WikiLeaks is helping to cast doubt on the conclusion of intelligence agencies that the Russian government was behind the hack of the Democratic National Committee, in what appears to be the latest disinformation campaign orchestrated by Moscow.
The site leaked a trove of purported CIA hacking tools this week and zeroed in on what it called the agency’s effort to “misdirect attribution” of cyber attacks to other nations, including Russia.
Fake accounts on Twitter seized on the claim to dispute that Russia sought to interfere in the U.S. election last year, noted Ryan Kalember, senior vice president for cybersecurity strategy at Proofpoint. He described the WikiLeaks release as playing into a larger “disinformation campaign” aimed at undermining the intelligence community’s attribution of cyber attacks, particularly those to Russia.
“That comes out in the WikiLeaks press release and immediately, all of the bots on Twitter who everyone speculates are controlled by agents of a particular government immediately start saying it wasn’t Russia that hacked the DNC, it was the CIA,” Kalember said. “You have this really obvious kind of disinformation campaign that is ready to go as soon as the leak happens.”
At issue is the CIA’s purported strategy of keeping a database of “stolen” malware produced by other countries, including Russia, and using it to obscure covert hacking operations. The documents attribute the strategy to an agency division called “Umbrage.”
“The CIA's Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques ‘stolen’ from malware produced in other states including the Russian Federation,” WikiLeaks said in a press release accompanying the trove of documents.
“With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the ‘fingerprints’ of the groups that the attack techniques were stolen from,” the press release said.
In addition to providing fodder for Twitter “bots” believed to be tied to Russia, the claims were swiftly highlighted by Russian media outlets and some conservative sites in the United States.
“How CIA steals hacking fingerprints from Russia & others to cover its tracks,” read a Tuesday headline from Russia Today, a Russian state-owned outlet that has “actively collaborated” with WikiLeaks, according to the intelligence community’s January unclassified report about Russia’s election hacking operation.
“In the case of the Democratic National Committee (DNC) hack, which reports have connected to Russia, the fingerprints used to link blame to Russian hackers may have been manipulated,” Russia Today reported. “Binoy Kampmark, legal and social sciences academic, told RT the technique is widely used not just by the CIA, but by other agencies worldwide, and had recently been used for tapping into the US elections.”
The CIA has not publicly confirmed the authenticity of the leaked documents, though experts contend that they appear to be real. But experts have also described WikiLeaks’ characterization of the revelations as exaggerated, particularly with regard to allegations about the spy agency hacking television sets and other details that have produced sensational headlines in the media.
WikiLeaks has a history of leaking classified U.S. information, releasing thousands of military documents and diplomatic cables obtained from former Army private Chelsea Manning in 2010.
In January, the CIA and other elements of the intelligence community concluded that the Russian government engaged in a cyber and disinformation campaign against the U.S. presidential election, in part by delivering hacked documents from the DNC and former Clinton campaign chair John Podesta to WikiLeaks.
The website released troves of hacked emails in the months leading up to the November election, though WikiLeaks founder Julian Assange has repeatedly denied have connections to Moscow. Russia has also denied the intelligence community’s accusations.
In addition to sending hacked documents to organizations like WikiLeaks, Russia also used state-sponsored media outlets and paid social media “trolls” — like those active following Tuesday’s document dump — to spread disinformation, according to the intelligence community.
Kalember described the disinformation campaign that resulted on Twitter following Tuesday’s CIA document dump as a “hallmark” of Russia.
“The big story here is, if you were actually trying to undermine a very specific claim that was made by every single one of the U.S. intelligence agencies and corroborated by all of their foreign counterparts, this is how you might do that,” Kalember said. “It wasn’t even subtle. They made memes about it.”