Размер шрифта:     
Цвет фона:      
Режим чтения: F11  |  Добавить закладку: Ctrl+D
Смотреть все книги жанра: Политика
Показать все книги автора:

«The Plot to Hack America», Malcolm Nance

Dedicated to Captain Humayun Khan, US Army


The 2016 presidential election was already surreal — a former reality TV host fueled by white backlash had completed a hostile takeover of the Republican Party — before the bears emerged.

By the summer, as the campaign intensified, a WordPress page operated by someone claiming the mantle Guccifer2.0 was dumping embarrassing emails and memoranda stolen from the Democratic National Committee. When the anti-secrecy organization Wikileaks did the same thing, Guccifer2.0 claimed credit as the source; Wikileaks has kept its sourcing obscure. But the leaks showed the Democrats’ political apparatus to be petty, vindictive and determined to anoint Hillary Clinton as the Democratic nominee despite grassroots enthusiasm for challenger Bernie Sanders. Chairwoman Debbie Wasserman Schultz resigned.

Then something unexpected happened.

Cybersecurity researchers analyzing the committee network breach noticed that the particulars of the attack showed distinct patterns for gaining access—familiar patterns. Their tools were prohibitively expensive for random hackers, particularly their use of previously unknown software flaws. Instead, the researchers concluded, the hack was the work of two well-known groups tied to Russian intelligence. They are known by the weird names Fancy Bear and Cozy Bear.

Intelligence professionals weren’t actually mad at the Russians for digitally breaking into the DNC. “That’s a valid intelligence target,” one cybersecurity analyst and Defense Intelligence Agency veteran told me. But usually they hoard stolen data, not spill it out onto the Internet. Suddenly, it looked like the bears had changed their game.

Attributing culpability for cyberattacks is difficult. Competent spy agencies labor to make it nigh-impossible. But it didn’t take long before Obama administration and congressional leaders started expressing with unusual certainty—off the record, of course—that Russia was behind the assault. A theory emerged. The Russians were putting a digital thumb on the scale of the US election to help the aforementioned reality-TV host—who just happened to be running on the most pro-Russia platform in GOP history.

As of this writing, the election is undecided. And there are knowledgeable cybersecurity researchers skeptical of Russian involvement. So here comes Malcolm Nance, an intelligence, counterterrorism, and national-security lifer, to sort out what’s known, what’s suspected, and what it all means. If you’ve read books like The Terrorists of Iraq and Defeating ISIS, you know Malcolm’s expertise. If you’ve seen his 2007 congressional testimony using his firsthand experience with waterboarding to call it torture—back when that was controversial—you know Malcolm’s integrity. And if you’ve spent any time with his fellow Navy senior chiefs, you know Malcolm’s bluntness.

It’s worth scrutinizing this bizarre episode in American politics and security. It’s unlikely to be a one-off event. After all, bears tend to go where they want—unless something stops them.

Spencer Ackerman

US National Security Editor, The Guardian

September 2016


Beginning in March and April 2016, an unknown person or persons hacked into the computer servers of the Democratic National Committee. Over time it became clear that the hackers were targeting very specific information in the DNC files—the opposition research the Democrats had dug up on their Republican opponent Donald J. Trump. Once they had the information they wanted, the cyber-spies rooted around in the computers for several months thereafter, stealing other files such as personal emails, digital voice mails, and sensitive personal information on donors. This included the donors’ bank account, credit card, and social security numbers. The DNC discovered the intrusion while performing a security check, and shut their network down. However, the damage was done.

For an old spy and codebreaker like myself, nothing in the world happens by coincidence. Intelligence officers are a peculiar lot. Whether they are active or retired, their brains are wired for a completely different way of seeing the world around them. Some come from the Human Intelligence world, where they learn to read, manipulate, and distrust everyone in order to “social engineer” intelligence from people who do not want to give them anything. Others are forged in the signals intelligence world, where all data is just a massive electronic puzzle to be constantly analyzed, turned over, and fused together into an exploitable product, or into a final code to be decrypted or broken. Some, like myself, come from both worlds, and are at turns analytical and skeptical of seemingly obvious information. This hybrid mindview doesn’t approach the world as streams of linear data; it attempts to analyze information like a constantly flowing game of three-dimensional chess. All the moves are technically the same as in regular chess, but the traditional allowances of forward and backwards one square, or a lateral or L-shaped pattern, are too limiting for those trained to sniff out hostile intent; we require additional ways of processing information to be satisfied. Up vertically, down every angle of the compass rose and then across every median, line of longitude, latitude, and every other angle of measure are just about right… then we add layers of frequency analysis figuring out the timing, spacing, depth and distance between each item we call data points. When an event has been then identified on the continuum of intelligence, we compare it with everything that has ever occurred in history to see if it resembles other patterns played by another spy who employed that process. We then process the context and precedence of each observed activity against common sense to determine if an event chain is coincidence, or if it bears the marks of hostile intent. Ian Fleming, the old British Secret Intelligence Service officer who created the fictional character of James Bond, characterized the amazing events in his books with an observation in his 1959 book Goldfinger: “Once is happenstance. Twice is coincidence. Three times is enemy action.”

Times have changed since Mr. Fleming’s Dictum. In light of current trends in the intelligence business, I like to characterize this phenomenon as Nance’s Law of Intelligence Kismet: “Coincidence takes a lot of planning.”

Reading about the DNC hack was not initially alarming; hackers had also penetrated the Obama and McCain campaigns in 2008. The DNC hack was newsworthy but not really noteworthy until it was paired with two additional events. At the time of the hacks I was writing a massive tome on hackers associated with ISIS and al-Qaeda, so I was attuned to any information about electronic data theft. Then on June 1, 2016 one of my military hacker friends pointed out that an entity who called himself Guccifer 2.0 had opened a WordPress page and was dumping information stolen from the DNC hack.

Guccifer 2.0 claimed he had all the hacked material from the DNC and would be releasing it through his webpage. The name Guccifer struck a nerve, as the real Guccifer, a prolific Romanian hacker had just been extradited to the United States. Guccifer 2.0 was a copy-cat, and a lazy one at that. My hyper suspicious intelligence mind started kicking into gear and the game of multi-dimensional chess was on.

Two weeks later Steve Biddle, the national security writer for the snarky web magazine Gawker posted the entire Donald J. Trump opposition file from the DNC’s servers. Immediately both Fleming’s Dictum and Nance’s Law struck at the same time. There was no way that the single most damaging (and dull) file from the DNC hack would be “accidently” released weeks before the Republican National Committee convention. It was straight from the Karl Rove political playbook: Release damning information early, hold bad information until appropriate. More startling was that word was spreading across the global cyber security community that the DNC hack and Guccifer 2.0 had Russian fingerprints all over it.

I started my career in Naval Intelligence when I entered as a Russian language interpreter sent to DLI, the Defense Language Institute. For years before my Navy enlistment I had studied the Soviet Union and the KGB’s history of political intrigue in preparation for a career in intelligence. Little did I know that two years of studying Russian on my own and four months of waiting at the Presidio of Monterey for my language school slot would result in my taking a completely different language. I was assigned to study Arabic, then I spent decades watching the Russian client states of Libya, Syria, Iraq, as well as their ties to European terrorist groups Red Army Faction, Action Direct, the Irish Republican Army, and the Combatant Communist Cells. No matter what my target was, the KGB cast a shadow across every spectrum of my operations. Whenever we conducted a mission involving Syria, we watched for Russian cruisers and destroyers heading to Tartus, or the IL-38 “May” surveillance aircraft that dogged us and kept a weather eye on the Soviet naval units in the Gulf of Sollum anchorage off the Egyptian and Libyan border. Russian “Illegals”—covert intelligence officers—would try to attach themselves to us like leeches in seedy strip clubs in Naples or when puking on the streets of the Marseilles red light district. We went to monthly counterintelligence briefings that explained how the KGB recruited assets, and how they manipulated even the lowest-level young soldier, sailor, or marine through heterosexual and homosexual “honeytraps.”

The formerly-classified briefings of Yuri Bezmenov, now posted up on Youtube.com, are where we learned of the targeting and recruitment techniques of the KGB. Until the fall of the Soviet Union the watchword was “Beware of the Bears. The Bears are everywhere.”

After the fall of the Soviet Union the KGB became known as the FSB. In the last ten years Russian intelligence melded all of its offensive techniques to create a new kind of war: Hybrid Warfare—a melange of hostile cyber, political, and psychological operations in support of their national objectives, whether during peacetime or in open war. It is now standard operating procedure.

A few months after the hacks, at the start of the Democratic Party Convention in Philadelphia, the WikiLeaks organization, led by the information transparency activist Julian Assange, leaked the stolen documents with the intent to “damage” Hillary Clinton. The information leak had the intended effect, as airing the DNC’s dirty tricks conducted against the Sanders campaign created a rift between diehard Bernie Sanders supporters, and led to the resignation of Representative Debbie Wasserman-Schultz as Chair of the DNC.

Once the emails were released the source of the hacking became the number one question asked by global security and intelligence experts. The story was literally a Whodunnit? How did information from just one political party get released to the benefit of the unpredictable Republican nominee, Donald Trump? Civilian security specialists joined the US and NATO allies as they commenced a massive cyber-sleuthing operation. The United States Cyber Command, headquartered at the National Security Agency (NSA) on Fort George G. Meade in Maryland, as well as the FBI and their cyber subcontractors, detected the leak source: The FSB and its sister the GRU—Russia’s national and military intelligence bureaus. The metadata—information inside the emails showing the pathway from the DNC computers to WikiLeaks—led straight back to a suspected Russian intelligence organization, a conglomeration of cyber spying groups codenamed CYBER BEARS.

All of the old lessons of identifying Russian mantraps started to come back to me as the stolen DNC data was revealed. It had a pattern that was familiar and that virtually every other intelligence officer could recognize. The pattern showed that someone was playing 3 Dimensional chess with our democracy.

Russia has perfected political warfare by using cyber assets to personally attack and neutralize political opponents. They call it Kompromat. They hack into computers or phones to gather intelligence, expose this intelligence (or false data they manufacture out of whole cloth) through the media to create scandal, and thereby knock an opponent or nation out of the game. Russia has attacked Estonia, the Ukraine, and Western nations using just these cyber warfare methods. At some point Russia apparently decided to apply these tactics against the United States and so American democracy itself was hacked.

The President received a briefing days before WikiLeaks released the data to the public. The Russian Spy agency had been ordered to make a bold move, hack the American elections, and engage in political warfare to elect Donald Trump President. Whether he knew it or not Trump was the perfect candidate for a political asset. Former KGB officer Yuri Bezmenov said the KGB targeted “Ego-centric people who lack moral principles—who are either too greedy or who suffer from exaggerated self-importance. These are the people the KGB wants and finds easiest to recruit.”

This activity could only have been directed from the highest level of the Russian Federation, from Vladimir Putin himself.

In The Plot to Hack America, I have attempted to explain the story of the first massive Russian Cyber warfare operation against the United States electorate, and how Vladimir Putin attempted to engineer Donald J. Trump’s improbable election as president of the United States. Here you will find a fairly detailed breakdown of the entire CYBER BEARS organ of the Russian Federation: the FSB, the GRU, Russian Military intelligence, and criminal cyberwarfare subcontractors. It will become clear that they are using every weapon in the Kremlin’s propaganda arsenal. It will catalogue the entirety of all of their known cyber and media activities related to the 2016 US political campaign. Within its chapters are revelations about how television media, global communications, and cyber operations were used to exploit and attack the US Electoral system. There is strong evidence their work with WikiLeaks met clearly scripted dates and actively responded to events in order to destroy Hillary Clinton and the Democratic Party and to elect Donald Trump as President.

The Plot to Hack America will also try to explain how the CYBER BEARS group was detected; how CYBER BEARS hacks personal and intelligence data from its enemies and then uses that intelligence to choose political allies and “useful idiots” to do their bidding in the target nation; and why they may or may not be disseminating Black propaganda, forged emails, false statements, and computer viruses, that are released into the WikiLeaks data dumps. CYBER BEARS teams also often masquerade as American voters and post Pro-Trump positions and materials on Twitter, Facebook and other sites to support the election of Donald Trump.

The Plot to Hack America details how Russian Intelligence, the FSB’s “Active Measures” units, created and structured a strategic political warfare campaign, and how it influences the internet via distribution of international media through Russia Today (RT) television, which pushes political propaganda daily. The Russian Television media arm of the Kremlin, Russia Today (RT) television is engaged in strategic propaganda campaign to affect Russia’s political goals and has been used to co-opt the extreme wings of the American political parties including tacit and open support for Neo-Nazis, anti-government extremist libertarians, conspiracy theorists, and the marginalized left such as the Green Party. RT gives these organizations an international mouthpiece in an attempt to validate them in mainstream media to the detriment of the American stability.

This is a real life spy thriller, happening in real time. It is my hope that The Plot to Hack America will inform the American electorate of how Russia executed a full scale political and cyber war on America, starting with Watergate 2.0, to elect Donald Trump President of the United States.



THE CENTRAL ORGANIZATIONAL HUB FOR THE Democratic Party is situated in a sand-colored modern building on Canal Street in Southeast Washington DC, just a few blocks away from the Capitol. In late April, 2016 the information technology division of the Democratic National Committee found problems in their system that indicated unauthorized access.

Upon discovery they called in CrowdStrike, an IT security company, to assess the damage. The hope was that it would be minor. Nuisance hackers attack with regularity, protesting various personal and political ideas and quack theories that usually involve the DNC and the Bilderbergs, the faking of the 9/11 attacks, or attempts to deny service in misguided attempts assist the opposition Republicans.

After CrowdStrike technicians implanted analytical software into the structure of the DNC’s servers, they soon discovered that two unknown entities had made an unauthorized penetration of the committee’s computers. The technicians immediately recognized that this was not a nuisance attack; it was a professional hit using professional tools and software. The CrowdStrike team started a series of analytical tests to discover the methods of entry and to outline the pathways that the hackers took into the server system. The tests would allow the cyber sleuths to determine where the hackers went, what they did while inside, and what data they may have taken. Another team checked the DNC’s server logs to see what the hackers had manipulated out of parameter. All of the parameters of the hack would take weeks to lay out in an official report, but it was almost immediately clear that this was not the work of amateur hackers.

Once inside, the two unauthorized users had started rooting around. One entity had implanted itself and had been monitoring the emails and chats of the Democratic staff for months, stealing files, emails, and voice messages—almost everything. The second entity, seemingly operating independently, had targeted two very specific files.

The treasure in political espionage is to know precisely what your enemy knows about you. Every intelligence agency seeks to find the details of the inner management of their opposition, but finding the file summary of what they actually know, what they don’t know and—equally important—what they know that they don’t know, is intelligence gold. For the political season of 2016, the most highly-prized information in the DNC’s servers would be the opposition files held by the Democratic Party about the seventeen Republican Party’s candidates.

The CrowdStrike damage control team determined that the penetration operation conducted by the unknown hackers had left the servers of the Democratic Party severely compromised. They had copied or taken materials of all kinds, and had infiltrated virtually everything of value to a political opponent: personal file folders, official chat threads, digital voicemails, and the email content of virtually everyone’s mailbox. The hackers also obtained the DNC’s donors lists, and it is likely that the donors’ credit card information was associated with these lists. One of the more fascinating aspects about this attack is that it was bold and brazen; many cyber security experts are a little surprised at how the hackers didn’t cover their tracks deeply, as if they wanted to be discovered. There was just enough cover to be deniable, but as one expert observed, it was a “big cyber F-you.” It was an electronic equivalent of a looting where the perpetrators throw everything around on the floor just to let you know they were there.

CrowdStrike quickly determined that the penetration into the servers started in the summer of 2015. Hand in hand with the successful penetration the next year, it would appear that the older attempt was an exploratory operation to determine the security settings on the server’s network. This probe would lay the groundwork for the determined and focused 2016 attack. However one factor was unshakable; the timeline of the 2016 hacks on the computers of the Democratic National Committee clearly indicated that the collection and dissemination was timed to benefit only the opposition Republican Party. Worse, if the hack was truly malicious, even relatively innocent information such as personal discussions, preferences, and the rivalry or relationships among co-workers could be twisted and injected into the national conversation in the months leading up to the election. This was not lost on the Chairperson of the DNC, Debbie Wasserman Schultz. She knew that scandal or not, the Republicans would use the hacked information to attack.

The Republican Party has shown an uncanny proclivity for taking an innocuous subject and by dint of repetition, inference, and outright false accusation make a seemingly innocent remark turn into years of acrimonious investigations. When Democratic staffers removed the letter “W” from a couple of Old Executive Office building computer keyboards, the Republicans turned it into a national campaign about how the White house itself was horribly vandalized by hordes of Democrats. When the staff at the White House travel office was routinely replaced upon the arrival of the freshly sworn-in President Bill Clinton, the scandal machine turned it into a witch hunt of national proportions that led to congressional investigations over abuse of power and personally targeted the First Lady. It’s been joked that had George Washington confessed to cutting down the cherry tree in the modern era, he would have been investigated for destruction of government property and abuse of authority, and promptly impeached.