Category: Cyberwarfare

A Mole in the White House?

We now have a confirmation of sorts that the Russian FSB agents arrested last month were working for the CIA.

Today’s news, via the private Russian news agency, Interfax, concerns the arrest of Sergei Mikhailov and others on charges of treason. Mikhailov was serving as deputy director FSB’s Centre for Information Security (see my earlier post for background on this agency).

He reportedly was arrested in December during an FSB meeting and led out with a bag over his head.

Also arrested was Dmitry Dokuchayev, a former hacker going by the pseudonym Forb who agreed to work for the FSB, and Ruslan Stoyanov, a senior researcher at a prominent Russian computer security company, Kaspersky Lab.

Interfax reports that a fourth suspect has also been arrested, and the spy ring involves a total of eight people a total of eight people are under suspicion.

Based on a reading of the scant information in the public record, some inferences can be drawn that raise troubling questions about the speed of these arrests.

In its Jan. 6 report, the U.S. Intelligence Community was able to state with “high confidence” that Russian President Vladimir Putin had ordered a campaign to influence the 2016 U.S. election, including the hacking of Democratic party computer networks and email accounts. Russia’s goal was to undermine confidence in American democracy and help Donald Trump get elected.

Until then, the U.S. Intelligence Community had only expressed  its “confidence” that Russia had hacked the election. In an Oct. 7 statement, the U.S. Director of National Intelligence stated that the releases of hacked Democratic Party documents and emails were “consistent with the methods and motivations of Russian-directed efforts.” The IC was silent about the goal of helping Trump.

There’s an important distinction between “high confidence” and just plain “confidence” that reflects the quality of the intelligence underlying the analysis. These are not academic distinctions. The United States can and does go to war over intelligence, as in Iraq in 2003. In fact, the failure to find weapons of mass destruction in Iraq led to the use of these levels of analytic confidence.

What changed? What gave the DNI “high confidence” in its conclusions that Russia hacked the election?

This sentence from the Jan. 7 DNI report is telling:

Further information has come to light since Election Day that, when combined with Russian behavior since early November 2016, increases our confidence in our assessments of Russian motivations and goals. (emphasis added)

The report did not spell out this new source of information in any detail. However, a few days later, The New York Times, filled in some of the blanks. This further source of information was human intelligence or HUMINT.

But one current and one former United States official, speaking about the classified recruitments on condition of anonymity, confirmed that human sources in Russia did play a crucial role in proving who was responsible for the hacking.

Let’s connect these dots:

  1. By its own admission the U.S. Intelligence Community gained valuable information after Trump’s election on Nov. 8.
  2. If — and this is a huge if — that information came from Mikhailov, the treasonous FSB officer, then he and his co-conspirators were exposed in little more than a month.

A month. Exposing a spy ring in a month is pretty darn fast. The FBI spent years investigating the network of Russian “illegals” — deep cover secret agents — before arresting them in 2010.

The question Langley must be asking itself is: How was Mikhailov exposed?  And even more troubling: Is there a mole in the White House?

This is not (complete) lunacy. Steve Hall, former CIA chief of Russia operations, told NPR that there is a “live question” now at the CIA about what to do if President Trump asks for the source of information on something that puts Vladimir Putin in a bad light. Can the CIA tell him they don’t trust him?

Rumors are swirling around the world’s intelligence communities that Russia holds a thick folder of kompromat, or blackmail on President Trump. There are reports of multiple videotapes of Trump’s dalliances with Russia prostitutes who, as Putin himself boasted, are “the best in the world.” Trump’s own strange relationship with the Russian president (see Trump-Putin Timeline) take some of the starch out of his denials that this is all, as he put it, “fake news.”

Then, there are reports that American spies have reached out to their Israeli colleagues and told them to be careful what information they share with the Trump administration because there was a back channel to Moscow. Her Majesty’s Secret Service is said to be nervous as well.

Before we go too deep down this rabbit hole, let’s consider that it’s quite possible that Mikhailov and company were not working for the CIA, and the whole story is Russian disinformation meant to further weaken our increasingly fragile democracy by continuing to focus interest on this story. This is not only possible, but highly plausible.

Another possibility: Assuming Russia did hack the U.S. election to elect Trump, is it possible that Trump’s denials that he has nothing to do with Russia are true?  Maybe there is another Aldrich Ames running around the CIA feeding secrets back to Moscow?

Question is: Who?

What Is Russia’s Centre for Information Security?

The New York Times reports on a series of arrests involving Russia’s FSB, the successor agency to the KGB that may be connected to the hacking of the 2016 U.S. Election.

According to the Times, one of those arrested, Sergei Mikhailov, was serving as deputy director FSB’s Centre for Information Security. He was arrested on a charge of treason. Earlier in the month, the head of the Centre, Andrei Gerasimov, was dismissed.

What is the FSB’s Centre for Information Security?

Some answers come from Jeffrey Carr, a security consultant out of Seattle who runs the consulting firm TAIA Global and published Inside Cyber Warfare. Carr describes the FSB’s Centre for Information Security (also known as Military Unit 64829) as the organization in charge of protecting Russia’s Internet.

“In sum, any Internet operation originating in Russia are almost certainly monitored and probably overseen by the FSB ISC,” Carr wrote in this analysis. “Current Russian press covers Russian intentions to implement further restrictions on RuNet to counter foreign attempts to wage “information warfare” against Russian and ideologically subvert the Russian population. Whatever final form the new restrictions take, the FSB ISC will be heavily involved.”

In his book, Inside Cyber War, Carr goes a bit further.  The Centre not only defends the Russian Internet (RuNet) it can also attack.
Also arrested was Dmitry Dokuchayev, a former hacker going by the pseudonym Forb who agreed to work for the FSB in exchange for dropping charges of credit card fraud. In an interview with a Russian newspaper, (or here in the original Russian) Dokuchayev/Forb said he had carried out a successful cyberattack on the US government.

I would be wary of any reports that claim the Centre hacked the U.S. election. Cyberwarfare like conventional warfare is a confusing picture, with many different groups carrying out different but overlapping missions.

Different FSB components are responsible for attacks outside Russia. One is the FSB’s 16th Center, also known by the Orwellian name of the FSB Center for Electronic Surveillance of Communications, according to TAIA Global Another is the FSB’s 18th Center. Another is the FSB’s Fifth Directorate. All three were blamed for cyberattacks and propaganda during the Russian invasion of the Crimean Peninsula.

And President Obama’s executive order imposing sanctions in response to the hacking of the 2016 U.S. Election names both the FSB and the GRU, the main intelligence directorate. It’s believed that the GRU hacks were passed along to Wikileaks and other media outlets during the election.

There’s no evidence yet that the Centre for Information Security had a hand in the 2016 U.S. election hacking, but with their complete command of the Russian Internet they almost certainly would have known about it.