The breach of the Democratic National Committee (DNC) by hackers believed to be affiliated with the Russian government is raising concerns about foreign interference in the coming election. The Cipher Brief spoke to Michael Sulick, former Director of the National Clandestine Service at the CIA, about why the Russians would target the DNC and what might happen next. According to him, the Russian intelligence agencies involved in the hack were likely looking for recruitable sources, and people involved in the DNC may want to increase their own cybersecurity in the near term.
The Cipher Brief: What are the likely motivations for and implications of the DNC being hacked by Russia’s intelligence apparatus?
Michael Sulick: There is clearly competition among the Russian intelligence agencies to curry favor with the boss, (President Vladimir) Putin, so it’s not surprising that the two organizations would be conducting breaches like that.
First of all, I think that, by targeting the opposition research about Trump, they’re getting research through the Clinton camp, and they gain an insight into both camps from doing that. Certainly part of their purpose is to try and identify individuals who might later be in positions in either a Trump or Clinton administration in a foreign policy role, especially foreign policy towards Russia. They’re looking for either individuals who they can recruit as sources, or failing that, people close to those individuals who could be sources reporting on their activities in the new administration.
Even if they are unable to recruit these individuals as cooperative sources, the Russians might still consider them as what we would call “elicitation sources,” who might still provide insider information on foreign policy plans and intentions of a new administration. The Russians would also consider them for covert influence operations, i.e., using the contacts to advance policy positions favorable to Russian national security goals. For example, if someone who might be in a foreign policy position appears friendly to the Putin regime, Russian intelligence might curry favor with them or through their disinformation campaigns, make those individuals look more appealing. If, on the other hand, there are individuals who are, let’s say, very hawkish on Russia, the Russians could try and discredit them through their covert influence operations. Ultimately, the Russians’ goal is to identify and obtain assessment information in advance on individuals in either a Trump or Clinton administration who might be sources of sensitive insider information on U.S. plans and intentions or who could be influenced to advocate policies obviously favorable to Russia.
TCB: There were two groups active in the DNC’S network: one linked to the FSB was passively observing electronic communications while the other, linked to the GRU, was targeting specific data about Donald Trump. Of the two, which is more damaging and why? And also, what do you think they are likely to do with the information that they obtained?
MS: I don’t believe, for example, they are looking for blackmail information against Hillary Clinton or Donald Trump. I think they’re still undecided as to who they would prefer. Obviously, they understand that Hillary Clinton is more hawkish than other democrats. While it might seem ironic, both the Soviets and Russian governments have historically actually preferred hardliners, because they feel more comfortable when they know exactly what they’re dealing with. What they fear most is unpredictability, and Trump is clearly someone who I think everyone would say is very unpredictable. So, despite the favorable comments exchanged between Putin and Trump, I’m sure the Russians still are wondering, “what will he really do if he becomes President?” vis-a-vis Russia.
And as I mentioned, they are looking for: recruitment sources, elicitation sources, or people that they think they can influence. For example, Trump says “we’ve got to squeeze NATO and make the members pay more. Is the alliance really worth it?” Is he really serious about that or not? Who is advising him on these particular issues? Are these people who the Russians could put somebody around or target themselves to see what they could do in order to enhance their influence on the next administration? Or, if they’re enemies of Russia, how can they find people around him who would report what he might do regarding Russia, policy towards Russia.
TCB: In regards to the two capabilities that they did demonstrate: undetected passive observation and being able to get in and get what they want, then get out quickly-which do you think is the more damaging? In your estimation, which of the two capabilities worries you more?
MS: I think both. With passive observation, they’re still seeing email exchanges between people that they might not know, so they’re able to identify people in the Clinton campaign who might later serve in positions involved with foreign policy. They have a pretty good picture of that anyway, because Hillary Clinton has been a senator and Secretary of State, so I think they probably have a good handle on who her foreign policy people are.
But for Trump, that’s less certain. If he is elected, the composition of his foreign policy team is opaque at this point. I know he has some advisors, one in particular on Russia, Carter Page, who is actually sympathetic towards Russian policy and has opposed sanctions against Russia over the Ukraine crisis. In any case, at this point, the Russians would probably gain more information about a possible Trump administration since there is so little known about any possible foreign policy team and specifics of his foreign policy strategy.
Like I said, he’s unpredictable. And he himself has said that. When he talks about ISIS, he has said that he doesn’t want to telegraph his plans to the enemy. The Russians probably presume he means the same thing about them. So some of the “unpredictability” about his foreign policy makes him even more of an intelligence collection target, because he’s a less known quantity in the foreign policy arena than Hillary.
TCB: So, with that in mind, we have two different parts of the Russian government targeting two different kinds of data. What does this tell us about their interest in the current election, the gaps in their knowledge, and their collection goals?
MS: For the collection goals, I think it is fairly obvious. They want to plan clearly in advance for each of these two candidates, because one is clearly going to get elected. So, they want to see who are the people around them, influencing them the most on foreign policy – and specifically on Russia – and what information they can find out about those people so that they can get insider information on foreign policy towards Russia, or they can influence policy through these people or the people close to them.
TCB: Is it significant that Russia has officially denied any knowledge of the breach or who caused the breach, and what are they likely to do next?
MS: I don’t think it’s significant. The Chinese did this to both the Obama and the McCain campaigns back in 2008, and of course they denied that. The nature of cyber espionage is that it’s not attributable, so it’s perfect for a government or intelligence service to exercise plausible deniability.
As far as what is Russia likely to do next, I would certainly warn any people involved in any of those campaigns that their names and their email addresses are now known to the Russians, so they should be very judicious about their computer security from now on in terms of making sure they have the right firewalls, and that people are educated not to respond to these so-called spearfishing campaigns. Clearly the Russians will continue to target some of the people that they have identified through this breach in order to find out even more about them, their contacts, and so on.
I would hope that both campaigns educate and exercise good computer security. And I don’t mean this only about the Russians, but the Chinese, the Iranians, and anybody else who’s interested in what America’s foreign policy position might be under either one of those administrations.