timeline of events:
- the DNC’s network was hacked in April;
- in May, security company Crowdstrike investigates and points the finger at Russia, arguing that the DNC hackers used the same infrastructure, tools, and techniques as previously known Russian cyber espionage operations;
- a few days after the Crowdstrike accusation, someone called Guccifer 2.0 claims responsibility for the attacks, denying it was the Russians despite glaring holes in his story and evidence that Guccifer was in fact a Russian false flag operation; and
- two weeks ago, emails pilfered from the breach started getting leaked to the press, culminating with their posting on Wikileaks, for which Guccifer claims credit.
There has been a lot of speculation as to Russia’s intent in publicly releasing the emails. Historically, Russian doctrine has put a premium on information warfare, where information is used as a weapon to spread disinformation and confusion. Online troll farms and the use of traditional media, such as Russia Today (RT), to spread a Kremlin-friendly narrative are obvious examples. David Sanger and Nicole Perlroth at the New York Times hint that the publication of the emails could be a deliberate Kremlin attempt to influence the election. Clinton campaign officials have been more direct, accusing the Russians of leaking the emails to help Republican candidate Donald Trump in the election. Dave Aitel, a former National Security Agency employee, argues that Russia has crossed a red line.
These narratives assume that the leak of the emails is a deliberate attempt by Russia to influence the outcome of the U.S. election in favor of Mr. Trump as he is perceived to be more aligned with Russian interests. Although that may very well be true, there’s an alternative hypothesis worth considering: Russian intelligence services fumbled badly and tried to recover via the email disclosure.
Any intelligence official will tell you that the computer networks of a political party is a legitimate foreign intelligence target. They provide insight on a candidate’s policy positions, donors and networks. It is therefore no surprise that Russian state sponsored actors targeted the DNC this presidential cycle just as much as the Chinese did to then-Senator Obama and Senator John McCain’s campaigns in 2008. However, intelligence agencies are not supposed to get caught, and the Russian intelligence services did and tried a ham-fisted attempt to cover their tracks using Guccifer as a distraction. When that didn’t work, they probably then considered their options, narrowing it down to a few choices: lay low and hope the issue blows over or use lemons to make lemonade. It seems like they chose the latter option, deciding that attempting to undermine the Clinton campaign would at least reap some benefit from a blown cover.
It’s always difficult, if not impossible, to truly identify the intent of foreign actors. And even though both hypotheses lead to the same effect, the intent behind the effect matters. It allows leaders to calibrate their responses and signal to their adversaries what will and will not be tolerated. The United States denounced and sanctioned North Korea because it clearly intended to stymie the release of a movie that made fun of the Hermit Kingdom’s leader, an affront to U.S. free speech values. There will be pressure on the White House to respond to this latest incident, and there’s no doubt that it should respond to signal that actions have consequences.
But a potential White House response to a classic intelligence collection operation gone awry looks very different than a response to a rational and calculated attempt to influence the U.S. election. In the first scenario, the Obama administration could release evidence (and burn intelligence assets in the process) to tie the Russians to the hack and signal to the Kremlin that it should reign in some of the aggressiveness of its intelligence services, much like it did with the Chinese in September 2015. This would allow the White House to convey its strong displeasure, while recognizing the email disclosure may not have been deliberate or sanctioned by the Kremlin.
The second scenario would probably call for a much forceful response, something on par or worse than the measures the Obama administration took against North Korea, given that trying to alter an election is more egregious than trying to keep people from watching a movie. Possible options here could include sanctions, retaliatory covert action, and a temporary suspension of diplomatic cooperation. That would potentially jeopardize a number of non-cyber initiatives, such as efforts to contain the Syrian civil war, and strain an already terrible relationship. Additionally, Russia is not nearly as isolated as North Korea. Ratcheting up the pressure on Moscow is likely to have more serious knock-on effects than taking a hard line against Pyongyang.
Assessing the Russians’ intent will be critical to shaping the Obama administration’s response. I hope that Russian bureaucratic ineptitude and a few overeager Russian intelligence officers explain the current mess. If disclosing emails was the original goal of the DNC hack, it would be a significant escalation of Russian hostility in cyberspace, forcing policymakers and intelligence officials to rethink their approach to Russia.