Reprinted from us10.campaign-archive1.com
A Washington Post video turned a computer security firm's allegations about a DNC hack into a series of unsourced factoids.
The Washington Post reported on Tuesday (6/14/16) that Russian intelligence had hacked the DNC servers to steal opposition research on Donald Trump:
Russian Government Hackers Penetrated DNC, Stole Opposition Research on Trump
While the Post story by Ellen Nakashima was sourced to "committee officials and security experts who responded to the breach"--i.e., CrowdStrike, the security firm hired by the DNC--that attribution dropped out of the headline, presenting Russian government culpability as an unquestioned fact. This framing was echoed by dozens of media outlets who picked up on the story and uncritically presented Russian guilt in their headlines without qualification:
- Russian Government Hackers Broke Into DNC Servers, Stole Trump Oppo (Politico, 6/14/16)
- Russia Hacked DNC Network, Accessed Trump Research (MSNBC, 6/14/16)
- Russians Steal Research on Trump in Hack of US Democratic Party (Reuters, 6/14/16)
- Russian Government-Affiliated Hackers Breach DNC, Take Research on Donald Trump (Fox, 6/14/16)
- Russia Hacks Democratic National Committee, Trump Info Compromised (USA Today, 6/14/16)
- Russian government hackers steal DNC files on Donald Trump (The Guardian, 6/14/16)
- Russians Hacked DNC Computers to Steal Opposition Research on Trump (Talking Points Memo, 6/14/16)
- Russian Spies Hacked Into the DNC's Donald Trump Files (Slate, 6/14/16)
- What Russia's DNC Hack Tells Us About Hillary Clinton's Private Email Server (Forbes, 6/15/16)
Then something strange happened. Wednesday afternoon, a person or persons using the name "Gufficer 2.0" (referencing a hacker who infamously got into the Bush family emails) published online what appears to be detailed information derived from the hack. In the post, Gufficer 2.0 claimed the hack wasn't nearly as sophisticated as CrowdStrike claimed, and wasn't the work of hackers working for Russian intelligence.
While it's definitely conceivable that Gufficer 2.0 could turn out to be a front for Russian intelligence, as CrowdStrike alleges, it certainly raises doubts as to the airtight case against Russia. Tech website Vocativ (6/16/16) concluded with a note of skepticism from Jeffrey Carr, CEO of a competing cybersecurity firm, who observed that while "it's not unusual for any intelligence service to cover its tracks,"
I'm skeptical almost all the time when it comes to attribution". I think the entire historical assignment of [government-affiliated] actors"was just wrong. That they were never part of an intelligence service or military service in the Russian government, that they were always independent hackers, and we don't really know who they are.
In the wake of the Gufficer 2.0 development, some media outlets began to hedge their bets. Notice the shift in framing from Wired's Andy Greenberg:
Russia's Breach of the DNC Is About More Than Trump's Dirt (/www.wired.com/2016/06/hack-brief-russias-breach-dnc-trumps-dirt/">6/14/16)
Thirty-six hours later -- after the Guccifer revelation:
A Chaotic Whodunnit Follows the DNC's Trump Research Hack (/www.wired.com/2016/06/chaotic-whodunnit-follows-dncs-trump-research-hack/?mbid=social_twitter">6/15/16)
They were 100 percent certain the hack was Russian, and now it's a "Whodunnit"? International Business Times also shifted from a "Russia did it" to a "it's a mystery" framing:
- Russian Hackers Infiltrated Democratic Party Computers to Steal Research on Donald Trump (6/14/16)
- DNC Hack: Security Firm CrowdStrike Stands by Research as Russia Strongly Denies Involvement (6/16/16)
Suddenly things aren't so certain. Which is good--journalists should update stories as they evolve--but this raises an essential question: Why was everyone so willing and ready to take CrowdStrike's word for it, without an ounce of skepticism, in the first place?