(Figure 1: Maskirovka Principles)
Back on October 20th, Thomas Rid reported out an excellent piece of long form journalism on Russian meddling in the US election at Esquire. Rid’s piece specifically focused on kompromat or compromising materials and hacking. Specifically releasing blended real and fabricated materials to achieve one’s strategic goals. Rid’s piece zeros in on the frightening combination of Russian/Russian sponsored hacking and the release of kompromat materials.
What changed over the past year, however—what made the DNC hack feel new and terrifying—was Russia’s seeming determination to combine the two. For the first time, Russia used a hacking operation, one that collected and released massive quantities of stolen information, to meddle in an American presidential election. The inspiration and template for this new attack was a poisonous cocktail of fact and fabrication that the Russians call kompromat, for “compromising material.”
Rid deconstructs and explains what we’ve been observing with the leaked materials from the Podesta gmail, DNC, and DCCC hacks.
CrowdStrike was soon able to reconstruct the hacks and identify the hackers. One of the groups, known to the firm as Cozy Bear, had been rummaging around the DNC since the previous summer. The other, known as Fancy Bear, had broken in not long before Putin’s appearance at the St. Petersburg forum. Surprisingly, given that security researchers had long suspected that both groups were directed by the Russian government, each of the attackers seemed unaware of what the other was doing.
On June 14, less than an hour after The Washington Post reported the breach at the DNC, CrowdStrike posted a report that detailed the methods used by the intruders. The firm also did something unusual: It named the Russian spy agencies it believed responsible for the hack. Fancy Bear, the firm said, worked in a way that suggested affiliation with the GRU. Cozy Bear was linked to the FSB.
But here’s where things get interesting, the folks running this kompromat operation made a mistake, they were sloppy.
Matt Tait, a former GCHQ operator who tweets from the handle @pwnallthethings, was particularly prolific. Hours after the first Guccifer 2.0 dump, on the evening of June 15, Tait found something curious. One of the first leaked files had been modified on a computer using Russian-language settings by a user named “Feliks Dzerzhinsky.” Dzerzhinsky was the founder of the Cheka, the Soviet secret police—a figure whose mythic renown was signaled by a fifteen-ton bronze statue that once stood in front of KGB headquarters. Tait tweeted an image of the document’s metadata settings, which, he suggested, revealed a failure of operational security.
A second mistake had to do with the computer that had been used to control the hacking operation. Researchers found that the malicious software, or malware, used to break into the DNC was controlled by a machine that had been involved in a 2015 hack of the German parliament. German intelligence later traced the Bundestag breach to the Russian GRU, aka Fancy Bear.
There were other errors, too, including a Russian smile emoji—”)))”—and emails to journalists that explicitly associated Guccifer 2.0 with DC Leaks, as the cybersecurity firm ThreatConnect pointed out. But the hackers’ gravest mistake involved the emails they’d used to initiate their attack. As part of a so-called spear-phishing campaign, Fancy Bear had emailed thousands of targets around the world. The emails were designed to trick their victims into clicking a link that would install malware or send them to a fake but familiar-looking login site to harvest their passwords. The malicious links were hidden behind short URLs of the sort often used on Twitter.
Today we have further confirmation of the ongoing kompromat operation. Mark Hosenball at Reuters (h/t: Josh Marshall) is now reporting that US intelligence agencies, including the FBI, are now investigating released hacked emails that show very obvious signs of being tampered with.
The FBI and U.S. intelligence agencies are examining faked documents aimed at discrediting the Hillary Clinton campaign as part of a broader investigation into what U.S. officials believe has been an attempt by Russia to disrupt the presidential election, people with knowledge of the matter said.
U.S. intelligence officials have warned privately that a campaign they believe is backed by the Russian government to undermine the credibility of the U.S. presidential election could move beyond the hacking of Democratic Party email systems. That could include posting fictional evidence of voter fraud or other disinformation in the run-up to voting on Nov. 8, U.S. officials have said.
In fact they include complete fabrications, which is something that experts like Malcolm Nance have argued for weeks that we are seeing.
“We have no way of knowing whether this is real or not unless Hillary Clinton goes through everything they’ve said and comes out and says it cross-correlates and this is true,” said Malcolm Nance, a former U.S. intelligence analyst who has spoken frequently in defense of the Democratic nominee and has made the case that the WikiLeaks releases contain manipulated information.
Hosenball goes on to document the kompromat:
In addition to the Carper letter, the FBI has also reviewed a seven-page electronic document that carries the logos of Democratic pollster Joel Benenson’s firm, the Benenson Strategy Group, and the Clinton Foundation, a person with knowledge of the matter said.
The document, identified as a fake by the Clinton campaign, claims poll ratings had plunged for Clinton and called for “severe strategy changes for November” that could include “staged civil unrest” and “radiological attack” with dirty bombs to disrupt the vote.
Like the Carper letter, it was not immediately clear where the fraudulent document had originated or how it had begun to circulate.
On Oct. 20, Roger Stone, a former Trump aide and Republican operative, linked to a copy of the document on Twitter with the tag, “If this is real: OMG!!”
Benenson’s firm had no immediate comment. Craig Minassian, a spokesman for the Clinton Foundation, said the document was “fake.” He said he did not know if the FBI had examined it.
Stone did not respond to emails requesting comment.
It is unclear how any of this might fit into the ongoing accusations and assertions, including the battling leaks from seemingly different factions within the FBI, about links between Trump, his current or former aides/advisor, and his business’s financial ties to Russia. Regardless of how the Russians are involved, what is clear is that Putin is definitely getting what he wants: making America and democracy look terrible as part of his larger strategic objective to roll back the current global order.
The Maskirovka Slips Part III: KompromatPost + Comments (306)
