I’m fascinated with the drama surrounding the alleged Russian hack of the DNC largely because it seems to be an example of misdirection. For instance, we are all talking about the hack when the hack had no impact on the election.
What impacted the election was the leak of emails to WikiLeaks, and even that seemed far better-timed to help Bernie Sanders than it did to help Trump. In addition, the FBI reinstating the Clinton investigation did more damage because it came late in the actual election. So even if you do look at the hack, it wasn’t well done, yet Russia is likely the world leader in espionage. So much of this makes no sense yet, just like the Iraq WMD’s in Bush presidency, so many believe it to be true that it bears all the earmarks of intentional misdirection. When a conclusion seems to be largely based on belief and not verifiable facts then that conclusion should be flagged as possible misdirection.
[ Related: The U.S. has sanctioned Russia over election hacking ]
[ Related: Spy chief: U.S. should use all tools to counter Russian hacking ]
Let me walk you through it.
Now I wouldn’t be so interested in this if I hadn’t had a front row seat to something like this years ago. In my case, the breach involved a report I’d written. The report was critical about the company, mostly critical about sales performance. It was my job but, as you would expect it angered a lot of people and it was highly classified because, if it got to a competitor or large customer, it would cost the company millions. So imagine my surprise when a large competitor to our largest client got hold of it and immediately moved to cancel his contracts. And, as you’d expect, suddenly I had a lot of folks with big titles arguing that I was the problem that needed to be fixed.
Now what occurred to me far later is that this took everyone’s eye, including my own, off the results of the report, which implied that the sales problems we were facing were either caused by incompetence or intent. Instead of being focused on the problem I’d discovered, that sales execution had been sabotaged, they were all focused on me and my report. It was one huge and well executed distraction.
I’ve thought about this for years. I eventually did find out who leaked the document, it was the same head of sales who had been responsible for crippling our sales force. After being caught he immediately got a job over at the competitor, who’d received the report, as the vice president of competitive displacement.
I caught him on a fluke, he didn’t know I headed security for the unit and that I had enough background in it to anticipate and plan for catching the person who did it. Otherwise I’d have been fired but, sadly, that old vice president of sales had damaged the firm too badly to recover from and it wasn’t until years later it finally occurred to me he’d not only leaked the report on purpose, he’d intentionally been killing the company from the inside and used misdirection to cover it all up.
Russia and the DNC – just the fact
Now here are the facts. The DNC was breached. WikiLeaks got the information from the breach and released it starting prior to the end of the of the democratic party primary. This release surfaced DNC activity indicating they were working against Bernie Sanders in violation of its own rules. The head of the DNC was fired. These are all undisputed facts.
However, just because you discover an information breach doesn’t mean you’ve discovered the information breach. Unlike physical objects you can steal information multiple times and still have it remain in place. Particularly with a breach that is only discovered as a result of disclosure, as opposed to an invasive audit, there is a high probability that there are multiple breaches, because though you’ve identified the fact that your security is inadequate, you still may not be able to catch the thief without him/her disclosing the theft. Or, put another way, if you have 30 kids who have access to the answers in a test and one kid says he used them to cheat, it doesn’t mean the others didn’t yet that seems to be the common assumption.
Now the head of WikiLeaks claims he didn’t get the information he released from Russia and has implied he got it from a disgruntled DNC employee who was allegedly murdered. The investigation into the hack identified that Russian tools were used and it was done by hackers who spoke Russian.
Now stop for a second. If Russia excels in anything it is espionage. It is a country that is actually run by a guy who was once a top spy. Much like the U.S. wouldn’t leave obvious fingerprints if they were to hack a foreign government, Russia wouldn’t either and both countries employ competent people. Both Russian and NSA hacking tools exist in the wild and both are competent particularly to hack a server that wasn’t well-secured. And the tool used was in the wild so anyone, including our own intelligence organizations, could have used it but if the NSA was going to frame Russia they’d also likely do a far less obvious job of it.
What the misdirection seems to be covering up
There are three things that we have lost track of in our focus on Russia.
1. The release of the information is more important than the breach and it appeared timed more to help Bernie Sanders than Trump.
2. The claim that a now dead DNC staffer was the source for the information released and, if he was the actual WikiLeaks source, he likely was working for someone else (because he was not identified in the investigation as having stolen this information).
3. The failure of the Clinton campaign was executed from inside the DNC. No one is even considering this last thing, even though a loss off a better-funded professional politician coming after a very popular predecessor with full support of that predecessor is unprecedented in this country.
It looks like misdirection
At the end of the day, our focus is on the hack not the release of the information, which takes our eyes off the timing that seemed to better help Sanders (it was too early for Trump). The identification of Russia as an attacker takes our eyes off the actual execution of the campaign. In addition, in order to accept Russia as the cause you also have to accept that they are inept at espionage, something we know not to be true.
All of this would support the assumption that we are being misdirected and that our biggest concern should be what we are being misdirected from. And that Russia may be a problem, but not the problem that should be prioritized.
Being aware of and looking for misdirection can be important in saving your company and your job, as I found out, so this isn’t just an interesting exercise, it is something more of us should be doing far more regularly.