“Those who live in glasshouses shouldn’t throw rocks”

(General James R. Clapper in front of the US Senate Committee)

During a hearing in the American Senate on “Foreign Cyber Threats to the United States”  which took place under the direction of the experienced “battle horse” Senator McCain, Russia got accused by the American Intelligence Services of having interfered into the American election campaign. Witnesses were the chief intelligence officers, General James R. Clapper, Director of National Intelligence, Marcel Lettre, Undersecretary of Defense for Intelligence and Admiral Michael S. Rogers, USN Commander, U.S. Cyber Command and National Security Agency Director. During the almost three-hour hearing (January 5, 2017), just  two weeks before the inauguration of the  new President  Donald Trump, a lot of war-like as well as frightening and patriotic language was used  and  many questions raised.

Cyber war and cyber security, retaliation, deterrence or propaganda, an offensive campaign to defend America’s values, these were the buzzwords used. This discussion is important for understanding the situation in a digitized world and for perceiving one’s own national security, even if the description of Russia’s interference into the American election seemed to be fairly one-sided and colored propagandistically. In their joint statement, the invited witnesses by referring to the data theft from the DNC computer in the election campaign 2016 stated that only “The highest political authorities and decision makers of Russia” could be responsible for this hacker attack. Repeated questions which were raised by some committee members who wanted to know whether Putin was meant, were answered with a “Yes, but ..” Immediately the issue of secrecy was pointed at, and it was argued that one could not reveal the sources and methods that led to the assessment of the three services, whereby Russian hackers on behalf of the Russian government represented “a serious threat to the US”.

It was stated, that the electoral machines and the technical election procedures had not been directly manipulated and interfered with by Russian hackers which in turn would have led to a change in the election result. Soon after, “BuzzFeed” (an American media portal online website) published flimsy reports written by a longtime British agent who published wild stories about Trump and Prostitutes in Moscow (serious journalists had long been aware of these “reports” and had refused to publish them). The President elect Trump was certainly not very pleased. His disrespectful statements about the American Intelligence Services and Media, which had portrayed him as being very close to Putin, even not excluding some blackmail potential exerted on him by Putin, were played up internationally. Also poisonous remarks were heard during the hearing. General Clapper admitted that the President elect had the right to be “skeptical” about assessments given by the Services, but he did not accept “disparagement” directed against the intelligence work of his agents.

During the hearing  Clapper pointed out that the threat of cyber-attacks from Russia had generally increased. In a  35-page report, which was subsequently released to the public, it was stated that Russia had the aim to undermine public confidence in the democratic process of the United States, by denouncing Democratic candidate Hillary Clinton and thus diminishing her chances of winning an electoral victory. That Moscow had developed a clear preference for the Republican Trump. The fact that the FBI director Comey had published a letter about possible offenses done by Hillary Clinton (“e-mail affair”), which could have contributed to the defeat of Clinton, was not mentioned in the debate. Likewise there was no mention about the content of many thousands of “leaked” e-mails, which forced several DNC officials to resign and which revealed that the Clinton’s party rival Bernie Sanders  was supposed to be “stalled”. Similarly, Julian Assange had denied that the e-mails published by Wikileaks had been “leaked” by Russians. About questions raised of the credibility of Assange, Clapper said that Assange was “not credible”.

Constanze Kurz, author of many books on informatics and speaker of the Chaos Computer Club in Hamburg, wrote a fascinating comment in the German Daily Frankfurter Allgemeine Zeitung ( FAZ) 9th January 2017 : “What evidence does one have when it comes to hacking?” she asked. “The demonstrable attribution of a hack to a person, group, a client or a particular place or computer is very difficult, because it’s very simple to lay false digital tracks. Usually one analyzes the tactics and strategies of hackers, evaluates procedures and technical characteristics, the software used, and the selected goals.” However, the American services “did not even try to do so, if we follow their published reports”, Kurz stated. “Instead, they provide assessments with partly divergent reliability assessments, which are confirmed with low, moderate or high certainty.” (For the methodology of the intelligence evaluations, two annexes “Annex A and B” – altogether 8 pages – are annexed in the 35-page report. Annex B [“Estimative Language”] deals with the different grades of intelligence Community’s judgements on the likelihood of developments or events occurring, ranging from f.i.“Almost no chance” to “almost certainly”, even in percentages on a scale of 0-100. However, as had been often said during the hearing, this concerns clear statements as to whether an action is to be assessed as an “act of war” with all consequences or not. It is doubtful whether such general evaluation without “hard proof” is helpful in the current tense situation. Annex A deals extensively with the Russian TV station RT: “Kremlin’s TV Seeks To Influence Politics, Fuel Discontent in US”).

(Full text of the report is available at this link: http://www.frontiere.eu/ce-oltre-la-cia-trump-putin/ )

There was little mention of the statements made by Republican Senator Thom Tillis from North Carolina during the hearing. He referred to investigations carried out by a Professor, who had proven that since 1946-2000 the US had attempted to influence elections in 81 states (“Regime change” and other violent upheavals were not included), while Russia had probably tried this in 36 cases. With this example, Senator Tillis also wanted to illustrate the truthfulness of the proverb used by America’s top intelligence chief General Clapper: “Whoever lives in a glasshouse should not throw stones.” Likewise, Henry Kissinger, when confronted with the question of cyberwar, espionage and influence exerted on other states, in an interview in December 2016, emphasized that every state is doing that. (Tillis probably referred to Professor Dov Levin of Carnegie Mellon University, Pittsburgh, who, according to a report from the Los Angeles Times [21.12.16], came to this conclusion on the basis of his data analysis. Levin used examples from the early days (like the influencing of the Italian elections shortly after the war, but also the 1996 electoral support for Russian President Yeltsin.)

During the hearing several people made reference to Clapper’s proverb about the “Glasshouse” and turned his cautioning upside down.  In the most drastic form, the Republican Senator Lindsey Graham (South Carolina, a sharp critic of Donald Trump, initially also a presidential candidate) expressed his opinion that “we should not throw pebbles, but rocks” (as retaliation for the cyber-attacks by Russia)!

Lindsey Graham will now chair a newly established subcommittee on Cyber Security. McCain had called for the creation of such a committee because he believed that the US did not have a comprehensive strategy for cybersecurity, which would be “crazy”. The hearing on Foreign Cyber Threats is the first hearing in a series. “The idea is to catalogue all possible threats and work out a strategy and rules”, Senator Graham stated. He also demanded a separate “Russia account” taken out from his foreign operations budget. He included in the financing a new approach in the fight against Russian propaganda and “Fake News”.

Demands to have effective propaganda for America and against Russia as an additional means of the cyber war were raised many times during the hearing by Republicans and Democrats. (The excellent documentary by Alex Gibney, “Zero Days”, from 2016, gives a general insight into the difficulty to lead an effective cyber war that does not get out of control immediately, and in turn has an effect on one’s own country, the infrastructure, the military and industry. This was demonstrated in the example of the Virus “Stuxnet” against the Iranian nuclear industry. In his book “Confront and Conceal”, David E. Sanger had already gathered evidence in 2012 that this Cyber-attack had begun under George Bush jr. and had continued under Obama and Hillary Clinton together with Israeli Special Forces. President Obama in one of his last executive decisions pardoned General (ret.) James Cartwright, at one time Vice-Chairman of the Joint Chiefs, the project leader of the so-called “Operation Olympic Games” program, who upon questions coming from journalists had confirmed information on “Stuxnet”.  He therefore would have been sentenced for treason, but instead then made a “deal” with the court. Edward Snowden was not pardoned.)

According to the joint statement issued by Clapper, Rogers and Lettre “Joint Statement for the Record to the Senate Armed Services Committee: Foreign Cyber Threats to the United States”: “As of late 2016 more than 30 nations are developing offensive cyber attack capabilities…cyber attacks against critical infrastructure and information networks also will give actors a means of bypassing traditional defense measures …” According to the joint statement, the biggest threats come from the Russian state, the People’s Republic of China, Iran and North Korea, from terrorists and criminals.

Our adversaries are demonstrating a willingness to use cyberspace as a platform for espionage, attack, and influence. Foreign Intelligence Entities continue to quietly exploit our nation’s public and private sectors in the pursuit of policy and military insights, sensitive research, intellectual property, trade secrets, and personally identifiable information.” No one agency has the capability to defend against such threats alone. “The security of systems and networks is not the responsibility of one person or one agency or one industry, but rather requires a whole of nation response and a culture of cybersecurity among all users of the information space across private and public sectors.”

The greatest counterintelligence threat involves “the rapid development and proliferation of disruptive, advanced technologies that provide adversaries with capabilities that even just a few years ago were not considered plausible. Sophisticated technical collection through a variety of means is available to more adversaries than ever before and can occur virtually anywhere and involve telephones, computers, Internet, cell phones, wired and wireless networks, as well as conversations and activities in offices, homes, vehicles, and public spaces. Disruptive technology is being built and fielded at an unprecedented rate, and we are dealing with the consequences of a hyperconnected world.  The complexity of technological advances, both in the tools themselves and the methods used to compromise them, necessitates a much greater technical and cyber literacy than what was required of us five years ago.”

The three Intelligence officers stressed that the impact of aggression and subversion on the Internet was not limited to the virtual space. As an example, they mentioned a Ukrainian electricity network that had been paralyzed for several hours in 2015, and a British hospital, which at the end of 2016 because of “infected” software, had been forced to postpone life-saving measures and had to bring trauma patients to other hospitals. In the US, the accounts of public authority employees and employees of military equipment manufacturers were hacked. In addition, information about fighter jets and military helicopters had been copied, which had an impact on the economy and security.

Information and manipulation by state and non-state actors would also have a psychological impact.   “Online information operations and manipulation…can distort the perceptions of the targeted victim and other audiences through the anonymous delivery of manipulative content that seek to gain influence or foment confusion and distrust”. For example, “Russian actors have seeded falsified information into social media and news feeds and websites in order to sow doubt and confusion, erode faith in democratic institutions, and attempt to weaken Western governments by portraying them as inherently corrupt and dysfunctional.

General James Clapper, when being asked what he wanted to suggest, once again emphasized that a National Information Agency, like the former US Information Agency should be funded by the government. When being asked why this is no longer the case, nobody was able to give a right answer. In former times, during Cold War, there was still knowledge about the function of a “Radio Free Europe” – and also the limits of such “propaganda tools”.

The proposals which were made during the hearing strongly remind the arsenal of Psychological Warfare which got developed into the first world war  and  elaborated towards the second world war in the context of the international “Psy Ops”. (Perhaps one should read again Gustave Le Bon’s book “Psychology of the masses”, which was written 120 years ago. It should be read once again in today’s Age of global cyber – or Social Media influence and study in particular the section from Chapter 2: “The Suggestibility and Credulity of the Masses.”)

Asked about the greatest danger in the world of cyber war, Admiral Rogers said that it was among other things the development of ever-widening possibilities to “falsify” (manipulate) whole data sets and to feed the monitoring mechanisms (man or sensor) with seemingly familiar images, while at the same time something completely different is taking place. (A pre-taste of this could be the events in Natanz 2010, where the attacker was able to transfer fake “manipulated pictures from the daily routine” on the monitors, while at the same time the centrifuges were activated into self-destructive vibrations, until the noises made the engineers aware that something went wrong. But then it was too late, the Iranian leadership thought of construction errors and layed off a number of the engineers. This happened in 2010. One can imagine what refinement exists today, especially if one considers the new “big data” and “internet of things” possibilities to disrupt.)

What was surprising for this author, and a bit odd, after all the patriotic appeals and reverence made by the senators in respect to the women and men who are supposed to guarantee the security of America in the world, that two of the leading American Intelligence Officers, General Clapper and Marcel Lettre, demonstrated joy and relief when announcing that they would leave their office in a few days.

January 2017

LEAVE A REPLY