An interesting correction appeared in the New York Times from a Maggie Haberman article on June 25th. I missed the actual correction but was alerted to it by a later article on the matter.
Part of what made the correction interesting was the manner in which the article was rewritten – done in a fashion that made it difficult to see where the correction actually applied – thereby attempting to render the whole correction moot.
Equally interesting was how the correction glossed over the makeup of our intelligence agencies – and inadvertently exposed how the Times – and almost every other news organization – exaggerated the role of the intelligence agencies in promoting the notion of Russian Collusion. It also highlights the roles played by the intelligence agencies actually involved:
The assessment in question originally stemmed from an October 7 2016 Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence stating the Intelligence Community was confident of Russian involvement in our election.
This report was then followed up by a December 29 2016, report by Homeland Security and the FBI discussing Russian Malicious Cyber Activity. This report is simplistic and generalized.
On January 6 2017, the DNI issued a much more press friendly report – but utilizing data from the earlier two reports – and intelligence assessments from the CIA, FBI and NSA. It is highly generalized with very little in the way of substance. The NSA did not agree with the FBI and CIA’s confidence level in the report.
The DNI report formed the basis for the Russian Hacking allegations – and provided cover for the now-defunct Russian Collusion allegations. We will return to all this later. I hope you stay with me for the details – but if you prefer, simply scroll to the bottom for a summation.
The United States has 16 actual intelligence Agencies – not 17 as is commonly stated (more below).
But – and this is a big BUT – only six of agencies actually gather intelligence. The rest simply “process” and use the intelligence gathered by the primary agencies. For example, the Department of State has an intelligence arm, the Bureau of Intelligence and Research, but the DOS/BIR does not gather intelligence – it uses and processes intelligence. The intelligence gathering entities are:
- Central Intelligence Agency (CIA) – civilian intelligence, covert ops
- National Security Agency (NSA) – signals intelligence, cryptology, cyber warfare
- National Reconnaissance Unit (NRO) – designs and operates all spy satellites
- National Geospatial-Intelligence Agency (NGA) – geospatial intelligence modeling, geospatial predictive modeling, combat support – more powerful than commonly perceived
- Defense Intelligence Agency (DIA) – defense and military intelligence, black ops
- Federal Bureau of Investigation (FBI) – non-intelligence, but critical law enforcement and counterintelligence.
Each intelligence agency has its own intelligence. Department intelligence is physically held at a Sensitive Compartmented Information Facility or SCIF. Each intelligence agency has their own SCIF, as does the White House.
As noted, it is often stated that the U.S. has 17 intelligence agencies but this is not factually correct. The “17th Agency”, the Office of the Director of National Intelligence, is really an intelligence oversight office – an information hub.
“The Director of National Intelligence serves as the head of the Intelligence Community, overseeing and directing the implementation of the National Intelligence Program and serving as the principal advisor to the President, the National Security Council, and the Homeland Security Council for intelligence matters related to national security. The Office of the DNI’s goal is to effectively integrate foreign, military and domestic intelligence in defense of the homeland and of United States interests abroad.”
The DNI is not a true agency. It is an organization. More accurately it is an office.
You may find a full listing and description of the various intelligence agencies here. From the DNI website:
The U.S. Intelligence Community is composed of the following 17 organizations:
Two independent agencies—the Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA); [only the CIA is a true agency]
Eight Department of Defense elements—the Defense Intelligence Agency (DIA), the National Security Agency (NSA), the National Geospatial- Intelligence Agency (NGA), the National Reconnaissance Office (NRO), and intelligence elements of the four DoD services; the Army, Navy, Marine Corps, and Air Force.
Seven elements of other departments and agencies—the Department of Energy’s Office of Intelligence and Counter-Intelligence; the Department of Homeland Security’s Office of Intelligence and Analysis and U.S. Coast Guard Intelligence; the Department of Justice’s Federal Bureau of Investigation and the Drug Enforcement Agency’s Office of National Security Intelligence; the Department of State’s Bureau of Intelligence and Research; and the Department of the Treasury’s Office of Intelligence and Analysis.
Note that despite the DNI’s reference to itself as one of two independent agencies, there are only 16 links provided to the actual agencies.
Perhaps. But there is a reason for this delineation.
On October 7 2016, a Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence was issued. In that release the Department of Homeland Security and the DNI together state the following:
The U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations. The recent disclosures of alleged hacked e-mails on sites like DCLeaks.com and WikiLeaks and by the Guccifer 2.0 online persona are consistent with the methods and motivations of Russian-directed efforts. These thefts and disclosures are intended to interfere with the US election process. Such activity is not new to Moscow—the Russians have used similar tactics and techniques across Europe and Eurasia, for example, to influence public opinion there. We believe, based on the scope and sensitivity of these efforts, that only Russia’s senior-most officials could have authorized these activities.
The Homeland Security/DNI joint statement notes the Intelligence Community is confident of Russian involvement in our election. Easily stated as the Russians always try to do so.
On December 29 2016, in a follow-up to the October 7 2016 statement, Homeland Security and the Federal Bureau of Investigation (FBI) jointly issued the Russian Malicious Cyber Activity report. The NCCIC, also listed on the report, stands for the National Cybersecurity and Communications Integrations Center – and is a division within Homeland Security. The actual pdf contained within the report opens with the following statement:
This Joint Analysis Report (JAR) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This document provides technical details regarding the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the U.S. election, as well as a range of U.S. Government, political, and private sector entities. The U.S. Government is referring to this malicious cyber activity by RIS as GRIZZLY STEPPE.
Previous JARs have not attributed malicious cyber activity to specific countries or threat actors. However, public attribution of these activities to RIS is supported by technical indicators from the U.S. Intelligence Community, DHS, FBI, the private sector, and other entities. This determination expands upon the Joint Statement released October 7, 2016, from the Department of Homeland Security and the Director of National Intelligence on Election Security.
Here is what the report discloses as actually being found:
The U.S. Government confirms that two different RIS actors participated in the intrusion into a U.S. political party. The first actor group, known as Advanced Persistent Threat (APT) 29, entered into the party’s systems in summer 2015, while the second, known as APT28, entered in spring 2016.
Both groups have historically targeted government organizations, think tanks, universities, and corporations around the world. APT29 has been observed crafting targeted spearphishing campaigns leveraging web links to a malicious dropper; once executed, the code delivers Remote Access Tools (RATs) and evades detection using a range of techniques. APT28 is known for leveraging domains that closely mimic those of targeted organizations and tricking potential victims into entering legitimate credentials. APT28 actors relied heavily on shortened URLs in their spearphishing email campaigns. Once APT28 and APT29 have access to victims, both groups exfiltrate and analyze information to gain intelligence value. These groups use this information to craft highly targeted spearphishing campaigns. These actors set up operational infrastructure to obfuscate their source infrastructure, host domains and malware for targeting organizations, establish command and control nodes, and harvest credentials and other valuable information from their targets.
The report is describing generalized hacking techniques.
There are a few more paragraphs of nonsense but this is actually the meat of the document. The 13 page report then goes into the eight steps needed to Commit to Cybersecurity Best Practices with its top advice:
1. Backups: Do we backup all critical information? Are the backups stored offline? Have we tested our ability to revert to backups during an incident?
Followed by the Top Seven Mitigation Strategies. The strongest piece of advice from this section:
1. Patch applications and operating systems – Vulnerable applications and operating systems are the targets of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites.
The majority of the report reads in this manner.
The official report from the Department of Homeland Security and the FBI describes – in very general terms – how hacking takes place. It helpfully includes generalized tips and practices to avoid being hacked.
It is surprising in its simplicity.
We finally move on to the report issued by the DNI – James Clapper – on January 6 2017. This report – Assessing Russian Activities and Intentions in Recent U.S. Elections – is much prettier, very glossy and ready for press consumption. But it is largely based on the December 29 2016 report I have just detailed – what little of it there is to actually detail.
Several items are noted right at the beginning under Scope and Sourcing:
Information available as of 29 December 2016 was used in the preparation of this product.
This report includes an analytic assessment drafted and coordinated among The Central Intelligence Agency (CIA), The Federal Bureau of Investigation (FBI), and The National Security Agency (NSA), which draws on intelligence information collected and disseminated by those three agencies.
The assessment focuses on activities aimed at the 2016 US presidential election and draws on our understanding of previous Russian influence operations.
We did not make an assessment of the impact that Russian activities had on the outcome of the 2016 election. The US Intelligence Community is charged with monitoring and assessing the intentions, capabilities, and actions of foreign actors; it does not analyze US political processes or US public opinion.
Many of the key judgments in this assessment rely on a body of reporting from multiple sources that are consistent with our understanding of Russian behavior.
This report is longer at 25 pages, yet there are only 5 pages with even semi-substantive language in the entire document. And these pages are hardly enlightening. To note:
We assess with high confidence that Russian President Vladimir Putin ordered an influence campaign in 2016 aimed at the US presidential election, the consistent goals of which were to undermine public faith in the US democratic process, denigrate Secretary Clinton, and harm her electability and potential presidency. [these words are nearly identical to those spoken by former CIA Director John Brennan during his Congressional testimony]
We assess Putin, his advisers, and the Russian Government developed a clear preference for President-elect Trump over Secretary Clinton.
We assess the influence campaign aspired to help President-elect Trump’s chances of victory when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to the President-elect.
Moscow’s use of disclosures during the US election was unprecedented, but its influence campaign otherwise followed a longstanding Russian messaging strategy that blends covert intelligence operations—such as cyber activity—with overt efforts by Russian Government agencies, state funded media, third-party intermediaries, and paid social media users or “trolls.”
We assess with high confidence that the GRU used the Guccifer 2.0 persona, DCLeaks.com, and WikiLeaks to release US victim data obtained in cyber operations publicly and in exclusives to media outlets.
We assess with high confidence that the GRU relayed material it acquired from the DNC and senior Democratic officials to WikiLeaks. Moscow most likely chose WikiLeaks because of its self-proclaimed reputation for authenticity. Disclosures through WikiLeaks did not contain any evident forgeries.
And so it continues. It is a prettier report – but it is equally simplistic.
One last item of important note.
The report was created by a joint effort between the CIA (former Director John Brennan), FBI (former Director James Comey) and the NSA (current Director Mike Rogers) – and assembled by the DNI (former Director James Clapper). I have written about all four previously – numerous times. If you are curious on background you may find some here, here and here. The joint report contains one significant caveat:
We also assess Putin and the Russian Government aspired to help President-elect Trump’s election chances when possible by discrediting Secretary Clinton and publicly contrasting her unfavorably to him. All three agencies agree with this judgment. CIA and FBI have high confidence in this judgment; NSA has moderate confidence.
Actually, NSA Director Admiral Mike Rogers stated in Senate hearing testimony that his confidence did not reach even this threshold:
“I wouldn’t call it a discrepancy, I’d call it an honest difference of opinion between three different organizations and in the end I made that call.”…“it didn’t have the same level of sourcing and the same level of multiple sources.”
I have written about Mike Rogers several times. To quote:
I have previously maintained that Mike Rogers may be the one good guy – the one real white hat – in this whole affair.
Note this short timeline prior to President Trump’s actual inauguration:
On November 17th, 2016, NSA Director Admiral Mike Rogers travels to see President-Elect Donald Trump in Trump Tower, New York. Director Rogers does not inform his boss Director of National Intelligence, James Clapper.
On November 17th, 2016, the Trump Transition Team announces they are moving all transition activity to Trump National Golf Club in Bedminster, New Jersey.
On November 19th The Washington Post reported on a recommendation made by Defense Secretary Ash Carter and Director of National Intelligence James Clapper in October that Mike Rogers be removed from his NSA position.
Rogers may have notified President-elect Trump of surveillance and/or unmasking activities by Obama’s intelligence community (Clapper, Brennan & Comey).
Admiral Rogers likely informed President Trump of surveillance or unmasking activities by the Obama Administration. Rogers was clearly unwilling to actively participate in the Russian narrative. Rogers heads up the NSA which does engage in intelligence gathering – his agency has the all of the nation’s metadata information. DNI Clapper tried unsuccessfully to fire Rogers. Rogers is the only man left in his original position – Comey, Clapper and Brennan are all gone. Brennan and Comey are both under investigation. Clapper is likely under investigation as well – but there has been no official confirmation I am aware of.
No accusations of wrongdoing have been leveled at NSA Director Rogers – by anyone.
Now to sum up.
The assessment of Russian Intervention originally stemmed from a October 7 2016, Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence stating the Intelligence Community was confident of Russian involvement in our election. Later testimony by all Intelligence Directors confirm that Russia is always involved in Presidential elections. Note that neither of these parties – one an agency, the other an office – is involved in any actual gathering of intelligence as noted earlier.
This report was then followed up by a December 29 2016 report by Homeland Security and the FBI discussing Russian Malicious Cyber Activity. This report – although ascribed to the Russians – is really nothing more than a generalized description of ongoing hacking techniques and the obvious steps one can take to protect oneself. Of the two parties who produced the “report”, only the FBI is actually involved in intelligence gathering.
On January 6 2017, the DNI issued a much more press friendly report – utilizing data from the earlier two reports – and intelligence assessments from the CIA, FBI and NSA. It is highly generalized with very little in the way of substance. The report states the Russians interfered in our election for the purposes of electing Donald Trump as President. Only broad data points are utilized to back this claim. The DNI (Clapper) which wrote the report, is not involved in any actual gathering of intelligence. The FBI, CIA and the NSA are all intelligence gathering agencies. The NSA publicly states a differing confidence level than the FBI and CIA. Specifically, the NSA does not hold the same confidence level in the assessments that Russia conspired to help Trump. NSA Director Mike Rogers reiterates this more strongly at a Senate Armed Services hearing. Note also that Homeland Security is no longer part of the process.
The first report establishes the Russians attempted to intervene in our election. By the DNI’s own acknowledgement, the Russians have historically done so. Their activities and efforts are not new.
The second report is meant to directly tie Russian hacking to the election. What the report actually does is use technical language to describe a generalized hacking process – and the means by which hacking and phishing can be generally prevented.
The third report – done by the DNI (Clapper) takes data from the first two reports and then packages it into a media friendly publication that uses broad assertions, sweeping statements and very little factual data. This is then subjected to assessments by the CIA (Brennan), FBI (Comey) and the NSA (Rogers). The NSA’s assessment differs from the CIA and FBI – and the Director of National Intelligence James Clapper – who wrote the report.
This report is then used to push the entire Russian Narrative we have been subjected to as a nation.
Did the Russians try to influence or disrupt our election? Most assuredly, as they do so in virtually every major election – and certainly every Presidential election.
But what happened next was comically tragic – and at the core simplistically constructed. The DNI (Clapper) used evidence of Russian meddling and weaponized it against President Trump through the use of reports built on reports. None of the reports actually note anything of true incremental substance – beyond the expected Russian meddling in our elections. Generalizations and broad assertions are made, utilizing little factual backup in the culminating report. Assessments are provided by the senior members of the Intelligence Community – one of whom, NSA Director Rogers, is not inclined to play loose with the facts. The DNI Director had previously attempted to fire Rogers and failed. The report moves forward with the NSA caveat.
All these Congressional hearings, all the media reports and hysteria – stemming from reports supposedly blessed by “all 17 intelligence agencies” – actually stemmed from reports constructed primarily by just three men – former DNI Director Clapper, former CIA Director Brennan and former FBI Director Comey.
This whole process is akin to Russian Dolls – each figure nestled inside the other – until the last is opened and inside there is – nothing.
newer post Celebrating Our Declaration of Independence