The Russians tried to hack the American elections. But not in the way that we’re used to. This piece treats some possible consequences for the West of the information war Russia has taken outside of its borders.
Piece previously appeared on De Morgen on 16/12/2016
In a disconcerting long-read of the New York Times we see all the staggering mistakes made by the Americans so that the Russians could carry out strategic hacks in the run-up to the elections.
Both for hacking the Democratic National Committee and hacking the emails of Clinton’s advisors, there is clear evidence of Russian interference. The Russian state hacker groups Cozy Bear & Fancy Bear, also known as APT28 and APT 29, were recognized in the forensic investigation. The self-proclaimed “lone wolf” Guccifer2.0 who allegedly had committed the hack alone, also made some stupid mistakes making it clear that this was a cover-up of Russia.
Russia’s Information War
The tactics used by Russia here come straight from their information war handbook.
In an information war, information is used for psychological purposes. The goals is to confuse the population with erroneous information and causing unrest with leaked information. The confidence in the traditional sources of information drops and facts can no longer be distinguished from fiction.
The internet is a godsend for this type of warfare, and Russia is perfecting these type of operations.
During the elections in Ukraine and the subsequent annexation of the Crimea in 2014, their use of information operations peaked. They made strategic leaks to discredit the pro-European presidential candidate while distributed fake photographs about Ukrainian soldiers and spreading disinformation (the website Russia Lies collects many of the disinformation campaign on Ukrain)
Russia is also known for spamming internet forums with their Russian web brigades. The Russians have a veritable troll-army whose daily task consists of posting thousands of pro-Russian comments on the web.
Sounds familiar in the run up to the 2016 election?
harmful code vs harmful content
The CIA had already openly accused Russia of these tactics, but the American intelligence community was first putting its effort in an investigation on hacked voting computers.
In the run-up to the elections, it emerged that there were many vulnerabilities in the outdated voting computers. The day before the elections, for example, security company Cyclane showed that it is possible to change the names in a voting computer if you have physical access to them.
Investigating whether the systems had been hacked was a stop-gap measure to restore confidence in democracy and elections. If it could be proven it had not, then maybe the people could trust the election? Sowing uncertainty about the election systems was also part of the information war; making people doubt the results of the election. Such uncertainty is a different way of ‘hacking’ the system, and one that would have definitely had its effect had Trump not won (his voters would have most likely questioned the results ).
The Russians did not have to hack into voting computers to reach their objective, the main goal was always to falter the confidence in democracy, not necessarily to get a puppet like Trump elected.
The US is struggling to recognize that it has a problem of information security.
This has nothing to do with America’s arrogance, but above all with a fundamentally different view of international digital security. The Western doctrine of cybersecurity revolves around protecting (digital) systems, and the information contained in them. Information is no more than a series of zeros and ones.
While the West is only mindful of ‘malicious code’, Russia sees’ malicious content’ as a weapon as well. The psychological weapon of “information operations” as described earlier. It is no coincidence that the Russians prefer to talk about information security instead of cybersecurity. (note: the infosec community also talks about information security, only this term was politicized it when explicit demand came for the UNGGE to be called the UN Group of Governmental Experts on Information Security) Influential information is dangerous in Russia’s eyes, and it is not even necessariy to attack any digital systems.
Putin is known for blocking opposition websites and bloggers and actively disseminating lies. A list of lies on the European Union is also kept up to date in the Disinformation Review, a magazine recently set up by a task force of the EU.
It should be no surprise that this vision is share by other authoritarian state like China, Iran, Turkey, where control of information is vital to streamline political preference and keep dissident voices in check.
It seems that Russia’s use of an information operation was not only a way of testing the potency, but also to warn the West of the ‘danger’ of a free and open internet.
A free and open internet: the achillesheel of the West
Now that Putin is also successful with his information war abroad; the West has a problem. Freedom of expression is a core value in an open and free society. Unfortunately, this is also the Achilles heel of the West, and the Russians have made good use of it. Not even a long time ago, WikiLeaks was a climax of free information gathering, holding those in power accountable. In recent months, by distributing only information extracted from Russian hackers, Assange became an indirect spokesperson for Putin.
Trump does not owe his presidency to Putin. There has been some rumbling in America’s lower abdomen for some time. But in the toxic breeding ground of filter bubbles and a post-truth society, where facts are no longer discernible from feelings, Putin saw the perfect opportunity to expand his sphere of influence. Now that American confidence in democracy has fallen to a low point, the US seems ripe to join the authoritarian states.
Obama and co. know that Putin played the game like that. But if they admit that there is a problem with the free flow of information, they must also exercise control over all information. You can only beat the Russians in the information war by putting a tighter control on the information in your own country. Exactly what Putin wants.
The West is already moving in that direction. Counternarratives against radicalisation, restricting hate speech and banning fake news: efforts are finally moving in that direction. And how can you be opposed to it, when you see what conspiracy theories are currently getting a stage?
All the signs indicate that we will only go one way: that of a more controlled Internet. With someone like Trump at the wheel, it is not impossible that this control in “the land of the free” will go much further than stopping Russian influence.
The question on my mind is what direction my native Europe will take. Are there means of arming us against the next information war without having to give up our online freedoms?
I do not believe in it, but I sincerely hope that I am wrong.