Assange Julian - The plot to hack America: how Putins cyberspies and WikiLeaks tried to steal the 2016 election

Also by Malcolm Nance

Defeating ISIS

The Terrorist Recognition Handbook

The Terrorists of Iraq

An End to Al-Qaeda

Copyright 2016 by Malcolm W. Nance

All rights reserved. No part of this book may be reproduced in any manner without the express written consent of the publisher, except in the case of brief excerpts in critical reviews or articles. All inquiries should be addressed to Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018.

Skyhorse Publishing books may be purchased in bulk at special discounts for sales promotion, corporate gifts, fund-raising, or educational purposes. Special editions can also be created to specifications. For details, contact the Special Sales Department, Skyhorse Publishing, 307 West 36th Street, 11th Floor, New York, NY 10018 or .

Skyhorse and Skyhorse Publishing are registered trademarks of Skyhorse Publishing, Inc., a Delaware corporation.

Visit our website at www.skyhorsepublishing.com.

10 9 8 7 6 5 4 3 2 1

Library of Congress Cataloging-in-Publication Data is available on file.

Cover design by Brian Peterson

Cover photo: AP Images

ISBN: 978-1-5107-2332-0

Ebook ISBN: 978-1-5107-2333-7

Printed in the United States of America

Dedicated to Captain Humayun Khan, US Army

CONTENTS

FOREWORD

T HE 2016 PRESIDENTIAL ELECTION WAS ALREADY surreala former reality TV host fueled by white backlash had completed a hostile takeover of the Republican Partybefore the bears emerged.

By the summer, as the campaign intensified, a WordPress page operated by someone claiming the mantle Guccifer2.0 was dumping embarrassing emails and memoranda stolen from the Democratic National Committee. When the anti-secrecy organization Wikileaks did the same thing, Guccifer2.0 claimed credit as the source; Wikileaks has kept its sourcing obscure. But the leaks showed the Democrats political apparatus to be petty, vindictive, and determined to anoint Hillary Clinton as the Democratic nominee despite grassroots enthusiasm for challenger Bernie Sanders. Chairwoman Debbie Wasserman Schultz resigned.

Then something unexpected happened.

Cybersecurity researchers analyzing the committee network breach noticed that the particulars of the attack showed distinct patterns for gaining accessfamiliar patterns. Their tools were prohibitively expensive for random hackers, particularly their use of previously unknown software flaws. Instead, the researchers concluded, the hack was the work of two well-known groups tied to Russian intelligence. They are known by the weird names Fancy Bear and Cozy Bear.

Intelligence professionals werent actually mad at the Russians for digitally breaking into the DNC. Thats a valid intelligence target, one cybersecurity analyst and Defense Intelligence Agency veteran told me. But usually they hoard stolen data, not spill it out onto the Internet. Suddenly, it looked like the bears had changed their game.

Attributing culpability for cyberattacks is difficult. Competent spy agencies labor to make it nigh-impossible. But it didnt take long before Obama administration and congressional leaders started expressing with unusual certaintyoff the record, of coursethat Russia was behind the assault. A theory emerged. The Russians were putting a digital thumb on the scale of the US election to help the aforementioned reality TV hostwho just happened to be running on the most pro-Russia platform in GOP history.

As of this writing, the election is undecided. And there are knowledgeable cybersecurity researchers skeptical of Russian involvement. So here comes Malcolm Nance, an intelligence, counterterrorism, and national-security lifer, to sort out whats known, whats suspected, and what it all means. If youve read books like The Terrorists of Iraq and Defeating ISIS , you know Malcolms expertise. If youve seen his 2007 congressional testimony using his firsthand experience with waterboarding to call it tortureback when that was controversialyou know Malcolms integrity. And if youve spent any time with his fellow Navy senior chiefs, you know Malcolms bluntness.

Its worth scrutinizing this bizarre episode in American politics and security. Its unlikely to be a one-off event. After all, bears tend to go where they wantunless something stops them.

Spencer Ackerman

US national security editor, The Guardian

September 2016

PREFACE

B EGINNING IN M ARCH AND A PRIL 2016 , an unknown person or persons hacked into the computer servers of the Democratic National Committee. Over time it became clear that the hackers were targeting very specific information in the DNC filesthe opposition research the Democrats had dug up on their Republican opponent Donald J. Trump. Once they had the information they wanted, the cyber-spies rooted around in the computers for several months thereafter, stealing other files such as personal emails, digital voice mails, and sensitive personal information on donors. This included the donors bank account, credit card, and social security numbers. The DNC discovered the intrusion while performing a security check, and shut their network down. However, the damage was done.

For an old spy and codebreaker like myself, nothing in the world happens by coincidence. Intelligence officers are a peculiar lot. Whether they are active or retired, their brains are wired for a completely different way of seeing the world around them. Some come from the Human Intelligence world, where they learn to read, manipulate, and distrust everyone in order to social engineer intelligence from people who do not want to give them anything. Others are forged in the signals intelligence world, where all data is just a massive electronic puzzle to be constantly analyzed, turned over, and fused together into an exploitable product, or into a final code to be decrypted or broken. Some, like myself, come from both worlds, and are at turns analytical and skeptical of seemingly obvious information. This hybrid mindview doesnt approach the world as streams of linear data; it attempts to analyze information like a constantly flowing game of three-dimensional chess. All the moves are technically the same as in regular chess, but the traditional allowances of forward and backwards one square, or a lateral or L-shaped pattern, are too limiting for those trained to sniff out hostile intent; we require additional ways of processing information to be satisfied. Up vertically, down every angle of the compass rose and then across every median, line of longitude, latitude, and every other angle of measure are just about right then we add layers of frequency analysis figuring out the timing, spacing, depth and distance between each item we call data points. When an event has been then identified on the continuum of intelligence, we compare it with everything that has ever occurred in history to see if it resembles other patterns played by another spy who employed that process. We then process the context and precedence of each observed activity against common sense to determine if an event chain is coincidence, or if it bears the marks of hostile intent. Ian Fleming, the old British Secret Intelligence Service officer who created the fictional character of James Bond, characterized the amazing events in his books with an observation in his 1959 book Goldfinger : Once is happenstance. Twice is coincidence. Three times is enemy action.

Times have changed since Mr. Flemings Dictum. In light of current trends in the intelligence business, I like to characterize this phenomenon as Nances Law of Intelligence Kismet: Coincidence takes a lot of planning.

Reading about the DNC hack was not initially alarming; hackers had also penetrated the Obama and McCain campaigns in 2008. The DNC hack was newsworthy but not really noteworthy until it was paired with two additional events. At the time of the hacks I was writing a massive tome on hackers associated with ISIS and al-Qaeda, so I was attuned to any information about electronic data theft. Then on June 1, 2016 one of my military hacker friends pointed out that an entity who called himself Guccifer 2.0 had opened a WordPress page and was dumping information stolen from the DNC hack.