FBI-DHS ‘Russian Hacking’ Report Begins with Major Caveat
Amid escalating tensions between the U.S. and Russia, the FBI and the Department of Homeland Security (DHS) on Thursday released a joint report accusing Russian civilian and military intelligence services of compromising networks and infrastructure associated with the 2016 presidential election.
Much of the news media coverage of the joint report failed to mention that the 13-page document, which is short on specifics, starts off with a glaring disclaimer that the DHS does not “provide any warranties” about the information contained inside the report.
The disclaimer states:
This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within.
The report was produced by the U.S. Computer Readiness Team (US-CERT), a cybersecurity and information-sharing service of the DHS.
A spokesperson for DHS told Breitbart News on Monday that the disclaimer is “standard” for “previous JARs (Joint Analysis Reports), though most cannot be shared publicly.”
Of the 48 documents currently posted on the US-CERT website’s main “publications” page, only six could be found with a similar disclaimer, including a June 2012 report on technical methods to defend networks and a similar report from October 2012. The other reports with similar disclaimers include a May 2014 report on combatting “insider” technical threats; a July 2014 report warning of breaches into hospitality industry computers; a report from that same month in 2014 warning that “malicious actors are using publicly available tools to locate businesses that use remote desktop applications;” and a report from 2014 warning about the possibility of electronic U.S. highway signs being exploited.
The text of the document released last Thursday on alleged Russian intrusion, meanwhile, states the report is meant to provide technical details regarding “the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities.”
More than half the document contains advice on how to protect the integrity of computer networks.
Two and a half pages of the document feature images, a list of alternate names reportedly utilized by RIS to infiltrate U.S. networks, and an example of a signature utilized by one of the alleged Russian agents.
The report states that attribution of the alleged anti-U.S. activities to RIS “is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities.”
Here is a list of the actual accusations made inside the report:
- “The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
- “These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.”
- “In spring 2016, APT28 compromised the same political party, again via targeted spearphishing…Using the harvested credentials, APT28 was able to gain access and steal content, likely leading to the exfiltration of information from multiple senior party members. The U.S. Government assesses that information was leaked to the press and publicly disclosed.
- The RIS cyber operations “have included spearphishing campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information.
The report does not mention WikiLeaks or DC Leaks, the two organizations that published thousands of pages of private emails during the 2016 presidential race. The document does accuse Russian agents of exploiting unnamed “political and private sector entities.”
Responding to the alleged Russian intrusion into the U.S. election, President Obama on Thursday expelled 35 suspected Russian intelligence agents from the U.S. and announced sanctions targeting two Russian intelligence services.
In a statement released by the Kremlin, Russian President Vladimir Putin on Friday said that Moscow would not retaliate by booting any U.S. diplomats. “We will not create problems for American diplomats. We will not expel anyone,” Putin said in the statement.
On Sunday, the Washington Post retracted the main accusation in a story headlined, “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say.”
The post added an editor’s note stating: “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Aaron Klein is Breitbart’s Jerusalem bureau chief and senior investigative reporter. He is a New York Times bestselling author and hosts the popular weekend talk radio program, “Aaron Klein Investigative Radio.” Follow him on Twitter @AaronKleinShow. Follow him on Facebook.
With research by Joshua Klein.