The “Russia did it narrative” concerning the alleged breach into US federal cyber infrastructure is being circulated by the media despite the US government not formally blaming Moscow for the supposed hack. American scholars Gilbert Doctorow and Earl Rasmussen have discussed the accusations and the timing of the media campaign.
On 17 December, the US Cybersecurity and Infrastructure Security Agency issued a warning saying that American government agencies, critical infrastructure entities, and private sector organisations had been compromised “by an advanced persistent threat (APT) actor” since at least March 2020.
The story popped up on Saturday, with Reuters and The Washington Post reporting about the alleged cyber intrusion into the US Treasury and Commerce departments and pointing the finger at Russia, citing “people familiar with the matter”. Russian Ambassador to the US Anatoly Antonov rejected the media claims during a video conference held by Georgetown University and suggested establishing a platform for a dialogue between the US and Russian intelligence communities.
Timing of the Allegations Speaks Volumes
The timing of the alleged hack evokes strong memories of the 2016-2017 transition period when Russia was accused of breaching the Democratic National Committee’s (DNC) servers, according to Gilbert Doctorow, an international relations and Russian affairs analyst.
He recollects that at that time Donald Trump’s chances of reaching an accommodation with Russia were upset “by the illegal and unjustified expropriation of Russian consular property in December 2016, for example, and the phony Steele dossier was released before Trump took the oath of office”. The latest accusations mentioning Russia came on the heels of the 2020 Electoral College vote in favour of ex-Vice President Joseph Biden, who earlier vowed to increase pressure on Moscow.
Doctorow believes the Democratic-controlled House may use the recent anti-Russia allegations to put forward a bill on tougher sanctions, likely related to the Gazprom-led Nord Stream 2 pipeline project that is heading towards completion.
During his annual press conference on 17 December Russian President Vladimir Putin commented on the spying allegations promoted by the mainstream media in the US, suggesting the anonymous sources behind these reports are, in fact, US officials and intelligence agencies. The Russian president noted that these very structures were behind the similarly groundless claims against Moscow following the 2016 presidential elections, adding the new reports of “Russian hackers” could have been fabricated at their behest.
From left, then-FBI Director James Comey, then-Director of National Intelligence James Clapper, and then-CIA Director John Brennan arrive at a House Intelligence Committee hearing on world wide threats on Capitol Hill in Washington, Thursday, Feb. 25, 2016.
Hacking Allegations Don’t Hold Water, Again
The scholar recalls that four years ago Russia was accused of “exfiltrating” thousands of emails and documents from the Democratic National Committee’s servers and passing them to WikiLeaks which subsequently released the trove in the summer of 2016.
In January 2017, the Intelligence Community Assessment (ICA) formally accused Russia of the supposed breach, while in July 2018 Special Counsel Robert Mueller assigned with the task of looking into the alleged ties between the Trump campaign and Moscow indicted a number of Russian individuals said to be officers of the Main Intelligence Directorate (GRU) for the reported hack. The accusations were based on the conclusions of the DNC’s private cyber defence contractor CrowdStrike since neither the FBI, nor any other US government intelligence agency have to date examined the committee’s hardware.
“[However], recently unclassified sworn testimony of CrowdStrike officials and senior intelligence officials all stated that there was no evidence of a hack or exfiltration”, Rasmussen highlights, citing CrowdStrike President Shawn Henry’s December 2017 admission under oath that the cyber firm “did not have concrete evidence that the data was exfiltrated from the DNC”.
CrowdStrike claimed at the time that the intruders were “two Russian espionage groups”, Cozy Bear (APT29) and Fancy Bear (APT28), suggesting with a “low” to “medium”-level of confidence that they “may indicate affiliation” with Russia’s Federal Security Service (FSB) and Main Intelligence Department (GRU), respectively. Moscow summarily shredded the assumptions as absurd.
The DNC contractor is also known for a groundless claim that the “Russian” group Fancy Bear hacked a Ukrainian artillery app which led to heavy losses of howitzers in 2016 that was later debunked by both the Ukrainian Defence Ministry and the US state-owned media Voice of America.
Yet, the aforementioned inconsistencies did not prevent the US intelligence community and mainstream media from continuously accusing Russia of the alleged DNC hack for over four years, Rasmussen notes.